Remote work models and accelerating changes in the information-based businesses call for more decentralization. This comes with risks, especially those related to cybersecurity and smooth interactions between legacy and new-generation working environments.
As companies scramble to decentralize their information network, one thing they tend to focus on is securing the network edge. But that may not be enough to ensure smooth accommodation to online remote work environments, as legacy software and new infrastructures need to work well together.
Grey Matter is a mesh networking platform that helps ensure smooth business operations in changing working environments. CyberNews reached out to Jonathan Holmes, Chief Technical Officer at Grey Matter, to talk about how the pandemic raised the need for such mesh networking solutions and what part their technologies play in securing data and proper functioning of decentralized businesses.
Tell us more about your story. How did Grey Matter come about?
Early in our journey, we were asked by a large global enterprise-scale organization to help modernize their software and system environments. They had a combination of needs, including adopting microservices, preparing to operate in the hybrid/multi-cloud environment, and modernizing their collection of legacy assets while keeping up their critical business operations.
The first iteration of Grey Matter incorporated a proprietary data plane with a high level of security and hybrid discovery, supporting their basic business needs. Since that time, Grey Matter has evolved into a full IT Operations distributed service mesh platform based on three fundamental tenets: Trust Nothing, See Everything, and Manage Complexity.
At our core, we still provide a service mesh baseline with our own control plane and data plane - both based on the popular open-source Envoy Proxy projects. However, we have since added support for other control planes such as Istio. Building a full-service platform while closely adhering to the needs of a highly security-conscious global enterprise provides a unique perspective into what really matters from both the tech and business perspectives. That’s why we doubled down on zero-trust security, operational insights, and AI-based automation, taking advantage of the fact we operate at the L3, L4, and L7 layers. This affords us more granular access, governance, risk management, compliance (GRC) control, and telemetry data access than any other mesh-based platform on the market today.
What are the main issues your products help solve?
Grey Matter solves the challenges introduced by service-based architectures, microservices, and mesh-enabled application approaches. Applications, services, and cloud software delivery have changed how networks are designed. Now, components are disconnected, creating a multitude of software endpoints dispersed across the enterprise.
Grey Matter uses the service mesh ecosystem to create connected intelligence. This enables IT operators to control, intervene, and visualize their modern software environments. It enables software and system network configurations as code, converging NETSECOPS and DEVSECOPs. Using pipelines ingrained in best practices like GITOPs, the platform helps enterprises deliver services on their network and ensure governance, risk mitigations, and compliance for every addressable network endpoint within the multi-cloud/hybrid environment. Grey Matter allows rapid software adoption coupled with significant automation in a secure, repeatable, and controlled manner. It addresses challenges related to congestion control, traffic prioritization, overloaded services, optimized routing, API management, explicit security enforcement, GRC management, AI-enabled networks, and IT operations intelligence.
Federated service-based architectures introduce a tremendous amount of networking & infrastructure layers into the stack. While using open-source software (OSS) may seem initially sufficient, enterprise needs and solutions quickly outgrow OSS viability. The management and operation of an OSS layer become costly to maintain. It often requires the introduction of many pieces of additional OSS into the overall solution. Keeping up with the latest security and software patches creates a lot of lost opportunity costs. Grey Matter simplifies applications, services, and network functions by decoupling them while providing end-to-end security, hybrid workload management, dynamic traffic shaping, audit management insights, and much more.
You mention the use of service mesh quite often when describing your platform. Can you briefly describe this technology?
A service mesh is an agentless, configurable, low latency infrastructure layer that enables secure service-to-service communication. It's often implemented as a lightweight network of proxies or “sidecars” deployed alongside application code. These proxies orchestrate the activities of every service or system running within the mesh, providing critical command and control connecting mini, micro, and macro services across- APIs, databases, data streams, and applications residing in containers, cloud environments, and on-premise. The mesh enables service interactions, network management, access control, and other critical functions. It’s what allows microservices to stay “micro” and is key to hybrid and multi-cloud systems interoperability.
