The Globee Awards for Disruptors recognizes and celebrates organizations and individuals who have significantly contributed to disruptive innovation across various industries. These awards acknowledge the trailblazers who have challenged the status quo, introduced groundbreaking ideas, and transformed traditional practices through their disruptive approaches.
Forward Networks was honored because:
Because the tools network and security operations use to validate connectivity and security for on-premises networking are entirely different from those used for the cloud, it’s nearly impossible for teams to verify that the security policy is being enforced on-prem and throughout the multi-cloud environment.
Deploying traditional security controls is ineffective in the cloud since defensible perimeters are erased, component virtualization and decentralization obscures visibility, and automated configuration tools are required at scale.
Using read-only permissions, Forward Enterprise collects config and state data from all on-premises devices, such as routers, switches, and firewalls. The SaaS platform uses publicly available APIs to gather similar read-only information from public cloud accounts to create a digital network twin encompassing physical, virtual, and cloud estates. This information is presented in an integrated (and vendor-agnostic) way, enabling engineers to verify compliance throughout the estate. Anytime a non-compliant change is detected within the cloud estate, the appropriate teams will receive specific, actionable information about which instantiation is non-compliant and why, enabling rapid resolution.
Networking, security, and cloud professionals can work from a consistent, always up-to-date set of facts when troubleshooting or verifying network behaviors, drastically reducing MTTR.
Users gain unprecedented access to behavioral data to hasten troubleshooting, prevent incidents, and deliver timely alerts any time a cloud configuration is outside of policy. Timely alerts enable teams to quickly remediate issues and limit risk.
Organizations can ensure that the connectivity configurations of new applications adhere to corporate governance policies. Eliminating manual policy checks streamlines the process, so applications can be launched with greater confidence and speed, and companies can recognize revenue on new offerings more quickly.
Forward computes all possible traffic flows and provides detailed insight into how on-premises devices and cloud elements transform and direct traffic.
Forward performs complete end-to-end path analyses across the network for both on-premises and cloud infrastructure. Users can locate devices and access detailed information on their location, configuration, and state in milliseconds.
Spring is in the air and that means that ONUG Spring is right around the corner! At Forward Networks, it’s feeling a little like Christmas in April because we’re so excited to meet in-person, and we hope you feel the same. Our booth is polished, our presenters are on fire, and our capabilities for solving multi-cloud problems are unparalleled.
In addition to an in-person and virtual booth staffed by hands-on technical experts, we have two exciting presentations planned.
On Wednesday, April 27 at 11:20 a.m., our director of product, Natale Ruello, will share how our customers use the Forward Enterprise platform to verify security policies in their hybrid multi-cloud environments. If you’d like a preview of the challenges he’s going to address, check out his ONUG blog post: Is your multi-cloud estate secure?
On Thursday, April 28 at 2:25 p.m., Josh Matheus, Managing Director at Goldman Sachs, will detail the pain points that motivated the need for a single source of network truth, describe the process of selecting and implementing a digital twin, and outline the results that his network team has achieved since deployment.
If you haven’t registered for the event yet – please use our discount code to save 20% on your registration by using the code: Forward22. We hope to see you there or at another event this year.
If you can’t attend in person, don’t forget to check out our virtual ONUG booth where you can ask questions and see the technology in action.
If your enterprise is like most of Forward Networks’ customers, then your IT shop oversees a sizable cloud estate. You probably have hundreds of accounts, projects, or subscriptions across different cloud vendors. There are tons of related objects too — virtual machines, firewalls, transit gateways, subnets, and more. And cloud-native apps? Maybe you have hundreds of those in use or development as well.
Your IT team needs to manage this complex environment efficiently and effectively. Yet, it’s unlikely they know exactly what that environment looks like and how everything in it relates to and interacts with each other. No doubt, they’re also unsure whether the company’s networking and security policies have been properly extended to the cloud. Meanwhile, your cloud estate keeps growing and changing all the time.
Given how critical cloud platforms and applications are to supporting your business, your IT team really can’t go on without access to granular, real-time, and historical insight into what’s happening in your cloud environment. They don’t have that insight for a host of reasons, from the lack of appropriate tools to insufficient knowledge about specific platforms. But they can get that insight with the Forward Enterprise platform from Forward Networks, which presents the single source of truth about your cloud infrastructure in a single pane of glass.
