In the fast-paced world of cybersecurity, Security Operations (SecOps) teams face an ever-evolving landscape of threats and challenges. As a professional in the NetOps, SecOps, or CloudOps field, you understand the critical importance of staying ahead of cyber adversaries and safeguarding your network infrastructure. That's where Forward Networks steps in, offering innovative solutions that revolutionize SecOps by supercharging your network insights and capabilities.

Our Co-Founder, Nikhil Handigol offers "5 Ways to Supercharge SecOps with Network Insights," where he unveils how SecOps engineers can elevate their SecOps game using digital twin technology. Let's explore five key takeaways that can transform the way you approach security operations:

1. Unlocking Vulnerability Management: Navigating the vast sea of vulnerabilities across servers and applications can be daunting. With a true network digital twin, you can instantly see which vulnerabilities are present in your network ranked by severity, making it easy to prioritize remediation and have mathematical confidence the network is compliant.

2. Attack Surface Management: Understanding your network's attack surface is crucial in fortifying your defenses against cyber threats. With Forward Networks' advanced capabilities, proactively identify areas where your network is out of compliance and analyze your exposure. By visualizing attack vectors and vulnerable hosts, you can proactively defend your network infrastructure.

3. Harnessing the Power of Software: Modern networks demand sophisticated solutions that go beyond use-specific tools. By leveraging network digital twin technology, you can validate your network's security posture with precision. Say goodbye to manual validation processes and embrace the efficiency of AI-driven insights.

4. Enhancing Network Visibility: In the realm of SecOps, visibility is key. Forward Networks' digital twin empowers security engineers with comprehensive insights into network connectivity and configurations. Real-time visibility into your network's traffic flow and behavior enables proactive threat detection and rapid incident response.

5. Transforming Security Operations with Network Insights: Unleash the full potential of your Security Operations Center (SoC) by integrating network insights into your security strategy. With Forward Networks' cutting-edge solutions, bridge the gap between network operations and security, fostering collaboration and efficiency across teams.

Are you eager to learn more? Nikhil goes into greater detail and demonstrates how the network insights delivered by true digital twin technology can supercharge SecOps teams. View the session on demand.

Join the revolution in SecOps with Forward Networks and embrace a future where network security knows no bounds. Stay tuned for more insights, advancements, and partnerships that shape the future of cybersecurity.

TLDR - check out the Enterprise Strategy Group eBook, End-to-End Networking Visibility and Management.

If you have a single vendor, single cloud homogenous network where everything is documented, you know where every device is, and you know all the possible paths in your network, then you are a networking deity.  

Realistically, nobody has a “simple” and fully documented network. Mainly because enterprises grew over time with the organization. New equipment was added as needed or as part of an acquisition. The typical enterprise environment now includes dozens of hardware vendors with devices running a multitude of operating systems, billions of lines of constantly changing configuration code and multiple public clouds. For most of the practitioners we’ve worked with, this means a “simple” task like physically locating a device will take days to weeks. Even the most basic troubleshooting activity can take hours to complete.

 It’s impossible to adequately manage or secure what you cannot see. End-to-end visibility is table stakes for mitigating risk when making changes, having visibility over remote workers, and securing the network.

There is general consensus among engineers that increasing network complexity is making visibility the biggest challenge and highest priority for protecting network health. According to a recent Enterprise Strategy Group eBook, End-to-End Networking Visibility and Management, there is a multitude of drivers for increasing network complexity:

Source: Enterprise Strategy Group eBook, End-to-End Network Visibility and Management, October 2022.

Most enterprise IT shops are approaching network visibility manually, creating Visio diagrams or excel spreadsheets to document topology and inventory.  At best, these documents are out of date the moment they are published; in actuality, they are often months, even years old. In an era of highly distributed networking and remote work, this approach is unacceptable.

Network visibility is one of the key features of Forward Networks’ network digital twin technology. A large financial services firm that deployed Forward Enterprise discovered that only 25% of its network lab inventory was accurate. Many of the devices they thought were on the network had been decommissioned, and the majority of devices in-service were not documented. This was the most highly monitored portion of their network. As their network leader said, “The depth of what we do not know about our network is far greater than what we do know.” 

To learn more, we invite you to read the Enterprise Strategy Group eBook on End-to-End Networking Visibility and Management. To see how your company can gain detailed end-to-end visibility in a single platform, please meet with one of our engineers.

By George Lawton, VentureBeat

The network, once seen as little more than plumbing in the datacenter, is at the center of distributed IT operations. Ensuring network operations and protecting them from cyberattacks has become paramount to modern enterprises.

