…. and now, Security Too

Forward Enterprise Zone-to-Zone Security Matrix

On June 28, we announced new features within Forward Enterprise that help security engineers spend less time on reactive tasks so they can be more proactive. Why would a networking company expand into the security space?  Good question.  Let me share some of the reasoning that led to expanding deeper into this space, and why I am excited about it.

Reason 1: The overwhelming and urgent need. 

Last year, the SolarWinds hack shocked the world with both the vector and its breadth of reach across the world, reminding us all of the importance of security, especially within the network.  Since then we’ve continued to see additional examples such as the recent Colonial Pipeline ransomware attack.  These are both preventable and containable.

Reason 2: Demand from our customers.  

Deployments that were originally triggered by a need for network operator-oriented visibility and verification have also seen adoption and used by their peer security engineers to solve a range of daily work tasks.  These security engineers have been highly enthusiastic about the time savings they gain by getting instant answers to network questions with Forward Networks, without needing to talk to a long chain of humans and spending hours to days gathering such information in their old way of working.  Based on this success, they have been asking us for an expanded security capability set, with an ultimate goal of a single unified view and platform for both the network and security teams to collaborate around.

Reason 3: Unique capabilities from unique technology.  

What do we do?  Put simply, we use math to organize network information, in the form of a digital twin, and make that network information accessible to people and machines.  This approach requires analyzing every possible way a packet could flow through your network.  And yes, that is effectively a comprehensive pen test that runs on our customers’ global networks  10s of times per day!  That data enables network verification like that is nothing like the testing or mapping you’re used to.

Reason 4: Hack Week.  

In April, our engineering team had a week to work on anything.  What did they choose to do?  Security.  Working closely with customers and having an impact is why they are here.  Many of the projects created “easy buttons” for common (and highly complex) security tasks, and when shown to security teams, their feedback was clear: “I want this, yesterday.”

Those are all solid reasons, but I want to add my own take, from doing SecOps at a Stanford Lab, to setting up security infrastructure when founding this company, and now answering to a board about security.

A large fraction of security incidents can be both prevented, or at least tightly contained – but only if a strong network security and segmentation policy has been implemented.  An ever-growing list of vendors are scrambling to provide different components of a Zero Trust solution for your business, but even if you buy one (or more) of these solutions, how do you know if you’ve implemented them correctly?  In the financial world, we have auditors to confirm that we have correctly implemented the appropriate financial practices. The same mechanism is critical for network security, and this is what Forward Networks provides in the form of network and security visibility and verification.

I’m proud to announce our latest release, 21.5, which includes these new marquee security-focused features:

  • Blast Radius Identification – Instantly determine all possible places a (potentially) compromised host could communicate with, and how.
  • Zone-to-Zone Connectivity Matrix – Flexibly define zones across your on-prem, hybrid, and cloud networks, see a precise description of all possible ways that hosts within them can communicate (or not), and learn if your implemented network deviates from its design goal before the bad guys do.
  • Cybersecurity Vulnerability Reports – See a current view of all CVEs impacting your fleet of global network devices, then track your success at mitigating them over time.
  • Security Zones in Path Search – All path searches within our platform that contain a security device will now report traversed security zones in the search result, enabling easy analysis for security-focused path traces.

All of these new capabilities can be used on both your live network, as well as any historical snapshot you’ve taken in the past (for forensics), and all can be easily integrated via API into your automation framework of choice.

This is just the beginning of our security journey, and we’d like to bring our unique capabilities as a partner on your Zero Trust security journey.  If you’d like to learn more, please request a demo.