Network Behavior Analysis

Similar documents
AWS Reference Design Document

VMware vrealize Network Insight Arkin Messaging Document

The threat landscape is constantly

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

CONFIDENTLY INTEGRATE VMWARE CLOUD ON AWS WITH INTELLIGENT OPERATIONS

Powerful Insights with Every Click. FixStream. Agentless Infrastructure Auto-Discovery for Modern IT Operations

REDUCE TCO AND IMPROVE BUSINESS AND OPERATIONAL EFFICIENCY

Getting Started Guide. VMware NSX Cloud services

Cisco Data Center Network Manager 5.1

VMWARE ENTERPRISE PKS

UX - User Experience: Multi-Cloud Network Visibility

Cisco Tetration Analytics

SYMANTEC DATA CENTER SECURITY

VMWARE AND NETROUNDS ACTIVE ASSURANCE SOLUTION FOR COMMUNICATIONS SERVICE PROVIDERS

Defining Security for an AWS EKS deployment

2018 Cisco and/or its affiliates. All rights reserved.

vrealize Operations Management Pack for NSX for vsphere 3.5.0

VMware Cloud on AWS. A Closer Look. Frank Denneman Senior Staff Architect Cloud Platform BU

Cisco Nexus 1000V InterCloud

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

vrealize Operations Management Pack for NSX for vsphere 3.0

DEVOPSIFYING NETWORK SECURITY. An AlgoSec Technical Whitepaper

Introducing Cisco Network Assurance Engine

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

Data Sheet Gigamon Visibility Platform for AWS

Version 1.26 Installation Guide for SaaS Uila Deployment

Silver Peak EC-V and Microsoft Azure Deployment Guide

SECURE HYBRID CLOUD Solution

Solution Overview Gigamon Visibility Platform for AWS

Pluribus UNUM Platform

Hystax Acura. Cloud Migration and Disaster Recovery Solution. Hystax. All rights reserved. 1

Policy Enforcer. Product Description. Data Sheet. Product Overview

EOS CloudVision Overview Data Sheet

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

AppDefense Getting Started. VMware AppDefense

Cisco Cloud Application Centric Infrastructure

Version 1.26 Installation Guide for On-Premise Uila Deployment

VMWARE PKS. What is VMware PKS? VMware PKS Architecture DATASHEET

SECURE, FLEXIBLE ON-PREMISE STORAGE WITH EMC SYNCPLICITY AND EMC ISILON

SOLARWINDS PARTNER SALES CARDS

SDN HAS ARRIVED, BUT NEEDS COMPLEMENTARY MANAGEMENT TOOLS

EdgeConnect for Amazon Web Services (AWS)

vcenter Operations Management Pack for NSX-vSphere

VMWARE PIVOTAL CONTAINER SERVICE

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

vrealize Operations Management Pack for NSX for vsphere 2.0

Redefining Networking with Network Virtualization

Brocade Network Advisor

CyberPosture Intelligence for Your Hybrid Infrastructure

Apstra Operating System AOS

EOS CloudVision Overview Data Sheet

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

PSOACI Tetration Overview. Mike Herbert

Cisco Prime Central for HCS Assurance

Exam C Foundations of IBM Cloud Reference Architecture V5

Operationalizing NSX Micro segmentation in the Software Defined Data Center

EBOOK: VMware Cloud on AWS: Optimized for the Next-Generation Hybrid Cloud

Technical Brief. Adding Zadara Storage to VMware Cloud on AWS

Implementing and Configuring Cisco SDWAN (ICSDWAN-CT)

ElasterStack 3.2 User Administration Guide - Advanced Zone

Enhanced Threat Detection, Investigation, and Response

Monitoring Hybrid Cloud Applications in VMware vcloud Air

VMware Cloud on AWS Getting Started. 18 DEC 2017 VMware Cloud on AWS

Scaling Large and Multinational Enterprise SD-WAN Deployments

vrealize Suite Lifecycle Manager 1.0 Installation and Management vrealize Suite 2017

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Reinvent Your 2013 Security Management Strategy

AWS VPC Cloud Environment Setup

VMware Integrated OpenStack Quick Start Guide

Micro Focus Network Operations Management Suite Supports SDN and Network Virtualization Engineering and Operations

