Product Updates

We're excited to introduce the latest update to Blast Radius with the release of 24.2, now enabling the use of multiple source types for Blast Radius computations. In previous releases, Blast Radius was confined to computing the blast radius with a single host. With 24.2, you can now employ a variety of source types for Blast Radius computations, providing a more comprehensive analysis of network security.The ability to compute the blast radius from different source types is crucial for network security teams. It offers a deeper understanding of potential vulnerabilities and enhances effective threat mitigation strategies. In the event of a compromised host, security teams need to understand how an attacker can move laterally within the network. Blast Radius now offers a comprehensive analysis of all reachable hosts or subnets from any source location or entity in the network. This includes detailed insights into specific IP protocols, Layer 4 ports, and Layer 7 App IDs.Whether analyzing traffic flow from the Internet, a specific security zone, or a network device, Blast Radius empowers network and security professionals to evaluate the impact of compromised sources within the network. This understanding is vital for assessing security vulnerabilities and preventing potential attacks.The source types now available with 24.2 are:Device Interface Security zone Device VRF Host alias Device alias Interface alias Subnet locationScreenshot displaying reachability results of a Blast Radius searchTo get started, navigate to the Blast Radius application within the fwd.app, select your desired sources, and click Search to begin analyzing your network.For more information, please refer to the Blast Radius section within Forward Docs.

 The 24.1 release of Forward Enterprise introduces paginated collection support for external endpoints, simplifying the import and integration of external data through REST GET requests. This feature is particularly useful for handling large datasets accessed via paginated endpoints, where clients must issue multiple requests to retrieve all items. With this enhancement, Forward Enterprise becomes even more versatile, seamlessly accommodating various data sources.This update enhances the Forward Platform's ability to parse imported data, infer its structure, and incorporate it into the NQE data model. Users can now configure pagination parameters directly through the Forward UI, improving usability and expanding the platform's capabilities. Overall, these improvements streamline data management processes and enhance the user experience within Forward Enterprise.  To learn more about External Sources, visit the documentation page

We are excited to announce significant enhancements to Forward Enterprise's security compliance capabilities with our 23.12 and 24.1 release! Security Technical Implementation Guides (STIGs), developed by the Defense Information Systems Agency (DISA), are crucial guidelines for securing IT networks and systems. Adhering to STIGs ensures that networks meet stringent security standards, minimizing vulnerabilities and fortifying defenses against cyber threats.In the 23.12 release, Forward Enterprise introduced over 600 STIGs-based NQE queries in the NQE Library, adding 108 new rules for Cisco devices and 98 new rules for Juniper devices. This release significantly expanded the toolkit for verifying security compliance across diverse network environments.Building on this, the 24.1 release provides an addition of over 1,440 STIGs-based NQE queries in the NQE Library, providing full coverage of Cisco and Juniper STIGs rules. Users can now effortlessly validate network compliance and verify adherence to any supported STIG rule across their entire device fleet with just a click. Detailed view of an individual STIG listed within the NQE Library page  To learn more about NQE and how it can assist your network security compliance efforts, visit the NQE documentation page.

Vulnerability Management is a cornerstone of network infrastructure security, playing a vital role in safeguarding against potential threats. Chief Information Security Officers (CISOs) recognize the critical importance of regularly assessing and addressing vulnerabilities in network devices. Identifying and remedying these vulnerabilities is essential to prevent potential exploits that could compromise the confidentiality, integrity, and availability of your network. Forward Enterprise offers a proactive Vulnerability Management functionality, empowering users to proactively address emerging threats, thereby reducing the risk of data breaches and service disruptions.The 24.1 release provides additional details into the Vulnerability page, specifically the CVE (Common Vulnerabilities and Exposures) CVSS (Common Vulnerability Scoring System) score and the CVE publish date. These enhancements further assist in prioritizing remediation efforts by providing comprehensive insights into the severity and timing of vulnerabilities.CVSS offers a qualitative measure of severity, enabling users to assess the potential impact of vulnerabilities accurately. It's important to note that while CVSS provides severity scores, it does not measure risk directly. Vulnerability Page: CVE Scores and DatesTo dive deeper into understanding CVSS scores and their implications, explore the resources available on the NIST websiteTo learn more about the Vulnerability Management application, visit the Vulnerability Analysis Documentation page

The 24.1 release introduces Parameterized NQE Verifications directly within the Forward UI, streamlining the query-writing process and enhancing efficiency. Previously available only through REST API calls, users can now configure and run parameterized queries directly within the UI, eliminating complexity.This update enhances flexibility by enabling users to define and configure parameters for NQE Verifications, facilitating query reuse across diverse environments without the need for rewriting or using hardcoded values. Additionally, users can refine NQE queries using parameterized queries to address scenarios where results are overly broad. Configuring additional parameter values is now simplified within the UI, ensuring uninterrupted workflow efficiency and an improved user experience. View of parameter configuration step for NQE Verification configuration To learn more about NQE parameterized verifications , visit the NQE documentation page.

