A growing number of organizations are either outsourcing their services or partnering with other organizations to scale and offer a greater variety of services. What this means is that remote locations are increasingly being utilized for service delivery. But what does that mean for overall enterprise security?
Given that more and more workloads are also moving to remote locations, it’s up to organizations to be sure that these locations stay secure. That’s where edge computing security comes in. It protects the endpoints and any remote networks that might be vulnerable to attack by malware-infected devices or unauthorized users.
Also see: 7 Enterprise Networking Challenges
What is Edge Computing Security?
Edge computing security refers to securing enterprise data and devices (resources) that are no longer stored within the secure confines of a centralized data center. The term is typically used with 5G, Internet of Things (IoT), and fog/cloud computing.
Due to their distributed nature, edge systems can be difficult to manage with traditional tool sets such as antivirus software or firewall services. To help organizations combat this, some vendors offer specialized solutions designed for devices running on an edge network.
Also see: Best Network Management Solutions
Top Edge Security Vendors
- Palo Alto Network
- Barracuda Networks
- Bitglass (Forcepoint ONE)
- Check Point Software Technologies
- Cato Networks
- What is SASE?
- Features of Edge Security Solutions
- Benefits of Edge Security Solutions
- Considerations When Implementing Edge Security
All companies have different needs and should choose the best vendor based on their use cases. The following list includes the top edge security vendors in the market today.
Symantec (also known as NortonLifeLock) is a subsidiary of Broadcom. The company offers cybersecurity software and services to individuals and businesses using a data-centric SASE approach that improves network and security services while reducing complexity and boosting security. The system provides endpoint protection, network protection, and data protection. They also offer cyber threat analysis and cyber defense services.
- Its application control manages file access and registry access as well as how processes are permitted to function.
- Symantec device control restricts access to specific hardware, and controls which devices may upload or download data.
- Symantec protects web and cloud access by controlling network traffic across all ports and protocols, regardless of the corporate user’s location.
- Symantec uses its global intelligence network for attack surface reduction, breach prevention, and detection and response to ensure the safety of all endpoint devices.
- Fully cloud-based, on-premises, and hybrid deployments are supported.
- Web control
- Application control
- Asset management
- Device control
- System isolation
- Endpoint intelligence
- Malware detection
- Automated remediation
- Incident reports
- Behavioral analysis
Prisma Access is Palo Alto Networks’s edge security platform that claims to “protect the hybrid workforce with the superior security of ZTNA 2.0 (zero trust network access) while providing exceptional user experiences from a simple, unified security product.” It integrates best-in-class threat prevention and device management capabilities for a complete, end-to-end solution for data protection at the network edge.
The platform firewall as a service (FWaaS), cloud access security broker (CASB), cloud secure web gateway (SWG), and autonomous digital experience management (ADEM) security service secures the endpoint, network, and data with multiple levels of protection.
- Prisma Access uses ZTNA 2.0 architecture to stop zero-day threats in real-time with fully realized least-privileged access and continuous trust and threat verification for all users, devices, apps, and data.
- It offers a single cloud-delivered solution that integrates security, software-defined wide area network (SD-WAN), and autonomous digital experience management.
- Palo Alto Networks’s cloud SWG delivers enterprise data loss prevention (DLP) and CASB capabilities via software-as-a-service (SaaS) security and provides enhanced risk detection, regulatory assurance, data governance, user behavior monitoring, and advanced threat protection.
- It offers data security with its machine learning (ML)-powered DLP and provides complete visibility into performance metrics across all endpoints, networks, and applications.
- Advanced threat detection
- Behavioral analysis
- Secure web gateway
- Policy management
- DNS (Domain Name System) security
- Enhanced application logging
One of the most prominent edge security solutions on the market is Akamai. The Akamai Cloud Delivery Platform offers services enabling businesses to secure their data anytime.
They also provide security solutions for enterprise clouds, apps, APIs (application programming interfaces), and users. In addition, Akamai intelligent edge platform uses artificial intelligence (AI) to identify potential risks, vulnerabilities, and threats before they occur.
- Akamai reduces attack surfaces proactively by promptly preventing attacks with its zero-second service-level agreement (SLA).
- 200+Tbps (terabit per second) Akamai Intelligent Edge Platform with Prolexic’s 20 anycast global scrubbing centers with 10+Tbps dedicated capacity provide high-capacity protection.
- Advanced malware detection engines protect against zero-day attacks and complex threats. Users can prevent or manage content uploads that include sensitive data such as PII, PCI DSS, or HIPAA.
- Its Global IP Anycast feature enables the usage of a logical name server across different physical servers distributed worldwide.
- Its Domain Name System Security Extensions (DNSSEC) may help companies prevent attacks caused by DNS forgery.
- Akamai lets users manage DNS as code by enabling developers to automate Edge DNS using APIs and current management solutions.
- Unified security posture
- Extensive SLAs
- Threat intelligence
- Payload analysis
- Application control
- Analysis and reporting
Cisco is an IT and networking company specializing in switches, routers, cybersecurity, and IoT. Cisco offers a suite of products that protect the on-premises, remote, or hybrid workforce.
