June 13, 2019

Edgewise's Mircosegmentation Cybersecurity Gives Companies Another Layer of Protection

Whether you work in tech or not, any form of cybersecurity should be used within your organization. There are so many different, and not to mention scary-sounding, forms of cyberattacks, it can be hard to figure out which one is right for you and your company.

Edgewise Networks is developing a new kind of cybersecurity based around microsegmentation. The company recently closed its newest funding round led by current investors Accomplice and .406 Ventures, with additional participation from Pillar, with $11M raised.

Peter Smith, Edgewise’s Co-Founder and CEO, connected with us to talk about his background and career in Boston tech, what led him to start Edgewise, what microsegmentation is and how it impacts a company’s security.

Colin Barry [CB]: Before we go into detail about Edgewise, I couldn’t help but notice you’ve had a long career in Boston tech. Could you share the details on it and how you met your team at Edgewise?

Peter Smith
Peter Smith, Co-Founder and CEO of Edgewise Networks

Peter Smith [PS]: My tech journey began during my college days when I managed the network for Harvard Business School. While there, I built one of the first versions of a network access controller (NAC) before it became a recognized category. It granted students and faculty different levels of network access depending on their role and location. For example, a student would have different access depending on if they were in their dorm room or the classroom.

Later, I ran infrastructure and security at Endeca. It was there when I realized network operators shouldn’t be using address-based controls such as firewalls to authorize user and application access. The application, itself, was a much stronger control plane.

I then went to Infinio but continued to think about my experiences at Endeca. While there, I met Bob Gleichauf, chief scientist at In-Q-Tel and creator of the Cisco NAC. We talked about my idea for a zero trust security platform that would create policies based on what was communicating instead of how things were communicating. He thought the idea had a lot of merit and with his encouragement, I left Infinio to start Edgewise.

Early investors introduced me to industry veteran, Harry Sverdlove, our CTO, and together we launched Edgewise. Our first hire was analytics and machine learning expert, Dr. John O’Neil, to be the company’s chief data scientist.

CB: What led you to start Edgewise?

PS: There are hundreds of thousands of new malware files appearing daily, with dozens of new vulnerabilities discovered every week. It’s inevitable that exploits will bypass the perimeter and evade traditional threat detection, so it’s clear that enterprise security absolutely has to harden the internal network with a zero trust approach. In a zero trust environment, all entities are treated as potentially hostile and must be verified based on their identity before they are allowed to communicate on the network. As a result, if an attacker gains a foothold, they won’t be able to move laterally to access critical data and applications.

Built on a solid foundation of zero trust, companies must eliminate flat networks (and the ability for attackers to move laterally) through microsegmentation. Over the years we’ve seen how un-segmented networks have facilitated some of the most damaging data breaches—Anthem, Equifax, to name a few. However, the traditional process of microsegmenting the network based on IP addresses, ports, and protocols is complex and time consuming, and once it’s done, it’s still vulnerable to changes in the underlying network, which leaves the organization without substantive security ROI.

If we can search 30 trillion records on the internet in seconds, land rockets on a barge in the middle of the ocean, and drive home without ever touching a steering wheel, there’s no reason we can’t make securing a network through microsegmentation and zero trust simple and fast. All companies need is the right technology. That’s what Edgewise has built.

CB: What are some of the problems in your respective space that you are looking to solve?

PS: Historically, cybersecurity efforts have focused mainly on early detection and rapid remediation of anomalous behaviors or attacks. However, the infinite volume of threats and vulnerabilities is far too much to manage. It really is a matter of “when,” not “if” an attack will succeed in bypassing traditional network security tooling.

However, there are finite communication pathways between applications on a network. If you control application access, even when malware gets past the perimeter, it won’t be able to communicate with other applications, hosts, or services on the internal network and theft of data will be avoided.

Microsegmentation helps secure applications, hosts, and even individual databases on the network and restricts communication to and from these “secure zones.” Most microsegmentation relies on firewalls, but today’s networks—especially cloud and containers—are too dynamic for an address-based approach. As instances are spun up and down and as new applications are continuously deployed, the environment changes. Policies based on network addresses must be constantly reconfigured to accommodate these changes. If one change is missed, the segmentation doesn’t work as intended.

Finally, using legacy tooling to deploy microsegmentation is extremely resource intensive. Even if a microsegmentation project is seen through to completion, it remains a policy management burden, meaning, it’s never truly completed. It takes far too many people-hours to manage traditional microsegmentation, which is why so many companies make due with flat networks even though they’re highly vulnerable to attack.

