Rodney Alto served 35 years as a senior executive in technology at the Central Intelligence Agency. He’s now a senior advisor for federal strategy and security at Forward Networks. 

What is one of largest challenges today in IT? It’s not AI, quantum computing, or even cyber—it’s technical debt. If technical debt is something you have never heard of, you’re not alone, but I encourage you to engage your CIO, CISO, and IT Managers on this topic; it’s one of those topics that causes technologists to take pause, gasp for air, and then share the dark secrets of technical debt at your company, Agency, or Department. 

But what is technical debt? If technical debt is new to you, the easiest way to articulate technical debt is it’s all the hardware and software within your organization that is currently at End-of-Life (EoL) or End-of-Support (EoS) and what infrastructure will become EoL or EoS in the next 12-months. The technical debt problem is both a historical and a forward-looking challenge, and the technical debt challenge is never completely solved, as equipment goes EoS/EoL almost every day. For this reason, technical debt needs to be continuously managed.   

Technical debt is also a cumulative challenge—how many times has your organization decided to push infrastructure investments to the right? Unfortunately, when technical debt is not being addressed systematically every year, it grows exponentially and can get out of control very quickly, negatively impacting operational readiness, infrastructure resiliency, and cyber readiness. 

Technical debt is a universal and pervasive challenge within IT; it affects Public/Private sectors equally and is one of the greatest self-induced cyber risks in the enterprise. Legacy hardware and unpatched software is the easy button every cyber bad actor is looking for; an unpatched or EoL router, switch, or firewall with well documented vulnerabilities provides an easy path to compromising your network. By addressing technical debt systematically, you can exponentially reduce your cyber vulnerabilities, improve operational readiness, and decrease unplanned infrastructure outages. 

The dark truth about technical debt is that most IT and cyber managers do not know how much technical debt their organizations have. But wait, you say, we have a CMDB—and the answer would be “yes”, but if you press the IT and Cyber teams, you will find the CMDB’s are not accurate, as many do not collect against all vendor equipment, do not contain information from mission/business networks, and often do not collect information on products like firewalls.   

There is a solution—if you have not heard of Forward Networks, I would encourage you to reach out to Forward Networks for a discussion on technical debt. The Forward Networks platform is the industry leader in collecting authoritative vendor agnostic data on all aspects of your network enterprise and any unique mission/business systems networks. The FN platform passively collects this data, with no agents required, normalizes the data across approximately 30 network vendors, and allows you to easily query the Forward Networks platform to develop authoritative and timely reports on the technical debt within your enterprise or mission/business environments. Forward Networks is also an API first platform; we integrate with products like ServiceNow to better populate your organization's enterprise CMDB. 

Forward Networks is the industry leader in providing timely, accurate, and continuous monitoring of your network enterprise. Forward Networks is happy to work with your company, Agency, or Department to provide you the data insights each enterprise manager needs to make data driven and timely decisions based on authoritative data that is easily available. 

To learn more about how Forward Enterprise helps with Inventory Management, read the use case.

Today's network environments are too complex to track by purely manual efforts. With digital twin technology, IT teams can build a virtual model of the production network and use it to validate configurations, simulate changes, and streamline management.

The use of digital twins – digital representations of physical objects or systems – is on the rise. Enterprises can use digital twins to replicate their IT environments, including infrastructure, network equipment, and Internet of Things (IoT) devices, and then run simulations to test the impact of changes and to optimize performance. They can be used to validate the current state of a network, for example, and test configuration changes, firmware updates, or adjustments to security policies.

Read the full article.

In the fast-paced world of cybersecurity, Security Operations (SecOps) teams face an ever-evolving landscape of threats and challenges. As a professional in the NetOps, SecOps, or CloudOps field, you understand the critical importance of staying ahead of cyber adversaries and safeguarding your network infrastructure. That's where Forward Networks steps in, offering innovative solutions that revolutionize SecOps by supercharging your network insights and capabilities.

Our Co-Founder, Nikhil Handigol offers "5 Ways to Supercharge SecOps with Network Insights," where he unveils how SecOps engineers can elevate their SecOps game using digital twin technology. Let's explore five key takeaways that can transform the way you approach security operations:

1. Unlocking Vulnerability Management: Navigating the vast sea of vulnerabilities across servers and applications can be daunting. With a true network digital twin, you can instantly see which vulnerabilities are present in your network ranked by severity, making it easy to prioritize remediation and have mathematical confidence the network is compliant.

2. Attack Surface Management: Understanding your network's attack surface is crucial in fortifying your defenses against cyber threats. With Forward Networks' advanced capabilities, proactively identify areas where your network is out of compliance and analyze your exposure. By visualizing attack vectors and vulnerable hosts, you can proactively defend your network infrastructure.

3. Harnessing the Power of Software: Modern networks demand sophisticated solutions that go beyond use-specific tools. By leveraging network digital twin technology, you can validate your network's security posture with precision. Say goodbye to manual validation processes and embrace the efficiency of AI-driven insights.

4. Enhancing Network Visibility: In the realm of SecOps, visibility is key. Forward Networks' digital twin empowers security engineers with comprehensive insights into network connectivity and configurations. Real-time visibility into your network's traffic flow and behavior enables proactive threat detection and rapid incident response.

5. Transforming Security Operations with Network Insights: Unleash the full potential of your Security Operations Center (SoC) by integrating network insights into your security strategy. With Forward Networks' cutting-edge solutions, bridge the gap between network operations and security, fostering collaboration and efficiency across teams.

Are you eager to learn more? Nikhil goes into greater detail and demonstrates how the network insights delivered by true digital twin technology can supercharge SecOps teams. View the session on demand.

Join the revolution in SecOps with Forward Networks and embrace a future where network security knows no bounds. Stay tuned for more insights, advancements, and partnerships that shape the future of cybersecurity.

In the world of networking, misconfigurations and inconsistencies can lead to significant issues for businesses, especially those in highly regulated industries such as financial services. One Fortune 500 financial services company experienced a nightmare scenario with their MTU (Maximum Transmission Unit) settings, resulting in application and performance problems. Fortunately, the company found a solution in Forward Networks' digital twin. This blog post will delve into the MTU issues faced by the company and how Forward Networks helped them overcome these challenges.

The MTU Nightmare:

The financial industry is known for its tight control over deployments and configurations. However, this also means that any misconfiguration or inconsistency can have severe consequences. The financial services company had been facing application issues and performance problems that had been occurring randomly, making it difficult to identify the root cause. Eventually, it was discovered that there was a misconfiguration in the MTU settings of a cross link between core devices. While jumbo frames were enabled north and south, this cross link was set to a lower MTU size of 1500. The issues became more apparent when the primary path failed, and traffic started traversing this misconfigured link. The network devices had to fragment the traffic, resulting in processing delays.

Before incorporating Forward Networks' digital twin technology, the company had programmers writing custom scripts to identify misconfigurations. These scripts were scattered across personal drives, making it challenging to consolidate and analyze the vast amounts of data they generated. The team became overwhelmed with Excel files containing close to a million lines, making the investigation process nearly impossible.

Recognizing the need for a more efficient and centralized approach to network analysis, the company turned to Forward Networks. The company saw promising results with Forward Networks' digital twin solution, which offered out-of-the-box capabilities to address their MTU issues. Forward Networks provided a pre-built script specifically designed to identify MTU misconfigurations, convincing the company of the platform's suitability for their needs.

Although the pre-written script provided by Forward Networks yielded results, the company still needed to narrow down the information it wanted to see. Despite not being a programmer, one of the company's network engineers was able to customize the script using educational resources provided by Forward Networks and the company’s user community. The engineer successfully created a tailored solution that only displayed infrastructure MTU information, filtering out unnecessary data.

By leveraging the capabilities of Forward Networks' network assurance and intent-based networking platform, this company saved a significant amount of time by automating the identification of MTU issues. Forward Networks enabled them to replace manual, fragmented scripts with a centralized solution, empowering their engineers to analyze network data more efficiently. In turn, they have minimized downtime and ensured that their network infrastructure is robust and reliable.

Digital twins are often associated with manufacturing, where a virtual replica mimics the workings of a complex physical system, such as a jet engine or a machine on a production line. But increasingly, there is interest from enterprises, telecom companies, and cloud providers in applying the technology to networks. [READ MORE on NETWORK COMPUTING]

It's that time of year again when the security delegates from Tech Field Day descend on Silicon Valley (well, in this case, descend virtually on Silicon Valley) to hear about the cool new things vendors are doing in the security space. This year, I was fortunate to be one of the presenters at XFD10 along with my partner in crime, Matt Honea, Head of Security and Compliance at Forward Networks. Together, we walked the delegates through how bad actors are becoming more intelligent and how Forward Networks can assist in identifying issues, leading to faster resolution times.

The State of the Security World

Matt discussed how threat actors are more brazen than ever when targeting their victims. Which, for lack of a better word, is horrendous!

Why does it seem that every news headline is “ {{ Insert large company name here }} was breached!”? Our technology footprint (and attack surface) is drastically expanding and increasing in complexity. The proliferation of SaaS apps holding sensitive company data, the move to the cloud, and the explosion of mobile apps, wearables, and devices all create new vulnerabilities.

Matt pointed out that in the ten years between 2013 and 2023, the number of vulnerabilities increased 5x from ~5000 to ~25,000. As a small sample, I decided to take an inventory of my family and see how our technology footprint has expanded, specifically thinking about mobile apps, devices, and wearables. I threw my hands up and stopped counting once I hit 50 devices for a family of four. From cell phones to tablets to watches and IoT devices, it is easy to see how the attack surface has exploded. If you extrapolate this to a large enterprise, tracking the constantly changing footprint is almost impossible.

The Game Changer: Network Digital Twin for Network Security

Given the current level of complexity, NetOps teams need software support to understand the hybrid multi-cloud network, its devices, their connectivity, exposure, and vulnerabilities. I got to show the delegates how Forward Networks provides unprecedented visibility into the network and gives operators the data they need to assist in a security incident (or alert) and detect configuration deviations that could cause a security incident. Here, we will look at common attack types, the protection recommendations, and how Forward Networks can help identify and aid in the remediation.

Third-Party Vulnerability

Synopsis:

Recommendations:

How Forward Networks could assist:

Social Engineering

Recommendations:

How Forward Networks could assist:

Cryptomining Breach

Recommendations:

How Forward Networks could assist:

Forward Enterprise supports L2 - L4 searches and enables engineers to search L7 information, like URLs, UserIDs, and Application IDs.

Forward Networks demonstrated at XFD10 how its network visibility and configuration management platform can effectively address security challenges posed by advanced threat actors. Through specific attack scenarios and recommendations, Forward Networks showcased our capability to detect and remediate such incidents, providing invaluable assistance in safeguarding networks against sophisticated threats. If you would like to watch our #XFD10 presentation, you can click this link: https://techfieldday.com/appearance/forward-networks-presents-at-security-field-day-10/

In a recently released Cybersecurity Advisory, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) highlighted the most common cybersecurity misconfigurations in large organizations identified through blue team and red team assessments. The advisory stated that these misconfigurations illustrate systemic weakness in many large organizations, including those with mature cyber postures.

The advisory called on both organizations and software developers to take actions that will prevent malicious actors from taking advantage of these vulnerabilities. Organizations are advised to take steps such as:

While the guidance is straightforward, compliance is not. The complexity of modern enterprises makes implementing the recommendations extremely difficult to achieve. Networks are constantly being updated, configurations are being changed, and new equipment and software are being added by teams of engineers. For most organizations, there is not a single source of truth covering network topology, configuration, and behavior. Without a single source of truth, determining what needs to happen to embrace the guidance from CISA and NSA is virtually impossible.

The Forward Networks digital twin creates a mathematical model of the network covering the configuration, connectivity, and behavior of every device, making it possible to search the network like a database and set policy checks that ensure compliance.  

Forward Networks can prevent 5 of the 10 common misconfigurations identified by CISA and NSA:

  1. Default configurations of software and applications
  2. Improper separation of user/administrator privilege
  3. Insufficient internal network monitoring
  4. Lack of network segmentation
  5. Poor patch management
  6. Bypass of system access controls
  7. Weak or misconfigured multifactor authentication (MFA) methods
  8. Insufficient access control lists (ACLs) on network shares and services
  9. Poor credential hygiene
  10. Unrestricted code execution

For more information on how the platform helps engineers prevent these misconfigurations, please read our solution guide.

Navigating the ever-changing technology landscape is challenging, especially with the constant influx of new technologies. The Gartner Hype Cycle methodology gives you a view of how a technology or application will evolve over time, providing a sound source of insight to manage its deployment within the context of your specific business goals.

The Gartner Hype Cycle for Enterprise Networking, 2023 includes digital twin technology. In the report, Gartner explains that a network digital twin allows faster testing and consequent delivery of network changes with fewer personnel resources and less cost by reducing shadow IT equipment requirements. 

The report indicates that the technology can lead to real cost savings for enterprise networking.

Forward Networks is included in the report as a sample vendor. We’d like to offer you a complimentary copy. Please click here to download the full report.

As per the nature of the asset, kindly add below attribution and disclaimers:

Gartner, Hype Cycle for Enterprise Networking, 2023, 12 July 2023, Andrew Lerner, et. Al.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

GARTNER is a registered trademark and service mark, and HYPE CYCLE is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

Everyone knows inventory management is important – but so are the 100+ other things we need to do, and let’s face it, the inventory is not on fire. Given the benefits one customer experienced, maybe it should be.  

On September 14, at 2:00pm Eastern time, we’re hosting a webinar, featuring special guests, Michael Wynston, Director of Network Architecture and Automation at Fiserv, and Andre Kindness, Principal Analyst at Forrester Research. They'll talk about how inventory management helps Michael ensure network security, and how a network digital twin helped him to:  

In the end, Michael has more confidence in his automation efforts, answers questions about his network with mathematical certainty, and has a way to plan what he wants his network to achieve because he’s using a network digital twin. 

Andre Kindness, Principal Analyst at Forrester Research, will augment Michael's expertise with his insight as a leading industry expert to help attendees understand the benefits of accurate inventory management. 

Register here. If you can't make it live, the event will be available on demand using the same link. 

For me, I’d have to say it’s sitting through a high-pressure demo with a sales guy who needs to close business. Given the choice, I’ll take the dentist office visit anytime, at least they give you meds!

We realize that sales demos aren’t always pleasant. And while we strive to create a comfortable environment for discussion versus trying to convince you to buy, we recognize that previous sales calls may have left you with a mild form of PTSD.

At the same time, a network digital twin has a wide range of capabilities and use cases. This makes it hard to truly understand how it might help you by simply reading the website. You need to be able to ask questions and see it in action before deciding if it’s worth bringing in more people to evaluate how the technology will make your network more secure and improve reliability by preventing outages and discovering issues before they cause a performance problem or outage.

Fortunately, we have a new technical expert on our team who is all about helping people understand how a digital twin could work for them, without working to convince you of anything. Mike Lossmann, who has had his share of “time in the trenches” and understands the day-to-day frustrations of being a network engineer, is now conducting live demos with open Q&A every other week via LinkedIn Live. No need to register—just show up with your curiosity (or skepticism if you wish), and ask Mike all the questions you can think of. The sessions are held every other Tuesday at 11:00 a.m. Pacific/2:00 p.m. Eastern. The next session is on Tuesday, September 12, 2023.

If you want to attend, there’s no need to register; you can simply go to our events page and watch the live stream. If you miss the September 12 session, the next one will be posted on our LinkedIn page.

Top cross