“You can almost imagine that networks would be on par with power and water and electricity and that kind of stuff,” Nikhil Handigol, co-founder of Forward Networks, tells The Next Platform. “You cannot imagine a modern business functioning without its network functioning. On one hand, networks were super critical for big businesses and are becoming increasingly critical. On the other hand, they’re becoming more and more complex and more and more fragile, both from a connectivity perspective and from a security perspective. From a connectivity perspective, they were so fragile that one misconfiguration could take the entire network down. It’s still the case.”... [READ MORE ON THE NEXT PLATFORM]

By George Lawton, VentureBeat

Designing, testing, and provisioning updates to data digital networks depends on numerous manual and error-prone processes. Digital twins are starting to play a crucial role in automating more of this process to help bring digital transformation to network infrastructure. These efforts are already driving automation for campus networks, wide area networks (WANs), and commercial wireless networks... [READ MORE on VentureBeat]

By George Lawton, VentureBeat

This is the second of a two-part series. Read part 1 about the current state of networking and how digital twins are being used to help automate the process, and the shortcomings involved.

As noted in part 1, digital twins are starting to play a crucial role in automating the process of bringing digital transformation to networking infrastructure. Today, we explore the future state of digital twins – comparing how they’re being used now with how they can be used once the technology matures.... [READ MORE on VentureBeat]

By Craig Johnson, Senior Technical Solutions Architect, Forward Networks

Visibility and complexity, problems that have plagued cybersecurity and IT practitioners for decades, are still huge issues. A 2021 IDG survey found that 81% of practitioners struggle to identify the depth of a breach, and 68% find it challenging to identify what devices are in the network and its topology. This is not surprising. The network is now a piece of critical infrastructure that can't afford to go down, and its depth and breadth in the cloud and on premise is not something that many organizations could have imagined in the early ‘90s.

A Problem Already Too Big, and Growing

Security practitioners have always maintained that you cannot secure what you can't see, but what we can't see keeps growing. Take common vulnerabilities as an example. As of June 10, 2022, there were over 177,000 known CVEs (Common Vulnerabilities and Exposures) listed in the NIST Database. While security teams KNOW that remediating these vulnerabilities should be a priority, keeping up with numbers that high just isn't scalable for even the largest and most well-funded organizations.

While statistics may vary, security organizations are dealing with almost 55 critical vulnerabilities PER DAY  and some recent data shows that organizations are taking nearly two months to remediate critical risk vulnerabilities, with an average mean time to remediate (MTTR) of 60 days. This is due to sheer volume, as well as difficulty in sharing prioritized, actionable information in a manner that is easy for network engineers to understand and act on. For example, when the network team receives the information, it's a raw report lacking specificity (e.g. which alerts are new). Without this level of detail, the process is still time-consuming and prone to human error... [READ MORE on VMBLOG]

There is no shortage of alerts concerning security vulnerabilities. Unfortunately, the deluge of data available is overwhelming and not specific enough to be actionable. We don’t think that’s very helpful, so we’ve integrated our platform with Rapid7 InsightVM to ensure that our customers have full visibility into their security posture, including endpoints, and that they know how to prioritize remediation.

The Forward Enterprise platform already collects detailed topology, configuration, and state information across the on-premises network. This information and our mathematical model is used to create a digital twin of the network capable of determining all possible traffic paths. Combining this data with the end-point security visibility and analytics of Rapid7 provides SecOps teams unprecedented visibility into their security posture and helps them prioritize vulnerability remediation with mathematical certainty: SecOps teams are now able to identify within seconds which end-host impacted by critical vulnerabilities can be accessed from the internet and which compromised end-hosts can access internal critical infrastructure.

Given the ever-worsening security talent shortage, SecOps teams cannot afford to waste a single second. There are many tools that evaluate device vulnerabilities, but without the knowledge of how that device is connected to the network, security teams only have a limited view of potential exposure. Often, they choose to focus on keeping devices up to date no matter what vulnerabilities are detected, or they focus on vulnerabilities without considering the exposure of individual systems and devices. With the Rapid7 integration, Forward Networks is the only company that can show an organization’s actual risk including on-premises, multi-cloud, and SD-WAN in an actionable single screen. This type of data presentation helps teams focus on the work that will most impact the network.

The Rapid7 integration is part of Forward Networks’ ongoing commitment to support security professionals with actionable data, so less time is spent reacting, and more time is spent enhancing the security posture.

