How to create truly private connections on the public Internet

Unbreakable, 2000, directed by M. Night Shyamalan, Touchstone Pictures

Unbreakable was a superhero thriller movie in which a former star football quarterback turned security guard gains the ability to sense criminal acts. In one scene he sees a janitor invading a family home, “I like your house. Can I come in?”

This scene is a terrifyingly accurate metaphor for security on the public Internet.

Connect first, authenticate later.

If we consider that the Internet is a bit like our road networks and the cars and trucks travelling across it are our data packets, then today anybody can get in their car, drive to your house and try to break in. Even without a key they can try the locks, peer through the windows or wait around for an opportunity to enter.

Uninvited parties can approach computer networks and connected systems at will, unless precautions are taken because the Internet functions on the principle of “connect first, authenticate later”..

Universal connectivity embodies the modern Internet, but its open-by-default design forces us all to adopt reactive, time-consuming and error-prone approaches to computer security — effectively requiring us to play a strong defensive game.

This asymmetry between security and connectivity has spawned an entire industry of security companies which, over the last two decades, have flooded the market with solutions and middleboxes that aim to police traffic by building higher walls and digging deeper moats at the edges of our networks.

Next-generation firewalls and VPN servers, no matter how advanced, are still playing a defensive game. Our industry’s collective mind set still assumes that good security requires a good defence, because you’re going to get attacked. Right?

The Shodan.io project shows us just how hard this is to get right. Looking for connectable database servers at the time of writing, we find:

That’s over two million publicly accessible database servers which will gladly greet you with the phrase “Hi, I’m the production database server! Who are you?”.

All of these systems are potential targets for misconfiguration, weaponized exploits, worms, brute force attacks and stolen or weak credentials. Why? Because building private connectivity is still too hard.

For the last twenty years, private networks have largely been a myth.

Every time we open a port on the firewall, or configure a server to accept incoming connections to build private connectivity it’s just more of the same, no matter how much security middleware we add.

Enclave is different. It builds end-to-end encrypted and direct (peer-to-peer) connectivity between systems, removing the need for VPN servers in between.

Even when firewalls, VMs, or containers are in between, it just works. In fact, by utilising outbound-only traffic to build connectivity, Enclave allows firewalls on both sides of a connection to remain closed, darkening your systems to the public Internet.

By allowing your firewalls to do their job, Enclave reduces attack-able surface area and cloaks applications with invisible network access gates which only materialise when certain trust standards are met, protecting you from discovery, targeting and attack.

Secure, micro-segmented connectivity without the hassle of a VPN or ever needing to think about network configuration or look at a firewall again.

Ready to try Enclave?

Ready to try Enclave?

Create a Free Account

Related Posts

  • It’s time to say goodbye to your VPN

    Building VPN pathways into your organisation is a security disaster waiting to happen. Just ask Travelex.
    It’s time to say goodbye to your VPN
  • What is Zero Trust Network Access (ZTNA)?

    What is Zero Trust Network Access (ZTNA)?
  • Can we have VPN connectivity without VPN servers?

    Can we have VPN connectivity without VPN servers?
  • Is it finally time to kill off the VPN?

    Entrepreneurs often become not only overconfident about their startups but also about their personal influence on an outcome
    Is it finally time to kill off the VPN?

Request a Demo

Connect all of your computers, servers, cloud instances and containers across any infrastructure with secure private networks that just work. We'll show you how to use Enclave to:
  • Introduce a zero-trust network access model.
  • Avoid ACLs and VPNs to secure network access.
  • Leverage your firewalls to darken your network.
  • Protect against discovery, targeting and attack.
After completing this form, a member of our team will contact you to arrange a short product demo at a time of your choosing.

Request a Demo

Connect all of your computers, servers, cloud instances and containers across any infrastructure with secure private networks that just work. We'll show you how to use Enclave to:
  • Introduce a zero-trust network access model.
  • Avoid ACLs and VPNs to secure network access.
  • Leverage your firewalls to darken your network.
  • Protect against discovery, targeting and attack.
After completing this form, a member of our team will contact you to arrange a short product demo at a time of your choosing.