Network Management Automation

 

The Safest Thing to Do: Automate the Management of Your Cisco® Network

 

Sooth, Inc.

 

 

Sooth, Inc. has developed sophisticated automation technology to automate tier 1 and tier 2 network management tasks while applying best practice standards, methods and procedures to take control of most aspects of network management for Cisco® IOS devices.

 

The immediate question most ask: “do these new automated solutions from Sooth present any risk to the safety, integrity or security of their networks?”  The answer is no.  In fact, they provide unprecedented opportunities to improve network security immediately, and demonstrate compliance with security requirements and standards.

 

Sooth product developers took many extra measures and precautions to ensure our products eliminate risks and require virtually no overhead.  The following illustrates these precautions and the favorable results:

  • no login to the devices supporting Sooth automations is possible
  • login to the Sooth automations is secured in a manner appropriately integrated to the customer's network
  • Sooth automations are never installed on the customer network, nor is any data stored on the customer network by Sooth automations
  • no injection is possible into the instruction stream of Sooth automations
  • the impact on device traffic is minimal and measures only a few baud (vs. kilobits) because Sooth automations require the absolute minimum of overhead
  • the impact on device processor overhead is immeasurable, because the device is only performing commands directly supported by the IOS via command line
  • no intermediate protocols are used; only the operating system of the device itself, and either Telnet or SSH, depending on customer preference

Sooth’s two products: SEER™ and SUPERVISOR™ pose virtually no risk to networks.  In fact, running SEER™ and SUPERVISOR™ on a network poses less risk than loading any website, including their own corporate intranet.


SEER™ runs in two modes. The first, SEERLive™ is never actually “installed” on any device and exists only in RAM.  Therefore, it leaves NOTHING behind once it is deactivated.  SEERLive™ has less of a presence on the network than the next web page accessed by the network security manager.

The second mode of SEER™ is usually installed along with the SUPERVISOR™ product on a server at a customer's site.

 

SEER™ executes commands directly to the command line of the Cisco® devices which poses no threat to the network in read-only mode. It is impossible to cause a fault and increase risk in a Cisco® IOS device by executing valid commands from inside the Cisco® IOS, and that is the ONLY way that SEER™ or SUPERVISOR™ interact with a device. SEER™ provides safety in ways few products can as it was designed to run in a “read-only” mode with read-only credentials.  Even when SEER™ is provided with “enable” (read/write) credentials to a Cisco® device, SEER™will automatically downgrade its own rights to the device to “read-only”.

 

Customers using ping, polling, installed agents, discovery or ANY other method are running a greater risk of network fault than either SEER™ or SUPERVISOR™ can ever create. None of these methods are used by SEER™ or SUPERVISOR™, precisely so that these technologies are safe to run in the “unknown” without risking harm to an operating Cisco® network.

If we continue by comparing the safety of credentials entrusted to SEER™ and SUPERVISOR™ versus those entrusted to a IT staff, SEER™ and SUPERVISOR™ can never:

  • share passwords with anyone or anything else
  • write down a password and leave it exposed for others to see
  • forget a password or use it for unauthorized activity
  • make a keying mistake and cause an error during a procedure

Due to the security measures built into the technology, installations of SEER™ or SEER™ and SUPERVISOR™ are actually safer places to maintain credentials than the acceptable industry standard of a password vault. Since Sooth collectors provide no mechanism for direct login, the only way to interact with the SEER™ and SUPERVISOR™ authentication system is through pre-defined, expressly permitted policies of the system which are presented via a web interface only via these products. Since providing credentials is not one of these expressly permitted policies, neither SEER™ nor SUPERVISOR™ can provide access to credentials under any circumstances.


In summary:

  • SEER™ and SUPERVISOR™, being automation, can't make human mistakes, lose, or mis-use credentials
  • SEER™ and SUPERVISOR™ when installed on a collector provide more security for credentials than even a corporate password vault
  • SEER™ and SUPERVISOR™ avoid use of insecure (SNMP) or resource-consuming (ICMP ping) methods commonly used in the industry. Instead SEER™ and SUPERVISOR™ work directly at the command line of the Cisco® IOS which provides both the greatest possible security and the least possible impact on overall network performance.

 

©Sooth, Inc.
2009 All Rights Reserved


Sooth, Inc. has developed sophisticated automation technology to automate tier 1 and tier 2 network management tasks for Cisco® networks while applying best practice standards, methods and procedures to take control of most aspects of network management.  Sooth’s products SEER™ and SUPERVISOR™ are patent pending.  For more information, please see www.sooth.us.

 

  

Sooth, Inc., 3 Commerce Park Square, Suite 900, Beachwood, OH 44122, ph. (216)862-8637

Copyright ©2009 Sooth, Inc. Sooth - A Network Management Automation Company. All rights reserved.
www.sooth.us is powered by Website Builder © 2003-2009