ABOUT INVARIANT

Helping Customers Secure Their Networks

Invariant is creating tools that empower network and security operators to safely make changes to their networks and quickly and accurately assess their security posture.

Get in touch
Learn more

Our Mission: Transform How Networks Are Secured

At Invariant we believe that changing network security configuration should be a safe and transparent process. Our platform offers an entirely new workflow for planning and executing changes centered around deep analysis of your network’s behavior before and after changes. 

Network Security

Network management with advanced security policy enforcement.

Digital Twin

Create a digital twin of your network to validate critical flows and ensure connectivity.

Vendor-Agnostic

Support multi-vendor environments seamlessly, including on-premise and cloud networks.

Future-Ready

Innovate with our cloud-based application for streamlined network modeling.

Invariant was born out of a desire to streamline and empower network security and its operators. Conceived as a synthesis of two open-source projects - the Batfish digital twin and Aerleon, a fork of the Capirca ACL generator - Invariant has its roots deeply embedded in the world of network automation.

At Invariant, with our experience in open-source network automation tools like Capirca and Aerleon, we set out to create a solution that would simplify network security and provide unparalleled visibility into the complex web of network configurations. Our goal was to empower network operators and security teams with the tools they needed to proactively identify and address potential issues, rather than reactively responding to problems.

At the heart of Invariant is the ability to create a detailed digital twin of an organization's entire network, including both on-premise and cloud-based infrastructure. This digital twin allows lets you validate critical flows, connectivity, and security policies, ensuring that any proposed changes to the network will not introduce unforeseen issues that could impact the business.

Supporting a wide range of network vendors, including Cisco, Juniper, Palo Alto, and AWS, we allow organizations to leverage Invariant regardless of their existing infrastructure. This flexibility ensures that Invariant can be seamlessly integrated into any network environment, providing a consistent and reliable platform for network security and automation.

As organizations continue to navigate the complexities of modern network architectures, we see Invariant becoming an indispensable tool in the arsenal of every network operator and security professional.

Common questions

How does Invariant handle policy enforcement?

Invariant allows users to define network security policies using a YAML-based language. These policies can be applied across the entire network or specific VLANs and subnets. Invariant can analyze proposed changes before they are deployed, ensuring that they do not violate any policies or introduce critical flow issues. Policy checks can also be performed on historical snapshots to track compliance over time.

Does Invariant require access to my network?

No, Invariant does not require direct access to your network or the installation of local agents. It only needs copies of your network configuration files to create a digital model and perform analysis.

Can Invariant be integrated into existing workflows?

Yes, Invariant is designed to support DevOps workflows and can be integrated into CI/CD pipelines. It provides a CLI, SDK, and API to automate network management tasks, validate changes, and enforce policies. Invariant can monitor a git repository containing network device configs and update policies as needed.

What are the benefits of using Invariant?
  • Rapid Onboarding: Get started quickly without the need for extensive setup or new server installations.
  • Vendor-Agnostic: Works with a wide range of network vendors, making it suitable for diverse network environments.
  • Enhanced Security: Validate network changes and enforce security policies to prevent unforeseen issues.
  • Automation Integration: Seamlessly integrate with DevOps workflows and automate network management tasks.
  • Historical Analysis: Track network changes over time to identify and resolve compliance issues.
How does Invariant work?

Invariant operates by analyzing network configuration files. Users collect their network device configurations and upload them to Invariant. The platform then creates a detailed digital model of the network, which can be used to validate proposed changes, enforce security policies, and monitor network compliance. Invariant does not require direct access to the network or the installation of local agents.

What is Invariant?

Invariant is a network security and automation tool designed to simplify network management and enhance security. It allows users to create a digital twin of their network, validate critical flows, and enforce security policies without needing to set up new servers or grant network access. Invariant supports multiple vendors, including Cisco, Juniper, Palo Alto, and AWS, making it a versatile solution for hybrid networks.

Simplify your network security. Start today.

Invariant is designed for rapid onboarding and offers incremental value as you use the system more. Create your account today.

Create account
View documentation