The Internet of Things (IoT) is a network of interrelated, internet-connected objects that can gather and share data with other devices across a network.

Embedded with sensors, operating systems, and technology that allows them to send and receive data over the internet. These connected devices are as diverse as drones, glucose monitoring systems, smart security cameras, building automation systems for HVAC, autonomous vehicles, city traffic lights and more.

There are currently over 28 billion IoT devices active across the world today. This translates into approximately 3.5 devices per person. With the adoption of 5G and digital modernization across all industries, the number of IoT devices is expected to grow rapidly over the next several years, with some estimates predicting over 70 billion by 2025.

Businesses and governments use IoT devices to enhance customer experiences and support their workforce. However, the convergence of IoT devices with IT networks has created new security and management challenges.

What is IT/OT Convergence?
IT/OT convergence is the integration of information technology (IT) systems with operational technology (OT) systems. IT systems are used for data-centric computing; OT systems monitor events, processes and devices, and make adjustments in enterprise and industrial operations. Historically, IT and OT were managed by separate organizational silos without any interdependence on one another. However, over the past decade, a slow yet steady paradigm shift has taken place.

Why does IT/OT Convergence Create Security Vulnerabilities?
IT/OT convergence creates a security vulnerability because IT security solutions lack visibility on what connected devices and systems are accessing on the network. As an organization adds more IoT devices to the network, the vulnerability to the enterprise grows. Cybersecurity experts often refer to this as the “growing OT (or IoT) attack surface.” Since the devices are not visible, they cannot be identified, isolated and contained. This means that if OT/IoT devices are breached, malware and ransomware can more easily travel laterally across a network and gain access to data and critical systems.

Industrial Internet of Things (IIoT) includes devices used by industry such as robots, Supervisory Control and Data Acquisition (SCADA), Programmable Logic Controller (PLCs), and sensors networked together with industrial applications, including manufacturing and energy management.

Onclave Networks, Inc. is a global cybersecurity leader safeguarding Operational Technology (OT), IoT, and IT devices, using a Zero Trust protection enforcement policy across disparate transports including 5G, wireless, satellite, and physical wire or fiber. The Onclave data security communications platform is based on patents the company holds related to blockchain management. As a result, the Onclave TrustedPlatform™ dramatically reduces cyberattack surfaces, breaches, network complexity, including the costly overhead created by shared infrastructure – enabling a more efficient and secure way to operate and communicate.

Incorporated in 2016, the founders focused on bringing the same level of protection to IoT that our military and Intelligence Community employs to protect our nation’s most critical assets.

Delivering an integrated solution based on Zero Trust and microsegmentation, the Onclave TrustedPlatform™ is well-positioned to protect critical systems and vulnerable endpoints across all sectors on-prem and in the cloud.

Onclave brings Zero Trust to communications by securing networks from the edge to the core.

The TrustedPlatform™ is our core product with multiple components and form factors enabling fast and simple implementation.

The Onclave TrustedPlatform™ is made up of multiple components and services to both create and manage enclaves as well as monitor and alert on the devices being protected by the enclave. Here are some highlights of each component:

Secure Blockchain

• Private multi-segment and multi-path blockchain
• Based on Onclave’s Dynamic Cipher Key Management (DCKM) patent
• Manages identities, trust, and state of devices
• Only accessed by the devices that are created with the paired Administrative Console and correct identity

TrustedDMS™

• Performs discovery and monitoring of all protected devices
• Behavior Based Rules Engine establishes known patterns for all protected devices
• Smart Alerts based on anomalous behavior of protected devices
• Integrated messaging and message que with TrustedOrchestrator™ using REST APIs

TrustedOrchestrator™

• Single integrated interface that builds secure enclaves (topologies)
• Zero Trust Policy Engine
• Provides dynamic deployment of secure virtual segmented networks over existing infrastructure

