There is a lot of complexity in accurately managing network security and firewalls. Organizations continue to struggle with two basic issues: firewall discovery and actually making sure that configurations work as expected. IP Fabric is taking direct aim at those two challenges with its 7.2 platform update. The new update follows the company’s 7.0 release in Feb. that focused on automation.
In the 7.2 release, there are improvements that further expand discovery, configuration and control of network security. The key updates focus on strengthening firewall management across four critical areas:
The core problem: Network complexity
Modern enterprise networks have become increasingly intricate, spanning multiple cloud environments, overlay networks and diverse infrastructure components.
IP Fabric was born from CEO and founder Pavel Bykov‘s firsthand experience with the limitations of existing network management tools. In 2015, after 15 years building and managing global networks, including at Verizon, he recognized a critical gap in the market.
“I started to notice that even with all of my tooling, all of my expertise, I was starting to become bad at my job,” Bykov said.
The issue wasn’t one of resources, as Bykov ran projects with more than 100 staff, but he was still missing things due to the overwhelming level of network complexity. The guiding vision for IP Fabric from its inception is to help networking professionals to manage that complicatedness.
Bykov noted that in some cases the organizations that adopt IP Fabric are coming from environments where they are managing firewall rules on a spreadsheet, or with some type of home-grown software.
Digital twin approach to network simulation
The cornerstone of IP Fabric’s new firewall capabilities is its comprehensive model of network infrastructure, which functions as a digital twin of the actual environment.
The model replicates the entire operational state of network infrastructure. Bykov explained that everything is interconnected and the model is able to map out network flows all the way down all to the individual electrical or optical signal. This simulation enables engineers to:
- Validate network rule configurations
- Identify potential communication path vulnerabilities
- Simulate traffic flows across complex hybrid environments
The goal of the simulation is to be able to accurately assess the effectiveness of firewall rules.
“About 20% of all the network is misconfigured or invisible or forgotten,” Bykov said. He noted that in proof-of-concept evaluations he’s had a few organizations quickly realize that their existing firewall rules could be easily bypassed.
Transparent firewall discovery breakthrough
A major enhancement in version 7.2 is the ability to detect and visualize transparent firewalls—devices that are deliberately designed to remain invisible within network paths, creating significant blind spots in security monitoring.
Bykov noted transparent firewalls have largely appeared to be invisible to all of the other systems. This invisibility creates substantial challenges for network management. “We needed to update our model to support something that isn’t inherently visible from the troubleshooting perspective,” he said.
The technical approach to solving this challenge leverages IP Fabric’s networking expertise. When asked how they detect devices that are purposely designed to be stealthy, Bykov said that it’s his team’s experience as network practitioners that makes the difference. That and the fact that the firewall, whether it’s transparent or not, still shows up somewhere in a network ARP (address resolution protocol) table.
During the discovery process, IP Fabric connects to all infrastructure devices using SSH and API credentials to collect configuration and operational data from firewalls. This includes interface states, bridge-group, membership, access control lists (ACLs) and inspection rules. Drawing on this data, IP Fabric analyzes bridge group configurations, as well as all interfaces assigned to the same bridge group, to identify interfaces that pass traffic transparently.
When customers run end-to-end path simulations, IP Fabric includes transparent firewall policy rules that may permit, deny or inspect traffic. This grants customers full visibility into how traffic flows through transparent firewalls for platforms like Forcepoint, Cisco Firepower, Fortinet and Palo Alto Networks.
Addressing growing compliance demands
IP Fabric version 7.2 also strengthens compliance checking capabilities to help organizations meet increasingly stringent regulatory requirements.
The release introduces several specific compliance enhancements, including the ability to identify all devices in traffic paths, map CVEs (Common Vulnerabilities and Exposures) to vulnerable assets, and run tailored checks to spot misconfigurations faster. These capabilities directly support global security frameworks that organizations must comply with, including NIST, ISO 27001 and SOC 2.
To further strengthen compliance posture, the update introduces granular user access controls for security extensions, allowing organizations to restrict who can deploy or edit automation scripts. This prevents unauthorized changes and provides an audit trail necessary for regulatory compliance.
The overall goal for IP Fabric with the 7.2 update and all updates moving forward is to continue to provide the type of tool that network professionals need, and rely on, to get complete infrastructure visibility.
“We are remaining focused on making sure that we are able to fully, and with 100% accuracy, replicate the entire hybrid cloud infrastructure environment … and be the market leading infrastructure assurance platform,” Bykov said.
Source:: Network World