NaaS vendor Graphiant launches data assurance service to boost network visibility and compliance

Graphiant is expanding its network-as-a-service (NaaS) platform today with new data assurance capabilities in a bid to help organizations meet the challenges of data sovereignty and regulatory compliance.

Graphiant emerged from stealth in 2022, led by founder and CEO Khalid Raza, who previously was a co-founder and CTO at SD-WAN pioneer Viptella, which was acquired by Cisco in 2017 for $610 million. Graphiant started with the concept of a stateless core to handle the disaggregation of data. Rather than relying on overlays and traditional SD-WAN approaches, Graphiant built a stateless data plane that the company claims will scale more efficiently.

With the new data assurance service, Graphiant is looking to further go beyond the legacy SD-WAN approach by providing not only security but also assurance over data traffic. That assurance is all about providing visibility into network traffic and routing. The new service provides enterprises with visibility into data paths while ensuring compliance with various regulatory requirements.

“Things are changing very, very quickly, because sovereignty laws and things like GDPR are requiring that we can not just simply build these overlay connections,” Raza told Network World. “We give you the ability to have a complete visibility of the transit infrastructure.”

How data sovereignty and regulatory compliance is enabled with data assurance

Basic forms of network visibility are nothing new. What Graphiant’s data assurance is aiming to provide is a deep level of visibility into networking routes that allows enterprises to see exactly where their data is going and how it is traversing the network.

The data assurance is also about risk assurance, according to Raza. He explained that Graphiant can provide risk assurance to guarantee data does not leave specified regions or traverse through networks with certain equipment. For example, multiple jurisdictions and organizations around the world have had issues with Huawei equipment over alleged privacy and security concerns in recent years. A Graphiant user can set a data assurance policy to make sure that network traffic does not flow over a network that has equipment from Huawei. 

Another example use case is with data sovereignty requirements and making sure that data doesn’t leave a specific country. One example cited by Raza is with routing in Germany. With classic Internet routing on the overlay, a path between two cities in Germany, like Dresden and Munich, might be through the Czech Republic, and “now you just broke the GDPR loans,” he said. 

Another example use case has to do with regulations related to encryption standards. Raza noted that he had a recent conversation with a payment customer that had some compliance concerns with building an overlay on top of VPNs. Some countries have different regulations on encryption, like China, which doesn’t allow AES 256. With Graphiant’s data assurance, users now have the ability to reroute around those countries to avoid any compliance issues.

Data assurance is also about security

The data assurance service benefits from integrated threat intelligence capabilities.

Graphiant processes information from approximately 250 million URLs and 800-900 million IPs, Raza said. Graphiant correlates the network traffic data with threat intelligence to identify potentially malicious connections, not just relying on static firewall rules. He also noted that Graphiant can provide a continuous feedback loop to the firewall systems to help optimize the rules based on the observed traffic patterns and risks.

“We can tell you exactly what every egress router in your infrastructure is seeing,” he said.

Stateless core network architecture is key

Underpinning the data assurance capabilities is Graphiant’s approach to network architecture. 

The company has moved away from traditional routing methods, instead implementing a stateless core architecture that improves scalability. The system achieves this by moving the BGP database to Kubernetes clusters and using metadata tags for customer identity. This approach allows for unlimited scale on the control plane side while maintaining high performance.

“BGP is a 40-year-old database running in every router,” Raza said. “With the ubiquitous availability of the cloud, why can’t we take that database out and spin it up in a Kubernetes cluster? And then I don’t have a scale problem.”

Source:: Network World