Edgewise Networks Inc. said today it has raised $11 million in venture funding and also launched a new platform that it claims can radically shorten the time needed to create and manage “zero-trust” security environments using an increasingly popular network security technique called microsegmentation.

The Massachusetts company, which emerged from stealth mode nearly two years ago, said the new funding comes from existing investors .406 Ventures LLC and Accomplice LLC, with additional participation from Pillar Companies LLC. It has raised $18 million in total.

Microsegmentation is a network security technique that isolates workloads from each other to reduce the risk of lateral communication between devices, which can be a gateway for attackers. Networks based on the internet protocol were never designed to be secure, so devices on the same network can connect to each other by default. Attackers who compromise one device can use this characteristic to spread their attack surface to other personal computers and servers on the same network.

With the growth of network virtualization, organizations are increasingly using microsegmentation as an alternative to firewalls to provide a more granular level of protection. The practice is typically part of a “zero-trust” approach to security, which assumes that no device on the network can be trusted.

However, the process of creating microsegments is slow and manually intensive, said Chief Executive Peter Smith. “Typically, a user has to collect months of data to figure out how data is used before grouping devices into logical segments,” he said. “It’s so complex that it can take eight to 16 months to complete a project.”

One-click microsegmentation

Edgewise says it has reduced that process to a single click by using machine learning to observe communication patterns and recommend microsegments. It claims its technology can shrink an attack surface by more than 90%, automatically segment applications and hosts and create a compressed set of zero-trust security policies.

“We observe access patterns and build a machine learning model that identifies what accesses are necessary,” Smith said. “The model automatically builds all of the policies for you.”

The cloud-based service requires users to install a software agent on each network device to be monitored. The agent sends traffic information to the machine learning engine in the cloud, which issues a new set of policy recommendations every four hours. Administrators can override or fine-tune those recommendations, as well as permit connection requests to go through while generating an alert.

Edgewise prevents lateral movement across the network by allowing only applications verified by their cryptographic identity to communicate. It uses properties of the workload rather than IP addresses to create unique identities for each device or process.

“We verify connectivity on both sides of the connection and verify the software that made the connection,” Smith said. “Every time a connection occurs we revalidate that it’s a valid connection.”

Smith said the company has received three patents for its technology, which goes live today. Pricing is per device, but Edgewise wouldn’t provide further details.

Image: Flickr CC