Manage ACLs in an entirely new way

Request access to Invariant ->

Fill out the Invariant pre-registration form.

Invariant Star Logo

Invariant parses network configuration files (using Batfish) into an analytic model of the network and uses that model to:

  • Propose modifications to ACLs to permit new traffic across multiple firewalls in legacy, multi-vendor networks.
  • Show the impact of any proposed network configuration change (ACL, BGP, etc) on the whole network. Record network configuration changes over time and examine when problems were introduced.
  • Evaluate access control policies (point-to-point and ingress/egress) and issue alerts or block a change management workflow if violations occur. Can be used to block self-service or automation workflows.

Bring your multi-vendor network as-is.

Invariant supports Cisco, Arista, Juniper, and other common network device vendors.

Access reports and findings in the Invariant UI. Get notified about policy violations and misconfigurations as soon as they are detected.

Invariant automatically answers deep questions about the current state of your network. It also checks for policy violations like blocked or partially blocked critical flows.

It has a CLI? I love it already.

Use the Invariant CLI to perform ad-hoc analysis of uncommitted network config changes.

Use the Invariant GitHub integration to prevent incidents caused by misconfiguration.

Enforce policy violations before they reach your network.

Integrate your service automation system with the Invariant REST API.

Build out a self-service network-to-network access portal around the Invariant REST API. Engineers and devops can request access to subnets and Invariant will generate a patch or pull request for your network and security teams to review.