Edgewise Networks, a security startup that's taking on industry giants VMware and Cisco with its microsegmentation technology, has a simple plan to win market share. "As far as the microsegmentation space is concerned, it has been viewed as very complex," said CEO Peter Smith. "Really, the drive behind our pursuit of these patents is bringing extreme simplicity, extreme automation to the problem of microsegmentation and zero trust." Microsegmentation enables fine-grained security policies to be assigned to cloud and data center applications. The approach improves network security by integrating it directly into a virtualized workload without requiring a hardware-based firewall.
Networking is a challenging field and made more so by the use of hybrid networks or combinations of internal and external subnets. Security controls based on network addresses have a long and distinguished history of success at protecting organizations, but they are also not without certain limitations. I discussed the concept with Peter Smith, CEO of cloud security organization Edgewise Networks, Reuven Harrison, CTO and co-founder of network security policy automation provider Tufin and Nitin Agale, senior vice president of Product Strategy and Marketing at security solutions provider Securonix. Scott Matteson: What are the latest challenges with network address-based security controls? Peter Smith: In the cloud, operators have far less control over the network, and addresses are ephemeral so it's too complex to manage address-based firewall rules.
Traditional cybersecurity measures focus on protecting data center infrastructure. But with changing application architectures, and the growth of the cloud, cybersecurity must increasingly shift focus to protecting applications and data, rather than just the infrastructure they run on. "Organizations traditionally focus most data center security controls and policies on servers and networks, but the priority should be to focus and align those controls on their critical applications and sensitive data rather than the infrastructure they run on," said Tom Corn, senior vice president of security product at VMware. As apps become the new focal point for security, new questions arise. Security teams must adjust to meet the new challenges they're likely to face, and organizations must revisit the prior choices they've made about technology and policies to ensure a strong defense.
Organizations traditionally focus most data center security controls and policies on servers and networks, but Tom Corn, senior vice president of security product at VMware, believes organizations should make it a priority to focus controls on their critical applications and sensitive data rather than the infrastructure they run on. Traditional security tools and policies do not allow companies to see what's happening with applications -- or the data within them -- at any particular point in time. As apps become the new focal point for security, new questions arise. Security teams must adjust to meet the new challenges they're likely to face, and organizations must revisit the prior choices they've made about technology and policies to ensure a strong defense. Focusing security on infrastructure components -- such as endpoints, servers and networks -- made sense when companies housed applications on a single machine.
A new service from VMware, announced Monday at the 2017 VMworld conference, could make it easier for businesses to secure apps and data running in virtualized and cloud environments. VMware AppDefense relies on intent-based security, and can automate a security response if something is wrong. Tom Corn, senior vice president of security products at VMware, told TechRepublic that the security team at VMware has been working on AppDefense for two years. The product aims to shift the focus of security from servers and infrastructure to applications and data. The idea stems from one central question: "Can you look at the infrastructure through the lens of the application--what you're really trying to protect?" Corn said.