In 23.11, we've introduced a new directory structure for Intent Verifications. This feature allows users to organize hundreds or even thousands of verifications based on their needs, mirroring the NQE library and enhancing overall efficiency.  To learn more, visit our documentation page.  

Great news! In our latest 23.11 release, we've integrated the Forward Platform with ServiceNow CMDB. This integration allows the Forward Platform to be configured to create new incidents, or link existing incidents with NQE Verifications to specified ServiceNOW CMDB CIs. To learn more about ServiceNow CMDB integration, visit the documentation page.  

Uncover the capabilities of Parameterized Verifications in our 23.11 release for NQE. This feature enables you to seamlessly define and execute NQE queries within the Forward UI, enhancing the efficiency of your query-writing process and providing additional insights to pre-existing queries.To get started running your first NQE Parameterized Query, navigate to the NQE Library page by selecting Library, under NQE in the navigation menu. To learn more, visit our documentation page.  

Discover new ways NQE can empower your network with the 23.11 release's In-App Tutorial. This comprehensive guide, featuring self-contained lessons, is designed to enhance your understanding of NQE, whether you're a novice or a seasoned user. Elevate your proficiency by diving into the Tutorial today. To get started, select Tutorial under NQE, within the navigation menu. To learn more about NQE, visit our documentation page. 

In our 23.11 release, Part 2 of our notification overhaul is live, building on the significant revamp introduced in Version 23.10. This update focuses on refining the notification process. Users can now subscribe to specific verification types, receiving tailored notifications. Additionally, the 23.11 update introduces a valuable feature—setting a percentage threshold for failing devices before receiving network collection failure notifications. This proves particularly useful in large-scale networks, optimizing efficiency by triggering alerts only when issues reach a significant level. Explore these enhancements for a streamlined notification experience in network management. To learn more, visit the Personal Notification and System Notification Settings pages for more information.  

The 23.10 release brings a long-requested addition to NQE data modeling: device uptime. With this, our users will be able to build queries that analyze when devices were last reloaded. Having this bit of information helps in many use cases, here a few examples:Devices restarting within 24 hours need to be matched with a change ticket. A device restarting without having an assigned change ticket is a strong signal that somewhere a process has failed. The problem needs to be flagged and followed upon. Knowing the device uptime is valuable when checking whether a device configuration has been saved from the running-config into the startup-config. It's not uncommon for network operations teams to make changes and forget to write those changes to memory after editing a device. The uptime is an element used to check against the last saved time for the config. Identification of devices that have a long uptime. If devices have not been rebooted in a number of years, then it is likely that the device has not been updated with proper security patches for some time. Identifying outdated devices allows networking teams to schedule downtime for upgrades.Forward Enterprise supports the parsing of device uptime for the following vendor operating systems:Cisco: IOS, IOS XE, IOS XR, NXOS, ASA Arista: EOS Juniper: JUNOS, SRX, NETSCREEN

23.10 introduces the first part of a comprehensive notification refresh which will be completed with the release of 23.11 next month. This update introduces a new settings page for Org Admins, where they can control how many days in advance the system triggers a notification about the license approaching its expiration date. The current default is set to 90 days. The notification for licenses approaching the expiration date is sent weekly and its frequency increases to daily in the last week of the license life.Additionally, a UI refresh of the notification page within Personal Settings has been implemented. Users now have more flexibility selecting which networks to enable notifications for Collection and Verifications. TIPNotifications for Collection issues are not triggered every time a single device fails collection. The Org Admin can set the threshold beyond which a collection notification is triggered as the percentage of the number of devices successfully collected at the previous collection. Only if the failing devices pass that threshold the notification be triggered.   Stay tuned for the next set of improvements coming in 23.11!

With release 23.10, Forward Enterprise Path API /api/networks/{networkId}/paths accepts optional Layer 7 attributes, specifically appId, userId, userGroupId, and url. When the value is unrecognized by the system, the system falls back into the classic Layer 2 to Layer 4 analysis. The most commonly used attribute is the appId because it is often found in the policies configured on newer nextgen firewalls. To support our users, 23.10 introduces also an "applications" API which lists known Layer 7 app-ids with their ports and protocols: /api/applications.  To learn more about Path Analysis with Layer 7 attributes, visit the documentation page.

