Last June, Forward Networks announced several enhancements to the platform designed to help SecOps teams prove compliance, automate CVE (common vulnerabilities and exposures) responses, and remediate threats quickly.
Today, we’re happy to share that we’ve continued to build out our security use cases by adding new functionality to our security posture security matrix (previously known as zone-to-zone security matrix) and delivering Layer 7 application connectivity analysis. The enhancements will help security teams quickly verify compliance with mathematical certainty or instantly identify unwanted connectivity or isolation at L2, L4, and L7.
New options for defining security zones
In its initial release, the security posture matrix feature used firewall rules to determine if zones had full, partial, or zero connectivity (and if the isolation was intentional or due to misconfiguration). We used this methodology in our first release because it's commonly relied on and understood by enterprise IT shops. However, with our expansion into the cloud and continued focus on providing value to our customers with minimal change to their routines, we’ve added new ways to define zones using the L2 through L4 segmentation methodology they’ve employed in their network, e.g. VRFs, on-premises and cloud subnets, and cloud security groups. This enhancement provides engineering teams the flexibility to view the matrix in the same manner as they’ve segmented their network.
In the Security Posture matrix, admins can immediately see which zones have full connectivity, partial connectivity, or zero connectivity (full isolation). Unlike traditional security tools, Forward Enterprise analyzes L2 through L4 traffic patterns, which makes it simple for administrators to determine if isolation is due to security policies or if access is dropping due to a misconfigured router, thus giving a full picture of what is happening, and why it is happening in a single-pane-of-glass.
Layer 7 Security Analysis
As security becomes more advanced, vendors such as Palo Alto Networks and Silver Peak have added the ability to regulate connectivity at L7 using attributes such as user IDs, user group IDs, and application IDs. This gives administrators more flexibility and granular control for protecting the network. To ensure that this flexibility comes with insight, Forward Enterprise has added path search capabilities at L7. Now, using the same procedure as L2 and L4 path tracing, administrators can construct more intelligent queries that detail connectivity and security posture at the application and user ID level.
By providing connectivity traceability at L7, we are enriching the troubleshooting capabilities for administrators, so they spend less time trying to define the problem and more time on proactive strategic initiatives. Within seconds, a path trace can determine if a connectivity issue is caused by application configuration or device configuration, putting the administrator that much closer to solving the issue.
As always, we are committed to making hard things easy for operations engineers. We are excited to offer these new capabilities within the platform and will continue to find new ways to glean insight into network behavior and present them in a normalized (vendor agnostic), intuitive, and actionable manner.
