Interoperability and Extensions

As a standards-compliant IP (layer 3) network, the ENF is compatible with all servers, gateway/host/device manufacturers, software vendors, and cloud hosts. The following capabilities illustrate its interoperability:

• Access to the ENF is not limited to a specific list of devices or operating systems. Customers can leverage existing assets – wired or wireless.
• It is agnostic to physical-layer protocols and can use any available last-mile network, including cellular, WiFi, and ethernet. It enables easy switching between the most optimal and affordable connectivity options.
• It can tunnel multiple transport layer protocols. There are no SDKs or agent platform lock-ins. ENF clients require only standard TLS & crypto libraries.
• It works with whatever cloud host the customer has in place. It supports not only the top-tier public clouds but also private providers or data centers.

Moreover, such flexibility extends to tools of the customer’s choice. Please get in touch with the sales team to learn more about how Xaptum can partner with customers to actualize such extensions.

• Xaptum can host these (e.g., the IDS/IPS tool Snort) or an ENF network tap can be configured to send a copy of all traffic through the customer’s existing security tool.
• Any NMS (Network Management System) can be integrated using ENF APIs – OpenDXL Ontology or REST.
• Xaptum’s SASE fabric goes hand in hand with Kubernetes to securely automate deployment, scaling, and management of containerized applications/workflows.

The following subsections dive deeper into potential integration scenarios with the open-source tools mentioned above.

Snort

Snort is an open-source intrusion prevention system from Cisco, capable of real-time traffic analysis and packet logging on IP networks. Snort IPS uses a series of rules that define malicious network activity, alerting admins when suspicious traffic is detected. It can also be deployed inline to drop such packets.

Snort can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, and more. It can be used as a packet sniffer like tcpdump, a packet logger (for network traffic debugging, etc), a network file logging device (capturing files in realtime from network traffic), or as a full-blown network intrusion prevention system.

Snort can enable Xaptum to look deeper (than just layer 4) for malware and malicious traffic by enriching its single-pass packet inspection. Of course, Snort is just one example of an IDS/IPS tool that can be integrated with the ENF for added security.

OpenDXL

Launched by the Open Cybersecurity Alliance, OpenDXL Ontology is the first open-source language for connecting cybersecurity tools and systems through a common messaging framework by removing the need for custom integrations between products that can be most effective when communicating with each other but suffer from fragmentation and vendor-specific architecture.

OpenDXL aims to streamline security automation that leverages disparate tools from different vendors to achieve consistent, beneficial outcomes. An Ontology interface would provide an effective means for Xaptum to communicate the customer’s network traffic or security metadata with third-party systems, such as their existing NAC (Network Access Control) tool.

Kubernetes

The expansion of edge computing has escalated the need for a modern, distributed, microservices-based software architecture. Containers allow for applications to be broken into smaller, independent pieces that can be deployed and managed dynamically. The accompanying support for containerization (say through Docker) enables application portability and helps simplify application deployment and orchestration.

Consequently, the foremost open-source container-orchestration system, Kubernetes, has proven to be surprisingly well suited to manage complex, decentralized, and distributed environments. One of the key benefits extended is Self-healing – “Kubernetes restarts containers that fail, replaces containers, kills containers that don’t respond to your user-defined health check, and doesn’t advertise them to clients until they are ready to serve.”

Such a feature-rich and resilient infrastructure layer is complementary to Xaptum’s SASE fabric. By implementing a CNI (Container Network Interface) plugin, the ENF can securely connect dispersed containers, providing the needed foundation for deploying Kubernetes to automate edge orchestration.