Grey Matter is built atop the service mesh ecosystem, creating connected intelligence fed by the copious telemetry, operations, and user data generated by service mesh operations. Grey Matter takes advantage of its depth of observability, data capture, and control to enable management, intervention, visualization, and AI-based automation for modern software delivery. Our goal is to create connected intelligence across multi-cloud and hybrid IT operations infrastructure from the inside out, enabling agnostic analytics-driven intervention and control. Grey Matter uses the core principles of the service mesh to enable an end-to-end IT platform. We leverage control planes, edge gateways, and data places as orchestration elements to control, secure, manage, and visualize all of the modern software running across complex networks consisting of multiple clouds, subnetted networks, container platforms, virtual machines, serverless computing, and more.
How do you think the pandemic affected the cybersecurity industry? Did you add any new features to your services as a result?
Grey Matter is not a cybersecurity tool in the traditional sense. However, due to our customer lineage and pedigree, we are incredibly security conscious.
The pandemic has pushed many enterprises to accelerate their planned modernization and omnichannel strategies, pursuing more cost-effective and decentralized models much faster than they would have done before. One of the biggest challenges that we’ve seen as a result is the further pervasive increase and spread of “soft” end-points. As more and more workers operate from home and remote locations, the stresses and demands on enterprise hybrid, multi-cloud, and legacy infrastructure security increase exponentially. Grey Matter manages conditional access from diversified locations to code-based soft endpoints, such as managed APIs. The platform’s configurable systems command and control, access management, and policy control also introduce secure connectivity from the soft end-point to the route to the data object, protecting sensitive data sets and APIs everywhere within the mesh.
Another notion that the pandemic laid bare was the idea that any enterprise-scale organization can ignore the need for highly secure, multi-channel communications, both in the cloud and on-prem, including legacy brownfield systems.
For us, this actually validates one of our prime focus areas - wrapping, securing, and enabling legacy investments for multi-environment communications. In most enterprise-scale companies, legacy applications tend to be business-critical moneymakers containing critical data. Grey Matter securely exposes these end-points to cloud-native systems and bridges cloud-native systems with those brownfield systems, enabling secure communications and, more importantly, business continuity with minimal downtime.
What are the early signs of compromised network health which, if overlooked, can lead to serious problems?
Every complex network is different. In this way, network health is really quite similar to human health. The relevance of one diagnosis to one person may mean something very different to someone else. There is no 100% reliable indicator of total system health.
However, there are several principles to follow, falling into two broad categories: signal curation and anomaly detection.
Grey Matter's two-pronged approach provides an illustrative example.
First, the platform captures a curated list of signals extractible from the raw metrics and statistics collected from its fleet of proxies. Here, it performs hand-crafted health checks such as:
- Were many recent connections destroyed with active requests?
- Have any retry policies been exercised recently?
- Has any rate-limiting occurred recently?
- Have many requests been canceled due to timeouts recently?
Grey Matter checks these, among many others, to generate early warnings of potential network health degradation directly, based on established expert knowledge.
Second, in recognition of the fact that some indicators of network health are more subtle and "personal" (unique to each network), Grey Matter trains anomaly detectors (powered by neural networks) on data streams from each service to recognize "normal" network behavior. This learning occurs the same way a human would. When services begin to deviate from this learned definition of "normal," the behavior is flagged for review, providing a very early indication and warning message. Nothing may have actually gone wrong yet, but the behavior is significantly different from a previous baseline, and therefore worth investigating.
What are the most common misconceptions people tend to have regarding network security?
One common misconception people tend to have about network security is that it is a technology-only concern. For example, we are strong adherents to, and proponents of zero-trust security. In fact, the Grey Matter platform’s entire security model itself is based on the first principle of zero-trust: “never trust, always verify.”
But zero-trust isn’t a tool. It’s an overarching concept and collection of best practices that the enterprise must adopt and perpetuate throughout its collection of systems, networks, and most importantly, users. Grey Matter provides the enterprise with an OOTB-ready platform capable of delivering deeper zero-trust security and more dynamic policy creation and enforcement than any other similar platform.
