Intent based networking: turning intentions into reality with network security policy management

Wouldn’t it be great if IT teams and network managers could simply outline at a high level what they want their business networks to do, and then technology would automatically implement the changes across their infrastructure to make it happen?  That’s the promise of intent-based networking (IBN):  using machine learning and automation to control networks and enforce policies automatically, without the network administrators having to perform the mundane, operational tasks of actually making it all work.

First identified as the next big thing in early 2017, the networking industry really started taking note when Cisco announced its IBN portfolio in summer 2017.  The portfolio provides an intuitive system “that constantly learns, adapts, automates and protects, to optimize network operations”, thereby replacing traditional, manual IT processes.

Since then Cisco has been refining and adding to its portfolio, and recently announced the latest component at Cisco Live! 2018 in Barcelona.  And Cisco isn’t the only company looking to develop IBN solutions:  other vendors, including Juniper and Veriflow, are also developing IBN solutions, while a number of IBN start-ups are also emerging.

Intent on security

It’s easy to see why IBN is appealing to enterprises:  it has the potential to ensure the needs of the business are quickly translated into an infrastructure that supports its specific requirements, and thus accelerate business innovation, while making IT processes more efficient and easy to manage.

This business-driven approach to network security management is one that AlgoSec has been advocating for years.  In fact, our network security policy management solution already delivers on IBN’s promise of enabling faster application delivery – without compromising the organizations’ security or compliance postures.

Automating intent

For example, the AlgoSec solution can automatically discover applications, as well as the connectivity flows that support them and the security policies associated with them, across heterogeneous environments (on-premise networks, SDN and cloud) and provides a detailed network map of applications. So, when a business application owner requests network connectivity for their business applications they don’t need to understand anything about the underlying network and security devices that the connectivity flows pass through.

With AlgoSec, application owners simply request network connectivity in their own application-centric language, and AlgoSec automatically translates these requests into the underlying technical, network-centric firewall rule change requests. AlgoSec then assesses these change requests for risk and compliance with industry and corporate regulations and, if the risk is low, it automatically implements them directly on the relevant security devices, and then verifies the process – all with zero touch. Thus, normal change process requests can zip through from request to implementation in minutes, with little to no involvement of the networking team. Manual intervention is only required if a problem arises during the process, or if a request is flagged as high risk.

Check out our recent webinar, presented by my colleague Edy Almer, which shows how AlgoSec turns the intent into reality – automatically! Watch here.