For example, the Cisco Umbrella solution uses its SASE architecture to protect data and enforce policies across applications, devices, users and groups. It also offers security intelligence operations (SIO) — an advanced security infrastructure that provides threat identification, analysis, and mitigation.
In addition, Cisco’s Stealthwatch Cloud provides continuous visibility into an organization’s environment, so security teams can detect problems before they become costly breaches.
- According to Cisco, its Umbrella solution, built on its SASE architecture, is used by over 24,000 global organizations. It also has a threat operations center staffed by a global team of security analysts and automated tools that extract actionable intelligence.
- Cisco Umbrella SWG provides comprehensive visibility into web traffic and antivirus and advanced malware protection, decryption, sandboxing, granular app activity, and content management — all from a single interface.
- Its DNS-layer security prevents attacks and filters unwanted domains, cloud apps, and IP addresses.
- Umbrella DLP analyzes sensitive data for visibility and management and proactively alerts security teams of leaks and suspicious file transfers.
- Data loss prevention
- Cloud-delivered firewall
- DNS-layer security
- Cloud access security broker
- Remote browser isolation
- Secure web gateway
Barracuda Networks is a cloud and network security platform provider. It offers data protection, threat prevention, and application security for over 200,000 organizations worldwide. In addition to its traditional products, it also provides cloud-delivered, hybrid, and on-premises solutions.
Barracuda Networks offers a cloud-native SASE platform, which controls data access from any device, regardless of location, and enforces security policies in the cloud, at the branch, or on the device. In addition, the platform combines FWaaS, SD-WAN, ZTNA, and SWG as key features, enabling businesses to buy fewer purpose-built solutions.
- It offers advanced threat and malware prevention, antispam, and complete network access control.
- The solution results from a collaborative development effort between Microsoft and Barracuda. Its SASE solution is built natively on Azure, combining secure SD-WAN with cloud-native next-generation security capabilities.
- Barracuda CloudGen Access provides least-privileged access to authorized applications without compromising a private network, and it aids in the enforcement of detailed policy controls.
- Its cloud-based SASE offers multilayered next-generation security, including secure SD-WAN functionality, zero-trust access, and web security.
- Firewall as a service
- Zero trust network access
- Software-defined wide area network
- Threat intelligence
Zscaler is a leading provider of cloud-based cyber security for businesses. Its Zero Trust Exchange is a “cloud native SASE platform built for performance and scalability.” It is designed to protect against today’s constantly evolving attacks by leveraging the power of intelligent automation and machine learning, threat intelligence, and analytics.
The platform secures edge across over 150 data centers and detects over 150 million threats daily. It also processes about 200 billion transactions daily at peak periods. In addition to leveraging machine learning algorithms, it provides complete visibility across all data and systems to reduce risk exposure and detect advanced threats.
- Zscaler inspects all connections, regardless of user, endpoint, app, or encryption, from a secure web gateway through a cloud access security broker and zero trust network access.
- Its proxy-based architecture offers a full inspection of encrypted traffic across SWG, CASB, and a suite of security services at scale.
- The proximity of security and policy to users minimizes unnecessary backhauling while augmenting current SD-WAN solutions.
- The attack surface is reduced by hiding apps behind the Zscaler Zero Trust Exchange.
- Zscaler prevents intrusion by securing all user-to-app, app-to-app, and machine-to-machine communications.
- Advanced threat protection
- SSL (Secure Sockets Layer) inspection
- Threat and data protection
- Zero-trust access
Bitglass merged with Forcepoint, a cybersecurity company, and created a product called Forcepoint ONE. Forcepoint ONE integrates a secure web gateway, cloud access security broker, zero-trust network access, secure access service edge and security service edge to form one unified platform for enterprise endpoints and networks. This platform allows businesses to centralize management for all user-generated data in the cloud or on-premises.
- Forcepoint ONE offers clients cloud or on-premise options for key services like encryption, endpoint control, malware detection, compliance reporting, and other layers of protection.
- Forcepoint ONE content disarm and reconstruction (CDR) are deployed on the boundary to ensure malware-free web browsing, email, file upload, file sharing, and web apps.
- It protects sensitive data on managed and unmanaged devices with agentless or agent-based security.
- Since 2015, its SWG has had 99.99% uptime.
- Forcepoint protects organizations against malware by detecting and quarantining threats before they reach the network. It automatically detects and blocks malware in file uploads and downloads.
- Threat protection
- Remote browser isolation
- Zero trust CDR
- Risk adaptive DLP
- On-device SWG
Check Point Software Technologies is an Israeli-based company. It offers a range of security solutions for enterprise, government, and small-business customers. Harmony Connects is Check Point’s SASE solution; it provides zero-trust access control, SWG, CASB, and FWaaS to protect users and branch offices with enhanced threat prevention and data security.
- This provider claims its unified security architecture reduces OpEx (operating expenses) by up to 40% and CapEx (capital expenses) by 20%.
- Check Point promises high availability, with a 99.999% uptime SLA.
- Check Point Quantum IoT security solution detects and evaluates each IoT device on the network, prevents unauthorized access with zero-trust segmentation, and blocks IoT malicious intents with 300+ IPS (intrusion prevention system) signatures and on-device run-time protection.
