Review: Veriflow Network Verification Platform

Product Review: Veriflow Network Verification Platform

In a recent article, YDT covered a press release from three-year-old startup Veriflow regarding the launch of its network verification platform, announced on November 15th. Our coverage mentioned the newly-active Veriflow network verification platform and provided an overview of the platform, but did not go into many specifics as to how the platform works. This review will take a more in-depth look at the platform, with additional product specifications and a look at Veriflow’s offering in context with other systems that are on the market.

However, Veriflow’s model uses analysis algorithms that determine how to group possible packets together into “equivalence classes” that have the same behavior throughout the network. While the computation of these classes is no easy task, it drastically reduces the number of distinct behaviors of network traffic flow, to a number that is within the capability of current processing power.

Since Veriflow is a relatively young company and not yet well-known, it makes sense to take a brief look at its history. The company started at the University of Illinois at Urbana-Champaign, where two professors and a Ph.D. student collaborated on a research project. This research was being done in the emerging field of formal network verification, similar to the formal verification of software that occurs in the aerospace industry. In a recent conversation with Veriflow CTO Brighten Godfrey, he referred to formal verification as somewhat of a “holy grail” of software development, because of the inherent difficulties in mathematically proving whether one’s software is performing as expected. This made the research difficult but particularly promising; after continued study, the research team founded the company in 2013. They have since been joined by President and CEO James F. Brear; Sajid Awan, VP of Products; and Jim Tosh, VP of Engineering, who was previously with endpoint security company Endgame, giving them over 20 people on the team as of this writing. Along the way, they have secured funding from the National Science Foundation, the U.S. Department of Defense, New Enterprise Associates, Menlo Ventures, and among other investors.

Part of the challenge of the team’s research involved going from a prototype to commercial, enterprise-level software. The Veriflow network verification platform is not for single-user consumers, but rather for enterprises who have larger and more complicated networks. What follows is a look at how the Veriflow platform works to achieve its overall goals of cutting down on network outages and reducing enterprise clients’ vulnerability to network threats.

Key Features and Specifications

It has already been determined that enterprise-level networks are more complicated than smaller networks, and must contend with a number of human and technological factors that add to network complexity. Technologically, there are a number of individual network components to consider, often from several or even dozens of separate vendors; from a human-factor aspect, there is always the potential for user error – or a hacker breach. Faced with a daunting challenge, the Veriflow team decided to apply rigorous mathematical algorithms to achieve its overall goals.

More specifically, the Veriflow platform attempts to predict all possible flows of data inside the network, and then verifies whether that predicted model matches up with the intended network policy. To construct this predictive model, the Veriflow platform first gathers low-level device data from each device in the network, both real and virtual. This information is fed into the algorithm so that it can predict how each given device will behave. (The data for this step comes from lists such as forwarding tables and access control lists, among others.) Then, all the information is brought together to create a network-wide predictive model. The model performs continuous verification, which means that when any additional changes are made to the network, the model automatically verifies the changes.

Review: Veriflow Network Verification Platform - YourDailyTech

It is through this system-wide modeling that Veriflow’s platform shines. Prior to simplification, the number of possibilities for how a piece of data could move through an enterprise-level network is gigantic – according to Dr. Godfrey, it exceeds the number of atoms in the universe – and today’s computers would be ill-equipped to handle this plethora of options. However, Veriflow’s model uses analysis algorithms that determine how to group possible packets together into “equivalence classes” that have the same behavior throughout the network. While the computation of these classes is no easy task, it drastically reduces the number of distinct behaviors of network traffic flow to a number that is within the capability of current processing power. It is at this stage that the predictive algorithms create their model for packet flow in the network.

Who is competing against Veriflow? Well, Veriflow is attempting to be the first company to use mathematical algorithms to predict packet flow in the network and use formal verification to determine accuracy. According to Veriflow, they generally compete against companies who provide real-time network monitoring, such as that of SolarWinds and LogicMonitor. While real-time network monitoring has grown greatly as a field, it still cannot quite match up – at least in theory – with a product that looks to determine network status in the future, through predictive algorithms. If Veriflow’s offering works as well as advertised, it could provide a breakthrough in reducing network outages and threats, by predicting where such issues are most likely to occur. Real-time network monitoring, by contrast, can only notify IT administrators of an issue once it is already existing, no matter how extensive or detailed the real-time monitoring platform is.

The Veriflow platform is a virtual client that can be deployed on-premises or in the cloud. Pricing has not yet been released, but the platform will be sold via an annual subscription on a per-device basis.


Additional Resources:

Veriflow’s A Global Survery of Network Professionals

Veriflow’s White Paper

Veriflow’s Newsroom