Earlier in November 2023, Forward Networks presented their fascinating digital twin technology to the delegates as part of Security Field Day 10 (#XFD10). The concept of building a digital twin of a customer network to then audit, test, and secure the configuration of their network environment is a strategy unique to Forward Networks - heck, they invented the idea!
Figure 1: The Forward Networks platform at a glance
In this blog we will cover off the Forward Networks solution and examine their unique solution can enable data security through the insights realized from the digital twin created. If you haven't already done so, I strongly suggest you tune into the full replay of the Forward Network presentation and DEMO of their capabilities available below:
Security Field Day 10 Replay:
What is a "Digital Twin"?
When you think about it, we use digital twins on a daily basis. The simplest and most common example is Google Maps. The maps are digital twins of the old paper maps we all used to have stashed in the glove box, and provide a significant amount of value above and beyond what one could realize with the classic paper version.
This is what Forward's solution does at it's core: By discovering the customer network, the assets on it, the configurations, the traffic flow, etc. the Forward platform can generate a digital recreation offline for administrators to play with. Since the digital twin of the network is completely separate and disconnected from the production network, anything you change or test on the Twin won't break anything in your live environment. The solution takes regular snapshots of the network(s) and can even track changes between these snaps and let you compare the differences between the versions. This can be a critical tool for audit and troubleshooting.
So, what can I do with a digital twin of my network? Well, if you look at the myriad of use cases below you'll find the question really is "what CAN'T I do with a digital twin of my network"!?
Figure 2: The MANY use cases for the Forward platform
Having a fully built out copy of your network that you can play with is invaluable. You can audit traffic flow, look for security vulnerabilities, assess and evaluate potential configuration changes, and do it all without any risk at all to the production network. This sandbox space is a safe place play in, but essential in helping you secure your network landscape and visualize potential trouble spots.
It is important to note that the Forward Networks platform is capable of building a digital twin of your network across cloud, multi-cloud, and hybrid network environments -- It is not limited to the datacenter or physical infrastructure!
Figure 3: Examining the traffic flow for potential issues - Ruh, roh! Something isn't flowing through the firewall!
Beyond this visualization, the Forward solution downloads the latest list of CVE's from NIST on a daily basis and checks this list against all assets in the network. From the dashboard, matches are easily identified and action can be initiated. It is important to note that the Forward platform operates in a "read only" manner - it does not provide direct remediation. However, because of the rich integrations it can kick off other workflows and actions based on alerts and/or the results from queries.
Figure 4: Reviewing your security posture
Speaking of queries, the Forward Networks solution comes with an incredibly powerful query builder to let you quickly and easily develop complex queries that can be executed against the network digital twin. This can be used to find devices that are not supposed to be on the network
Figure 5: Example query to find rogue network devices and flag them as a "violation", then generating an alert.
Wrapping up
Providing a visualization of the network is something that many vendors can do, but most of these tools are working directly in the live environment which can open the door to a little bit of risk. By contrast, the unique approach Forward Networks leverages by way of the generation of a software digital twin for simulation and modelling creates a safe space to test and validate your network in. Using their single platform to support not only network security, but network operations, engineering, and even asset management provides additional value through these many applicable use cases. I would not be surprised to see others in the industry follow Forward Network's lead with the digital twin concept.
You can catch up with replays of all of the presentations from XFD10 via the Tech Field Day site:
Written by Matt Tyrer. These posts reflect my own opinion and are not necessarily the opinion of my employer.