Hybrid Cloud Security

Migration to the cloud can provide tremendous operational and capital benefits for companies. But for the network and security engineers, it often means yet another connectivity and security paradigm to understand and manage. Translating connectivity policies that work for your on-premise physical and virtual infrastructure, to your public cloud deployments is complex. Ensuring the correct security policies are in place for traffic between the two domains is even more complex.

Intentionet Sage reconciles security paradigms across on-premise and cloud deployments and ensures that no matter how (bare metal servers, virtual machines or containers) or where you deploy applications (cloud, on-premise), desired security policies are never violated. For instance, one can easily ensure that a pool of application servers spread across on-premise and cloud have unfettered access to each other while being protected from other co-located servers.

Continuous Network Assurance

Networks are built with fault tolerance and reliability in mind. All critical infrastructure is multi-homed and all communication endpoints have redundant paths. While you pay for this redundancy, how do you know that the network is truly fault-tolerant and the provisioned redundancy will keep the traffic going despite failures? When was the last time you checked that your backup paths worked properly?

Testing the reliability and fault tolerance of your network is a scary proposition. You have to actually inject faults (failed links, routers, etc…) in production and hope that the network recovers with minimal service impact. This risk is why such testing is done infrequently, if at all.

With Intentionet Sage, you no longer have to worry about impacting your production environment to assure yourself that your network’s design is fault tolerant. Using it, you can virtually analyze your network’s response to specific fault scenarios. Intentionet Sage can also do what is otherwise intractable -- automatically find any and all fault scenarios under which any service traffic will be adversely impacted.

You no longer have to wonder if your network is fault tolerant, you will always know that it is.

Continuous Network Compliance

Network compliance audits are manual, time-consuming and expensive. This is why they are only done once a quarter or once a year, leaving your network exposed in the meanwhile. Intentionet Sage changes the game by automating compliance checking and enabling you to keep your network compliant at all times.

Use our pre-built compliance modules (for PCI, NIST, CSI, etc.) or encode your custom requirements and then Sage takes care of the rest. Sage continuously ingests configuration and other data from the network and analyzes it for compliance. Any deviations from your desired compliance posture are immediately flagged and fed directly into your ticketing system for immediate action.

CI/CD for Networks

Intentionet Sage treats network configuration as software and unlocks CI/CD (continuous integration / continuous deployment) for networks. It allows engineers to express their security, reliability, and compliance intents and analyzes whether a planned configuration (change) meets each of those intents. If a change violates one or more intents, Sage provides detailed context enabling engineers to easily repair the configuration. By repeating this process until all intents are met, Sage enables engineers to quick devise and deploy correct configurations.

Adding Intentionet Sage in this manner to the network design and change process not only dramatically reduces the time it takes to evolve the network (or deploy a brand new one), but it also provides comprehensive guarantee on the network compliance, security and reliability because buggy configurations are never pushed to the network.

Network Drift Management

You designed a beautiful, clean network, perhaps even using templates to automatically generate router configurations. But as soon that network is deployed in production, entropy kicks in. With every change, the network begins to drift further from its pristine state. Soon enough, it looks nothing like the original design and there are thousands of ways in which it differs from the original. It can be hard to even enumerate the differences. Even if you could, you would not be able to tell which of those differences are important enough for you to fix tomorrow, which ones can wait a week, and which ones can be left alone because they are superficial and do not change the network's behaviors in any meaningful way.

With Intentional Sage, drift is no longer an inevitable consequence-of-life for your network. Sage lists of all the ways in which your network differs from it original design intent and ranks those differences based on their impact on network behavior. Armed with this knowledge, you can tame network drift by eliminating those differences and make the production network align with its original intent. Sage also provides an evolutionary view, showing you how the network has drifted from the original intent over time, highlighting the most recent changes. Armed with this information you can take action to prevent the network from drifting any further from it’s original intent, while building a remediation plan for historical drift. This ensures that your network is evolving in the right direction instead of drifting further.

Intentionet © 2018