In Part 1, we discussed The Five Headwinds to Microsegmentation. After learning about microsegmentation, what it is, and the limitations and challenges that accompany it, it’s easy to see why many microsegmentation initiatives never get off the ground. Between operational overhead and the inability to overcome organizational resistance due to its complex deployment process, many organizations cannot prove or justify the ROI to take on the task of migration.
If you cannot rely on the supposed “latest and greatest” networking technology, though, you’re probably wondering what comes next—how to improve network policies so that applications communicating on your network are known-secure, and attack progression in your cloud and data center is stopped. Edgewise has created an entirely new class of security control called Trusted Application Networking to accomplish just that. This new approach abandons the address-centric network model used by microsegmentation, and is instead based on the secure identity of the communicating application software. As a result, organizations are able to dramatically reduce complexity and improve security. The advantages of Trusted Application Networking include:
- Superior security and visibility with application-centric controls. First, Edgewise provides visibility into how applications communicate by mapping the application topology automatically. Then, Edgewise uses application-level language to define and enforce policies based on application components rather than IP addresses, protocols, and other underlying infrastructure elements. This allows the machine learning generated and recommended policies to be validated by the application developers and bridge the gap between application-speak and network-speak.
- Simpler policy management with automatic policy recommendations. Edgewise’s machine learning examines application communications to summarize 99.99% of network activity and devise a set of policies that can reduce 98% of the network attack surface. Those policies are built in language that security, operations, and applications teams can understand, making it easier for those teams to validate or modify the policies as circumstances dictate.
- More clarity on the risks and benefits with smaller number of controls to comprehend. Edgewise’s use of application-level language results in a policy set that is orders of magnitude smaller than a comparable address-based policies on a firewall. Thus, policies are more easily understandable, and able to evolve with application needs.
- Better prioritization of security initiatives based on measurable risk metrics. Trusted Application Networking analyzes and visualizes application activities and defines recommended defensive controls. In addition, Edgewise measures the potential impact of applying controls on risk exposure, and quantifies a confidence level of applying those controls (click to tweet this). This results in measurable metrics that can be communicated to executives to help them understand the business benefit and risk of security controls.
- Adapts to DevOps and cloud environments with a flexible and intelligent policy. Edgewise enforces policy based upon dozens of different attributes of each application. Edgewise’s machine learning engine selects a subset of stable attributes to uniquely identify software in your environment. Also, as software changes, Edgewise adapts; if an application undergoes change, Edgewise will automatically recognize it and continue to enforce controls. This allows you to enforce fine-grained access controls but maintain the agility to deploy rapid changes to your critical business infrastructure.
Moreover, Edgewise does not require any changes to applications or network topology, and won’t have any impact on network or operations monitoring tools. This results in smoother collaboration between IT organization and the business.
Trusted Application Networking is a simpler, more streamlined approach to ensure that only trusted applications are allowed to communicate over approved network paths. The organizational barriers that exist with microsegmentation are absent with Trusted Application Networking, and managing policies becomes a breeze. Finally, Edgewise provides demonstrable risk metrics which enables operations, security teams and the business to collaborate more effectively and prioritize security controls where they are most needed -- increasing security and aiding compliance efforts.