Formal verification using algorithms is used by NASA, Intel, Boeing and other developers of mission-critical systems, so why not enterprise network engineers? At least that's the perspective of a network security startup that launched Tuesday.
Veriflow says it takes a unique approach to network security by applying mathematical verification to the network to ensure policies are carried out as intended. The goal is to thwart breaches and outages that can happen as the result of configuration errors or poor policy management.
The Oakland, Calif.-based company came out of stealth with $2.9 million in initial funding from New Enterprise Associates, the National Science Foundation, and the Department of Defense.
Veriflow's software "mathematically verifies that network-wide policies are actually achieved by predicting all possible data-flow behavior before it happens," Brighten Godfrey, Veriflow co-founder and CTO, told me in an interview.
The software is deployed as a virtual appliance either on premises or in the cloud and pulls data from routers, switches, load balancers, and other network devices. The patented data-plane analysis involves looking at data that's deep in a device such a CAM tables that define its low-level behavior, said Godfrey, an associate computer science professor at the University of Illinois at Urbana-Champaign. The software synthesizes the data into a network-wide predictive model.
Organizations can draw from Veriflow's policy libraries or create customized policies. The software runs continuously and provides immediate notification of a policy violation. Godfrey said it can help maintain network availability, reduce firewall and ACL complexity, and also facilitate incident response.
"We're trying to push people to think of networks more like software," Godfrey said. "Today, the level of complexity in maintaining a network is like writing a complex piece of software. It doesn't work anymore to say, 'I'll change something manually,' turn a knob and cross your fingers," he said.
Veriflow works in both legacy networks and software-defined networks, he said. The company sees itself as an enabler for organizations to move towards network automation and software-defined networking.
"As you change, you'll have the safety net of mathematical confidence that what you want to achieve is actually being achieved," Godfrey said.
The Veriflow software is expected to be generally available in the second half of this year. The startup says federal agencies and Fortune 500 companies are using the software in production networks and lab trials.
Learn about technologies critical to the Future of Networking at a two-day summit presented by Packet Pushers at Interop Las Vegas this spring. Don't miss out! Register now for Interop, May 2-6, and receive $200 off.