AI Network Security Tool Autonomously Performs Microsegmentation

For Goulston & Storrs, a leading US real estate law firm, network security is paramount. The company, which has offices in Massachusetts, New York and Washington, DC, processes large amounts of sensitive customer information.

To help provide security, Goulston & Storrs turned to 3-year-old Edgewise Networks, a provider of an AI network security platform.

The vendor, headquartered in Burlington, Mass., sells a platform that uses AI and machine learning to automatically implement and maintain trustless network microsegmentation. It can run on cloud, hybrid cloud, and on-premises.

Automated microsegmentation

“There is a huge reliance on humans to perform certain tasks at regular intervals to maintain security,” said John Arsneault, CIO of Goulston & Storrs.

Edgewise does this automatically, he said.

“It puts almost no pressure on IT and security professionals” while improving security, Arsneault continued.

Microsegmentation is the process of breaking down a network into smaller segments to make it harder for an attacker to gain access to an entire system. Each segment acts as its own barrier: if an attacker broke into a system, the intruder would first be able to gain access to only one segment, rather than the entire system.

This type of zero-trust system assumes someone is breaking in and trying to lock the attacker into a small space, said Peter Smith, founder and CEO of Edgewise.

Edgewise uses AI to automatically apply microsegmentation to networks.

Machine learning models

It’s not a new concept, and Edgewise isn’t the only tool to help with microsegmentation. However, Edgewise positions itself as unique by touting how it uses AI network automation and security capabilities to accelerate the time it takes to build and deploy microsegmentation.

[Edgewise] puts virtually no pressure on IT and security professionals.
John ArsneaultCIO at Goulston & Storrs

What can take a customer months to deploy manually can take Edgewise hours, powered by AI network security models, Smith said.

The original idea came while Smith was studying a can of cola, he explained. Smith noticed that each box bears an identifying serial code. He figured that if a can of soda had a unique identifier, so should software and devices.

Smith discovered about 30 immutable properties to identify every piece of software, container, and device in a complete environment. These, along with telemetry data about how software communicates, enter a machine learning model to group together similar devices, software and relationships, forming the basis of a segmented network.

Groups, while presented to users at a high level, create segments that are typically 25 to 75 times smaller than if someone created them manually, Smith said.

Arsneault, who is a friend of Smith, said he spearheaded Smith’s ideas while the Edgewise platform was still in development.

“I thought the idea was fantastic,” Arsneault said.

Limited offense

With a flat network, a single mistake can cause a major breach, Arsneault said.

“Edgewise enables [breaches] happen, but once the person … has access to that particular account or system, they can no longer move around the environment,” he said.

Goulston & Storrs became one of Edgewise’s first customers, and the platform took “almost no effort” to deploy, Arsneault said.

However, it took some effort to refine the models at first, Arsneault said, but now, after two years of product updates, that process is much easier.

“I feel significantly better than before this thing was deployed,” Arsneault said. “It gives you an ace up your sleeve.”

Kevin M. Risinger