Most of the failures that occur on any given network are largely due to change management. Invariably, someone winds up changing a setting that creates a series of cascading events that leads to one or more applications suddenly crashing. The primary reason that this occurs is that the complexity of the average enterprise network makes it too hard for an administrator to keep track of all the dependencies.
Veriflow this week unveiled a tool that continuously collects data about the networking environment via its own separate data plane. That data is then fed into a verification engine to identify configurations, along with security breaches, that violate any defined set of network policies.
Veriflow CEO James Brear says the company’s software, installed as a virtual appliance, applies the same mathematical verification rules that manufacturers of airplanes use to ensure quality control. The core idea, says Brear, is to analyze data in a way that informs IT organizations of what could happen given the current state of the network, including what vulnerabilities a hacker might be able to exploit. That information can then be shared with third-party remediation tools using an application programming interface (API) that Veriflow exposes.
Most IT organizations are a lot like governments. Successive waves of administrations have created and defined policies that are often in conflict with one another. In the case of the IT department, the situation is often made worse because many administrators don’t really know what impact a new rule or policy is going to have on the network. Most of the existing rules are poorly documented and the administrator that implemented them might no longer work for the organization. The result is a form of paralysis in that the IT organization is very reluctant to make any changes.
Mathematical verification essentially provides a mechanism for IT organizations to regain control of the enterprise network. That may not necessarily happen overnight, but IT organizations need to be certain that any given change will not bring the network down.