This startup uses math to show whether your network is safe

Veriflow uses a verification system from the space program to study all possible data paths

How do you know your network is safe from attacks and failures? Veriflow, a startup with backing from the U.S. Defense Department, says it can make sure.

Veriflow applies a practice called formal verification, used in preparing Mars missions and military gear, to figure out ahead of time what could go wrong on a network. Using that information, it helps enterprises apply policies to prevent problems from starting or spreading.

If this sounds more at home in a lab than in a data center, it may be because that's where it came from. Veriflow's CTO, CSO and principal engineer are all longtime academics who worked on the problem together at the University of Illinois, and the National Science Foundation is a funder.

Veriflow says it's time for a new approach. Diagrams and network engineers' knowledge used to be enough to make sure the right packets would go through a network in the right way. Now infrastructure has become too complex, and changes too frequent, to rely on that approach, CTO and co-founder Brighten Godfrey said.

"Enterprise networks have become like building a piece of software," Godfrey said. Every line of code added to an application can have wide-ranging effects on how the software works, and there are too many pieces in the puzzle to predict what those effects will be.

What Veriflow can do with networks is a bit like what continuous integration does with software in a service like GitHub. Both examine the implications of a change, be it a new router configuration or a piece of code proposed as an addition to an application. But Veriflow does this mathematically, at a deep level: It identifies every possible data flow on the network, then helps users set policies to control those data flows.

There's a challenge to doing that: The number of possible ways for a packet to behave on a network is an astronomical number, on the order of the number of atoms in the universe. Veriflow developed software to get around that hurdle.

"We can't literally go through every possibility," Godfrey said. "So the magic is in the algorithms that determine everything that could happen in an efficient way."

Veriflow starts by using a virtual appliance, in the cloud or on the customer's premises, to survey the network and collect information. It examines routers, switches and other devices, both physical and virtual, and looks at things like routing and forwarding tables to determine all possible data flows. In IT shops that use policies to control their networks, the findings can show whether those policies work as intended.

Armed with that data, customers can use Veriflow's policy recommendations, which are based on industry best practices, or use the Veriflow dashboard or APIs (application programming interfaces) to create new policies.

Veriflow doesn't take the place of security tools like firewalls, it just shows whether the way they're implemented is the right way to protect the network against attacks, Godfrey said. Later, if an attack does occur, Veriflow can show a security response team what the network looks like and where the harmful packets could have gone.

Veriflow is already in use in both lab trials and production networks and should be generally available in the second half of this year, the company said.

Enterprise Strategy Group analyst Dan Conde wants to know more about those live implementations to gauge how Veriflow will work outside a lab. Real networks include devices and appliances from many vendors and both traditional hardware and software-defined components, Conde said. "It's a messy world out there."

As with any new product designed to make networks more secure, there's also a place for some caution, he said. Any team that's built a system like Veriflow's must have deep security knowledge, but there are always surprises in the real world.

"Security is one of those things that it just takes time to harden," Conde said.

Join the CSO newsletter!

Error: Please check your email address.

Tags network securitystartupsStartup

More about CSO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stephen Lawson

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts