Multipath VPN for Security and Resiliency


In my neverending quest to find new, meaningful, and unique security solutions and strategies for the readers of Brilliance Security Magazine to consider, I recently talked with Rajiv Pimplaskar, President & CEO at Dispersive. We discussed Dispersive’s radically different, cloud-native approach to virtual networking, how it works, how it’s different, and applications where security practitioners may use it to enhance an organization’s security.

The concept behind a new data in transit technology

Dispersive provides accelerated, private, and secure virtual networking for cloud, branch, mobile devices, and embedded IoT. Their approach to virtual networking promises to deliver new levels of security, resiliency, and performance. It’s all within the context of a zero-trust strategy to protect data in transition.

Dispersive is about a year old and relatively unknown in the industry. Their technology was born from some challenging problems that the Defense Advanced Research Projects (DARPA) agency has been trying to solve for a while.

A few technologists with backgrounds in satellite communications, signals intelligence, and cryptography were looking at nation-state adversaries and how they might infiltrate critical infrastructure networks. They were concerned about man-in-the-middle attacks, traffic interception, and deflection for disruptive reasons.

Conceptually the protective measures these researchers looked at are similar to how smartphones use spread spectrum technology to interact with cell towers today. The application of radio frequency-hopping spread spectrum originated with the US Navy after the second world war as the government searched for ways to solve the potential problem of jamming radio frequencies used to direct guided torpedoes.

The Navy created a way of adding intentional noise into the signal, spreading it over a wide range of frequencies and then intelligently amalgamating them together. This technology was the predecessor of Code Division Multiple Access (CDMA), W-CDMA, and all the spread spectrum 5G Ultrawideband we have today.

Because of widespread digitalization, organizations no longer have visibility or control over how their sensitive data is routed. With public cloud and SaaS applications, they necessarily rely on third-party vendors who themselves are dependent on third parties. To solve the problems that customers have around trying to implement zero-trust, Dispersive has taken the same concepts that work in the radio frequency world and applied them to TCP/IP and the internet to enhance security.

Dispersive’s solution addresses the problems caused by a lack of control. It ensures that corporate resources—whether users or sensitive data—stay secure regardless of what they encounter outside the organization’s control. They accomplish zero-trust network access even across public clouds or untrustworthy third party networks by establishing highly secure active multipath transmissions.

Resiliency and Security

Multipath technology has been used typically to provide a higher level of network resiliency. If the primary or active path fails, the data redirects to a passive secondary route. This scheme is excellent for resiliency but does little to bolster data security.

On the other hand, Dispersive uses an active/active multipath to enhance security, and the additional resiliency is a byproduct of that protocol. Additionally, they offer the ability to dynamically roll around pathways that may be compromised, by a DDoS attack, for example.

Dispersive provides three essential network resources: virtual endpoint clients/gateways, strategically placed deflects, and controllers. Like any SD-WAN technology, you have an orchestration plane, a control plane, and a data plane. However, only Dispersive uniquely ensures that all of these are separately encrypted, separately obfuscated, and cannot be disentangled by compromising one or the other.

They deploy their containerized network fabric in a multi-cloud, multi-tenant model where they operate a SaaS solution that runs on top of Azure, AWS, or GCP. In some cases, their multipath VPN directs hyperscalers, data center operators and others.

Dispersive can provide a software-only version of their solution for certain global systems integrators and the federal government. These partners typically have their own trusted cloud resources, so they deploy Dispersive’s software on top of that.

Dispersive makes it virtually impossible to intercept data in transit because they are dispersing the payload across multiple routes. Even if a nation-state threat actor that can read Layer 2, Layer 3, or Layer 4 traffic and do hash matches against it is tapping into your network, they’re still only able to decrypt that particular stream, which is a subset of the overall. And on top of that, they rotate the keys constantly.

Conclusion

To be clear, Dispersive is not a sponsor of Brilliance Security Magazine, but it could be well worth your effort to learn more about them. If you are looking for a better way to enhance your security posture by protecting data in transit, dynamically splitting session-level IP traffic at the device, edge, or cloud into smaller, independent, and individually encrypted packet streams may be just what you need.


Steven Bowcut is an award-winning journalist covering cyber and physical security. He is an editor and writer for Brilliance Security Magazine as well as other security and non-security online publications. Follow and connect with Steve on Twitter, Facebook, Instagram, and LinkedIn.