Arrcus CEO sees a ‘critical’ need to address internet transport security

Arrcus CEO Shekar Ayyar likened internet transport systems to the plumbing that allows web traffic – and by extension, the business of the world – to keep flowing. But the thing about plumbing is that no one really notices the pipes until they burst. That needs to change and security needs to be at the top of the maintenance list, Ayyar told Fierce.

The CEO explained there are two primary catalysts driving the need for security in the transport layer. The first is the convergence of the communications and compute worlds, with applications increasingly relying on a combination of mobile and cloud connectivity, especially at the edge of the network. The second is the structure of the internet itself, which relies on Border Gateway Protocol (BGP) to route packets through an evolving mesh of network groups. BGP presents a security challenge, he said, opening the door to attacks like route hijacking and IP spoofing.

“As a result I think it becomes important and it becomes critical for everyone to now not just think about the internet as a heartbeat that just keeps ticking so we can do business as usual, but start understanding that the underlying infrastructure that depends on the routing and switching that happens at the transport level needs to be created and implemented in a way in which security is taken into account and becomes a part of the thinking of that fabric,” Ayyar explained.

RELATED: Arrcus taps former VMware exec as its new CEO, banks another $28M

“You need to make sure that every route that every packets follows is then secure,” he continued. That’s where mitigation technologies like route origin validation and resource public key infrastructure (RPKI) come into play. The former is pretty much exactly what it sounds like – a way to confirm that packets traversing the transport infrastructure came from where they appear to have originated. RPKI is a way to validate the route itself.

So if an attacker manages to get into the flow of packets on a network with these technologies implemented, “then at that point the network can then prevent this from propagating further if in fact the origin of the route is not validated,” Ayyar said.

Neither route origin validation nor RPKI is unique to Arrcus, but both are integrated into its Arrcus Connected Edge software platform.

Minding MANRS

The company also recently joined the Mutually Agreed Norms for Routing Security (MANRS) initiative, where it will work alongside companies like Cisco, Juniper, Arista, Nokia and Huawei to develop security recommendations for the industry at large to follow.

RELATED: Industry Voices—Raynovich: Arrcus gets edgy with distributed, multi-cloud routing

“We are joining because we believe we have the expertise to enable a better internet,” Ayyar said.

Founded in 2014, MANRS counts more than 500 operators, more than 60 IXPs, and over a dozen CDN and cloud providers among its members. In September, the group launched an Equipment Vendor Program to provide baseline best practices for participants to improve the resilience and security of routing infrastructure.

While Arrcus competes on the product level with other MANRS members, Ayyar said they have a common goal to make the internet more secure and raise awareness about the issue.

“It is important to realize the value of the underlying plumbing, if you will, in terms of how important it is that we keep that running,” Ayyar concluded. “It’s unfortunate but people only realize the value of that plumbing when something fails. But it’s actually much more important to realize the value of the plumbing when everything is working so you can keep it working.”