Securing the Software-Defined Data Center

VM-SERIES FOR VMWARE VM VM

ALERT LOGIC LOG MANAGER & LOG REVIEW

McAfee Network Security Platform 8.3

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN

VMware vcloud Air User's Guide

NERC Compliance Use Cases

How to Install Forcepoint NGFW in Amazon AWS TECHNICAL DOCUMENT

Service Description VMware NSX Cloud

Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13

What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics

Minimizing the Risks of OpenStack Adoption

LiveNX 7.4 QUICK START GUIDE (QSG) LiveAction, Inc WEST BAYSHORE ROAD PALO ALTO, CA LIVEACTION, INC.

Cisco FindIT Network Manager

Brocade Network Advisor: Storage Networking

HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.

Forescout. Configuration Guide. Version 2.4

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Networking for Enterprise Private Clouds

No Limits Cloud Introducing the HPE Helion Cloud Suite July 28, Copyright 2016 Vivit Worldwide

vrealize Introducing VMware vrealize Suite Purpose Built for the Hybrid Cloud

LiveNX 8.0 QUICK START GUIDE (QSG) LiveAction, Inc WEST BAYSHORE ROAD PALO ALTO, CA LIVEACTION, INC.

CONTENTS. Technology Overview. Workflow Integration. Sample Customers. How It Works

Delivering Intent for Data Center Networking

Installing vrealize Network Insight

Empowering SDN SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA. Bruno Barba Systems Engineer Mexico & CACE

Exam Name: VMware Certified Associate Network Virtualization

vrealize Network Insight Installation Guide

SIEMLESS THREAT DETECTION FOR AWS

Transcription:

N E T W O R K O P E R AT I O N S. S I M P L I F I E D. FORWARD ENTERPRISE HIGHLIGHTS Forward Networks is the leader in Intent-based Networking and network assurance to automate the analysis and verification of network policies and configurations. With the only solution that operates across all major networking vendors and services at provider-class scale, Forward Networks provides greater network agility and proactively removes risk from the network. KEY BENEFITS FORWARD NETWORKS DELIVERS: Lower costs for managing large networks Reduction in human error, misconfigurations, and policy violations that lead to network outages Thorough security policy verification Accelerated IT processes for remediation and change windows Improved network and security policy compliance ACHIEVE PROACTIVE NETWORK ASSURANCE Forward Networks has created a revolutionary platform, Forward Enterprise, for analyzing network designs and predicting future behavior to proactively eliminate configuration errors and policy violations. The platform can compare the intent of the network designers to actual behavior and expose any inconsistencies in minutes. Network IT teams can now troubleshoot faster and eliminate problems prior to a security breach or network outage. Forward Networks is the first accurate software model of large multi-vendor networks to quickly emulate and analyze all possible behavior. Our logical analysis of possible future network activity is an enormous leap from traditional low-level testing tools, like ping and traceroute, or sifting through log files only after a policy violation has occurred. Forward Enterprise shifts the focus from a reactive approach to a proactive approach of verifying network designs and behavior ahead of deployments. We allow you to go from testing basic network functionality to verifying compliance under all possible traffic scenarios. Get away from tedious, manual device-specific processes, to automated, end-to-end verification in minutes, as every update is considered and made. Because Forward Enterprise automates the intelligent analysis of network designs and configurations, we provide an immediate and verifiable benefit by accelerating key IT processes and reducing man-hours of highly skilled engineers in troubleshooting and testing the network. Other key benefits include the ability to certify that proposed changes are compliant with existing policies quickly before going live, increasing the overall responsiveness of the IT team to change requests and network updates. Forward Enterprise Data Sheet 1

