Faculty Startup Veriflow Promises to Eliminate Change-Induced Outages and Breaches

7/21/2016

CS faculty startup Veriflow has launched with a product to minimize security breaches and impact from network failures.

Written by

Veriflow, the network breach and outage prevention company, led by University of Illinois CS professors Brighten Godfrey and Matthew Caesar and CS alumnus Ahmed Kurshid (PhD '15), announced its launch with $2.9 million in initial investor funding from New Enterprise Associates (NEA), the National Science Foundation and the Department of Defense. The new software, designed for CISOs, network architects, engineers and operators, uses mathematical network verification, which is based on the principles of formal verification, to bulletproof today’s most complex networks. Veriflow’s patented technology provides solutions across the multi-billion dollar networking market to minimize the security breaches and costly disasters that can result from network failure.

Brighten Godfrey
Brighten Godfrey

Veriflow is the first networking company to use formal verification to eliminate change-induced network outages and breaches. The company’s mathematical network verification technology gives organizations the confidence to make changes by eliminating risks associated with modifying the network. The software also ensures network policy correctness and sends alerts whenever any change that may impact the network is detected, including intentional changes due to insider sabotage. The company was created in the EnterpriseWorks incubator at University of Illinois' Research Park, and is backed by New Enterprise Associates (NEA), the National Science Foundation and the US Department of Defense.

Matthew Caesar
Matthew Caesar

Why Networks Fail

There are four primary reasons why today’s network infrastructure is vulnerable to breaches and outages:

  • Complexity: The cloud, network virtualization (including NFV), software-defined network solutions, mobile devices and the Internet of Things (IoT) all add incredible complexity to network management.
  • Change: On average, network operators make 1,000 changes per month to an enterprise or service-provider network, actions that open the door to unforeseen configuration errors.
  • The Human Factor: At the operational, design or architectural level, more than 80 percent of network failures can be attributed to human error or malicious behavior.*
  • Poor Policy Management: One out of three enterprises and service providers lacks policies for IT, Information Security and data encryption, while 71 percent lack critical knowledge of which policies to institute to mitigate vulnerabilities and disruption.**

“Organizations typically make an initial investment in network infrastructure and have a vision for their ideal network’s security, resilience and agility,” said Jim Brear, president and CEO at Veriflow. “And yet, no matter how much money organizations continue to throw at point security products, outages and breaches are an everyday occurrence. Veriflow’s founders stepped back, took a hard look at the landscape and said, ‘There has to be a better way to bulletproof today’s networks.’ It turns out there is, and it’s driven by the principles of formal verification.”

Veriflow says its solution creates maps like this that accurately track packet flows.
Veriflow says its solution creates maps like this that accurately track packet flows.

Applying Formal Verification to the Network

Formal verification is not a new concept. It uses sophisticated algorithms to prove or disprove the correctness of a system with respect to certain functional specifications. This process is frequently used by organizations with products that absolutely cannot fail. For example, NASA rovers are still traversing the Martian landscape years after landing because the correctness of their flight software was mathematically verified before deployment. Similar trusted 24/7/365 technology is embedded into mission-critical airplane flight controls, medical devices and military defense systems.

Veriflow is the first networking company to apply similar formal verification, along with network policy best practices, to secure today’s most complex and dynamic networks.

“An enterprise that claims its network is 98 percent reliable may sound responsible and highly functional, but who in their right mind would board an airplane if they knew that two out of 100 could fall out of the sky at any given moment,” said Brighten Godfrey, CTO at Veriflow. “There’s no reason why networks can’t be just as trustworthy as other mission-critical devices and applications. And we’ve figured out how to protect networks from change-induced outages and breaches mathematically.”

Using mathematical network verification, Veriflow enables enterprises to prevent the outages and breaches that lead to astronomical losses. Unlike techniques such as penetration testing and traffic analysis, Veriflow performs mathematically exhaustive analysis of an entire network's state and does so proactively – before vulnerabilities can be exploited, and without waiting for users to experience outages. This approach enables strong guarantees of correctness. If there is a network policy violation, Veriflow will find it and provide a precise identification of the vulnerability and how to fix it. Veriflow can also provide mathematical evidence that the network is correct, giving enterprises the confidence to change their infrastructures.


Share this story

This story was published July 21, 2016.