Zero trust was absolutely essential to the creation of Edgewise. Anything less would result in yet another security tool attackers could bypass for malicious purposes. Starting at zero trust, though, meant that every access request inside companies’ networks would need to be verified before a communication was sent or received. This last point is central to Edgewise and we’ve even been granted a patent for our innovation. Many zero trust solutions check verification before access is permitted. Edgewise’s patent is for symmetric, identity-based verification at both ends of the communication. This matters because it prevents malware from propagating, even if it’s added mid-communication. Edgewise can stop malware before it’s sent, not just when it’s requesting a connection.
Another critical element of Edgewise’s solution is our machine learning. Not coincidentally, adaptive policies are also an important part of a zero trust environment. Edgewise’s second patent was awarded for our machine learning innovation that drastically reduces the number of policies required to secure access pathways between applications. Policy reduction is necessary because it addresses the previously-mentioned complexity problem of traditional microsegmentation with legacy, address-based tools. Especially in dynamic, auto-scaling networks like the cloud and containers, the number of policies operators must create and manage is immense. In fact, the management problem is so substantial that most companies never achieve enough ROI to justify a microsegmentation implementation. This is exactly why companies ignore recommended guidance and operate flat networks that lead to data breaches, as previously mentioned.
Operational ease; unmatched protection
However, microsegmentation doesn’t have to be that hard. Edgewise creates immutable, cryptographic identities for all software and services communicating on our customers’ environments. Unlike IP addresses, ports, or protocols, the identities we build can’t be faked or exploited, which is why they are the exact right control plane for controlling access to critical business applications and services. Once an identity has been automatically created, Edgewise’s machine learning determines what access each entity should have based on a statistical analysis of the environment. Unused or unnecessary application communication pathways will also be blocked based on the environment analysis, which results in a dramatically reduced network attack surface. Add in the continuous, symmetric identity verification at every communication request and you’ve got a system that is significantly hardened to attack.
Another aspect of Edgewise that is unique is that we decouple protection from the network. As I noticed early on in my career, using the network as the control plane for what can communicate (and how) is risky. Because it’s applications that organizations need to protect, it only makes sense to put the strongest control there. Yet so many security tools don’t do that. Edgewise’s application fingerprinting is a key component of why Edgewise works ubiquitously across every network environment. It’s a leading reason Edgewise is so easy to use. And it’s why we can confidently and credibly say that Edgewise offers a provable return on security investment that other companies can’t.
All of this is great news for any company wanting to eliminate flat networks and improve security control, but the most exciting part is the announcement of our 1-click auto-segmentation. Our team has worked really hard to build the best technology on the market, and I couldn’t be more proud of them. The fact that we made everything I explained above—a reduced network attack surface, application-based microsegmentation, cryptographic identity verification, zero trust, policy compression—achievable in one click is the real story. We’ve taken the complexity out of microsegmentation, delivering immediate results with provable security outcomes. We call it “impossibly simple microsegmentation with zero trust security.” Edgewise protects any application, in any environment, without any architectural changes. We provide measurable improvement by quantifying attack path risk reduction and demonstrate isolation between critical services—so that your applications can’t be breached.
Strong. Scalable. Simple.
There’s so much more I could share in this blog post, but instead, I invite you to experience 1-click auto-segmentation in action for yourself. Contact us to schedule an online demo or visit us at any one of these upcoming conferences to speak with me, personally, about how to implement strong, scalable, impossibly simple security in one click.