Proactively detect and remediate errors that impact the security availability, quality of service and regulatory compliance of IP networks
CURRENT THREAT SCENARIO
IP networks have come of age. They are increasingly replacing leased-line data infrastructure and traditional phone networks, and are expected to support real-time and mission-critical applications (e.g. VoIP, financial transactions) at a much lower cost. However, their complex nature makes them particularly vulnerable to faults and intrusions introduced by configuration errors. These errors typically remain latent until they are exploited by cyber-attackers, discovered by auditors or result in network failures. Consequently, there is a critical need to non-intrusively and comprehensively detect and eliminate configuration errors to improve the security, availability, quality of service and regulatory compliance of IP networks.
Device configurations are the “DNA” of an IP network. Even the smallest configuration errors buried deep in a multilayer IP infrastructure can expose the network to security, compliance, and availability risks. IP Assure is flexible vendor- and device-neutral software that employs patent-pending algorithms (9) and a large built-in rules knowledge-base to perform automatic, non-intrusive analyses of IP routers, switches, and firewalls. IP Assure offers the following necessary functionality by extracting up to 750 parameter values from each IP device configuration.
Automatic and proactive network-wide, multi-device, and multivendor assessments against a comprehensive and updatable knowledge base that considers the network in its entirety and not just at a per-device level. The knowledge base includes rules for best current practices for configuring IP protocols, regulatory compliance, and customer-specific requirements.
Findings that visualize non-compliant rules and devices down to the “root” cause, eliminating speculation about cause.
Non-intrusive, detailed, multi-protocol visualizations of the IP network. These visualizations, and the service reachability analysis mentioned below, can be computed using graph theory algorithms on data from the configurations.
Service reachability analysis that visualizes path and single points-of-failures between network devices without generating traffic on the network.
Network change impact analysis using the rules knowledge base, so new or changed configurations can be analyzed to detect errors before deployment to devices.
Automated reconciliation of configuration and inventory information to identify and eliminate inconsistencies and errors.Features in Telcordia IP Assure
Multi-Device support: Cisco (IOS, CatOS, PIX), Juniper (JunOS, Netscreen), Checkpoint, F5 BigIP, Foundry. Support for additional devices is ongoing.
Hierarchical tenant/user model, with multiple tenants and multiple users for each tenant•Rapid configuration
IP Assure users gain from the comprehensive and non-intrusive configuration assessments and topology visualizations to proactively detect and remediate errors that impact the security, availability, quality of service and regulatory compliance of their IP networks. Three business models are offered to make IP Assure attractive to organizations of all sizes.