In Forward Enterprise, your IT team gets a comprehensive and always up-to-date view of your cloud estate from a global level down to a specific instance. The platform provides the most complete and in-depth path analysis, custom verification, and visualization capabilities for on-premises environments and multi-cloud estates that span across multiple vendors such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure. And if your IT team wants to explore a specific aspect of the cloud infrastructure, they can drill down on the details with a single click.
Your organization’s multi-cloud environment is a big investment for your business, and it’s a marvel to behold. With the Forward Enterprise platform, you can take it all in — every object and traffic pattern — through a single pane of glass and make sure everything is operating just as it should be. To learn more about this eye-opening capability from Forward Networks, read this use case.
Register for our upcoming Forward Fix Live [webinar] to learn how Forward Enterprise can prevent costly intercloud routing mistakes.
SANTA CLARA, Calif., Feb. 23, 2022 /PRNewswire/ -- Forward Networks, the only company offering visibility and intent capabilities across the entire network estate, including on-premises, hybrid-cloud, private cloud, public cloud, and multi-cloud instances, today announced enhancements to the Forward Enterprise platform. Forward Enterprise now provides unprecedented visibility into network configuration and behavior in an actionable, vendor-agnostic format, enabling all organizations to conduct business in the cloud with certainty. In addition, the new cloud capabilities give IT teams a 360-degree view of both physical and virtual environments, as well as a single pane of glass for end-to-end in-depth connectivity analysis and policy and security verification.
Forward Enterprise creates a digital twin of an enterprise environment across on-premises devices, as well as hybrid multi-cloud environments. IT teams can instantly troubleshoot, verify intent, and predict network behavior by computing all possible traffic paths. The new platform enhancements also ensure security policies are enforced and prevent costly multi-cloud routing mistakes.
"For enterprises running large and complex networks, the cloud promised agility, economics, and security, but it has delivered complexity, expense, and risk," said David Erickson, Co-Founder and CEO, Forward Networks. "Our new platform enhancements were developed after listening to our customers detail their pain points and will help enterprises take the next right step in their cloud journey. They now have the same visibility and transparency into multi-cloud network traffic as on-prem environments and can be confident that they have the necessary information to make networks more reliable and secure."
CLOUD WITH CONFIDENCE
Unlike the proprietary tools cloud providers offer subscribers, Forward Enterprise provides visibility, insight, and troubleshooting capabilities across multiple clouds. Using this insight, professionals can often remediate potential problems before they materialize, saving time and money. Forward Enterprise is the only platform on the market capable of building a software model of all major networking vendors and services at scale, including for hybrid multi-cloud environments. It also offers complete integration with the top cloud platforms, including Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). In addition, the platform computes all possible traffic paths for unparalleled insight into network behavior, including how some changes can impact network behavior and compliance verification.
The new capabilities are generally available today, and pricing is based on pay-as-you-grow cloud consumption that does not require a large upfront investment.
About Forward Networks
Forward Networks is revolutionizing the way large networks are managed. Forward's advanced software delivers a "digital twin" of the network, enabling network operators to verify intent, predict network behavior, and simplify network management. The platform supports devices from all major networking vendors and cloud operators, including AWS, Azure, and Google Cloud Platform.
Forward Networks was founded in 2013 by four Stanford Ph.D. graduates and is headquartered in Santa Clara, California. Investors include Goldman Sachs, Andreessen Horowitz, Threshold Ventures, and A. Capital.
The risk of config drift is ever present. And when you consider that modern enterprises have incredibly complex and ever-changing networks with thousands of devices, from routers to firewalls to switches, running billions of lines of config, it’s easy to understand why. Networks are constantly being changed by people - who though well intentioned - make mistakes. A configuration change that accomplishes the immediate goal may take the network out of compliance, but how would anyone know?
Security teams try to stay on top of config drift by manually conducting regular compliance and security audits. But these audits can take weeks or longer — time that the enterprise can’t afford. These audits require a lot of manual work that can lead to the introduction of costly errors and new risks in your network. As a result, non-compliance is often detected when there is a security incident. This is one of many reasons CISOs don’t sleep well.
It’s our core belief that the network should be predictable, agile and secure — and that it should be relatively easy for engineers to ensure this. Knowledge is power; a current, vendor agnostic and easy to interpret single source of network truth is a super power. And this “super power” can be used to continuously ensure that the network is “correct” or in policy.
