In security circles, Dr. Chase Cunningham is known as “Dr. Zero Trust”. As a retired Navy Chief Cryptologist with more than 20 years’ experience in cyber forensic, analytic, and offensive and defensive cyber operations, and originator of Forrester’s Zero Trust eXtended (ZTX) Ecosystem, he deserves the moniker. Since departing his Navy and intelligence agency career in 2011, Dr. Cunningham has served as a cybersecurity expert, consultant, and industry analyst to the private sector.
Recently, Chase sat down with Banyan Security COO & co-founder Tarun Desikan to try Banyan for himself. Chase highlighted the ease of using the Banyan Connector and desktop app, and the ability to get up and running in less than 10 minutes.
“Wow, that’s cool! So with just a couple of things and a click, we’re basically routing across the internet securely without VPN setups. I didn’t poke holes in firewalls or anything, it’s just working. That’s pretty slick man!” – Chase Cunningham
In this post, we’ll share a transcript (edited for clarity) of Chase’s demo with Banyan. You can watch the full video of Chase trying out Banyan here.
Tarun: “The first step is to install the Banyan Connector. If you have Docker installed on your server, we make it dead simple. If you’re just running a Linux box, the Tarball installer is also a good way to do it.”
Chase: “Let’s do the Tarball installer. This is just a Linux box… All you’re really doing here is cutting and pasting into the terminal, you don’t have to be a computer scientist to do that.”
Tarun: “Right. Now back to the onboarding flow.”
Chase: “Next we download the app to access the service. Will this work on Linux?”
Tarun: “Yes, it’ll work on Linux. But most users install just the Connector on a Linux server and install the desktop app on a client device, which are often Windows machines.”
Chase: “OK, let’s install the desktop app on my Windows machine.”
Tarun: “Great, you can find it at getbanyan.app. Once it’s installed, we can try some of the example services for the Banyan app.”
Banyan example services
Tarun: “Let’s check out Hosted Websites. This will launch a browser where you can see the example hosted website. This shows you that everything is working correctly and traffic is flowing properly through the Connector.”
Tarun: “We also have an example SSH service for you to try.”
Chase: “OK, Example Service Bundle, then SSH, and connect… Easy.”
Tarun: “Right, so there are just some default examples of services for you to try to make sure everything is working and set up perfectly.
If you click on the device view, you can see that as part of registering your device, we also score your device. So good job Chase, your device trust score is 100!”
Chase: “I would be really upset if I looked on here and the score was like zero!”
Tarun: “Yeah, it’s good, but you’d be surprised how many people have some device issues. Awesome, so now we can connect into your servers and so on.”
Chase: “Good. Since this is a demo, I want to click around and show what’s there… Ah, you can start the app on boot, that’s great. Then we have a bunch of favorites as well, and autorun”
Tarun: “Many of our customers run hundreds and thousands of these services, so we allow you to bundle them, favorite them, categorize them as you need to.”
Chase: “This is the beauty of really good solutions. It’s not super complicated, and it didn’t take us a lot to get it up and running. We started 9 minutes ago or less, and we’re up and running, in place, doing what we need to do. Can’t get much better than that.”
Setting up an SSH service
Tarun: “Great to hear. Next let’s try setting up something that connects into your server. Let’s go back to the onboarding flow and actually set up a service.”
Chase: “OK, let’s try setting up an SSH service. Service name… ‘Super Cool SSH.’
Tarun: “So, you can choose different types of policies and whether it has to be a high-trusted device, low-trusted device, and so on. Then we can test the connection to make sure it all works.”
Chase: “So wait, you were able to connect me from my machine directly to a private IP, and that’s all it took?”
Tarun: “That’s right.”
Chase: “That’s great.”
Tarun: “Now your service is registered, so you should be able to see your Super Cool SSH service there… And there it is, in the infrastructure tab. If you click ‘connect,’ now your Windows machine goes through the Banyan zero trust service and it connects into that private server in that private network.”
Chase: “Wow, that’s cool! So with just a couple of things and a click, we’re basically routing across the internet securely without VPN setups. I didn’t poke holes in firewalls or anything, it’s just working. That’s pretty slick man!”
Tarun: “What we think is really cool is we didn’t give you a VPN, so if you want to move around laterally in the network, you only have access to that one IP address and that one port so I can’t do anything else.”
Chase: “I’m super impressed. Any time there are solutions you put in place that don’t require massive lift [are good]. We’re not curing cancer here, but we’re setting up a dedicated pipe across the internet, we did it with some clicks and configuration, and other than a couple Linux shenanigans, we’re good to go.
I spend a lot of time looking at the market and all the solutions out there. Any time something’s clean, clear, and concise, in which you can understand what’s going on and not have a degree in ‘Banyanology’ to make this thing work, I think there’s a lot of value in that.
For all the folks that check out this demo, Banyan Security makes it simple—click, click, configure, read the documentation; great stuff.
Tarun: “One last thing I can show you: If you go to the Monitor tab and click on Events; this is Zero Trust, which at the end of the day is a security model, and here you can see a granular level of detail. It’s not just showing that this was Chase, but Chase on this device accessing this type of service. That’s the level of detail you now get—an audit trail.
We talk about user, device, application context, and this is something many enterprises don’t have. They don’t know who’s on their networks doing what. This is one of the key elements for a Zero Trust Posture.
Chase: “Yeah, you can look at this quickly and see what happened, here’s what went where. Great piece.”
Tarun: “And of course you can customize the policies, get a pretty dashboard, and come up with a Zero Trust posture that works for your organization.”
Chase: “Exploring this interface is great, because it shows again that you don’t have to be someone who’s been using Banyan for 35 years to know what this is and how to click through it. I could figure this out on my own in about 15 minutes.
Great system, really powerful tech. Pointing you where you need to go, don’t have to be ‘degreed’ in the tech to do things, and the scale and capability set fit the need for what’s going on. I’d give this 4.5 stars on the ‘ZT rating,’ so well done.”
Tarun: “Thank you. And, it’s free for up to 25 users. You can go sign up at our website.”
Chase: “That’s crazy! Free for up to 25 users, wow. Awesome.”
Tarun: “One of the things you’ll notice is there were no warnings for Chase to deal with, like ‘Certificate’ or ‘Private Certificate.’ Behind the scenes, we’re integrated with Let’s Encrypt, so we issue public CA signed certificates for all those web services automatically… One of the problems we often see in private networks is all these ugly warnings, which we’ve gotten rid of.”
Chase: “That’s funny you say that, I was waiting for that to happen. Every other time I’ve done one of these demos, there’s always been a moment when certificates go sideways and you spend the next hour trying to figure out certificate problems.”
Tarun: “We have spent a LOT of time fixing that.”
Chase: “Amazing, this is really cool stuff.
More demo stuff to come, Banyan Security doing amazing stuff. I plan on playing with this more, and the more I play with things, the more demos will be available.”