New vendor and modeling updates for 23.10:Arista - Support for VLAN translation. Arista - Support for VxLAN Multi-domain. Checkpoint - Support for MDPS. Fortinet - Support for Layer7 based-policies. Link Inference - Extended vendor support for neighbor inference when neighbor does not advertise via CDP/LLDP.

With the 23.10 release, Forward Enterprise improves its search capability when it comes to MAC addresses. By convention, MAC addresses are usually written in one of the following two formats (although there are more variations):00:06:00:00:CA:0B 0006.0000.CA0BThe system will recognize the string as a MAC address regardless of the format used and will perform both a MAC address search as well as a search for as a regular string.

The release of 23.10 introduces the ability for systems to parallelize collection across Azure subscriptions, resulting in a dramatic increase in collection speed of Azure environments. No additional action is required, as the parallel collection is enabled by default.

Forward Enterprise bases its CVE analysis on the NIST database. There have been occurrences where the NIST database is missing data or the data is incomplete. Forward Enterprise has been able to override the NIST information when these occurrences take place, but the delivery vehicle has always been through a major releases. Release 23.10 introduces a faster method to override NIST info which allows Forward Enterprise to turnaround CVE overrides within a few hours rather than days/weeks greatly improving the response to vulnerabilities of SecOps using our platform.

Version 23.9 introduces a few minor improvement for entity decorators:Better visual indication to differentiate built-in decorators from user-created ones. Better feedback for invalid decorators due to changes to an underlying NQE query. Links to other parts of the application are now active within the decorators context. Path decorators with violations are now clearly highlighted in the path panel and function cards.To learn more about entity decoration, visit the NQE Decorators page.

The release of 23.9 introduces two additional features to the Forward Enterprise platform. Disabling Inactive Accounts After a Set Number of Days This feature provides the option to set the maximum inactivity time for local accounts. Once the account has been inactive for more than the maximum allowed days, the account will be disabled. The Org Admin can enable the account again by navigating to the User Accounts page by navigating to: Settings -> Accounts -> User Accounts.  For more information, visit the Disabling inactive accounts page. Enabling and Disabling vCenter Collection This feature improvement provides the ability to disable and enable vCenter collection without deleting and reconfiguring the collection settings.

The Forward Enterprise dashboard shows utilization metrics within the engagement tab. Before this release, these metrics provided a small fraction of visibility into platform features without clearly outlining historical usage. Furthermore, before 23.9, the engagement dashboard had been lacking details on daily users, most active users, as well as user historical trends. This version of the engagement dashboard provides our users with clear usage metrics, by providing customized time ranges with enhanced granularity. With this addition, the engagement dashboard can easily prove the benefits of adopting of our platform, and can easily justify the continuous investment to executive leaders.   The new usage metrics include:Active users Path searches Text searches NQE interactions NQE queries executions Collected file views Inventory views Diffs views Blast radius views CVE views Exposure analysis views Security exposure analysis views Dashboard views

As of the 23.9 release, new modeling capabilities have been added for the following vendors: Checkpoint - Multi-Domain Server CloudGenix - Layer7-based policy Palo Alto - GlobalProtect VPN Extreme Networks - VDX in standalone mode

Forward Enterprise provides unmatched visibility when it comes to multicast flows. Our model of the network infrastructure can tell our users everything about a multicast group, bringing the network operator visibility they never had before. Introduced in 23.7, the multicast visibility is enriched in 23.9 with the addition of support for Source Specific Multicast (SSM).  To learn more, visit the Multicast section within the Path Analysis documentation page.

Some Forward Enterprise applications don’t need a snapshot to be fully processed before they can be used. This enhancement allows our users to start leveraging Forward Enterprise applications as they become available, drastically increasing the efficiency around accessing more recent network data. This is especially true in large deployments, with tens of thousand of devices. Access to the NQE Library, for example, can be available much earlier as the snapshot continues to process. This functionality is enabled by default with 23.9.  

Starting with version 23.8, a dialog box illustrating the Release Notes will appear when you open a fresh tab or window after the system has been updated to the latest major version of the Forward platform.The goal of this dialog box is to keep the users informed about the latest enhancements and features of the Forward platform, in addition to any fixed bugs. 

Prior to this release, there was no way to copy devices and their collection setup up across networks. With this enhancement, users can copy devices across networks, for instance, from a parent to a Workspace Network.For more information, visit the Workspace Networks page.