The Rapid7 integration is included in standard Forward Enterprise licensing at no additional cost. Learn more about the security capabilities of Forward Enterprise at: www.forwardnetworks.com/security

When a large government agency decided to refresh its infrastructure down to Layer 2 switches, Forward Networks data delivered over $6 million in savings. Like many companies around the world, this organization had challenges getting full visibility and the structure of its network, which had grown organically over time.

Initially, Forward Enterprise played a key role in providing accurate information that saved hours of manual effort by eliminating the need to manually synchronize spreadsheets from various inventory tools and internal sub-organisations. While that was certainly valuable, the real cost savings occurred through the rapid insights the platform provided.

The company's IT team wanted to understand everything connected to its network switches in hopes of finding ways to cut costs. Specifically, the team wanted to understand why its network was dependent upon a large number of 100M interfaces, which are considerably more expensive than standardizing on the more common 1G Ethernet standard.

To answer those questions, Forward's Network Query Engine (NQE) was used to create a list of all the devices connected to the network switches by MAC and VLAN. That list was then cross-referenced with the manufacturer to determine what was actually connected to the company's network switches. The results showed that the IT team didn’t need to support the 100M interfaces because the devices connected would support 1G. As such, the network was upgraded to 1G across the board, saving the agency more than $6 million. 

The agency stated that without Forward Enterprise, the inventory would never have been done at all, resulting in device failures, support for unnecessary devices, and wasteful expenditures. NQE helps to solve common challenges in network automation when it comes to retrieving network device configuration and state to verify the network posture. Customers with large networks comprised of many different vendors, technologies, and deployments, including on-prem and cloud, find this functionality extremely valuable.

The agency was able to clearly understand its network topology because Forward Enterprise organizes network information like a database, including the number of devices, physical and logical topology, maps of all possible traffic paths, device state, and configuration. Using that data, NQE makes finding information in the network as intuitive and quick as performing a web browser search.

To learn more about how you can use Forward Networks to verify your networks and automate timely processes, schedule a demo today. Be sure to read our other blogs in this series about how Forward Networks is impacting enterprise networks around the world, including Six-Figure Savings: How A Financial Institution Banked On NQE For Massive Returns; From Days To Minutes: Digital Media Provider Uses Forward Networks To Overhaul Reconciliation; and Confidence In Action: Investment Bank Uses Forward Networks To Verify Automation Software.

If you’re like most of the complex IT shops we talk with, you probably don’t even have a current security matrix to store anywhere – file cabinet or data folder. The connectivity matrix is essentially the company security posture, but almost no one has a comprehensive way to visualize and easily understand the connectivity status between the various configured security policies (zone-to-zone policies). This puts them in a dangerous position of risk because you can’t fix what you don’t know is broken.

The lack of precise insight into which firewall zones should or shouldn’t have connectivity with other zones undermines basic network security. And zero trust? Good luck implementing and enforcing that stringent security approach. Without visibility into interzone connectivity, it’s a near-impossible feat — especially because networks are always growing and changing.

Your network teams and security engineers can now use the Forward Enterprise platform to access a graphical representation of security zone connectivity. They can get a current view of the complex zone-to-zone interactions occurring in your network presented in one easy-to-understand visualization. It only takes a glance to see which zones have full, partial, or zero connectivity; color-coded status indicators to represent flow outcomes, so teams can confirm compliance at a glance:

How simple is that? Now, your teams can have a single source of truth for interzone connectivity and policy compliance that’s always up to date and always super clear. Check out our use case to learn more about how our easy-to-use, zone-to-zone connectivity matrix feature in the Forward Enterprise platform can help you confirm that your interzone connectivity posture is sound and that you’re ready to start building a zero trust environment.

I recently published a piece in Dark Reading covering the network security challenges of M&A activity.  As we ease the restrictions put in place to combat COVID-19, we’re expecting to see business activity including M&A pick up speed, it’s important that the implications of integrating networks are fully understood to ensure that the expected business benefits are achieved as soon as possible. 

Economists from JPMorgan Chase, Goldman Sachs, Morgan Stanley, and more are predicting that the U.S. is about to enter an economic boom, with estimates ranging from 4.5% to 8% expected economic growth. With the economy recovering, Deloitte found that many companies and enterprises expect their M&A activity to return to pre–COVID-19 levels within the next 12 months – and are starting to eagerly eye the market. But today’s M&A’s are more complicated than ever, with the involved organizations needing to account for vital cybersecurity, privacy, and data management practices during this process. 