FORWARD ENTERPRISE ARCHITECTURE Forward Enterprise collects device configuration data and state information from every network device, including switches, routers, load balancers and firewalls. Forward Enterprise can then emulate the behavior of the entire network, end-to-end, and reports on potential vulnerabilities, policy violations or risk exposure. Using a series of proprietary algorithms, Forward Enterprise computes a model of all current and potential activity to proactively highlight issues before they arise in live network traffic. Every Forward Networks installation starts with data collection. Configuration and states are collected securely from all network devices via SSH. The device data is then processed to create a behaviorally accurate model a copy of the entire network, in software. Atop the network copy, the Forward Platform traces, indexes, and stores all possible ways that the network can process packets. This behavioral data is then made available to applications. Device Configuration and State Collection Network Behavior Analysis Behavior Database Forward Collector Performs the collection of the device configuration and state (MAC, ACL, FIB tables, etc.) The collection is done over an SSH connection. Forward Core The core is the Forward Platform computational engine that creates an accurate model of the network. It s where all the existing network behavior is indexed and made searchable. Forward Dashboard An intuitive HTML5-based dashboard provides instant access to the Forward Applications. All data in the Dashboard is made available via REST. KEY FEATURES AND CAPABILITIES Forward Search Forward Enterprise creates a large database of network configurations, state and behavior information from a series of individual snapshots in time. Like any database, the Forward Platform can be queried with the behavior and policy results being displayed in an intuitive and interactive network map. A network search or query takes the form of traffic scenarios, including details such as IP parameters, ports, protocols, reachability, deliverability, access controls, and more. The result of a search query is always a set of network paths that would allow that specific traffic pattern. Or, if the traffic scenario is never possible, no paths are returned. Search queries can be refined by applying filters, such as paths through or avoiding specific devices, to a specific port, or using a particular protocol. Any search result allows drilling down into specific device configurations and behavior to quickly isolate and analyze errors and determine remediation steps. Queries or Searches in Forward Enterprise are expressed as network policies. Results show all viable or possible paths that support the policy. Each path and hop along the path can be explored to better understand the impact of potential changes on current policy implementations. Forward Enterprise Data Sheet 2

Forward Verify Many search queries may actually be network or security policy requirements that we need to continually check for. For example, it s possible to verify that a subnet is unreachable from traffic on another subnet after every network update. Or to reconfirm simple compliance checks such as no forwarding loops or no Maximum Transmission Unit (MTU) mismatches between devices. All of these policy requirements are aggregated into the Verify screen, and continually checked after every network snapshot or update. The screenshot shows the Verify screen with a number of policy checks, as well as their status in the current network. Forward Enterprise can verify both the requirement for a specific traffic pattern to be supported, or the requirement that a particular path does not exist (an isolation check). For example, Forward Enterprise can verify there is no possible scenario that traffic from one subnet could reach another subnet or destination. With traditional network tests, it is almost impossible to prove a negative such as this. With Forward Enterprise, this type of verification using our mathematical and logical analysis of network designs provides game-changing confidence to IT and compliance teams. Forward Enterprise quickly highlights which policy rules are violated in the current network design or in a proposed change candidate. Forward Predict Forward Predict enables network teams to model the correctness and behavior of network changes before they are deployed to production. Configuration changes to a network are typically tested in a lab environment, which never match the scale and end-to-end behavior of a production network. Forward Predict enables the user to edit network configuration files on any or all devices in a sandbox, creating a new version of the network model containing proposed changes. A new verification process can quickly verify the effects of the change on existing compliance and security policies. Forward Predict capabilities are expanding over time, and currently include ACL, NAT, and firewall rule changes. Forward Enterprise API Forward Enterprise forms a large database of all device configuration files from potentially thousands of network devices, coupled with running state information and a behaviorally-accurate software model of the network. The platform makes this data available to other applications through an external API. Forward Networks customers have taken advantage of this interface to integrate the platform to custom network management systems, network dashboards and external orchestration applications. Forward Enterprise Data Sheet 3

