Identity Management, Authentication and Access Control: Edgewise is a zero trust platform, which means that by design system authorization and authentication are granted for users, processes, and devices only if strict verification criteria are met every time a connection request is sent or received. Unlike traditional network security tools, every communication in an Edgewise-managed environment is considered potentially compromised and is therefore untrusted, even if it was trusted to communicate previously. This “rechecking” process ensures that if users, devices, or processes are exploited after initial network permission is granted, traffic will be disallowed from further communication, effectively preventing the spread of malware and further compromise.
Edgewise accomplishes this by building a unique identity (i.e., fingerprint) for every communicating workload on the network. This identity determines and manages access permissions in an organization’s cloud, on-premises data center, or container, and also ensures that security policies can’t be separated from the communicating entity.
As such, linking to the CSF subcategories in this section:
- Access permissions and authorizations in Edgewise are managed and audited, incorporating the principles of least privilege and separation of duties, based on workload identity.
- Edgewise policies are bound to the identities of assets, and those identities are cryptographically secure, asserted, and continuously validated to ensure the integrity of the network.
- By bidirectionally validating the identity of applications and services, Edgewise applies a second factor of authentication ("who you are") to software transactions ("what you know").
Awareness and Training: Although not a one-to-one match for the guidance in the NIST CSF, Edgewise uniformly enforces security policies and privileges throughout an organization’s myriad networks, independent of network location. As part of the zero trust methodology, least-privilege access is enforced for all users, devices, and processes based on identity, and system administrators can always see how security policies were applied to any application or service.
Though Edgewise cannot replace an organization’s security awareness and training program, it can help enforce the policies, procedures, and agreements defined by the organization and socialized through cybersecurity education.
Data Security: Protecting the confidentiality and availability of our customers’ data is the ultimate goal of the Edgewise platform. Edgewise works by constantly checking the integrity of software, firmware, and applications as they communicate throughout the network. Based on software/service identity, Edgewise uses machine learning to build and recommend adaptive security policies that are:
- Inseparable from the workload (at rest and in transit).
- Environment agnostic (i.e., do not rely on network constructs like IP address, port, or protocol).
- Able to:
- automatically detect when protected workloads have been altered;
- prevent them from communicating; and
- limit ensuing system damage which could lead to data leaks, system or data unavailability, or compromise the confidentiality or integrity of information.
Unauthorized access to and tampering with data in transit is prevented because only authorized programs can communicate with database and file services. Similar restrictions are applied throughout the entire chain of custody for all connected (or potentially connected) software. As a result, when coupled with encryption tools that protect data at rest, Edgewise enables organizations to satisfy NIST CSF risk requirements around data security.
Information Protection Processes and Procedures: As soon as the Edgewise agent is deployed in an organization’s network environment, Edgewise begins discovering, mapping, and visualizing communicating workloads. A risk rating is then created based on the current network attack surface and compared to the reduction that can be achieved after applying Edgewise policies. In this way, Edgewise provides a baseline of “normal” network communications and highlights anomalies when they appear, which allows companies to continually reassess the efficacy of the Edgewise platform as a protection mechanism. Doing so means that the organization can consistently evaluate how it is managing the security program to maintain processes and procedures that address vulnerabilities and prevent large-scale information system and asset exploitation by malicious actors.
Further, Edgewise enables consistent information security policies, processes, and procedures related to organizations’ data assets, from application development through deployment and ongoing use, and across any network environment (public cloud, hybrid cloud, on-premises data center, container). Unlike traditional network security controls, which are defined by network addresses and packet information, Edgewise protects information systems and assets based on application identity. This means that application owners/developers and network/security practitioners share one, common language to both define and apply policy, which results in consistent change control processes when topological changes to an environment occur.
Maintenance: This category in the CSF cannot be mapped directly to Edgewise, as “maintenance and repairs” are outside the scope of our technology. However, Edgewise allows companies to monitor their network environments for any modified application, host, or service communication, which means that potential malicious activity can be easily remediated. Edgewise policies are resilient to authorized changes so that protection continues even during maintenance issues.
Protective Technology: Edgewise was built expressly to address this category. Starting with subcategory 1, Edgewise provides a detailed auditing system that logs all changes to the Edgewise system as well as the impact of all Edgewise security policies. In addition, Edgewise captures and audits all application communication, which includes not only network address/port/protocol information, but also the identity of the software involved in the transactions. This information is provided in both the Edgewise Console as well as available through a secure and authenticated REST API where it can be integrated into other systems like SIEM and log management tools.
Moving down through the NIST recommendation to address subcategories 3 and 4, as a zero trust platform, Edgewise always enforces the principle of least privilege, which means that only essential and verified assets can connect in an organization’s network, and only with the lowest level of authorization required for them to function properly. This, in turn, reduces the risk that network communications pose to the organization.
Further, because all communication in an Edgewise-enabled organization is protected based on workload identity, security control cannot be decoupled from the workload, and all communications are automatically mapped. The mapping process results in an audit trail that administrators can use to align technical controls with policy, evaluate the impact applied policies have had on the environment, and ensure blind spots in protection coverage don’t exist.
Finally, in accordance with subcategory 5, Edgewise security policies fully support load balancers and failover situations. Because policies are based on identity and not IP addresses, additional systems (for high load) or backup systems (for failover) automatically inherit and apply the security policies based on the software running on those systems. If parts of the network fail and need to be rerouted, Edgewise policies continue to operate because they are dependent on source and destination identities, not the physical route in between. In this way, security policies are resilient to both expected and unexpected change.
The wrap up
Edgewise takes a workload identity-based approach to securing software and services in enterprises’ on-premises, cloud, and container environments. Using our patented technology to bidirectionally authorize and authenticate every workload before it’s allowed to connect, Edgewise ensures organizations have the most hardened level of protection for applications, hosts, users, and services communicating on their networks.
In the next post we’ll explain Edgewise helps organizations detect malicious activity, an important element of any comprehensive security program.