Stay on the cutting edge. Subscribe to our blog.
Solving remote security issues through zero trust
The key problem is this: Centralized control in monitoring too often relies on a physical network connection, and in the current environment, that model just doesn’t work. Instead, we need to move to a model where security follows devices. People have already moved in this direction when it comes to security in the cloud, where you can’t rely on appliance-based control. Security has to reside in the device itself.
To help our customers deal with this situation, we’re enabling them to extend identity-based zero trust security to these remote endpoints. It’s a fairly simple process because of our automated machine learning capabilities within our zero trust platform.
First, we create a segment for the desktop and verify the identity of all the software trying to communicate over the VPN. That’s critical, because in a typical network address-based security environment, there’s no way for IT to determine what is communicating, only how it is doing so. It’s as if the FBI intercepts a conversation between two gangsters, and, as soon as they realize they’re speaking in English over the regular phone system, the agents assume that the gangsters’ communications are all completely innocent. That’s almost exactly what network-based security systems do. They look at the protocol and the network address. So long as they check out, communications are allowed, even though IT has no idea what or who, exactly, is trying to communicate.
At Edgewise, we identify exactly what software and devices are communicating through the use of unique cryptographic fingerprints down to the script level. These identities are built using immutable properties of the workload, such as a SHA-256 hash of a binary or the UUID code of the BIOS, and many more.
In this way, Edgewise can verify, for example, that Amy’s laptop is running an SAP app that needs to connect to the corporate SAP back-end, and that no other software on her machine is allowed to do so. After we segment the endpoint and establish policies, we leave it in simulate-block (or monitoring) mode to make sure the policy set does what it is supposed to do, and that it doesn’t impede a user’s day-to-day work. It’s pretty obvious when there’s a problem, and it can be easily fixed. Once we have verified the policies, we move it over to full enforcement mode, and the desktop is now operating in a zero trust environment.
It’s an unsettling and difficult time for most everyone. Not having a security contingency plan in place will only exacerbate concerns. You do not have to settle for compromised security just because your entire company converted to remote work overnight. Identity-based zero trust segmentation can extend from your cloud or data center and can follow your company’s desktops and laptops to keep them and the data flowing through them safe.
Want to delve into this topic in even more depth? Watch CEO Peter Smith discuss it with Paul's Security Weekly crew in this video podcast.