What is Edgewise?
Edgewise was a pioneering company in securing application-to-application communications for public clouds and data centers, which was purchased by Zscaler in May 2020.
The Edgewise story
Edgewise was founded in 2016 with the goal of eliminating data breaches and application compromise against companies’ critical business applications. Its founders believed that flat, unsegmented networks were to blame. This structure allows attackers to move laterally on companies’ unprotected network paths to reach vulnerable targets. To combat this, many organizations turned to the practice of microsegmentation, a well-known defense against unauthorized access. However, performing segmentation using legacy appliances and systems, such as virtual LANs (VLANs), firewalls, and access control lists (ACLs), proved too resource-intensive and too complicated to implement and manage, resulting in too little security for too much money.
So Edgewise decided to do microsegmentation a bit differently—delivering simple microsegmentation by using software identity, unlike legacy approaches that relied on address-based controls, which were too complex to implement. Using machine learning, Edgewise developed a process to automatically build identity-based policies that protect any application in any cloud or container, without any changes to a user’s network. Edgewise verified the machine’s identity, as well as the software’s identity, before allowing communication to stop application compromise and data breaches.
This innovative approach led Gartner to recognize Edgewise as a 2018 Cool Vendor.
In short, using a different approach to microsegmentation, Edgewise developed a way to improve the security of east-west communication by verifying the identity of application software, services, and processes to achieve a zero trust environment, which measurably reduces the attack surface and lowers the risk of application compromise and data breaches.
A new approach to microsegmentation
But what is microsegmentation? Well, microsegmentation originated as a way to moderate traffic between servers in the same network segment. It has evolved to include intra-segment traffic so that Server A can talk to Server B or Application A can communicate with Host B, and so on, as long as the identity of the requesting resource (server/application/host/user) matches the permission configured for that resource.
Policies and permissions for microsegmentation can be based on resource identity, making it independent from the underlying infrastructure, unlike network segmentation, which relies on network addresses. This makes microsegmentation an ideal method for creating intelligent groupings of workloads based on the characteristics of the workloads communicating inside the data center. Microsegmentation, a fundamental part of the zero trust framework, is not reliant on dynamically changing networks or the business or technical requirements placed on them, so it is stronger and more reliable security. It’s also far simpler to manage—you can protect a segment with just a few identity-based policies instead of hundreds of address-based rules.
Microsegmentation is a way to create secure zones so that companies can isolate workloads from one another and secure them individually. It’s designed to enable granular partitioning of traffic to provide greater attack resistance.
With microsegmentation, IT teams can tailor security settings to different types of traffic, creating policies that limit network and application flows between workloads to those that are explicitly permitted. In this zero trust security model, a company could set up a policy, for example, that states medical devices can only talk to other medical devices. And if a device or workload moves, the security policies and attributes move with it.
By applying segmentation rules down to the workload or application, IT can reduce the risk of an attacker moving from one compromised workload or application to another.
Microsegmentation is the future of modern data center and cloud security; but not getting the microsegmentation-supporting technology right can be analogous to building the wrong foundation for a building and trying to adapt afterward.
Edgewise and Zscaler
The world of enterprise security has changed and perimeter-based network security has become less relevant and much less effective. Organizations are facing a world of highly sophisticated threats with antiquated security technology, leaving them vulnerable. For example, enterprises face significant threats from attacks that can freely move laterally within the network as east-west traffic. A single compromised server allows an attacker to harm multiple servers and applications on that network.
The Edgewise technology discovers individual applications and their legitimate communication patterns and, using AI and machine learning algorithms, automatically creates and enforces authorized communication to provide application segmentation. And there is growing consensus in the security world that this is a far superior approach than legacy network segmentation for security.
There is also growing sentiment that modern security should be focused on protecting users, applications, and data. Zscaler secures connections between users and applications, based on business policies, without connecting them to the corporate network—an approach known as zero trust network access (ZTNA). So adding a solution that secures app-to-app communication made perfect sense. The acquisition of Edgewise broadened the Zscaler cloud-native platform to deliver stronger security in public clouds and data centers.
Zscaler Workload Segmentation
Zscaler incorporated the Edgewise technology into its Zscaler Workload Segmentation (ZWS) offering. ZWS simplifies microsegmentation by automating policy creation and management while protecting your applications and workloads in the cloud and data center.
With one click, ZWS reveals an organization’s risk and applies identity-based protection to workloads—without any changes to the network. Its software identity-based technology provides gap-free protection with policies that automatically adapt to environmental changes. In short, ZWS makes it easy to eliminate your network attack surface.