Authenticate First, Connect Second: Cradlepoint Launches New SDP Solution


If securing IoT networks is keeping enterprise IT – and OT – teams awake at night, it’s for a lot of good reasons.

After decades of keeping up with the demands of business units and increasing pressure on ensuring networks are secure, information and operations technology teams are finding themselves struggling with more sophisticated cyber-criminals, more highly public attacks on huge enterprise data and computing environments, and a growing attack surface that is making even voice networks and security cameras a way in to steal private information and confidential data.

And if that wasn’t enough, with the rise of ransomware, enterprise executives and their investors and boards are asking the appropriate hard questions about whether – or not – a cyber-criminal can penetrate a network and take that network down unless millions of dollars are transferred. Some security experts believe there are far more ransomware attacks – and hacks in general – that are unreported given the reputational damage that can happen when customers learn these enterprise networks, e-commerce systems, and payment systems are vulnerable.

Given all that, what CIO would push to add IoT endpoints to enterprise networks, only increasing the “ways in” – for malicious intruders but also for havoc caused unintentionally when more and more endpoints are lit up, in corporate offices, branch offices, factories, franchisees and other distributed locations?

Cradlepoint has been out to solve for the expense and complexity of adding “things” to enterprises for years, and while they also provide non-IoT distributed enterprise connectivity services through channel partners (SIs, MSPs, CSPs, etc.), almost 50% of their business and growing is being driven by some of the most mature IoT implementations in the industry.

The majority of that has been driven by the early pioneers of M2M and IoT, R&D and product groups adding “smartness” through instrumentation and connectivity, and through manufacturing which uses IoT to operate production less expensively. IoT is now making its way into enterprise IT, and enterprise IT is having to figure out how to accommodate it while also managing a lot of the pressures outlined above, and often with a shrinking budget.

Today, the company announced the general release of a new Software-Defined Perimeter solution that makes it possible to create fully secure and “dark endpoint” private networks – including application-specific extranets – over multiple IP network types. Their SDP technology is “NVF” and “SDN” native – built to run over virtualized networks and in virtualized environments, leveraging the investment both CSPS and Enterprises have been making in software-driven connectivity.

“Our bias has been towards building parallel networks for several years,” explained Ken Hosac, vice president of Cradlepoint IoT Strategy and Business Development, “and that has paid off nicely as IT and OT has learned that they don’t need to run everything off a common IP network. With the development of this new software security capability they also can be assured that the parallel networks they are responsible for administering and managing are super secure with layers of encryption, Identity Access Management, Privileged Access Management and more built in.”

The security is now “inside the network” and as Hosac puts it, “We’ve turned the old approach inside out – instead of connecting and then authenticating, now sessions are authenticated first and connected second.”

Cradlepoint has been able to accelerate the development of their flavor of SDP, in the context of their existing and broadly implemented NetCloud platform, with nearly $90M of new investment which came to Cradlepoint earlier this year. The SDP market is growing (along with all security technology markets) and given the pace and volume of cyberattacks, Cradlepoint seems to have wasted no time developing and implementing their software in beta mode over the last few months, making it GA today.

“We work very, very closely with the enterprises we have built relationships with and served since our inception,” Hosac said. “And we work very closely with our technology and channel partners, so we really understand the requirements and we write to those – not the other way around.”

The SDP solution announced today works over any wired and wireless Internet connection to protect devices against attacks and isolate them from IT infrastructure, and this includes networks which are not “Cradlepoint” per se. “We’re a software company,” Hosac said, “though a lot of people still know us for the hardware we have been successful with. We’re able, however, to build for a more open world of IT which is another huge advantage given that we do not lock in customers as more traditional networking technology companies still do. They know they can add additional security, for example, using SDP layering it into their environment, and to the parallel networks we’ve also built with and for them.”

Private cloud creation happens over a platform to secure and isolate IP-connected devices, including M2M, IoT and mobile endpoints. “This is, for sure, a much more robust and less complicated and expensive approach compared to VPNs,” which Hosac sees on the way out, along with MPLS.

“It is now so much easier to configure, deploy and scale up private IP networks, for the most distributed enterprises, supporting many different applications without putting all networks and applications at risk,” Hosac said.

A recent Cradlepoint-sponsored State-of-IoT report conducted by Spiceworks found 69 percent of the 400 businesses surveyed with 500 or more employees have deployed or plan to deploy IoT solutions within the next year. Of the deployment concerns cited in the survey, security and solution cost ranked highest at 41 percent and 35 percent.

Despite security concerns, 49 percent of businesses surveyed have deployed IoT devices on their existing enterprise network – creating a sizeable attack surface and new threat vectors that traditional network security tools can’t cover.

“Internet connected security cameras have been infected by bot-net attacks,” Hosac said, “and enable pivot attacks into enterprise IT systems. But now, IT and OT teams have a new line of defense, new layers of security that can be managed without having to hire or train a lot of new people.”

NetCloud Perimeter, part of Cradlepoint’s NetCloud platform, is a cloud service that shields enterprises from connected device threats by providing a private cloud network that overlay the Internet or enterprise network with a virtual perimeter to isolates and protects M2M, IoT and mobile devices. It further provides a closed, invitation-only network with its own private IP address space to cloak devices from the outside world.

According to the company’s news release, benefits of NetCloud Perimeter include:

  • Simple to configure and deploy in minutes
  • Global footprint that is accessible from any wired or wireless connection
  • End-to-end visibility and control through NetCloud Manager
  • Micro-segment M2M, IoT and mobile devices by user, device and application
  • Configurable secure Internet egress protected by integral firewall and carrier-grade NAT
  • Active Directory and private DNS server integration shields against DNS-related threats.

When deployed over 4G LTE, NetCloud Perimeter’s encrypted and fully switched overlays can reduce the need for costly and complex private Access Point Networks (APNs) and static IPv4 addresses that are scarce on many cellular networks.

“The way you connect and protect an IoT device network with potentially hundreds of thousands of Internet-attached endpoints is very different from the traditional enterprise security model for branch sites and WinTel PCs,” Hosac stated. “NetCloud Perimeter represents a clean-slate approach to device networking that combines a Software-Defined Perimeter architecture with private IP overlays and cloud orchestration to deliver optimal security, availability and control as well as logical isolation from the Internet and private networks.”

Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Contributing Writer

Related Articles

Direct-to-Device Innovation, Courtesy of Viasat and Skylo Technologies

By: Alex Passett    11/28/2023

Viasat and Skylo Technologies seek to unlock the potential of Direct-to-Device (D2D) services for consumers, businesses and governments around the wor…

Read More

5G IoT Connectivity to Benefit from New Partnership Between OQ Technology and o2 Telefonica

By: Alex Passett    11/27/2023

OQ Technology and o2 Telefonica have signed their MOU on boosting 5G IoT connectivity together, kicking off mainly in Q2 of 2024.

Read More

Schneider Electric Integrates Microsoft Azure OpenAI for Sustainable Solutions

By: Greg Tavarez    11/21/2023

Schneider Electric tapped into its collaboration with Microsoft to integrate Microsoft Azure OpenAI into its operations, utilizing algorithms to gener…

Read More

Connectivity Standards Alliance Unlocks the Future of Digital Access with Aliro

By: Greg Tavarez    11/20/2023

Aliro is a new effort aimed at transforming how users unlock doors or other entry points using their mobile device or wearable.

Read More

AEye Introduces In-Cabin Lidar with Peak Performance

By: Greg Tavarez    11/16/2023

The 4Sight Flex is designed to be energy-efficient and low-cost and can detect objects up to 275 meters away.

Read More