Forward Networks makes security and operations engineers super heroes through automatic non-compliance detection and alerts. Using our Network Query Engine (NQE) and intent-based checks, engineers can receive immediate alerts when a device’s configuration is out of compliance. They’ll also get the details they need to fix the issue — fast and with accuracy. There is a library of prebuilt verifications in our platform. And, of course, your engineers can also create custom searches to suit your organization’s specific needs.
So now you no longer have to hope that your enterprise network is in compliance — with Forward Networks, you’ll know if it is. See how automatic non-compliance detection and alerts can help your security teams control the risk of config drift and keep your business from making the headlines for the wrong reasons. Read our use case to learn more.
If you’re like most of the complex IT shops we talk with, you probably don’t even have a current security matrix to store anywhere – file cabinet or data folder. The connectivity matrix is essentially the company security posture, but almost no one has a comprehensive way to visualize and easily understand the connectivity status between the various configured security policies (zone-to-zone policies). This puts them in a dangerous position of risk because you can’t fix what you don’t know is broken.
The lack of precise insight into which firewall zones should or shouldn’t have connectivity with other zones undermines basic network security. And zero trust? Good luck implementing and enforcing that stringent security approach. Without visibility into interzone connectivity, it’s a near-impossible feat — especially because networks are always growing and changing.
Your network teams and security engineers can now use the Forward Enterprise platform to access a graphical representation of security zone connectivity. They can get a current view of the complex zone-to-zone interactions occurring in your network presented in one easy-to-understand visualization. It only takes a glance to see which zones have full, partial, or zero connectivity; color-coded status indicators to represent flow outcomes, so teams can confirm compliance at a glance:
How simple is that? Now, your teams can have a single source of truth for interzone connectivity and policy compliance that’s always up to date and always super clear. Check out our use case to learn more about how our easy-to-use, zone-to-zone connectivity matrix feature in the Forward Enterprise platform can help you confirm that your interzone connectivity posture is sound and that you’re ready to start building a zero trust environment.
In the past couple of weeks, I’ve had the opportunity to attend two technology events IN PERSON!!! Seeing people “mask-to-mask” has been fun and educational.
Forward Networks recently exhibited at Black Hat in Las Vegas and AFCEA TechNet Augusta. Obviously, security was the topic at Black Hat, but it was also top of mind for TechNet attendees, and attendees at both events stressed the need for better network behavioral insight. A common theme amongst these totally different demographics speaks volumes about the need to improve how NetOps and SecOps share network insights to protect its health and integrity. (For those who are unfamiliar, the halls of Black Hat are filled with hackers while TechNet Augusta hosted U.S. Army technical experts).
Obtaining current, detailed information presented in an easy to understand manner is critical for network health. Because SecOps and NetOps teams need the same network information to remediate and prevent incidents, there should be a seamless way to interact. Unfortunately, that’s not possible using most currently available tools. Engineers are stuck making calls, sending emails, opening tickets, and waiting for information that should be at their fingertips, thus creating unnecessary speedbumps. In June, we added security features to our platform that were specifically intended to help SecOps and InfoSec teams by creating “easy buttons” that eliminate these barriers.
Prior to getting out and talking to the people “in the trenches,” we felt pretty good about the platform enhancements, but we also knew that the attendees at both TechNet and Black Hat would give us the unfiltered truth.
The security features we announced in June (single-click blast radius detection, Zone-to-Zone security matrix, and an up-to-date Network CVE matrix) generated interest because they help SecOps folks work better and faster. Nobody wants to spend an unnecessary second of their work life combing through vender alerts, tracing paths, or inspecting code to find out the cause of an issue.
While the positive reception was encouraging, what I found incredibly interesting was the level of interest in how network modeling can enhance security posture by detecting and preventing situations that traditional tools will miss because they aren’t designed with the nuances of SDN in mind.
Well aside from schooling us on how to protect the world from Space Invaders while playing our classic Atari console, the resounding theme was when it comes to understanding and enforcing organizational security posture, the network is critical. Security engineers want to query the network in ways that traditional security tools don’t allow. SDN is changing the way threats are enacted and detected, and SecOps needs better info.
