LIVE WEBINAR - April 30th: Segmentation and Security: How to plan for right-sized security testing.  Sign up today!
 
 

Microsegmentation Built on
Software Identity

Increased network protection in one click.
Securing workloads based on network constructs is complex and unreliable in highly dynamic environments such as the public cloud. Decoupling workload protection from the underlying network delivers a simpler approach that allows for fine-grained control, adaptive policies, and automation. Edgewise uses software identity to focus security on the workload itself, independent of the underlying network. With Edgewise, microsegmentation is operationally uncomplicated and provides better protection against adversaries.
Network protection

1. Builds software identity fingerprints

Learn what software is communicating
To detect and stop attacks on your networks, you first need a clear understanding of all software, hosts, and processes and how they’re communicating. To identify your complete application topology, Edgewise builds fingerprints for every communicating workload. Fingerprints are based on immutable identity attributes sourced directly from the kernel and include information such as the SHA256 hash, file path, code-signing certificates, and loaded modules. Edgewise ensures the fingerprints are resilient to software updates.
Microsegmentation based on software identity

2. Recommends identity-based policies

Apply strong microsegmentation with fewer policies
Edgewise provides machine learning-driven policy recommendations that enable you to automatically build micro-perimeters around applications and verify communication across boundaries. Recommended policies are based on the cryptographic identity of your communicating software and a statistical model of how the software interacts. Because our policies aren't tied to ever-changing network constructs, Edgewise provides an increased level of security with up to 25x fewer policies than traditional address-based rules.
policy compression

3. Detects anomalous connections

Know when software communicates unexpectedly

To accurately detect anomalous behavior, Edgewise:

  1. Identifies known malware using industry-leading anti-malware scanners.
  2. Analyses interactions between software and hosts to detect unexpected or unusual behavior such as:
    • new connections
    • an IP address that continuously scans for open ports
    • an IP address that suddenly shows increased communication activity
  3. Applies machine learning to continuously improve detection.

 

Security control

4. Enforces security control

Allows only verified software to communicate
Edgewise policies are enforced at the kernel level to provide both strong security and operational simplicity. This results in fine-grained control over what software and services are allowed to communicate on your network. 
Security control

Edgewise SaaS Architecture

Scales and adapts in dynamic environments

Edgewise is Software-as-a-Service (SaaS) that is simple to deploy with zero disruption to business services. The Edgewise cloud performs all machine learning analysis and policy creation — avoid the complexity of hosted infrastructure. Lightweight Edgewise agents are installed on servers in your environment and connect to the Edgewise cloud to receive policies. Agents cache policies locally so even if internet connectivity is temporarily lost, security remains and you can manage business-as-usual. The agents are dynamically loadable kernel modules that are designed for high stability, very low latency, and scalability in distributed environments.

edgewise saas architecture

High performance network control

Edgewise eliminates the ongoing performance overhead typical of other network security tools. After verifying the identity of the software attempting to connect, the Edgewise agent facilitates normal communication, without any interference. The agent consumes about 0.10% steady-state CPU, 10MB memory on a heavily loaded system, and under 10 microseconds latency during establishment of the initial connection. The kernel level position of the agent assures tamper resistance.
faster than firewalls

Stay on the cutting edge

Subscribe by email to receive the latest network security news and articles directly to your inbox.
We'll only ever use your email address for sending you our e-newsletters