Tempered Networks aims to make it easier to create secure connections between end points across both trusted and untrusted networks.
Its initial targets include Point of Sale (PoS) devices, ATMs, medical equipment, industrial control systems, and other machines that need to send sensitive information across secure communication channels.
The company uses a whitelist model, which means devices must be explicitly allowed to communicate with one another via an overlay. The company leverages the Host Identity Protocol (HIP) as the basis for the whitelist. HIP is a proposed IETF standard that creates a unique, cryptographically derived identifier for individual end points.
Protected devices sit behind either hardware-based or virtual appliances, which create encrypted tunnels to protect traffic from snooping.
Because the communication is encrypted, traffic can run over any network, including public and private wired links, wireless connections, and cellular networks. Traffic between devices on the overlay is encrypted using AES 256-bit encryption.
How It Works
There’s a lot to unpack in Tempered’s approach. There’s more going on here than just encrypted connections. Let’s take it piece by piece.
HIP: As mentioned, the Host Identity Protocol creates a unique identifier for each device in the network using a public/private key mechanism, though it doesn’t require a certificate on each end point. HIP hasn’t been officially ratified by the IETF, but has been used commercially by organizations such as Boeing.
In fact, Tempered Networks is a spin-out from Boeing to commercialize Boeing’s HIP implementation. David Mattes, one of Tempered’s co-founders, helped develop the technology as a security researcher inside the aircraft manufacturer.
HIPswitch: HIPswitches are physical or virtual appliances that sit in front of IP end points that require a secure communication channel. The HIPswitches create encrypted tunnels between each other, over which end points send and receive information.
The hardware appliances range from devices that support 10/100Mbps connections up to 10Gbps. The hardware is available in several form factors, including 1u rackmounts for the data center to ruggedized systems for harsh environments.
Orchestration: Tempered Networks uses an orchestration system called a Conductor, which sets up connections between HIPswitches and is the user interface for configuring those devices, and for assigning end points to specific groups. The Conductor allows for fine-grained segmentation of end points to ensure that protected machines can only communicate with other administrator-defined devices.
The Conductor also hosts the certificate authority for the public/private key infrastructure that builds the IPSec tunnels between HIPswitches. The Conductor can run on the customer premises, or be hosted in the cloud.
The starting price for a Medium Enterprise package is $27,000. That includes the Conductor orchestration software and support for 26 to 200 HIPswitches (depending on form factor and throughput). Individual HIPswitches start at $995.
About Tempered Networks
The company was founded in 2012 (originally as Asguard Networks) and has raised just over $22 million in venture funding over two rounds.
As mentioned, Tempered Networks comes out of an effort to commercialize a HIP implementation from Boeing. Tempered co-founder Dave Mattes sits on the board of directors. The other co-founder is Jeff Hussey, who holds the roles of president and CEO. Hussey founded F5 Networks, which gives him an excellent pedigree for selling network devices.