COMMENTARY: Technical debt has become the foremost self-imposed cyber threat within enterprises. But what are we talking about? Why does it happen? And, how can enterprises ensure that obsolete hardware and unattended software aren’t inadvertently leaving the network open to risk?
McKinsey defines technical debt as the “tax” a company pays on any development to redress existing technology issues. And it’s not cheap. The consulting firm’s research found that technical debt accounts for about 40% of IT balance sheets – and that companies pay an additional 10% to 20% on top of a project’s cost to address it.
Every second matters for your network. A network failure can be catastrophic for large enterprises, significantly affecting revenue, productivity, and reputation. As networks grow increasingly complex with hybrid and multi-cloud environments, robust monitoring and maintenance have never been more critical to help avoid outages.
Today’s networks are vastly different from what they were even five years ago, with hybrid environments making troubleshooting much more complex. So complex, in fact, that most organizations don’t have a current network diagram due to constant changes., Siloed teams with limited communication create additional challenges in keeping networks reliably performing as intended. Without comprehensive network visibility, it's difficult to diagnose the cause of an outage with speed and confidence. This lack of visibility impacts the Mean Time to Identify (MTTI), drastically affecting the Mean Time to Repair (MTTR), which can be costly to an organization.
Attending a conference with the leading minds in IT offers the rare chance to leave with renewed confidence in your strategies. Fresh from the Gartner IT Symposium in Orlando, we’re gearing up for the upcoming Gartner IOCS in Las Vegas to continue these important conversations.
As with every technology show we’ve attended this year, AI was front and center. On Day 2, Gene Alvarez, Distinguished VP Analyst at Gartner, presented the “Top 10 Strategic Technology Trends for 2025.” Gene noted, “This year’s top strategic technology trends span AI imperatives and risks, new frontiers of computing and human-machine synergy. Tracking these trends will help IT leaders shape the future of their organizations with responsible and ethical innovation.”
His keynote categorized technology trends into investment protection, developer support, and delivering value. Forward Networks delivers in all of these areas, enriching our discussions on the show floor. The CIOs we spoke with were very concerned about delivering value and protecting their investment in existing tools as well as anything they decide to add to their tech stack.
In January 2023, "AI" overtook “Magic Quadrant” as the top search term on Gartner.com, illustrating the surging interest in AI. But as the AI landscape expands, so do concerns over data accuracy. Even Google recently paused Gemini AI’s people-imaging feature due to flawed outputs. This raises a critical question: what happens if AI insights are based on inaccurate network data?
This is where Forward Networks' digital twin steps in, offering comprehensive and precise network data. Our solution regularly gathers configuration and state data from all L2-L4 packet-pushing devices and cloud platforms, ensuring AI tools that rely on accurate data and recommendations are trustworthy. With 45% of Gartner respondents increasing AI investment, our role in supporting these initiatives sparked considerable interest.
Continuous threat exposure management was another keynote focus. Our discussions primarily centered on continuous CVE exposure management and zero trust exposure. Forward Networks automates these complex, resource-intensive processes, consolidating necessary insights into a single source of truth for SecOps teams.
Additionally, sustainable IT emerged as a critical theme. In this context, “sustainable” means long-term, data-driven initiatives to maximize value. Forward Networks’ digital twin empowers clients to leverage network data in innovative ways, from saving $6 million during a modernization project to enabling self-service application provisioning via Slack. By transforming the network into a searchable database, we support modernization efforts and help ensure operational continuity.
Gartner predicts that within two years, 75% of CIOs will be responsible for sustainable tech solutions, with compensation linked to these goals.
The Symposium highlighted trends in empowering developers and non-developers alike to build innovative solutions with minimal obstacles. Since networks are fundamental to application deployment, providing developers with visibility and automation is crucial. Forward Networks enables automated secure application provisioning, accelerating deployment timelines and enhancing service capabilities.
Eliminating repetitive tasks is always of interest to business leaders—they don’t hire people to check boxes; they hire people who can help innovate and improve the organization and its outcomes. Eliminating repetitive tasks is the tip of the iceberg; of course people are freed to do new things and innovate, but technologies that really change the game for companies going forward fuel better business outcomes by making data understandable and actionable. That’s where Forward Enterprise shines. Our Network Query Engine is designed to empower engineers to ask questions of their network. On November 4, 2024 at 11:00 a.m. PST, Dr. Andreas Voellmy, the creator of NQE, will be discussing how NQE is used to automate design validation, inform decision-making with accurate inventory, and proactively check for misconfigurations to prevent incidents. Register for Dr. Voellmy’s talk here!
If we missed you at Gartner IT Symposium, you can request a personalized technical session, or join us at Gartner IOCS in Las Vegas.
Organizations face an ever-expanding attack surface and a host of cyberthreats. Yet, most organizations have limited resources and lack effective solutions to fully understand and address their network security risks. This forces security leaders to find more efficient ways to analyze network security, identify risks and prioritize remediation. This is where reachability analysis and risk-based prioritization become crucial tools for optimizing cybersecurity strategies.
Understanding reachability in the context of corporate risk is increasingly important for enterprises, as it can significantly influence their risk management strategies. To protect critical data and infrastructure from unauthorized access, organizations often implement firewalls and multiple layers of security. However, business objectives and the complexity of the security architecture necessitate that some of these assets are more reachable than others. This access hierarchy is known as reachability.
Network administrators rely on configuration policies to maintain network health, compliance, performance, and security. Adhering to this configuration minimizes risks and ensures business continuity. However, many enterprises experience "configuration drift.” For a global network administration team, config drift is further complicated by distributed teams, time zones, and geographies.
