Network compliance can mean various things to various stakeholders. Traditionally compliance means adhering to 'regulatory requirements' and is still a major use-case for compliance tooling. However, the same mechanisms are equally important for important goals like 'conformity of design', 'assurance of security', or 'advanced status monitoring'.
Eric Yspeert (CTO NetYCE): “Our aim with this release was to help operation teams to monitor the network more proactively. We also managed to include the feedback from our early adopters and added a lot of new functionality, including two unique compliance functions that do not exist today: multi-node comparison and support for variables. This will save our customers a lot of time and gives them enhanced flexibility when performing their compliance checks.”
These are the 4 new features that will help you make Network Compliance easy:
1. Supreme security and availability with multi-node comparison
The ability to automatically determine if firewall rules or ACL's are identical within a group is a major requirement for many network owners. Especially in situations where nodes operate in tandem or small groups with redundancy or failover capabilities. With the multi-node comparison, you can compare configuration sections between different nodes or groups of nodes and determine compliance on found differences. This is very beneficial for both security and operations teams.
2. Flexibility with variables
Network Compliance checks if your device configurations conform to the policies defined for it. These compliance policies consist of a number of rules which in turn use conditions. In the previous release, these conditions tested against predefined values, and we learned that our customers wanted to have more flexibility. Using centrally stored variables allows for conditions that check against values from a devices' context like the '<loopback>' ip-address of a node or its '<hostname>'. This means you will benefit from the 'single source of truth' that NetYCE can be.
3. Schedule checks on demand
At the moment, Network Compliance rules are triggered when a configuration is changed in the network. However, if you want to compare groups of nodes, this no longer suffices since network changes within a group will never be done simultaneously. For as one node in a group receives a change, it will immediately follow that it is out-of-sync with the others. In the new release, policies can be scheduled to execute periodically using various types of intervals.
4. Dynamic compliance checks
Previously, the rules tested against the full configuration or against the logical blocks it consists of. In the new release we implemented multiple ways of selecting what part of the config they will validate for compliance.
Also, to add even more flexibility, policies now support a new rule type, 'command rules'. These rules do not check configuration blocks but the responses to CLI commands. This rule-type allows policies to use state information in their compliance requirements, enabling dynamic compliance checks.
Peace of mind
NetYCE brings peace of mind: it runs fully automated in the background enabling you to remain compliant and pass audits easily with proactive policy validation and dynamic reports. Network Compliance is highly beneficial for everyone who wants to ensure network compliance, design consistency, and compliance with regulatory entities.