Edgewise Networks today emerged from stealth mode with $7 million in funding for its zero-trust network security technology.
Traditional firewalls provide security by permitting trusted IP address to access the network. But these can fail because hackers can fake IP addresses.
Edgewise takes a different approach — a zero-trust networking model — that secures data centers and hybrid cloud environments by using machine learning to validate the identity of applications, users, and hosts controlling the addresses.
“This says stop trusting IP addresses. They don’t actually mean anything,” said Peter Smith, CEO of Edgewise Networks.
Smith, a former Infinio Systems VP, and Harry Sverdlove, previously the chief technology officer of Carbon Black (formerly known as Bit9), founded the Burlington, Massachusetts-based company last year.
In addition to funding from New England venture capital firms .406 Ventures, Accomplice, and Pillar, Edgewise investors include a handful of security company CEOs. These backers include Carbon Black CEO Patrick Morley, former Imprivata CEO Omar Hussain, Threat Stack CEO Brian Ahern, and Veracode CEO Bob Brennan.
A zero-trust model assigns rules and policies to workloads, virtual machines (VMs), or network connections. It only allows necessary actions and connections in a workload or application, and blocks anything else.
This concept is central to microsegmentation — and Smith said Edgewise’s primary competitors are microsegmentation technologies and companies including VMware’s NSX and Illumio.
“Even though microsegmentation lets the firewall see a lot of the traffic, it can only stop overtly malicious activity,” Smith said. “It can’t see who are the people actually talking.”
He says Edgewise’s product, called Trusted Application Networking, can do this.
“It asserts the identity of the application, the user controlling the application, and the host on which the application is running,” he said. “We take all three of these values and we mutually validate them on both sides of the connection so both sides know exactly who is talking to whom.”
The software also uses machine learning to build protection policies automatically. Smith said it’s less complex than microsegmentation, however. Instead of generating tens of thousands of protection policies, the Edgewise policy engine generates a much smaller policy set while still providing broad protection.
The technology also allows “one-click” policy enforcement. The dashboard shows risk exposure across IT environments, both on-premises and in the cloud, recommends and prioritizes security policies. IT departments can then protect applications with one click on the application flow diagram.
The product can eliminate 98 percent of network attack surface and protect the other 2 percent, Edgewise claims.
Its customers include a Boston-area financial services company, an online media company “who you probably use everyday,” Smith said, a travel company, and an online marketing automation company.