Configuration drift creates significant vulnerabilities and is a frequent cause of security breaches and outages. As such, preventing it is critical to network and security operations teams.
Automation has transformed the network management landscape, making it faster, more efficient, and less prone to human error. By automating routine functions like software upgrades and device provisioning, network teams can focus on more strategic initiatives such as digital transformation, security initiatives and disaster recovery plans. As a result, network automation has led to faster service delivery and lower operational costs, becoming essential for organizations to remain competitive.
However, automation is not without risks. One of the biggest concerns shared among seasoned engineers is that automation can introduce more issues than it resolves, especially in large-scale networks. A single mistake in an automated script can be replicated across thousands of devices, causing widespread disruption. For example, a bank’s network automation system might incorrectly configure a security policy, causing widespread outages and financial losses. An automated firewall rule update could inadvertently block essential traffic, resulting in service disruptions.
As cyberattacks have intensified in volume and sophistication, the need for more prescriptive guidance is clear.
Initiatives like Executive Order 14028 and CISA’s Binding Operational Directive 23-1 have heightened scrutiny and accountability for security leaders tasked with ensuring network security and compliance. This guidance helps government entities and private sector organizations navigate the threat landscape and improve their security posture. However, diverse directives from the White House, the National Security Agency (NSA), the Department of Homeland Security (DHS), the Securities and Exchange Commission (SEC), and other government entities create confusion over which guidance to follow.
SAN FRANCISCO, May 6, 2024 /PRNewswire/ -- Forward Networks announced today it has been named the Market Leader in Vulnerability Assessment, Remediation and Management in Cyber Defense Magazine's 12th annual Global InfoSec Awards.
Forward Networks is revolutionizing how large networks are secured and managed by providing actionable, accessible, and insightful data that puts people back in control of the network. Forward Enterprise identifies exactly which vulnerabilities are present in the network and their severity. The platform then delivers a prioritized remediation plan. Forward Enterprise's secure, agentless collection method gathers current device and state information and combines it with Forward's proprietary mathematical model to create a digital twin of the network.
"The volume and complexity of security vulnerabilities and alerts today make it incredibly challenging for organizations to ensure they are not vulnerable," said Chiara Regale, SVP Product and UX, Forward Networks. "Our engineering team is focused on providing security teams with timely, actionable insights to protect their network. This award recognizes the efforts of our team and validates the continued momentum we're experiencing in the market."
"Forward Networks embodies three major features we judges look for to become winners: understanding tomorrow's threats, today, providing a cost-effective solution and innovating in unexpected ways that can help mitigate cyber risk and get one step ahead of the next breach," said Gary S. Miliefsky, Publisher of Cyber Defense Magazine.
The full list of Cyber Defense Magazine's Global InfoSec Award winners can be found here: http://www.cyberdefenseawards.com/
Cyber Defense Magazine is the premier source of cyber security news and information for InfoSec professionals in business and government. We are managed and published by and for ethical, honest, passionate information security professionals. Our mission is to share cutting-edge knowledge, real-world stories and awards on the best ideas, products, and services in the information technology industry. We deliver electronic magazines every month online for free, and special editions exclusively for the RSA Conferences. CDM is a proud member of the Cyber Defense Media Group. Learn more about us at https://www.cyberdefensemagazine.com and visit https://www.cyberdefensetv.com and https://www.cyberdefenseradio.com to see and hear some of the most informative interviews of many of these winning company executives. Join a webinar at https://www.cyberdefensewebinars.com and realize that infosec knowledge is power.
SANTA CLARA, Calif., April 17, 2024 /PRNewswire/ -- Forward Networks announced today that it has successfully achieved System and Organization Controls (SOC) 2 Type II Compliance attestation conducted by an independent third party. The completion of the audit demonstrates Forward Networks' long-term commitment to providing its customers transparency, privacy, and data security. Forward Networks achieved SOC 2 Type I Compliance in July of last year.
SOC 2 is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA) to assess the effectiveness of an organization's controls over information security, availability, processing integrity, confidentiality, and privacy. SOC 2 Type I compliance measures an organization's systems and controls and evaluates the design and implementation of these controls to ensure they are suitably designed to meet the relevant trust services criteria. SOC 2 Type II takes this a step further, evaluating the design and implementation of controls over a certain period.
Forward's SOC 2 Type II Compliance audit was conducted over 9 months, with no additional recommendations. With SOC 2 Type II Compliance, Forward Networks provides customers with proof of security, confidentiality, and availability across identity and action control, data classification, and backups.
"This is yet another milestone in Forward Networks' security journey, which is focused on protecting customer data and privacy and ensuring trust and transparency," said Matt Honea, Head of Security and Compliance at Forward Networks. "We're working to build a robust, wide-reaching compliance program that meets the needs of our customers across every vertical market. Forward Networks is designed to meet any deployment model, including for on-prem, hybrid, and cloud environments."
Today's network environments are too complex to track by purely manual efforts. With digital twin technology, IT teams can build a virtual model of the production network and use it to validate configurations, simulate changes, and streamline management.
The use of digital twins – digital representations of physical objects or systems – is on the rise. Enterprises can use digital twins to replicate their IT environments, including infrastructure, network equipment, and Internet of Things (IoT) devices, and then run simulations to test the impact of changes and to optimize performance. They can be used to validate the current state of a network, for example, and test configuration changes, firmware updates, or adjustments to security policies.