Edgewise Networks, a security startup that’s taking on industry giants VMware and Cisco with its microsegmentation technology, has a simple plan to win market share. Make microsegmentation really simple.

“As far as the microsegmentation space is concerned, it has been viewed as very complex,” said CEO Peter Smith. “Really, the drive behind our pursuit of these patents is bringing extreme simplicity, extreme automation to the problem of microsegmentation and zero trust.”

Microsegmentation enables fine-grained security policies to be assigned to cloud and data center applications. The approach improves network security by integrating it directly into a virtualized workload without requiring a hardware-based firewall. It reduces a company’s attack surface by essentially sealing off workloads from the rest of the network, thus preventing hackers from gaining access to the wider system.

Gartner, in its Market Guide for Cloud Workload Protection Platforms published last month, put microsegmentation as the topd protection strategy after basic security hygiene.

VMware NSX and Cisco Tetration are the industry heavyweights when it comes to this technology. But in recent years, startups like security unicorn Illumio and Edgewise are moving into the space with their own brands of microsegmentation.

In addition to being too complex, Smith says traditional methods of microsegmention take months or years to implement, and those that rely on IP address-based controls require constant updates as environments change. Edgewise’s approach to microsegmentation and zero trust security solves these problems by focusing on security at the software level, using machine learning (ML) to rapidly microsegment networks.

Earlier this month Edgewise received approval from the U.S. Patent and Trademark Office for two new patents that cover key elements for automating microsegmentation. This brings its total approved patents to three with an additional eight pending.

The patents prove that Edgewise can discover what’s happening on a network, and then automatically create policies using advanced analytics to secure communications between applications and other network assets, Smith says.

The company obtained its first patent for zero-trust security in December 2018. It’s called “Network Application Security Policy Enforcement,” and it covers Edgewise’s policy enforcement technology, which enforces the symmetric verification of software fingerprints at both ends of a network communication.

The second, “Automated Load Balancer Discovery,” ensures the company can accurately map application communication pathways using machine learning and statistical methods, across load balancers and NAT (network address translation) environments. Edgewise’s technology can detect load balancers without relying on IP addresses or ports, both of which change in modern networks, and without installing an agent on the load balancer.

And the third, “Network Application Security Policy Generation,” describes how Edgewise uses ML to create the minimum number of policies required to secure access pathways between applications, making policy management easier and more efficient. Through the use of immutable, cryptographic software fingerprints, these policies can detect exploited or manipulated application software and prevent them from communicating, even if they use the same name and communication content as a permitted application.

“I have a hypothesis: that attack paths are the biggest unsolved problem in our industry,” Smith said, adding that the security industry has poured massive amounts of money into threat detection and vulnerability management — but there’s an ever-growing number of threats and vulnerabilities.

“A threat cannot compromise a vulnerability without a pathway of attack,” he continued. “And there are only so many possible pathways of attack. It is finite, as opposed to the unlimited amounts of threats and vulnerabilities. If I have a threat space that is bounded and measurable, why wouldn’t you go whole hog after it? That is precisely what zero trust and microsegmentation does.”

And, he adds, this is Edgewise’s key competitive differentiator. “We can quantify the total amount of attack surface. We can quantify how many of those paths are actually being used, and eliminate them using auto-segment. Cisco, Juniper, Fortinet, Illumio — they can’t do this.”

Jon Oltsik, senior principal analyst at ESG and founder of the firm’s cybersecurity service, says Edgewise has a “very comprehensive approach that combines simplicity and strong security. Edgewise does a lot of the setup work for the customer and then gives them policy options based upon application connectivity.”

This is especially useful to organizations with limited skills and resources in areas like public cloud infrastructure, network operations, and security. “I also like the use of cryptography for application identification and secure communications,” he added.

By providing a combination of visibility, policy management, and policy enforcement Edgewise’s technology stacks up well compared to competitors like VMware and Cisco, Oltsik said. Still, he added. “Edgewise has a big challenge ahead however gaining attention in the market. NSX is a billion-dollar business for VMware, Cisco is killing it with Tetration, and other startups have been out there for a longer period of time than Edgewise.”

Edgewise has “tens” of customers, including Goulston & Storrs law firm in Boston, and “a large telecom provider in the North-East,” Smith said.

Typically, the only other vendor that comes up in conversations with new or prospective customers is Illumio, he said. And when asked if his company’s microsegmention technology is augmenting or replacing other vendors like VMware and Cisco, Smith said it depends on what security problem a customer is trying to solve. If it’s a transition to cloud, for example, then companies want a cloud-native approach like Edgewise rather than VMware NSX or virtual firewalls from Juniper Networks, or Palo Alto Networks, or Fortinet, he said.

But the 3-year-old startup has its work cut out for it to boost its market share and gain visibility in what Oltsik describes as “a very crowded market.”

“To do so, it will need some demonstrable technology testing as well as published big customer wins,” he said. “This should help get Edgewise in more [requests for information and proposals]. It will also have to battle in the trenches at the point of sales to make sure that it gets its due consideration with large customers. The company should probably focus on a few key vertical industries as a way to differentiate itself.”