In fact, recent analyst research uncovered that the biggest hurdle to effectively managing the integration phase of a deal in today’s environment is technology integration. 20% of businesses noted effective integration was the most important factor in achieving a successful M&A – and 28% identified execution/integration gaps as the primary reason their M&A transactions didn’t generate expected value. As I mentioned in the Dark Reading article, a company being acquired is also a target for bad actors, as they look for openings and vulnerabilities in smaller companies that can later give them access to the larger enterprise’s network – Deloitte found that the top concern in executing M&A deals for U.S. executives and private-equity investor firms is cybersecurity (51%).

With technology integration being one of the most important and most difficult factors for a successful M&A – how can companies set themselves up for success?  

The secret is to have a full understanding of the IT infrastructure. Unless you know how everything is connected to everything else, you really can’t make any good architecture decisions to change things. And the starting point is always the network. But this is a herculean challenge in and of itself. Every network is uniquely crafted by the company’s distinct needs and the personal approaches of the network engineers involved. Each network with its specific devices, firewalls, and configurations is going to operate and function differently – nothing can be assumed.

To drastically accelerate and de-risk M&A integration, IT needs to have a detailed understanding of all of the network topology and behavior. But it’s very hard to discover, most network maps and inventories are incomplete or very out of date, as manual processes for these issues are near impossible. Trying to write down a device list, map out the data paths, note all the configurations, figure out the operational processes, and enforce the network-wide security postures would take a full network team months or years depending on the complexity. For businesses that find themselves in this predicament, it is vital that they invest in solutions that can analyze their digital infrastructure to discover existing assets and to map the network.

Depending on the particular pain points, network analysis solutions range from network monitoring and visualization, to intent-based capabilities like network verification and prediction. Network and application dependency mapping tools can inform teams how the various applications and devices act with and rely on one another. Even something as simple as a help desk ticketing system can provide useful data for these ends. 

With a live network map, the companies can then evaluate the infrastructure for cybersecurity compliance and for future integration. Tools like port scanning, network configuration checks, and path verification allow IT to see if the network is operating consistently and is compliant with company policies. IT will especially want to focus on solutions that root out existing liabilities, such as vulnerability assessments, penetration testing, and compliance assessments. For instance, a network digital twin allows enterprises to overlay security policies on other networks – allowing for identification of network compliance issues, flagging outdated configurations, locating forgotten equipment, proactively unveiling security violations, and alerting operators of unpatched vulnerabilities. 

It’s ideal if the chosen solutions can also normalize the network data (present the data in a vendor-agnostic manner), making it much easier for IT to quickly read and understand the various infrastructure devices and configurations. This is particularly helpful for network operations staff addressing help desk tickets – who are dealing with tickets and issues across both networks at the same time after having merged. With a normalized dataset, IT can then efficiently merge both companies’ data together to jointly analyze the infrastructure – allowing for a much faster, more simple and comprehensive examination of the networks. This is impossible to do without a comprehensive view of existing data, so many enterprises look to data management tools and platforms to help locate and consolidate their critical data. 

Connecting and integrating the network infrastructure is the moment of truth for the M&A – businesses need to ensure that everything will continue to operate properly before internal operations can actually be merged. Having a normalized and accurate network map gives the IT team a scope of the two company’s networks – allowing for the identification of conflict areas that need to be worked out before merging networks together to ensure that there is no risk to the production and client services. With the right software, the process can be automated, so it’s faster and more accurate, and intent checks can also make sure that traffic is doing what it should or pinpoint the problem for immediate resolution.

Using this information, IT can identify critical network and application paths that need to be preserved in isolation and potential points where the two companies’ infrastructures can be connected. This has several key security and financial purposes. It allows for a check of whether the network architectures are compliant with one another, and it also lets the companies see where there is excess infrastructure that can be removed. Network path verification tools can also allow IT to preemptively see any potential integration holes by visualizing what the new data paths will be, so the team can address any lack thereof ahead of time with stop-gap solutions. 

When encountering different regulatory hurdles, it’s usually best to make the higher bar the standard across both organizations – simplifying the security and compliance policies. Services like next-generation endpoint protection, next-generation firewalls, and other solutions that protect data and applications from attack — are important for securing the IT environment after a merger. 

The risk involved in merging the digital infrastructures of major enterprises is simple to summarize: if you don’t know what it is and how it works, you can’t ensure it will continue to work if changes are made – like integrating it with another network. Even worse, it can aggravate the already existing security flaws or holes that are wrapped into your security paradigm. By integrating new devices and data paths to parts already able to be compromised, IT is increasing vulnerability and risk.

In today’s world of digital transformation, it’s more important than ever that enterprises engaging in M&As both empower and protect themselves by properly approaching network integration and adopting services where needed to support network analysis.

Top cross