Zero Trust Microsegmentation

Achieve Greater OT / IoT Workload Security with Cryptographic Segmentation

Zero Trust Microsegmentation applies zero trust security principles to microsegmentation, which is the process of creating zones within a data center or cloud environment to secure critical workloads.

Dynamically Managed Private Network - Onclave Networks

By combining the two into one solution for OT and IoT, Onclave’s TrustedPlatform™ is a dynamically managed private network that creates secured point-to-point communications with L2 over L3 encryption. This effectively eliminates the OT and IoT network attack surface and improves overall breach containment to:

Increase your general infrastructure security

Simplify your management, and

Lower your overhead and cost (long & short term)

Why Zero Trust?

Zero Trust is a set of guidelines that help create a more secure network architecture and prevent breaches by eliminating any presumption of trust of users, devices or data regardless of their physical location or access history.

Zero Trust is dominating network security planning in government and business, because IT-based security solutions, which assume everything behind a firewall is safe, have become unreliable. 

Not only have cybersecurity attacks become more sophisticated, but the growth of both remote access users and the integration of Operational Technology (including IoT) with IT networks have also expanded the attack surface beyond the capabilities of IT security solutions to protect.

“Digital transformation and adoption of mobile, cloud and edge deployment models fundamentally change network traffic patterns, rendering existing network and security models obsolete.”
– Gartner, Market Trends: How to Win as WAN Edge and Security Converge Into the Secure Access Edge, 2019

IT security solutions, like VPNs and firewalls, trust what is operating inside the network. The challenge is that these systems cannot monitor the hundreds and thousands of different operating systems driving OT and IoT devices or safeguard the various points of entry. 

Once a hacker gains access to any of these networks, they can move freely and access data from other areas of the network and deploy malware and ransomware.

Bringing Trust to Communications

Onclave’s TrustedPlatform™ and our Zero Trust process align with the technologies and techniques recommended in the National Institute of Standards and Technology (NIST) Zero Trust Architecture (SP 800 – 207) (ZTA). This includes visibility and controlled communications between remote users, devices, applications, workloads, data centers, and public cloud environments.OT Attack Surface is Greater - Shows OT and IoT - Onclave Networks

To achieve Zero Trust protection, organizations need to deploy network security that enables you to:

Identify all endpoints for Operational Technology not recognized by IT security

Continuously monitor all network devices and endpoints

Detect, isolate, and contain users and data that lack authorization

In a typical, co-mingled network environment, you can see many systems and devices dependent on a single defensive perimeter for the network (see diagram below). This is how many networks are structured, but they are not secure from today’s cyberattacks.

Co-mingled Network Environment - IT and OT systems and devices

To reduce a network’s attack surface, Onclave Networks uses secured point-to-point communications aggregated into networks with their own root of trust.

Cryptographically Separated Enclaves - Not Visible or Exploitable - Onclave Networks

Learn how Onclave delivers Zero Trust,
Click below to download our white paper.