NEW: Zero Trust Security For Dummies ebook. Get your free copy now!

Software Identity

Segment workloads based on software identity. Increase network protection in one click.
Securing workloads with address-based network controls is complex and minimally effective. Decoupling workload protection from the underlying network delivers a simpler approach that allows for precision control, adaptive policies, and automation. Edgewise uses software identity to focus security on the workload itself, independent of the underlying network, thereby simplifying protection, especially in dynamic cloud and container environments.

1. Builds software identity fingerprints

Know what software is communicating
To detect and stop attacks on your networks, you first need a clear understanding of all software, hosts, and processes and how they’re communicating. To identify your complete application topology, Edgewise builds fingerprints for every communicating workload. Fingerprints are based on immutable identity attributes sourced directly from the kernel and include information such as the SHA256 hash, file path, code-signing certificates, and loaded modules. Edgewise ensures the fingerprints are resilient to software updates.

2. Recommends identity-based policies

Strong segmentation with fewest policies
Edgewise provides machine learning-driven policy recommendations, enabling you to automatically build micro-perimeters around applications and allow for approved communication across the boundaries. Recommended policies are based on the identity of your communicating software and a statistical model of how the software interacts. This combination allows Edgewise to determine normal versus abnormal interactions and behaviors and lets users quickly identify and prevent risky communications. Edgewise software identity-based policies provide an increased level of security with up to 25x fewer policies than traditional address-based rules.

3. Detects anomalous connections

Know when software communicates unexpectedly
To ensure accurate detection, Edgewise uses multiple methods, aided by machine learning, to understand normal and anomalous behavior. First, Edgewise identifies any known malware on your network by verifying application fingerprints with over 60 anti-malware scanners. Then Edgewise evaluates the interactions between software for anomalies, such as unexpected communication between software which has not previously occurred. Edgewise also analyzes hosts’ connection behavior for anomalies, for example, an IP address that continuously scans for open ports, an IP address that suddenly is communicating significantly more  compared to past behavior, or new IP addresses on the network.

4. Enforces protection policies

Allows only verified software to communicate
Edgewise policies are enforced at the kernel level to provide both strong security and operational simplicity. Advantages include precise control of communicating software based on its identity, and ensuring software is allowed to communicate on the network only after its identity has been verified.

Edgewise SaaS Architecture

Scales and adapts in dynamic environments

Edgewise is a Software-as-a-Service (SaaS) product that is simple to deploy with zero disruption to business services. The Edgewise cloud performs all the machine learning analysis and policy creation—avoid the complexity of hosted infrastructure. Lightweight Edgewise agents are installed on servers in your environment and connect to the Edgewise cloud to receive policies. The agents cache the policies locally so even if there is temporary loss of internet connectivity, security remains in place with no interruptions to your business. The agents, dynamically loadable kernel modules, are designed for high stability, very low latency and scalability in distributed environments.


High performance network control

Edgewise eliminates ongoing performance overhead typical of other network security tools. After verifying the identity of the software attempting to connect, the Edgewise agent facilitates normal communication, without any interference. The agent consumes about 0.10% steady-state CPU, 10MB memory on a heavily loaded system, and under 10 microseconds latency during establishment of the initial connection. The kernel level position of the agent assures tamper resistance.

Stay on the cutting edge

Subscribe by email to receive the latest network security news and articles directly to your inbox.
We'll only ever use your email address for sending you our e-newsletters