TrustedBroker™

• Used to create trusted and secure communications with TrustedEdges™
• Has its own root of trust cipher key generator for establishing cryptographically secure layer 2 secure tunnels between Onclave TrustedBrokers™ and Onclave TrustedEdges™

TrustedEdges™

• Device that forms the basis of a cryptographically secure enclave connected to an Onclave TrustedBroker™ or another Onclave TrustedEdge™
• Can take the form of an embedded device such as in a camera or a standalone appliance
• Own root of trust cipher key generator for establishing cryptographically secure layer 2 secure tunnels between other TrustedEdges™

Onclave’s decision to use blockchain was simply because it offered the most secure record of transactions in a decentralized trust framework using a distributed architecture. Each block forms an immutable record of transactions for every device we register into the blockchain, allowing for a reliable and trustworthy audit capability.

• Blockchain allows for assurance that the data we get can only come from a correct device
• Transactions come directly and only from the device, on a secure trusted connection, to the blockchain
• Data cannot be tampered with; therefore, we have assurance that we understand how the device is set up currently as well as it’s complete history

Onclave’s Patented Unique Features

• Multipathing, allows for quick access of all device’s data on the blockchain
• Multi-Segmenting, allows for old data to be archived, but the integrity of the node is assured

Additional Information hosted by our Nodes

• Nodes also host other information which gives insight into the state of the blockchain, and allows quick access to see the blockchain data
• Nodes choose when to segment the blockchain, allowing for data to be archived
• Archived data that is segmented is still represented on the chain, so chains with segmented data are still able to act as full nodes, write to the blockchain, and confirm other nodes that host the full blockchain

The Onclave TrustedPlatform™️

Include a breakdown of overall benefits of Onclave’s TrustedPlatform.

Onclave’s TrustedPlatform™️ Cost Benefits
can save you money in three ways: Security costs, operational costs, and connectivity costs.

1. Lower Security Costs: Enterprises can eliminate the need to purchase Virtual Private Network (VPNs), firewalls, or Secure Access Service Edge (SASE) technology since Onclave’s TrustedPlatform fully implements a true Zero Trust Architecture (ZTA) design that far exceeds anything that a VPN, firewall, or SASE technology can implement.

2. Reduced Operational Costs: Through the TrustedPlatform™️, automated monitoring system, as well as simplified management system, enterprises will no longer need to operate multiple management and monitoring systems to protect networks. Onclave’s platform integrates monitoring and management of networks under one platform, reducing operational costs to run a network.

3. Lower Connectivity Costs: Onclave’s technology can cut down costs for scalability in connectivity. As more users begin to work from remote locations, securing remote access becomes more difficult as well as more costly with scale. The Onclave TrustedPlatform™️ can guarantee a secure network connection from any location through our L2 encryption technology.

Onclave integrates techniques and technologies used by the U.S. Department of Defense and Intelligence Community, with our own patented technology. Our platform uses techniques developed by the Intelligence and Defense community, with our own technology, to accelerate enterprises to a Zero Trust framework that’s more secure, easier to manage, and lower cost that the traditional Informational Technology (IT) approaches and technology.

The TrustedPlatform™️ is designed as an overlay, which allows it to integrate into existing infrastructures and use cases. The TrustedPlatform™️ can be expressed physically, virtually, and in hybrid scenarios where a mix is needed. This also includes any cloud-based environments such as AWS, Azure, DigitalOcean, and others.

Because the TrustedPlatform™️ was built from the ground up, we were able to design an implementation process that aligns with the NIST Risk Management Framework (RMF). This approach allows for phased implementations where networks can be tackled piece by piece rather than the fork-lift approach.

Lastly, for physical implementations, TrustedPlatform™️ appliances can be implemented on Commercial Off the Shelf (COTS) hardware. There are no special components to purchase or expensive technologies to implement. Just like any other piece of software, there are minimum system requirements to adhere to, to get the most out of your setup and to meet expectations. Most common hardware available today, such as Raspberry Pi’s and other Single Board Computers (SBCs) can run components of the TrustedPlatform™, all the way to enterprise servers.