CB: The word “microsegmentation” is mentioned quite a bit. What does that mean?

PS: Traditional defenses like firewalls and intrusion prevention systems are designed to protect the perimeter and limit traffic into or out of the network, or what is known is “north-south” traffic. Through policy implementation, microsegmentation provides granular control over internal network communication, known as “lateral” or “east-west” traffic. Internal networks are comprised mostly of communication between critical applications and sensitive data stores. Microsegmentation creates a perimeter around each workload. In Edgewise’s world, policies are based on the identity of communicating software. The policies take into account normal workload communication patterns and which communications are authorized. Because the policies are based on permitted applications—not network information—malware is prevented from moving laterally across the network to access valuable digital assets.

When deployed correctly, microsegmentation is a very effective method of security. However, it has traditionally been a very lengthy, complex, and expensive process. Edgewise has simplified that process while improving security control and offering proveable security outcomes.

CB: Say I am a first-time user, could you explain to me how the software for Edgewise works? What is a common use case with it?

PS: Edgewise first creates an accurate map of the network topology and identifies all possible pathways between applications and other resources. There are typically thousands of pathways, and most of them are unnecessary for normal application communication. Unnecessary data paths on the network only increase the attack surface, and Edgewise eliminates those which are not needed for business purposes. This process reduces the number of pathways significantly, mitigating risk. Finally, the software microsegments the network using the principles of zero trust. This entire process typically takes less than a minute.

To overcome the challenges of traditional microsegmentation which rely on IP addresses, ports, and protocols, Edgewise builds policies based on software identity. This way, security teams know with certainty that only verified software is allowed to communicate, independent of its location on the network.

Our software-identity approach combined with zero trust principles—specifically, requiring access verification for every communication request, allowing only identified applications to connect, implementing least-privilege access, and updating policies dynamically using machine learning—enables a method of microsegmentation that provides simple, provable security that isn’t an operational burden.

CB: Your company has recently made news about the two new patents. Congrats! Could you share some advice for startups who may be undergoing the “patent pending” process?

PS: It’s a long, complex process, but protecting key intellectual property is crucial for any startup.

Patents are about protecting yourself and your company, mostly from other companies that want to use patent law against you. It’s important to receive validation from the U.S. Patent and Technology Office (USPTO) that your ideas are actually original and differentiated, especially if you are looking for funding and investment in the company. Many startups have VCs, and those investors want to see that your technology is first, best, and fastest to market. Patents validate your claims and have perceived lasting value.

Getting a patent takes a lot of work to clearly explain your idea; there’s also the cost of patent attorneys. However, it often makes sense to file a patent, particularly if you have close competition that may try to lay claim to your ideas or use their patents against your startup.

CB: Where did you come up with the name for Edgewise Networks?

PS: Everything Edgewise does revolves around how the network is viewed and how that affects the attack surface. For example, take your cellphone and hold it so you are looking at the full screen. That view represents the maximum surface area for an attacker and is a large target. Now turn your phone sideways so you’re viewing its profile. You’ve reduced the visible surface area significantly, by perhaps as much as 80% to 90%. Then view the phone from the bottom. The aggregated set of views is the edgewise view…

Now, consider a visualization of a network’s applications and communication paths. Picture every application on the network as a point in space and the paths by which they communicate as lines between those points. In graph theory, the lines that connect each data point are called “edges.”  

Edgewise’s machine learning algorithm analyzes that graph of connections to discover and reduce the network’s attack surface and create and enforce policies, making it more difficult for attackers to move laterally within a network.  

Analyzing the edges allows you to determine which connections are necessary and which aren’t. Reducing the attack surface isn’t about changing the size of the network, but about determining which pathways can be eliminated to limit the ways an attacker can manipulate a network. With an edgewise view of the network, as well as a wise look at the networks edges of the network, you have the key to preventing attack progression. And with that, you have Edgewise Networks.

CB: Any other additional comments you’d like to make?

PS: The concept of zero trust is simple to explain but has been very difficult to achieve. Zero trust means all communication inside the network is assumed to be potentially hostile and must be identified, then verified, before it is allowed access, and not just once, but continuously. With zero trust, least-privilege access is applied not only to who, but also what are accessing the data, which includes the services and devices touching the data. It’s the most effective way to ensure network security is hardened all the way through. Our aim is to make zero trust and microsegmentation simple, fast, and effective.

Colin Barry is the Content Manager to VentureFizz. Follow him on Twitter @ColinKrash.

Images courtesy of Edgewise Networks