However, the onus remains on the human in the loop to understand the unique needs of their business and develop the policies most relative to their particular use case.
Another common misconception is that network security can be managed by humans alone at an enterprise scale. As systems grow more complex and “soft” end-points continue to proliferate further across the multi-environment, the ability to effectively track, manage, and enforce security policy at machine speed and enterprise-scale is a practical impossibility for humans.
This is why Grey Matter employs unobtrusive neural net AI designed to learn the characteristic qualities of each service, application, node, and traffic pattern on the mesh, using them to identify performance anomalies and outliers. This AI operates at depths and speeds beyond traditional human capabilities, providing yet another layer of in-depth zero-trust security for the enterprise.
In your opinion, what kinds of cyber threats should organizations, as well as individual users, be prepared to deal with in the upcoming years?
Like many technology firms, we pay very close attention to current and emerging threat trends. In short, organizations and users should expect more complex attacks, added regulation, and higher insurance costs.
Often, the more immediate-term threat trends play off of preceding high-profile events. While the perpetrators of last year’s ransomware attack that led to the shutdown of Colonial Pipeline went underground, it stands to reason that other individual hackers, collectives, and state-sanctioned actors studied the attack pattern, altering and improving upon it for use against similar unprepared targets. So it is likely we’ll see even more ransomware attacks in the near future.
Private enterprises should also expect to see more federal policy announcements and potentially stringent new regulations. The Colonial Pipeline attack highlighted an embarrassing dearth of federal oversight and regulation applied to critical public and privately-held infrastructure. The Biden administration’s Executive Order on Improving the Nation’s Cybersecurity was the first, but certainly not the last federal effort to address these gaps.
Cyber liability insurance costs will also continue to climb. Of course, the trend upward was already underway well before the Colonial Pipeline attack, with costs rising 28% in 2020, per commentary from AM Best, a company that provides credit ratings and financial data products to insurance companies. As more attacks occur and more companies opt to pay the ransoms, insurance costs will surely continue to rise.
In the age of remote work and online learning, what would you consider to be the essential security measures organizations should implement?
The genie is now out of the bottle regarding remote work. It’s here to stay, particularly in the tech industry. Of course, the same is true for several other traditional information-based jobs as well.
As we stated earlier, the network is becoming more decentralized. But now, it's not just because of the proliferation of modern cloud-based technology. The normalization of remote work has fueled this trend even further, with a far wider array of user activities, end-points, and data requirements happening at the network edge than ever before. Hybrid and multi-cloud are only growing in popularity and importance as more and more enterprise-scale organizations seek to limit their exposure to a single-vendor cloud solution while meeting the needs of an increasingly mobile workforce and more demanding clientele.
The security environment, once localized and controllable, has exploded across clouds, environments, geographies, and time zones. Global, 24-hour network up-time is now the norm. Securing this increasingly complex environment requires the right combination of clear, direct, and real-time insight, coupled with the ability to create and enforce effective security policies. In order to keep pace, the enterprise needs to think of its network as a holistic entity. In our eyes, the application of a flexible, agnostic mesh networking platform that can provide the right level of network access, discovery, and management to enable identity controls built around zero-trust principles is the simplest, most reliable means of enabling that.
And finally, what’s next for Grey Matter?
From a business perspective, 2022 is shaping up to be one of the most formative and thrilling years since our 2015 founding. From a product perspective, we plan to emphasize making everything simpler on the user, with further emphasis on automation and even more analytics designed to improve decision-making throughout the enterprise.
We’re also seeing traction in a number of new markets, which is great because this was a real area of heavy focus for us over the past year. General market awareness has been a challenge for us, mainly because of our bootstrapped status and the nature of our current clientele. However, we’re starting to gain ground in new markets, which is really great for us.
Your email address will not be published. Required fields are markedmarked