SEE DEMO

April 22, 2022

New Connectivity Insight for SecOps and NetOps

by Chiara Regale

Last June, Forward Networks announced several enhancements to the platform designed to help SecOps teams prove compliance, automate CVE (common vulnerabilities and exposures) responses, and remediate threats quickly.

Today, we’re happy to share that we’ve continued to build out our security use cases by adding new functionality to our security posture security matrix (previously known as zone-to-zone security matrix) and delivering Layer 7 application connectivity analysis. The enhancements will help security teams quickly verify compliance with mathematical certainty or instantly identify unwanted connectivity or isolation at L2, L4, and L7.

New options for defining security zones

In its initial release, the security posture matrix feature used firewall rules to determine if zones had full, partial, or zero connectivity (and if the isolation was intentional or due to misconfiguration). We used this methodology in our first release because it's commonly relied on and understood by enterprise IT shops. However, with our expansion into the cloud and continued focus on providing value to our customers with minimal change to their routines, we’ve added new ways to define zones using the L2 through L4 segmentation methodology they’ve employed in their network, e.g. VRFs, on-premises and cloud subnets, and cloud security groups. This enhancement provides engineering teams the flexibility to view the matrix in the same manner as they’ve segmented their network.

In the Security Posture matrix, admins can immediately see which zones have full connectivity, partial connectivity, or zero connectivity (full isolation). Unlike traditional security tools, Forward Enterprise analyzes L2 through L4 traffic patterns, which makes it simple for administrators to determine if isolation is due to security policies or if access is dropping due to a misconfigured router, thus giving a full picture of what is happening, and why it is happening in a single-pane-of-glass.

Layer 7 Security Analysis

As security becomes more advanced, vendors such as Palo Alto Networks and Silver Peak have added the ability to regulate connectivity at L7 using attributes such as user IDs, user group IDs, and application IDs. This gives administrators more flexibility and granular control for protecting the network. To ensure that this flexibility comes with insight, Forward Enterprise has added path search capabilities at L7. Now, using the same procedure as L2 and L4 path tracing, administrators can construct more intelligent queries that detail connectivity and security posture at the application and user ID level.

By providing connectivity traceability at L7, we are enriching the troubleshooting capabilities for administrators, so they spend less time trying to define the problem and more time on proactive strategic initiatives. Within seconds, a path trace can determine if a connectivity issue is caused by application configuration or device configuration, putting the administrator that much closer to solving the issue.

As always, we are committed to making hard things easy for operations engineers. We are excited to offer these new capabilities within the platform and will continue to find new ways to glean insight into network behavior and present them in a normalized (vendor agnostic), intuitive, and actionable manner.

Subscribe to our blog!

RELATED FORWARD CONTENT 
September 20, 2022
When is a Digital Twin Entertaining?

When it’s ensuring that tens of thousands of visitors have the best experience possible every single day. Keeping people entertained is a 24/7 endeavor, even the smallest hiccup results in a social media firestorm. Keeping things running requires thousands of dedicated employees and a staggeringly complex network that sprawls the area of a major city […]

Read More
September 8, 2022
Bring a Healthy Dose of Skepticism ….. Please

We are asked to purchase something 4,000 times every day; that’s roughly once every 13 seconds during our waking hours. These “requests to purchase'' often come in the form of marketing messages that test the bounds of credibility. In the software industry, most of us have trained ourselves to question vendor promises vociferously. And vendors […]

Read More
August 8, 2022
Fortune and Great Place to Work® Name Forward Networks One of the 2022 Best Small Workplaces™, Ranking #20 Nationally

SANTA CLARA, Calif., Aug. 8, 2022 /PRNewswire/ -- Great Place to Work® and Fortune magazine have honored Forward Networks as one of the 2022 Best Small Workplaces. This is Forward Networks' first time being named to this prestigious list, this year coming in at 20th place nationally. Earning a spot means that Forward Networks is […]

Read More

Sign up for our newsletter

crossmenu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram