It's that time of year again when the security delegates from Tech Field Day descend on Silicon Valley (well, in this case, descend virtually on Silicon Valley) to hear about the cool new things vendors are doing in the security space. This year, I was fortunate to be one of the presenters at XFD10 along with my partner in crime, Matt Honea, Head of Security and Compliance at Forward Networks. Together, we walked the delegates through how bad actors are becoming more intelligent and how Forward Networks can assist in identifying issues, leading to faster resolution times.

The State of the Security World

Matt discussed how threat actors are more brazen than ever when targeting their victims. Which, for lack of a better word, is horrendous!

Why does it seem that every news headline is “ {{ Insert large company name here }} was breached!”? Our technology footprint (and attack surface) is drastically expanding and increasing in complexity. The proliferation of SaaS apps holding sensitive company data, the move to the cloud, and the explosion of mobile apps, wearables, and devices all create new vulnerabilities.

Matt pointed out that in the ten years between 2013 and 2023, the number of vulnerabilities increased 5x from ~5000 to ~25,000. As a small sample, I decided to take an inventory of my family and see how our technology footprint has expanded, specifically thinking about mobile apps, devices, and wearables. I threw my hands up and stopped counting once I hit 50 devices for a family of four. From cell phones to tablets to watches and IoT devices, it is easy to see how the attack surface has exploded. If you extrapolate this to a large enterprise, tracking the constantly changing footprint is almost impossible.

The Game Changer: Network Digital Twin for Network Security

Given the current level of complexity, NetOps teams need software support to understand the hybrid multi-cloud network, its devices, their connectivity, exposure, and vulnerabilities. I got to show the delegates how Forward Networks provides unprecedented visibility into the network and gives operators the data they need to assist in a security incident (or alert) and detect configuration deviations that could cause a security incident. Here, we will look at common attack types, the protection recommendations, and how Forward Networks can help identify and aid in the remediation.

Third-Party Vulnerability

Synopsis:

Recommendations:

How Forward Networks could assist:

Social Engineering

Recommendations:

How Forward Networks could assist:

Cryptomining Breach

Recommendations:

How Forward Networks could assist:

Forward Enterprise supports L2 - L4 searches and enables engineers to search L7 information, like URLs, UserIDs, and Application IDs.

Forward Networks demonstrated at XFD10 how its network visibility and configuration management platform can effectively address security challenges posed by advanced threat actors. Through specific attack scenarios and recommendations, Forward Networks showcased our capability to detect and remediate such incidents, providing invaluable assistance in safeguarding networks against sophisticated threats. If you would like to watch our #XFD10 presentation, you can click this link: https://techfieldday.com/appearance/forward-networks-presents-at-security-field-day-10/

It’s hard to imagine that there are upwards of 100 billion devices connected to each other today. Many of these devices are terrestrial; however, more and more devices are being brought online across the sky, sea, and space. As complexity grows, we need to ensure we have the right level of automation in place to keep everything running smoothly.

One of my first goals at Forward Networks was to echo what we are already doing publicly – building a secure product in a secure environment. With SOC 2 we can let all of our customers know that we adhere to the best practices in industry.

SOC 2 is not the end for us; it is simply a milestone we are proud of and wanted to share with the world. We will continue to invest, build, and develop our security program across all teams. Stay tuned for more.

PRNewswire

SANTA CLARA, Calif., July 26, 2023 /PRNewswire/ -- Forward Networks announced today it has successfully achieved System and Organization Controls (SOC) 2 Type 1 Compliance. The completion of the audit demonstrates Forward Network's commitment to transparency, privacy, and data security for customers.

SOC 2 is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA) to assess the effectiveness of an organization's controls over information security, availability, processing integrity, confidentiality, and privacy. SOC 2 Type 1 measures an organization's systems and controls and evaluates the design and implementation of these controls to ensure they are suitably designed to meet the relevant trust services criteria.

With SOC 2 compliance, Forward Networks can provide customers with confidence that their data is protected. For this compliance audit process, Forward Networks enlisted a professional auditor, Laika Compliance LLC, and was also able to leverage its own Forward Enterprise Platform to ensure key trust criteria in Security, Confidentiality, and Availability were included in the audit process.

"Forward Networks has long prioritized protection of customer data and offering trust and transparency," said Matt Honea, Head of Security and Compliance, Forward Networks. "From the onset, our platform was designed to collect network data while protecting our customers' privacy. Achieving SOC 2 Type I certification is an important milestone that demonstrates our commitment. While we are proud of this achievement, we'll continue to work towards further certification milestones to provide our global customers the assurance that their data and networks are safe when they work with us."

About Forward Networks
Forward Networks is revolutionizing the way large networks are managed. Forward's advanced software delivers a digital twin of the network, enabling network operators to ensure that the network is secure, reliable, and agile. The platform supports devices from all major networking vendors and cloud operators, including AWS, Azure, and Google Cloud Platform. Forward Networks was founded in 2013 by four Stanford Ph.D. graduates and is headquartered in Santa Clara, California. Investors include MSD Partners, Goldman Sachs, Andreessen Horowitz, Threshold Ventures, Section 32, Omega Venture Partners, and A. Capital.

[READ PRESS RELEASE on PR NEWSWIRE]

Last month, I had the pleasure of joining Forward Networks as its new Head of Security and Compliance. I’ve spent many years working in enterprise security and cyber risk, but after seeing a demo of the Forward platform, I knew I wanted to join this company because I’d have a chance to be part of the product that changes the way we look at network security topology.

I’ve been fortunate enough to work on almost every aspect of security throughout my career, starting as a physical security engineer with the United States government and eventually leading a team of reverse engineers dissecting nation-state malware. I then transitioned to the private sector, working as the senior director of cybersecurity at a software company and then as head of security at a Japanese-based media aggregator.

When I first began talking to the Forward team, two big things stood out. I studied electrical engineering with an emphasis in networking, so the opportunity to work in the network stack with computer science PhDs from Stanford was exciting. As a security professional working with many current security tools, I saw the power of being able to do forensics and use security at the networking layer in a way never seen before across multiple vendors and security layers. Ultimately, my passion lies in helping security leaders shape their strategy while finding new ways to stay ahead of bad actors.

I have seen firsthand how complex networks can get as more and more devices are added and interconnected. As security professionals, we need the best and most comprehensive data set to make the best risk based decisions. We're trying to understand the full paths. We're trying to understand the exact routing connection between endpoints and navigate complex firewall rules and cloud security groups. And we’re trying to do all of it quickly across multi-vendor environments.

I’ve spent so much time trying to track down rogue devices on a network manually, so I recognize the value of having visibility into all of these things (with accurate and detailed results). The Forward Enterprise platform collects detailed topology, configuration, and state information across the entire network and gives the SOC full visibility into connectivity and exposure points. Once I saw the technology and saw what the company was trying to do, it just made sense to me.

Joining Forward at this time is very exciting. The platform’s features are incredible, and I believe this tool can benefit every IT team. Being able to influence the company’s security strategy and program is also something I look forward to doing. Follow me on LinkedIn!

If you’re interested in joining the team, click here to explore career opportunities.

Top cross