NEW VIDEO: Security Weekly - How to protect AWS metadata services (used in Capital One breach). Watch now!

Managing the Known Unknowns with Edgewise

It’s been a little over six months since I joined Edgewise, and in that time I’ve spent every day listening to end users and channel partners, in addition to learning about Edgewise’s platform from coworkers. Having spent the entirety of my career prior to Edgewise working in the networking space, I’ve learned a lot about the security measures that practitioners need and want, and how those measures impact infrastructure teams. Things in security change fairly rapidly—new tools emerge in the market as a result of new adversary tactics, techniques, and procedures—but they also stay the same. Though security teams may be quick to jump on what’s new and may protect the company from breach, I’ve noticed that infrastructure teams, in contrast are equally as quick to ask, “You want to do what to my environment?”

It’s 2019 and every enterprise understands both the benefits and risks of digital transformation. Because cybersecurity has become a board-level topic, every company has the “checkbox” of tools in place: antivirus, firewalls, encryption, a SIEM, vulnerability assessment, identity and access management solutions, etc. The “starter kit” of security products is a given, but even the most mature security organizations struggle to keep up with their exponentially expanding networks and amounts of data. Every networking and security professional I speak with says the same thing: It’s easy to know what you know and manage what you know, but managing the unknown is the biggest problem the organization faces.

The average organization has over 1,000 applications communicating on its networks at any point in time. Infrastructure teams are operating on-premises data centers and cloud networks, which are often geographically dispersed and come “out of the box” with disparate native controls. Different business units are adding gigabytes of data and SaaS platforms to the network at a dizzying pace, frequently without the heads’ up to security so those platforms and data can be properly secured. In other words, every company and every security team has blind spots on their networks and it’s these blind spots that worry the security team most.

Everyone seems to agree that there are too many ways threat actors can access your organization’s data and systems. A motivated cyber attacker will find a way in regardless of the tools and processes the security team has implemented. A simple phishing attack can yield a valid set of credentials that allow the adversary to penetrate the perimeter, and recent high profile breaches like those at British Airways, Facebook, Marriott, Google+, and others show that software and other network vulnerabilities are a relatively straightforward way for criminals to achieve their first step in the attack cycle.

Come see Edgewise at Secure360 Twin Cities, May 14-15, 2019 in Prior Lake, MN

Benefitting from microsegmentation

With all of this in mind, nearly every post-breach analysis by industry experts reveals that better network segmentation would have prevented these large-scale breaches. Even if the attacker exploited unpatched software, a system misconfiguration, or a user’s credentials, a properly segmented network using zero trust principles would have stopped attackers before they reached their ultimate targets—generally speaking, the data.

The long list of standard security tools are standard for a reason: they’re part of a larger ecosystem of technologies that are proven to help security and networking teams manage the confidentiality, integrity, and availability of systems and system resources. Each of these “checkbox” tools has its place in the ecosystem, especially as the high-level goal is to reduce the number of ways adversaries can get into the network. Antivirus is good at catching the “low-hanging fruit” aimed at organizations constantly. Firewalls are proven-effective at managing external traffic requesting network access. SIEMs are great at collecting data from multiple sources and alerting on deviations from normal network activity. But let’s remind ourselves that as effective as these technologies are, most were originally built for and implemented in on-premises environments. Even though some next-gen versions of these tools can adapt to the cloud, they weren’t born in the cloud, which is why they’re not able to prevent today’s attacks with greater confidence.

Eliminating network blind spots

Almost every company I’ve talked to in the last few years manages a hybrid cloud, often with a multi-cloud deployment (meaning they operate internal data centers plus more than one cloud, from different cloud providers). The tooling that works effectively in on-premises data centers may not scale or adapt to large enterprises’ cloud instances. And the cloud-native tools provided by the cloud providers themselves are only germain to that specific provider. What this means is that companies now have to manage a vast set of disparate tools across multiple environments, then try to correlate those tools to understand what’s happening on their multiple networks with their myriad of data. This is creating too many blind spots and opportunities for exploit.

Getting back to the idea of network segmentation, the problems mentioned in the last few paragraphs illustrate just how complex it is to manage the organization’s systems and data. A one-size-fits-all approach to segmenting the network is next to impossible with address-based tools. Though most security and infrastructure practitioners know about—and may have suffered through—firewall-based segmentation or microsegmentation projects, this approach just does not scale in today’s dynamic environments. The customers and prospects I speak to want to segment their networks to keep the bad guys from accessing private data, but they’re gun shy. In the past, segmenting the network meant too many rules, too many exceptions, and not enough assurance that adversaries couldn’t abuse network information to reach their intended targets anyway.

So while we can all agree that better (micro)segmentation and a zero trust methodology are a “must,” past methods keep practitioners from moving forward at the speeds they need. In other words, attackers aren’t the ones letting technology hold them back. Defenders are investigating and talking about how to accomplish network segmentation/microsegmentation and time is of the essence. To struggle through another costly and time-intensive failed implementation isn’t an option.

Increasing hybrid cloud security without adding technical debt

What I am learning and excited about is the fact that Edgewise is ideal for organizations that want to move ahead with zero trust microsegmentation, especially if the initiative doesn’t require re-architecting the network or making significant changes that result in technical debt. Network and security teams managing hybrid cloud want a cross-platform solution that helps them understand application, server, and host communication patterns—managing the unknown. Beyond baseline visibility, companies want a straightforward way to secure apps and services uniformly, without constantly writing and revising rules when network constructs change.

I joined Edgewise because I thought I saw a solution that could deliver an answer to previously-laborious microsegmentation projects. Several months into my tenure here, I know that companies looking for a way to segment their networks—even the most dynamic networks spread across multiple providers—have a way to protect their sensitive applications with zero trust without the pains of the past.

Evan Greene, Vice President, Sales

Written by Evan Greene, Vice President, Sales

Evan Greene brings over 15 years of experience in sales and sales management to Edgewise. Throughout his career he has focused on recruiting top talent, developing sales teams, as well as defining sales and go-to-market strategies. Prior to joining Edgewise as the VP of Sales, Evan held various leadership roles where he successfully built and managed inside and field sales teams. In his most recent role, Evan served as Senior Director of Global Public Cloud Sales at Sophos. In this role, he led sales and pre-sales engineering, channel and partnership programs, as well as their respective go-to-market strategies. He worked closely with senior leaders at Amazon Web Services (AWS) and Microsoft to deliver powerful cloud security solutions that drove revenue and profitability for Sophos.