BlastWave today launched a BlastShield offering that combines a software-defined perimeter (SDP) with microsegmentation and passwordless multifactor authentication (MFA) to make it easier to enforce identity-based zero-trust security policies on edge computing platforms.
Tom Sego, BlastWave CEO, said that while IT teams could combine multiple technologies themselves to enforce those policies, the BlastShield platform pre-integrates those capabilities in a way that makes them easier to deploy.
Microsegmentation, also known as cloaking, makes it easier to hide workloads by limiting communications between hosts based on an identity assigned to it. Should an edge computing platform be compromised, that approach limits the blast radius to only the systems with which that edge computing platform has permission to establish a connection. On top of that capability, BlastShield layers an SDP infused with MFA capabilities to ensure malware doesn’t laterally move across what has become an extended enterprise.
The BlastWave approach is also both more cost-effective and secure than implementing a traditional virtual private network (VPN) for each edge computing platform, noted Sego. BlastShield also only takes a few minutes to remotely install on virtual machines, cloud platforms, bare-metal X86 platforms or as a host agent to provide a lightweight secure gateway. It requires virtually no configuration or change to the underlying network fabric or hardware, added Sego.
The level of difficulty involved in securing edge computing platforms is critical because each new application installed on these platforms extends the attack surface already overstretched cybersecurity teams need to defend. Organizations that are attempting to integrate disparate security technologies themselves will not be able to keep pace with the rate of change in these environments, said Sego.
It’s not clear to what degree organizations are taking security into account as they rush to deploy applications at the edge. Most of these edge computing platforms are being deployed to make it easier to process and analyze data in near-real-time at the point where it is being created and consumed to help drive either an internet of things (IoT) application or some other digital business transformation initiative. As usual, the rush to embrace a new style of computing appears to be outpacing the ability of organizations to secure it. Cybercriminals have already taken note of a growing number of edge computing platforms that provide an entry point through which they can distribute malware across an extended enterprise.
At this juncture, there’s no slowing down the rise of edge computing. However, cybersecurity teams should take note of the fact that, unlike previous generations of edge computing platforms, almost every instance is now connected to a network that provides access to a gateway through which a wide range of backend services are accessed via application programming interfaces (APIs). Once an edge computing platform is compromised, malware may be laterally moving across those networks for weeks before being activated. At that point, organizations may easily find themselves spending weeks looking for instances of malware that could, by then, be almost anywhere unless, of course, the boundaries through which that malware can pass through have been strictly limited.