Veriflow, a startup that uses formal verification to check every possible data flow in a network, has raised an $8.2 million Series A round.

The round was led by Menlo Ventures and includes New Enterprise Associates, which had also participated in Veriflow's seed round. The startup also got some early funding from the National Science Foundation and the Department of Defense, says CTO Brighton Godfrey.

Veriflow has been in beta trials since December and came to light in April, when it announced its method of using formal verification to spot the outages and breaches a network would be susceptible to.

The startup pitches this predictive model as a better way to make sure an enterprise network is secure and stable. "If you're only looking at live traffic, you only see a weakness after a breach has already happened," Godfrey says.

On a deeper level, Godfrey hopes that Veriflow could lead to a more agile enterprise by taking guesswork and human error out of network changes and upgrades. "You can have the courage to change," he says.

Formal verification is a well-known process that mathematically proves that a design accomplishes what it was meant to. Its best known application is in computer science, verifying the viability of software; Veriflow likes to note that formal verification makes sure the software in space probes will be glitch-free years after launch. You'll also find the term used in semiconductor design, where formal verification "proofreads" the connections among a chip's transistors — billions of them, in some cases — and makes sure the whole thing is actually going to work.

Veriflow wants to provide the same kind of proof for the network.

"We are mathematically verifying whether network policies are being realized, and we do it by predicting all possible data flows," Godfrey says.

Once the network model is done, Veriflow checks for activity that would create an outage. On the security side, it can highlight vulnerabilities — finding out what happens if traffic with a specific, suspicious signature appears, for example.

It might seem far-fetched to think Veriflow could check every data flow. The number of possible connections is vast, and the variety of traffic flows seems infinite.

But those numbers can be culled. For example, Veriflow's algorithms — arguably its most valuable piece of intellectual property — gather different scenarios into equivalence classes. In other words, all packet flows that would have the same fate throughout the network can be treated as just one possibility.

Using tricks like that, Veriflow can verify a network at Layers 1-4 in a matter of minutes, Godfrey says. The process is handled by software-based "collectors" residing in virtual machines, and by adding more VMs, it can be scaled up, he says.

To explain the process more specifically: Verflow queries all manner of data plane devices — not just routers and switches, but the memory tables inside them. It looks into the low-level instructions that tell these devices what to do with packets. So, its view of the network is more complex than just a graph of nodes.

That information gets boiled down so that the network is described as one enormous system. It's a point of view that's becoming more common. Startup Apstra, which recently announced its presence and includes longtime Silicon Valley entrepreneur David Cheriton as a founder, likewise takes the approach of treating the network as a single system.

Veriflow sprang from academic work being done by Godfrey, who is a professor at the University of Illinois Urbana-Champaign, and his colleagues and students.

The startup's board includes Scott Shenker, the University of California professor who, alongside Stanford professor Nick McKeown, is known for starting the software-defined networking (SDN) movement. Godfrey had been a student of Shenker's, and the two have collaborated since Godfrey took the Illinois job seven years ago.

Veriflow does have a business side (and paying customers, Godfrey adds). Its CEO, Jim Brear, was chief executive of Procera Networks and took that company public.