In my last blog, I spoke about the need to get immediate access to network behaviour patterns, in order to detect anomalies.
An extension of that need is the ability to make instant use of that data. Forward Networks, with whom I was recently briefed, among other related aspects, focuses on that very problem area. A number of product enhancements have just been released that further enable security engineers to determine the blast radius of compromised devices immediately, create an always up-to-date zone-to-zone security matrix, and simplify efforts to remediate cybersecurity vulnerabilities (CVs).
The elephant in the room amongst all this is the marriage – or divorce – of Netops and Secops. Forward rightly argues that Secops engineers can equally benefit from this network-sourced information, given that they are under constant pressure to identify and remediate issues, but if they aren’t aware of what is happening on the network – for example with firewalls, load balancers, and complex routing paths, then how can they resolve the security problems arising 24×7? The answer is in creating a single view of the network (or ‘source of truth’ as Forward describes it) for the NOC and SOC so all information is shared, synchronized and duplication is eliminated. This can readily be measured, not just in terms of results but in ££££ – doing something twice always costs more than doing it once. So, the idea is that everyone can instantly access always current information on network behaviour, security posture, and topology, thereby also reducing the classic human error problem (see earlier blog) such as by being able to track network configuration changes that may have created a vulnerability.
I mentioned some product additions just released by Forward and these further optimize operations, so I’ll list them here;
- Blast Radius Identification and Isolation—using data already collected by the Forward Enterprise platform, security operations engineers can now identify the reach of a compromised host with a single mouse click. Once the exposure is identified, isolating the devices is a much simpler and faster process.
- Zone-to-Zone Connectivity Matrix—by continuously capturing firewall configuration information, Forward Enterprise is an always-current source of truth for zone-to-zone connectivity. The platform offers a graphical matrix that clearly delineates which zones have full connectivity, partial connectivity, or no connectivity. Using the platform’s Path Analysis, Network Query Engine, and network-diff capabilities, engineers can easily determine the cause of unintended connectivity. Additionally, the engineer can build verification baselines from the Zone-to-Zone Connectivity Matrix using Forward Intent verification checks.
- Cybersecurity Vulnerability Reporting—Using information from the NIST National Vulnerability Database and the specific device and configuration data collected from the network, Forward Enterprise automatically analyzes the network for vulnerabilities and presents information in an actionable format. Forward’s API integration with ServiceNow can automatically generate tickets, expediting the entire process.
After several false starts in the attempt to unite the network and security teams – who remembers Syssecops? – it seems like we are finally getting there; in the words of Leonard Cohen, that’s got to be a “halleluiah” moment!