For example, the Forward Enterprise platform can identify network-based vulnerabilities due to traffic being virtually routed around enforcement points. Since the days of mandatory physical connectivity to the firewall are in the past, it’s easy to mistakenly configure devices in a manner that allows traffic to bypass enforcement points. Manipulated packets passing through NAT may not be recognized by firewall rules, ergo traffic you think is being blocked could be permitted creating vulnerabilities or, traffic that should be permitted could be dropped, negatively impacting the user experience.
Most of the well-known products in this space cannot detect these network-created issues because they don’t have a mathematical model of the network. Packets that are mutated in transit are unlikely to trigger the right policy response because they are unrecognizable.
The technical practitioners I spoke with were excited to learn that not only can Forward Networks detect these types of issues, but using custom intent checks, the platform can alert engineering staff if an out-of-policy configuration change is implemented. Knowing that the platform can instantly provide correct information on policy adherence and detect out-of-policy configurations before they cause an issue was of significant interest to everyone I talked to.
If you work in networking, you can’t do anything without getting some sort of message that you need to improve your zero trust architecture. Lots of companies offer to sell you the solution to all of your zero trust woes.
Because it’s been a topic of discussion internally – we decided that this was the perfect opportunity to put the hype to the test and see what people really think. So, my Seeking Truth in Networking Podcast co-host (and Forward Networks Co-Founder) Brandon and I decided to mic-up and talk to people for Episode 11: Zero Trust at Black Hat 2021: Networking meets Security. The conversations were sometimes funny and always enlightening. So, we turned it into our latest podcast. At the end of the day, yes there’s a healthy dose of skepticism – as there should be – but there are also real lessons to be learned and interesting ways people are applying these principles.
Listen to the podcast to hear more, and tell us what you think!
Using the visualization, verification, search, predict, and diffs function within the Forward Networks platform can help engineers ensure their zero trust architecture is designed and functioning as intended. To learn how, read the zero trust use case.
Between us — there’s no such thing as zero trust — it’s a catchy term used to describe a very complicated approach to security. But just because marketing loves the term doesn’t mean we should ignore the concept.
The idea of zero trust is the assumption that users should be granted the least access possible to be productive, and that security should be verified at every level with consistent protection measures. No device or person can be automatically trusted and everything must be verified before providing access to systems, and policy adherence must be continually validated.
Achieving this requires full network visibility, after all, how can you protect what you cannot see? To implement a zero trust architecture, network and security operations teams must be able to fully visualize all possible data paths and network traffic behaviors to truly understand potential vulnerabilities. Only then can they implement and enforce policies that eliminate risky pathways and segment the network effectively.
In addition to visibility, validation is critical for ensuring zero trust. Security policies are definitely not a “set it and forget it” situation. Because the network is constantly being changed by the people that manage it, consistent and frequent validation is necessary to ensure that policies are performing as intended.
While this may seem like stating the obvious, it’s anything but easy. Most networks have evolved over decades, it’s common for our customers to discover hundreds of devices they didn’t know they had. One of the biggest frustrations we hear from security teams is the amount of config drift in their network – which prevents the security policies from functioning as intended. If you struggle with these issues (as most enterprises do), a zero trust architecture is beyond reach.
Using the visualization, verification, search, predict, and diffs function within the Forward Networks platform can help engineers ensure their zero trust architecture is designed and functioning as intended. To learn how, read the zero trust use case.
With the constant rise of modern cyber threats, many businesses are aiming for zero-trust infrastructure to keep themselves and their customers safe. But a zero-trust environment, where only authorized people can access information and resources, is often more difficult to implement than anticipated. If security teams and network engineers cannot visualize the network and its possible traffic paths and behaviors, they can’t possibly secure the environment.
Forward Enterprise is designed to collect detailed config and state information on the entire network and then help engineers visualize, verify, search, predict and understand diffs following change windows. This information is invaluable to companies seeking to implement zero trust as it provides detailed connectivity information in a way that is easy to consume and act upon. We’ve recently added three new features to Forward Enterprise, that curate critical security information making it easy to understand device connectivity and potential vulnerabilities.
Regardless of how large or complicated a network is, Forward Enterprise empowers IT to improve network operations and avoid outages. This is thanks to its unique mathematical model that creates a digital twin of the network, allowing network operators to map all possible traffic flows, verify intent, predict network behavior, and more.
Our platform also helps security operations professionals with new visualizations of East-West traffic flows, endpoint-to-endpoint connectivity analysis matrices, and timely non-compliance alerts. These new features for Forward Enterprise make security teams’ lives easier by simplifying and streamlining traditionally labor-intensive network processes.
Today it is not a question of “if” a device will be compromised – but “when.” During an attack, it is critical that security operations professionals immediately identify the full impact of compromised devices so that they can contain the threat. With Forward’s blast radius, security teams can now identify the full exposure and reach of a compromised host with a single mouse click, making isolation and remediation a much simpler and faster process.
Having full insight into how and where devices and applications communicate over the network is fundamental to security. And yet this is one of the most difficult security tasks to perform, with most teams working from out-of-date spreadsheets and tribal knowledge to try and figure things out manually. Unsurprisingly, this is incredibly inefficient and error-prone.
But with Forward Enterprise correlating routing information and security policies, security teams can now easily see how their security posture is enacted on the network. With a graphical matrix that clearly delineates which zones have full connectivity, partial connectivity or no connectivity, security operations professionals can have full confidence of their zone-to-zone connectivity posture.
Network OS Vulnerability Identification
Trying to stay ahead of the unending stream of network device OS vulnerability alerts can be a full-time job – but it does not have to be. Forward Enterprise now uses the latest information from the NIST National Vulnerability Database, along with specific device and configuration data collected from your network, to automatically recognize and flag potential network OS vulnerabilities. Security teams can save time and stress with proactive vulnerabilities updates presented in an easily actionable format.
To see these security features in action, please request a demo.
On June 28, we announced new features within Forward Enterprise that help security engineers spend less time on reactive tasks so they can be more proactive. Why would a networking company expand into the security space? Good question. Let me share some of the reasoning that led to expanding deeper into this space, and why I am excited about it.
Reason 1: The overwhelming and urgent need.
Last year, the SolarWinds hack shocked the world with both the vector and its breadth of reach across the world, reminding us all of the importance of security, especially within the network. Since then we’ve continued to see additional examples such as the recent Colonial Pipeline ransomware attack. These are both preventable and containable.
Reason 2: Demand from our customers.
Deployments that were originally triggered by a need for network operator-oriented visibility and verification have also seen adoption and used by their peer security engineers to solve a range of daily work tasks. These security engineers have been highly enthusiastic about the time savings they gain by getting instant answers to network questions with Forward Networks, without needing to talk to a long chain of humans and spending hours to days gathering such information in their old way of working. Based on this success, they have been asking us for an expanded security capability set, with an ultimate goal of a single unified view and platform for both the network and security teams to collaborate around.
Reason 3: Unique capabilities from unique technology.
What do we do? Put simply, we use math to organize network information, in the form of a digital twin, and make that network information accessible to people and machines. This approach requires analyzing every possible way a packet could flow through your network. And yes, that is effectively a comprehensive pen test that runs on our customers’ global networks 10s of times per day! That data enables network verification like that is nothing like the testing or mapping you’re used to.
Reason 4: Hack Week.
In April, our engineering team had a week to work on anything. What did they choose to do? Security. Working closely with customers and having an impact is why they are here. Many of the projects created “easy buttons” for common (and highly complex) security tasks, and when shown to security teams, their feedback was clear: “I want this, yesterday.”
Those are all solid reasons, but I want to add my own take, from doing SecOps at a Stanford Lab, to setting up security infrastructure when founding this company, and now answering to a board about security.
A large fraction of security incidents can be both prevented, or at least tightly contained – but only if a strong network security and segmentation policy has been implemented. An ever-growing list of vendors are scrambling to provide different components of a Zero Trust solution for your business, but even if you buy one (or more) of these solutions, how do you know if you’ve implemented them correctly? In the financial world, we have auditors to confirm that we have correctly implemented the appropriate financial practices. The same mechanism is critical for network security, and this is what Forward Networks provides in the form of network and security visibility and verification.
I’m proud to announce our latest release, 21.5, which includes these new marquee security-focused features:
All of these new capabilities can be used on both your live network, as well as any historical snapshot you’ve taken in the past (for forensics), and all can be easily integrated via API into your automation framework of choice.
This is just the beginning of our security journey, and we’d like to bring our unique capabilities as a partner on your Zero Trust security journey. If you’d like to learn more, please request a demo.