Based on consumer needs, Onclave can fit any number of devices into an enclave. Enclaves are not limited by device amount, but rather the amount of bandwidth and data flowing through a port based on device activity within the network. The TrustedPlatform™ can scale indefinitely to fit all device needs.

Yes! The ability to manage any number of devices inside an enclave and the ability to manage any number of enclaves is only restricted by network bandwidth and the compute capacity (horsepower) needed to handle the data throughput requirements.

For example, an enclave might be setup to have hardware appliances that allow for 700Mb of collective throughput. The bandwidth needs of the enclave are not calculated by the number of devices but by the total bandwidth needed of all the devices. Therefore, there could be 700 1Mb devices, or conversely, one 700Mb device, and anything in between.

Network manageability refers to the collective entity of devices that can be managed. This alludes to the degree of ease in which the network and the network of devices can be manipulated and secured. Onclave manages devices through The TrustedOrchestrator™ and TrustedDMS™ (Discovery & Monitoring Services).

Onclave’s TrustedOrchestrator™ allows network admins to build network topologies and enclaves. Through the TrustedOrchestrator™, an admin can view all enclaves, and organize devices into segmented networks for improved security.

Onclave manages devices by utilizing the TrustedDMS™, which is passively monitoring the network and checking to find high level anomalous behavior. If any activity is discovered, it is blocked from entry and flagged for further inspection. If suspicious activity is detected, the TrustedOrchestrator™ is notified by the TrustedDMS™, and the issue is resolved. Devices can be easily managed and configured using the TrustedPlatform™.

The Onclave TrustedDMS™ is a vital component of the Onclave TrustedPlatform™ providing initial discovery of devices and then behavior-based monitoring of all devices protected by the enclave. The Onclave TrustedDMS™ records device MAC addresses, IP addresses (if they exist), TCP and UDP ports from traffic flows, and common behavioral patterns in order monitor devices on a network. The Onclave TrustedDMS™ issues Operator Alerts for:

1. New Devices
2. Unknown IP addresses & Ports
3. Behavior differs from a previously discovered common behavioral pattern.

The Onclave TrustedOrchestrator™ is a rules-based policy engine used to facilitate the creation of enclaves and manage the relationships between the Onclave TrustedBrokers™ and the Onclave TrustedEdges™. Within the Orchestrator, an enterprise could utilize the single integrated interface to build their network topologies and organize their devices to enhance the security of their network. The TrustedOrchestrator™ is a Zero Trust Policy engine that provides dynamic deployment of secure virtual segmented networks over an existing infrastructure.

Onclave TrustedDMS™️ sensors collect data regarding the devices that are protected: the media access control (MAC) and internet protocol (IP) addresses, traffic flows and their ports, and common behavioral pattern. This information is sent to the TrustedDMS™ for analysis and creation of custom alert rules.

The Onclave TrustedDMS™️ sensors can run on the TrustedBroker™ or as dedicated sensors reporting via a Secure Enclave back to the TrustedDMS™️ server. All monitoring is passive, active scanning is not performed by the Onclave TrustedDMS™️.

The dynamically created alert rules are used to notify customers of any abnormalities in the devices. TrustedDMS™ also forwards the alerts to the TrustedOrchestrator ™, where an action can be performed, such as isolating a device, if required. The TrustedDMS™ is the rules & monitoring engine of the Onclave TrustedPlatform™.

Once the to-be-protected devices are identified for the enclave and protected by an enclave, the monitoring component continues to run within the protected environment. The Onclave TrustedPlatform™ uses a set of API’s between the TrustedOrchestrator ™ and the TrustedDMS™ to exchange information regarding the secure enclaves, devices enrolled in the specific enclave, and alerts per enclave. This continuous protection is mandated by the NIST RMF.

The Onclave TrustedPlatform™ manages and protects the communications of devices. The TrustedPlatform™ does not manage the device health or native functional features of a device.