Virtual Network Support VMware NSX One of the leading obstacles to managing virtual networks has been the inability to correlate activity between the overlay network and the physical network that supports it. Separate management consoles and platforms, and frequently separate teams, were required that typically did not share information and could not quickly identify root cause issues, or correlate identified problems in virtual network behavior with a physical device issue. Forward Enterprise overcomes this issue by applying common network assurance and verification methodology across physical and virtual network planes, but integrating policy and path-based views of both into a single network view for the first time. Virtual network designers also benefit from being able to apply the latest technology for network verification to virtual network policies and designs. A view of an AWS Virtual Private Cloud in Forward Enterprise allows end-to-end path visibility and analysis for hybrid cloud infrastructure. Public and Hybrid Cloud Support Amazon AWS The path-oriented focus that Forward Networks provides is natural to extend to AWS hybrid cloud environments. Having the same visibility and policy verification for the cloud component of your infrastructure greatly accelerates adoption of hybrid and public cloud projects and simplifies network operations. Imagine if instead of a black box subnet view, each virtual network devices could be represented as an extension of your physical infrastructure on an always up-to-date topology diagram. This includes the ability to analyze and verify the end-toend path behaviors flowing from any on-premises devices all the way through to any cloud workload. With support for Amazon Virtual Private Cloud (VPC) in Amazon Web Services (AWS), Forward Networks extends network verification and analysis to the public cloud and hybrid cloud environments. Forward Enterprise provides the ability to define and verify end-to-end policies for security and connectivity through on-premises networks all the way through AWS in a single consistent view and topology map. You even have full visibility to networking behavior extending into multiple VPCs. Forward Enterprise Data Sheet 4

Device Inventory Management and Topology Management Forward Networks provides an ideal solution for managing and documenting network topologies, device configurations and inventory over time. The snapshots of network designs are archived for easy search and retrieval, including comparisons of changes between points in time. There s no more wasted effort documenting changes or wondering if you are troubleshooting from the most accurate topology diagram. Forward Enterprise shows diffs between two network snapshots, showing newly created and removed links in the topology. Forward Enterprise automatically tracks network topologies, as well as device configurations and inventory lists over time. Behavior Diffs Forward Enterprise takes and saves snapshots of network configurations, topology and device state at numerous points in time. Not only does this provide an ideal historical record of network behavior and compliance at any point in time, but Forward Enterprise allows comparisons of behavior between any two snapshots for further diagnostics and troubleshooting purposes. Want to compare network configurations back to a previous week before an issue arose? Forward Enterprise can quickly compare snapshots and isolate changes that could cause the incorrect behavior. Deployment Options Forward Enterprise can be deployed fully on-pemises or as a SaaS solution in the cloud. In both cases the latest security best practices are in place to protect customer s sensitive data. on-premises deployment requirements: Forward Enterprise is deployed as a Virtual Machine (VM-OVA format) for KVM and ESXi environments. The deployment requires the following resources: + + Cores: 16 + + RAM: 64 GB of reserved memory. Performance may improve with more memory availability, but only when individual snapshots are large. + + Disk: 250 GB of disk. The amount of disk consumed will depend on the number of historical snapshots to be stored, as well as the size of each one. SaaS deployment requirements: A machine (virtual or physical) with at least two dedicated cores and 4GB of RAM. Supported Operating Systems:Ubuntu Linux (14.04 and 16.04), Apple OS X (10.12), and Windows 7 (or later versions). + + The machine must be able to access the https://fwd.app webpage via HTTPS. + + The user must have admin privileges on the machine. + + The latest versions of Chrome or Firefox are required to access the Forward Enterprise UI. network requirements: SSH must be configured and working on the network devices from which the Forward Collector will collect data The OS instance on which the Forward Collector is installed must have IP and SSH port reachability to the network devices, either directly, or via a jump server. Forward Enterprise Data Sheet 5

SUPPORTED VENDORS AND DEVICES Forward Enterprise supports over 456 device types and more than 1479 OS verisons, including: ++ A10 Networks ++ Cumulus Networks ++ Palo Alto Networks ++ Arista Networks ++ F5 Networks ++ Pica8 ++ CheckPoint ++ Fortinet ++ VMware ++ Cisco Systems ++ HPE ++ Citrix ++ Juniper Networks Please contact us at info@forwardnetworks.com for more details about supported devices and vendors. ABOUT FORWARD NETWORKS Forward Networks mission is to de-risk and accelerate network operations, by increasing efficiency, reducing outages and verifying network intent. Built on a series of breakthrough algorithms, the Forward Platform provides enhanced network visibility, policy verification and change modeling for legacy, SDN or hybrid environments. Forward Networks is headquartered in Palo Alto, California, and funded by top-tier investors, including Andreessen Horowitz, DFJ, A.Capital, SV Angel, and several luminaries in the networking and systems space. C O N TA C T U S www.forwardnetworks.com sales@forwardnetworks.com @fwdnetworks facebook.com/forwardnetworks/ Forward Enterprise Data Sheet 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback