A customer posed this question to me recently; after pausing and smiling (a little too) broadly, he continued, “Their lips are moving.”

I thought this would be funnier if it weren’t partly true.

The software industry has over-promised and under-delivered for years, making technical executives rightfully skeptical when they hear a new promise. Unfortunately, it’s common for software to lack promised features or to create new headaches when deployed across the enterprise.

Here we go again – another impossible promise!

The executive I was speaking with runs the network of a Fortune 250 global financial services company; he’s experienced his share of pie-in-the-sky sales pitches. Understandably, he was skeptical when he met a software executive promising a network digital twin that provides analysis and insight into the behavior of his network, supports all major hardware vendors, and can do this without posing any security risk.

In 2017 at a conference in New York, he met our co-founder and CEO, David Erickson. He remembers thinking David’s a great guy, but there’s no way his platform can do everything he’s saying, and especially not at the scale needed to support tens of thousands of devices.

As fate would have it, he bumped into David again in Las Vegas at another tech event where after a bit of discussion – he agreed to test the platform in his lab environment.

Wait, is this actually working?

Once the platform was up and running, he was genuinely astounded; in his own words, “Wow, this really, really amazing, it actually does everything you say it will.”

Many other teams were interested in the platform’s capabilities, but like many global enterprises, the organization and responsibilities are highly segmented. Working across functions to adopt new technology is a slow process. So while there was interest and promise, the platform stayed in the lab.

Can a digital twin help with audits?

During a discussion to prepare for an upcoming audit, the team expressed concerns about their current tools’ ability to provide the desired details and specificity around traffic and device behavior. Trust is everything for a financial services company; opacity or inaccuracy can create doubt in an instant.

The Forward Networks platform in their lab claimed it could instantly provide the information they needed, taking much of the pain out of audits while ensuring they continued to develop trust with customers.

The POC delivers immediate insight

They decided to put the platform to a bigger test within a contained area of the network. To kick off the POC, they used a seed list of known devices for collection. The collection indicated about half of those devices were not in the network. As this was a small area of the network that the Ops team felt they knew very intimately, they were very confident the devices did indeed exist and that there was an error in the collection. However, when they attempted to verify their existence, they were nowhere to be found.

This experience gave the team a clear indication of how much they didn’t know about the network. For example, if they were missing 50% of the expected devices in a well-known area of their environment, what could they discover across the entire network? Especially considering the company had recently undergone a significant merger.

The implications were significant. For example, how many of those devices were still included in expensive maintenance contracts? What else are they paying for that’s no longer in use?

In addition to exposing them to the scope of what they don’t know about the network, the snapshots collected in the platform provide an always-on audit. The team can now tell what a device was doing on a specific day and what devices it could have reached. Because they can gather this data as simply as conducting a Google search, audit responses are no longer nearly as painful.

Supporting future automation efforts

Because the platform is API accessible, they are constantly coming up with new ways to extract data from the platform and improve efficiency. They are looking at automating developer queries, for example.

If you want to see what Forward Networks can do, view our webinar on-demand, where we asked participants to challenge our co-founder and CTO Brandon Heller to prove our platform can live up to its promise, or request a personalized demo.

Enterprise IT teams around the world are frustratingly familiar with the process of vendor contract reconciliation, the annual process of ensuring that the support contracts for devices in the network are accurate. For enterprise IT teams, this process ensures that hardware in the network is where it's supposed to be, performing accordingly, and covered by the OEM contract.

On the surface, that might not seem like a difficult task. However, large-scale enterprise networks often have hundreds or thousands of pieces of hardware from multiple vendors, and each one must be reconciled on an annual basis. In many cases, information about such hardware is maintained in spreadsheets that have to be updated anytime there are changes.

Not surprisingly, there are many points of failure in this process: Spreadsheets are placed in the wrong location, making them difficult to locate; people forget to update the spreadsheets or just don't take the time to do so; information is not updated correctly; there are multiple copies, owned and updated by different people; data isn't entered accurately and so on.

Ensuring the accuracy of such data directly correlates to bottom-line costs, as hardware vendors are compensated for each device that's part of the contract. Without proper reconciliation, enterprises typically spend tens of thousands of dollars annually to support devices that aren't even on the network.

Likewise, the cost of reconciliation directly correlates to the length of time it takes IT to complete the annual process. In most cases, the reconciliation process is extremely labor-intensive. An engineer must manually login to each device to verify or clarify information in the spreadsheet – this is expensive, time-consuming, and unnecessary. Not only does the process disrupt the normal daily operations, it adds hours and days of work to already resource-strapped IT teams.

Such was the case for one North America digital media and entertainment company with thousands of devices under contract from multiple vendors. The size and diversity of the network turned the reconciliation process into a massive multi-day headache.

When the Forward Networks team learned about the issues this customer was having with reconciliation, they devised a solution using the data already collected within the platform. Forward Enterprise had already built a mathematical model of their network, including thousands of hardware devices. In a matter of minutes, Forward Networks provided visual documentation of the devices, their location, and their serial numbers, enabling the IT professionals to quickly identify the devices in their network that should be part of the vendor support contracts.

Their director of IT shared this feedback; "Before we began using Forward Networks, reconciliation was a best-guess operation. We have so many devices that it would take days to reconcile what the vendor said we had versus what we thought we had. Doing this through Forward Networks gives us much more detailed information and is much more accurate in terms of what we actually have, saving us money and time on the backside."

To learn more about how you can use Forward Networks to overhaul your vendor contract reconciliation process, schedule a demo today. Keep an eye out for our upcoming blogs in this series about how Forward Networks is impacting enterprise networks around the world, including Six-Figure Savings: How A Financial Institution Banked On NQE For Massive Returns; Confidence In Action: Investment Bank Uses Forward Networks To Verify Automation Software; and $6 Million Savings: How Rapid Insights Led To Valuable Network Upgrades.

The risk of config drift is ever present. And when you consider that modern enterprises have incredibly complex and ever-changing networks with thousands of devices, from routers to firewalls to switches, running billions of lines of config, it’s easy to understand why. Networks are constantly being changed by people - who though well intentioned - make mistakes.  A configuration change that accomplishes the immediate goal may take the network out of compliance, but how would anyone know?

Security teams try to stay on top of config drift by manually conducting regular compliance and security audits. But these audits can take weeks or longer — time that the enterprise can’t afford. These audits require a lot of manual work that can lead to the introduction of costly errors and new risks in your network. As a result, non-compliance is often detected when there is a security incident. This is one of many reasons CISOs don’t sleep well.  

It’s our core belief that the network should be predictable, agile and secure — and that it should be relatively easy for engineers to ensure this. Knowledge is power; a current, vendor agnostic and easy to interpret single source of network truth is a super power. And this “super power” can be used to continuously ensure that the network is “correct” or in policy. 

Forward Networks makes security and operations engineers super heroes through automatic non-compliance detection and alerts. Using our Network Query Engine (NQE) and intent-based checks, engineers can receive immediate alerts when a device’s configuration is out of compliance. They’ll also get the details they need to fix the issue — fast and with accuracy. There is a library of prebuilt verifications in our platform. And, of course, your engineers can also create custom searches to suit your organization’s specific needs.

So now you no longer have to hope that your enterprise network is in compliance — with Forward Networks, you’ll know if it is. See how automatic non-compliance detection and alerts can help your security teams control the risk of config drift and keep your business from making the headlines for the wrong reasons. Read our use case to learn more. 

Top cross