Software Identity

Simplifying segmentation and increasing security with unique approach complemented by machine learning.
Microsegmentation projects stall due to high operational complexity and lack of demonstrable increase in security. Edgewise technology automates and simplifies microsegmentation with a unique approach that includes the application of machine learning. This can be explained in 4 steps.

1. Builds software identity fingerprints

Know what software is communicating
To detect and stop attacks on your networks, you first need a clear understanding of all software, hosts, and processes and how they’re communicating. To identify your complete application topology, Edgewise builds fingerprints for every communicating workload. Fingerprints are based on identity attributes sourced directly from the kernel and include information such as the SHA256 hash, file path, code-signing certificates, and loaded modules. Each fingerprint is constructed at the moment the software first requests a network resource (before it’s allowed to communicate), and allows security policy to be applied directly to the workload, independent of the infrastructure it traverses.

2. Recommends identity-based policies

Strong segmentation with fewest policies
Edgewise provides machine learning-driven policy recommendations based on the identity of your communicating software and a statistical model of the environment. This combination allows Edgewise to determine normal versus abnormal interactions and behaviors and lets users quickly identify and prevent risky communications. Behavioral factors could include frequency and rate of connectivity or dependencies that have never occurred.

3. Detects anomalous connections

Know when software communicates unexpectedly
When Edgewise detects anomalies in application communication behavior, administrators are automatically alerted so they can investigate. Anomalies might result from a new host or a process running in the environment, a change in the rate of bandwidth consumption, or a new relationship between two pieces of software that is initiated for legitimate reasons. Networks change all the time, and Edgewise does not restrict approved communications or make the network more complex, but Edgewise does provide real-time information on potential problems.

4. Enforces protection policies

Allows only verified software to communicate
As an application requests access to the network, either via a listen socket or outbound connection request, the Edgewise kernel module intercepts the request, validates the fingerprint of the requesting application, and enforces applied policies against the fingerprint. If a policy denies the connection, an “operation not permitted” error is returned to the application and packets are not created or allowed on the network. The Edgewise agent is a pre-connect validation to ensure only trusted software is allowed network access.

Edgewise SaaS Architecture

Scales and adapts in dynamic environments

Edgewise is a Software-as-a-Service (SaaS) product that is simple to deploy with zero disruption to business services. The Edgewise cloud performs all the machine learning analysis and policy creation—avoid the complexity of hosted infrastructure. Lightweight Edgewise agents are installed on servers in your environment and connect to the Edgewise cloud to receive policies. The agents cache the policies locally so even if there is temporary loss of internet connectivity, security remains in place with no interruptions to your business. The agents, dynamically loadable kernel modules, are designed for high stability, very low latency and scalability in distributed environments.


High performance network control

Edgewise eliminates ongoing performance overhead typical of other network security tools. After verifying the identity of the software attempting to connect, the Edgewise agent facilitates normal communication, without any interference. The agent consumes about 0.10% steady-state CPU, 10MB memory on a heavily loaded system, and under 10 microseconds latency during establishment of the initial connection. The kernel level position of the agent assures tamper resistance.

Stay on the cutting edge

Subscribe by email to receive the latest network security news and articles directly to your inbox.
We'll only ever use your email address for sending you our e-newsletters