The Airwall Solution

The Airwall Solution makes your connected ‘things’ invisible. It eliminates network-based attacks, secures remote access at scale, and extends the life of existing infrastructure investments. It effectively reduces cyber risk and makes securing a corporate network less complex.

Airwall addresses the problems inherent in the existing solutions that tell you you need more firewalls, VPNs, VLANs, ACLs, SSH keys, etc., but that you’re never really secure.

The problems with TCP/IP

The root of the problems with the existing solutions lies within IP’s own shortcomings. TCP/IP was created with connectivity, not security, in mind. As the number of devices on a network increases, so too does the vulnerability to cyber attacks and the complexity of IP-based network security. The answer to these challenges is a trusted networking architecture model based on cryptographic identities.

Airwall offers a better way

The Airwall Solution is an infinitely better way to keep it all safe. It enables you to:
  • Secure first, and connect later.
  • Provide secure access and total invisibility at any scale, across any network.
  • Secure your local datacenter and your global infrastructure with a solution that allows connections across both.
  • Secure every endpoint in your network, with true micro-segmentation and secure remote access.

Make all of your things Invisible

Airwall allows only trusted and cryptographically-identified “things” to connect, creating a network that is more secure and flexible than the traditional TCP/IP model. The network just doesn't respond to any non-trusted sources, so all of your "things" are protected.

Easily deployed

The Airwall Solution enables you to easily deploy and extend a unified, trust-based, and encrypted network. Micro, macro, and cross-region segmentation, as well as global IP mobility are simple to set up. Deploying and maintaining intra-cloud (region to region), cloud-to-cloud, and cloud-to-data center cryptographic trust-based communications becomes simple, verifiable, and secure.

Airwall works on Existing Networks

Airwall requires little to no modification of the underlying network or security infrastructure. It provides a simple, policy-based configuration of devices or groups of devices that are explicitly trusted based on allowlisting. This trust, based on unique cryptographic identities, determines what systems or machines can initiate and establish communication before any data is exchanged.

The Airwall Solution is set up using the Airwall Conductor, an intuitive, visual, point-and-click management and orchestration engine. The Conductor easily manages a network, regardless of how many devices are part of it. Our Airwall Edge Services are software products delivered in different forms to support our commitment to securing any device, anywhere.

Built on the Host Identity Protocol (HIP)

The Tempered Airwall Solution uses Host Identity Protocol (HIP), an open-standard network security protocol that provides provable host identities. This technology has been recognized by the Internet Engineering Task Force (IETF) as the next possible major improvement in IP architecture, making HIP a true paradigm shift in networking that solves the fundamental security flaws of TCP/IP. HIP was formally ratified by the IETF in 2015, capping 15 years of successful development and deployment in coordination with several major companies (Boeing, Verizon, Nokia) and standards bodies (Trusted Computing Group, IEEE 802).

Instead of using the flawed dual function of the IP address, HIP assigns identity with 2048-bit RSA public keys and assigns location with the original IP address. These identities are permanent, location-independent cryptographic identities that are connected to machines or networks, enabling security by default with verifiable authentication, authorization, and host-to-host encryption.

Within TCP/IP, there are two globally-deployed namespaces that allow the Airwall Solution to uniquely identify a host or service: IP addresses and DNS names. However, due to the fundamental flaws of TCP/IP, both namespaces are problematic for networks. HIP introduces a third option for namespaces: the Host Identity Namespace (HIN). The HIN is compatible with the current namespaces, and provides global IP mobility and security policies based on unique cryptographic identities. It overcomes many of the fragile and costly challenges of traditional TCP/IP networking.