• United States
John Edwards
Contributing writer

Microsegmentation product snapshots: Edgewise Networks, VMware and ShieldX Networks

News Analysis
Apr 27, 20203 mins

A glimpse of how three microsegmentation products work, key features, and differentiators.

micro segmentation security lock network 2400x1600
Credit: Getty Images

Interest in microsegmentation is growing rapidly. Vendors are stepping forward to help enterprises update their infrastructure security to prevent catastrophic intrusions and data thefts. Here’s a look at three microsegmentation market players, showing what they offer, how they work and the ways they differ.

Edgewise Networks zero-trust environment

Product name: Edgewise Zero Trust Segmentation

What it does: Edgewise takes the position that address-based controls aren’t sufficient to protect enterprise assets, particularly in cloud environments where security teams have only limited control over the network. The company says it’s the only vendor to offer a zero-trust platform that microsegments data and applications via a cryptographic identity fingerprint instead of with traditional address-based controls.

Key features: Edgewise promises to eliminate unnecessary communication paths and shrink attack surfaces by more than 90%. The product automatically creates a compressed set of policies that enable organizations to build zero trust security. Users can review policies created by machine learning and simulate their effects prior to enforcement. As a network overlay, there’s no need for major architectural changes.

Differentiation: Promises to place protection as close to data as possible. Application-aware policies travel with all applications and services to limit potential compromises to the affected asset, not the entire network. The product automatically identifies all communicating software and suggests zero-trust policies, which can be applied with a single click.

VMware takes agentless approach

Product name: VMware NSX

What it does: VMware NSX is a networking and security platform that’s designed to deliver infrastructure microsegmentation across the entire data center. Adopters can prevent unauthorized lateral movements by using VMware NSX’s microsegmentation capabilities to define and enforce network security policies consistently on any workload hosted anywhere within their environment. Security policies are applied whenever a virtual machine spins up, can be moved when a VM is migrated, and removed when a VM is deprovisioned. NSX secures communication within a virtual network with flexible security policies that are designed to reflect business logic and workflows. Beyond using IP addresses, NSX policies incorporate identifiers such as virtual machine name, virtual network and OS.

Key features: An agentless approach that supports layer 7 security policies. A single management pane. The ability to lock down critical apps. Users can create a logical DMZ in software. Flexible security policies are aligned to virtual network, VM, OS type and dynamic security tags for granularity of security down to the virtual NIC.

Differentiation: Microsegmentation is provided as part of an integrated networking and security platform; agentless technology.

ShieldX Networks emphasizes automation

Product name: ShieldX Elastic Security Platform

What it does: ShieldX’s microservices platform combines network-based security with application and infrastructure technologies. The product’s automated approach is designed to ensure that microservices are inserted only when and where they are needed. Microservices are inserted directly into infrastructures, allowing for automated intent-based security policies. Security features and microsegmentation can be scaled on demand to support business innovation, meet compliance requirements and protect organizations against the latest cyberattack methods. The product is also designed to ensure that no workloads in hybrid or multi-cloud environments are more vulnerable than others.

Key features: Offers the ability to create policies using a machine-learning algorithm. Microservices can be upgraded without disrupting network traffic. A Global Threat Configuration display presents the total number of threats along with detailed information. An Event Explorer feature lets users deny connections and build zero trust policies. Visualization maps provide the ability to tie applications to view specific vulnerabilities and suggested protections.

Differentiation: An automated infrastructure with security features and applications is designed to ensure that agents are inserted when and where they are needed. Microsegmentation scaling on demand.