Edgewise Networks launched on Wednesday with a project to reengineer the firewall and make it suitable for cloud-based environments by moving beyond traditional address-centric controls.
The US startup's so-called Trusted Application Networking technology is designed to block the spread of network-borne threats by allowing only legit applications to communicate over approved network paths. This defense mechanism – which is aimed at data centers and cloud environments rather than enterprise LANs and WANs – looks beyond network addresses, instead validating the identity of applications, users, and hosts.
The name of the game is to safeguard critical cloud and data center apps rather worry about controlling the flow of network traffic by port and destination, the traditional role of the firewall. Edgewise Network claims it uses machine learning to model application communication patterns and generate protection policies for a business.
Chief exec Peter Smith told El Reg: "Edgewise Networks does not do deep packet inspection. We're looking past the packet to identify software and connections."
It's hoped this will stop software nasties, such as the SMBv1-exploiting NotPetya, from spreading across networks. The technology is delivered as a cloud-based service, with a software agent running on end points.
Chief technology officer Harry Sverdlove said that while traditional firewalls can be compared to a phone switchboard that blocks calls depending on the caller ID, and that app-aware firewalls are like telephone equipment that can identifying a voice call is in progress and its language, Edgewise's system validates the person or party making the phone call. In data centers, these parties will be various enterprise software applications chatting among themselves.
Other vendors are grappling with next-generation firewall defenses in data centers. Other notable initiatives along these lines include an alliance to integrate Fortinet's intrusion prevention and management capabilities into Microsoft Azure Security Center to better protect cloud workloads against malware and miscreants. That deal is more about intrusion detection – aka high-tech burglar alarms – than reimagining the firewall, as such.
Edgewise's technology competes with micro-segmentation products from the likes of vArmour, but goes beyond them in its capabilities, the startup told El Reg.
Segmentation, micro-segmentation, and VLANs are based on addresses, ports, and protocols, and in some cases on pulling open the packets and looking at the content of the traffic. But these constructs are fundamentally limiting, especially in dynamic environments like cloud and data centers. Edgewise policies are based on the actual applications or services communicating, the actual users running those applications, and the hosts or containers on which they are running.
They are not dependent on the network addresses or the content of their conversation, making it far more secure (harder for a malicious actor to spoof valid communication or hijack user sessions) and far more agile, so the policies work regardless of where they are deployed (e.g. private network, hybrid cloud, public cloud).
Edgewise's tech is pitched at, among others, retailers, financial service firms, and cloud providers. One infosec pundit described the protections as a "properly implemented default deny."
Clive Longbottom, the founder of analyst house Quocirca, agreed that standard firewalls are unsuited to operation in cloud environments while suggesting that Edgewise will have challenges of its own to contend with.
Longbottom told El Reg: "The big problem is that these days there are no defined edges to a network. Therefore, you have to create them.
"The use of defined paths means that those edges – in reality, contact points – can be created and any traffic to do with a task routed through these specific paths. Rules can then be applied; deep packet inspection can be carried out on a per path or stream basis. Standard firewalls cannot operate this way easily."
Kurt Seifried, a senior software engineer at Red Hat product security and a contributor to the Cloud Security Alliance, added: "We've known we need smarter network controls for a while now."
Edgewise Networks was founded by Smith, a cybersecurity entrepreneur, and Sverdlove, former CTO of Carbon Black (formerly Bit9). The biz has banked $7m from early investors including New England venture capital firm .406 Ventures and tech chief execs from the Boston area including Patrick Morley of Carbon Black, Omar Hussain of Imprivata, and Bob Brennan of Veracode. ®