A proactive approach to network security is non-negotiable for enterprises. As your network becomes more complex, leaving it vulnerable by relying on manual processes is a risk most can’t afford.
Know your Network
Securing the infrastructure
With IP Fabric, you can be sure that you know your network inventory, giving you a baseline from which to validate that the hardware, software, and configuration aren’t leaving any vulnerabilities for an attacker to exploit.
Track the lifecycle of your network infrastructure to ensure that it doesn’t unexpectedly reach end of life status; ensure that your support is still valid, and you are able to receive software updates if exploits are published.
Watch deployed software versions to maintain and standardize on certified safe releases and ensure that you understand the role a device plays in the network should it become compromised.
Make sure the network infrastructure has been appropriately hardened against attack through standardization of management configuration – normalize authentication, access methods, monitoring setup, event logging, and more.
A Zero Trust policy ensures that no client device that accesses network resources is implicitly trusted - rather, users must authenticate to get access to the services they need.
This relies on the edge of the network being suitably secured. IP Fabric helps you to identify the devices or hosts connected at your network edge.
It validates that deployed Network Access Control technologies (such as 802.1X with authentication services) are correctly configured and standardized, and it can show you rogue devices connected and configured at the edges of your network.
It also has visibility into IPSec tunnel configuration and operation and will highlight issues with third-party connectivity or remote access.
Use path lookup to ensure security policies are applied as intended
IP Fabric gives you full visibility of the configuration and operation of network segments – groups of network resources separated by access restrictions and using access control lists or firewalls as a policy enforcement point between them.
It models the behavior of interconnection points between segments and the policy that has been deployed. Access that data in tabular form, or use our path lookup simulation to test that:
a) traffic flows through enforcement points as expected and
b) policy allows the application to behave as intended
Applying an additional layer of security through microsegmentation – placing network endpoints coexisting in the same segment in small groups - is typically used to prevent so called “east-west traffic” from a perhaps compromised endpoint, a typical ransomware attack vector.
IP Fabric’s security model supports microsegmentation, and we are always adding new vendor support for these products.
Integrate your security policy automation tools with IP Fabric
Security policy automation tools allow you to maintain central policy and push it out to your security estate without having to configure individual firewalls or security appliances. These are great if you know the network, and IP Fabric is a great tool to sit beside such a platform to answer questions like:
Are the security appliances themselves hardened in line with configuration standards?
Have any new security devices been added to the network?
Have there been any configuration changes which add new segments to the network, or bypass security appliances?
Have any new servers been brought up in the network segments I know of?
IP Fabric detects these conditions and can be used to notify the policy automation platform that changes have occurred. Its path lookup capability can also be used to test that any changes to policy have had the desired effect on traffic flow.