All Featured Tech Field Day Events

Building Better Policies with Machine Learning and Edgewise Networks

Security seems like it is a never-ending struggle to keep up with the rising tide of vulnerabilities. Even if you think you’ve plugged one hole you quickly find that the water is rushing in through another that you didn’t even realize was there. You could spend your entire career simply chasing after things and never quite getting to the point where you’re caught up enough to rest. Exhaustion makes for bad security policy.

That’s not to mention how quickly the landscape of security enforcement and policy creation can change. If you’d have told me ten years ago that coffee shops would be as popular a place to work as the traditional office, I would have laughed at you. Now, add in co-working spaces, mobile hotspots, and people doing business at 35,000 feet as they streak across the sky. The fact that all these users are accessing data in the cloud makes security even more difficult to achieve. The days of memorizing a few key IP addresses and port numbers are gone. The world of the public cloud makes it very difficult to ensure that authorized people are getting the information they need in a way that prevents exposure.

Machine Learning Made Easy

Thankfully for you, companies like Edgewise Networks have already invested in how to create solutions around these issues. That’s because they’ve already seen how mobile workforces behave and they understand how to fix the issues as they come up. Edgewise is using machine learning (ML) in combination with microsegementation to ensure that workloads are safe and unable to cause issues in your infrastructure.

Firstly, Edgewise does away with using traditional identification for workloads. Gone is the need to rely on IP addressing or port numbers to identify applications or data flows. Instead, the Edgewise Zero Trust agents at the host level ensure that all communications are uniquely identified. That means you don’t have to guess whether or not a new instance of an application running in your AWS environment is the same or different from something else. Edgewise has already identified and categorized it for you. And you can then build that into a policy.

Policy is where Edgewise really shines. Because their machine learning engine is always analyzing the way applications interact with each other to ensure that they are doing what they’re supposed to be doing and preventing people from accessing things they shouldn’t. It’s easy to create basic policies that seem to offer good security but in fact create frustration with your users or, worse yet, holes in your safety net. I specifically remember one instance where I was overseas at a prior job. The company mail server had a policy that I couldn’t access my email when I was on a non-US IP address. It was frustrating that I couldn’t download my email. So, instead I just created a VPN connection to my house and found that I could download all my email.

There are at least two things wrong with that scenario. Firstly, why is “location” the only determining factor? I was logging in with proper credentials from a trusted device. I should have been allowed access. And secondly, why would simply changing my IP address suddenly allow me to get in? Why wasn’t the system looking at other factors, like time of day of access or other potential warning signs?

Edgewise looks at all of that with their ML engine. They see how the application is being accessed. Which host is trying to get to the service. And how it can build the best policy to allow access but prevent others from compromising the connection. That means they’re able to pick up on anomalies much quicker than a human can. Imagine someone suddenly decided to start brute-forcing application access to my public cloud instance at 3 am. Edgewise would notice this is out-of-bounds for typical application access coming from untrusted devices and put a policy in place to disallow access. When you wake up from your well-deserved rest, you can smile as you realize Edgewise has saved your data from a breach without you needed to race to the data center to implement policy.

Bringing It All Together

I’m somewhat skeptical of the idea that ML is going to the solution to all our problems. But I’m happy to see how specific companies are using it in practice because use cases beat marketing hype any day of the week. Seeing how Edgewise is using its ML engine to make the life of security operations and engineering people easier day-to-day is exactly what I was expecting to see from a company doing real things with ML. I’m excited to see how companies embrace the opportunities afforded to them by Edgewise and spend less time worrying about workload protection and more time enabling their users.

For more information for Edgewise and their Zero Trust solutions, make sure to visit

About the author

Tom Hollingsworth

Tom Hollingsworth is a networking professional, blogger, and speaker on advanced technology topics. He is also an organizer for networking and wireless for Tech Field Day.  His blog can be found at

Leave a Comment