Verify Your Network
Learn about Forward Networks' tool which verifies network designs to detect errors in design, policy, and configuration.

Verify Your Network

Thirty-five years ago, my dad, Dr. Serafino Amoroso, approached the stage where Edsger Dijkstra had just completed a talk. When Dijkstra turned his head, my dad swiped the clear foil resting on the projector glass. Today, that slide on which the great Dutch computer scientist had been sketching a proof (see picture above), is displayed proudly in my office. (It’s cool to grow up in Jersey, where we can’t keep our hands off other people’s stuff.)

When the time came shortly thereafter to select my own PhD focus, it was pure serendipity that the CS Department at Stevens was working on formal methods, some of which was based on Dijkstra’s work. Thus began my lifelong interest in the topic of formal verification, especially in the context of information security. Today, I wish better tools existed, and I’m always on the lookout for something interesting in this area.

So, it was such a delight to spend time with the team from Forward Networks to learn about their verification platform. Their tool analyzes and verifies network designs to detect errors in design, policy, and configuration. It was created to compare the intent of designers with the actual system created, which is ultimately the purpose of any good verification system. Let me summarize what I learned:

“Our goal is to help network teams rapidly identify and expose problems or inconsistencies in their network,” explained Brandon Heller, who serves as CTO. “We encourage this proactive verification-oriented approach because it enables network teams to ensure policy and change compliance without having to wait for problems to occur. In the end, this is a faster and more effective approach.”

The Forward software works by collecting device configuration and state-related data from around the network. This includes the devices you would expect to find in such a collection effort – routers, firewalls, load balancers, switches, and so on. The Forward platform then models the network structurally, visually, and behaviorally, which enables analysis, validation, and reporting.

“Our customers get started with a search engine for the network, which provides instant access to text and path results,” explained Heller. “This is followed by a continuous verification step, which supports on-going prediction of how changes might affect network behavior.” Heller shared examples related to predicting the positive or negative impact of administrators making NAT or ACL changes to the network.

Heller added: “Our platform also includes a Network Query Engine, which enables an operator to define customized analysis to scan the entire network for issues. The result provides evidence that the network is cleanly configured and behaving according to the intent of the designer, or reveals where expectations and reality differ. Observed differences might then prompt changes or appropriate risk mitigation actions.”

Enterprise teams can deploy the Forward platform on-premise as an ESX or KVM virtual machine, or can deploy in SaaS mode with lightweight local software on Ubuntu Linux, Apple OS X, or Windows 7 or later. Users can access the platform interface using a standard Chrome or Firefox browser. Quite a few device types are supported as one would expect – much too numerous to list here.

From an analyst perspective, with my admitted bias toward platform tools that support verification work, I can say that is a must-have for any network team concerned that misconfigurations and policy issues could lead to enterprise security problems. It’s hard to imagine any team for which this is not true, so you can draw your own conclusions. Suffice it to say – this is a useful tool.

Business marketing and sales success for Forward will be no easy lay-up, however, if only because few security teams have prioritized network verification in their funded portfolio. This is a shame, especially when one is reminded that the earliest security efforts (remember the Orange Book?) viewed verification as essential to reduce risk. I’d sure like to see the security community move back in that direction.

I hope you’ll take the time to contact the team from Forward Networks for a demo. They are smart (Heller and others on the team hold PhDs in CS from Stanford), so you can be certain that you’ll learn something prescient during the discussion. As always, I hope you’ll share your learning after meeting with the team – and please stay safe and healthy during these unusual times.

Brandon Heller

Co-Founder at Forward Networks

4 å¹´

Very cool to have that connection to Dijkstra! Always happy to continue the conversation if you'd like to learn more.

要查看或添加评论,请登录

Edward Amoroso的更多文章

  • Protecting the U.S. Bitcoin Reserve and Stockpile from Cyber Threats

    Protecting the U.S. Bitcoin Reserve and Stockpile from Cyber Threats

    As you no doubt have heard, plans are in place to establish a Strategic Bitcoin Reserve and Digital Asset Stockpile…

    13 条评论
  • Parable of Network Observability

    Parable of Network Observability

    I’d like to discuss here a common problem we see in our work at TAG every day – namely, the deployment of “network…

    23 条评论
  • Parable of the Cyber Industrial Complex

    Parable of the Cyber Industrial Complex

    Preamble In 1961, Eisenhower gave a famous speech that warned of the dangers of the so-called military-industrial…

    34 条评论
  • The Challenges of CISOs Working for Cybersecurity Vendors

    The Challenges of CISOs Working for Cybersecurity Vendors

    (Note to Reader: Normally these reports are available only to TAG Research as a Service (RaaS) subscribers. But with…

    27 条评论
  • Have Uncle Joe Read This Before He Invests in Crypto

    Have Uncle Joe Read This Before He Invests in Crypto

    I’ve been lecturing to my graduate students on the foundations of cryptocurrency and blockchain for years. Starting…

    15 条评论
  • Why TAG is Now Rating Cybersecurity Vendors

    Why TAG is Now Rating Cybersecurity Vendors

    by Edward Amoroso The first time I ever paid attention to an analyst quadrant – fully two decades ago, I found myself…

    11 条评论
  • Predicting the Impact of Trump’s Election on Cyber

    Predicting the Impact of Trump’s Election on Cyber

    Below are seven predictions from our team at TAG for how the recent Trump election of 2024 will impact U.S.

    83 条评论
  • Five Tips for Working CISOs

    Five Tips for Working CISOs

    Our team at TAG has been coaching CISOs for years – and this includes private discussions just about every day of every…

    11 条评论
  • The SEC is Weakening the Cybersecurity Posture of the United States. Here is Why.

    The SEC is Weakening the Cybersecurity Posture of the United States. Here is Why.

    Preface During May and June of 2024, draft versions of this article were shared with Chief Information Security…

    123 条评论
  • Sad Loss Today

    Sad Loss Today

    Several years ago, before the Pandemic, I received a friendly call from a law firm I’d done some business with – and…

    9 条评论

社区洞察

其他会员也浏览了