- Check Point secures users and data with a cloud IPS, granular access controls, and a cloud DLP.
- Its CASB capabilities offer in-line and API-based SaaS security with DLP, advanced threat prevention, granular zero-trust access and permission controls, and visibility into authorized and unauthorized SaaS use.
- IoT security
- Zero-trust remote access
- Data loss prevention
- Next-generation firewall (NGFW)
- Intrusion prevention system
VMware is best known for its multicloud services for all apps and virtualization technology. However, the vendor is now a key player in the SASE industry due to its SD-WAN by VeloCloud platform, which allows enterprises to securely connect their sites with an intelligent, cloud-based edge solution.
The company’s SASE solution merges cloud networking and security into one simplified service that helps organizations get ahead of threats without additional complexity.
- Its SASE platform contains ZTNA, SWG, and CASB functions.
- VeloCloud leverages VMware Workspace ONE technology with millions of endpoints to provide a unified, secure access experience for mobile customers, branches, and campuses.
- Cloud-hosted management platform centralizes policy development, delivery, and control while providing global insight into network and application performance.
- VMware Edge Network Intelligence provides advanced AI/ML-based analytics and AIOps spanning branches, local area network (LAN) and Wi-Fi, WAN, and data centers to identify the source of issues and fix them.
- Its PCI DSS 3.2 certified
- Unified policy control and management
Cato Networks is a dominant player in the SASE industry. It combines SD-WAN with network security to provide a cloud-native service. Cato claims it’s “delivering the world’s first SASE platform, through a globally distributed cloud service that provides enterprise network and security capabilities to all edges.”
Cato Cloud offers a global SD-WAN architecture with security services such as firewall as a service, security policy gateway, anti-malware, intrusion prevention system, and threat detection for both edge and data center deployments.
- The Cato backbone allows companies to optimize their network performance globally without the need for Multiprotocol Label Switching (MPLS) thanks to its more than 70 Points of Presence (PoPs), which are linked by multiple Tier 1 internet service providers (ISPs) and provide a 99.999% SLA uptime.
- Cato Sockets connect to the internet and MPLS at the edge. The socket monitors real-time traffic conditions on the lines and identifies the best connection for a particular traffic flow using application rules.
- It optimizes traffic from all users, locations, applications, and clouds.
- The attack surface is reduced by monitoring traffic continuously for anomalies, threats, attacks, and sensitive data loss.
- Visibility and control
- Infrastructure management
- Threat prevention
- Delivers redundancy and failover
Secure access service edge is a cybersecurity term coined by Gartner in 2019 to describe a service that provides authentication and authorization for connections between a user and an organization’s applications.
SASE features several security services such as SD-WAN, CASB, NGFW and FWaaS, ZTNA, and SWG. It operates at the network’s edge and controls external devices’ access to applications or data.
SASE is so important today because companies can use it to manage access to specific applications or groups of users. It also makes enforcing security policies like data retention and deletion rules easier.
Features of Edge Security Solutions
Edge security solutions protect company trade secrets, customer data, and intellectual property by monitoring network traffic as it enters and leaves its corporate network. Effective products must have the following features.
Visibility and automated monitoring
System visibility is critical to provide an effective edge security solution. The capability to monitor internet traffic inside the enterprise perimeter provides a complete view of potential threats. A good solution will include built-in visibility into endpoints connected via wired or wireless connections. It should also be able to identify potential threats based on predefined policies automatically.
An edge security solution should not only detect potential vulnerabilities but act upon them when they arise. Relying solely on signatures can often result in false positives and incomplete coverage of the latest threats. To ensure maximum efficacy, look for a product with intelligence that identifies malicious behavior before it happens.
Hardened traffic management systems
Protecting sensitive corporate data while allowing essential business functions to flow through the enterprise is one of the most challenging aspects of edge security solutions. Implementing hardening measures such as application whitelisting, user access control, encryption, and firewalls ensures there are no backdoors that would allow attackers access to sensitive information.
Secured entry points
Enterprises must secure all ingress and egress points to their network against intruders. Products with secure web gateways will typically include hardened firewalls to protect data, intrusion prevention devices to prevent intrusion attempts, SSL termination devices to prevent unauthorized access from outside networks, and proxy servers that can filter content coming from the internet.
Secured data storage and transport
Ensuring private data stays private during its transfer over public networks requires additional effort on top of securing entry points. One way to do this is through encryption, where all transferred data is encrypted using the sender’s secret key and decrypted by the receiver’s corresponding public key. It’s recommended to select a product with strong encryption algorithms like 256-bit AES, DHE/ECDHE, or RSA 2048.
Patch management and vulnerability checks
An edge security solution that cannot check updates and available patches could open a network to critical threats. Check to see if the product has a robust patch management process that automates notifications of new patches and delivers appropriate fixes, along with the ability to conduct scheduled network scans.
There are many benefits to an edge security solution. Edge security solutions secure a company’s data as it moves between on-premises devices and cloud-based applications by identifying, authenticating, encrypting, and enforcing application access controls against unauthorized users.
With an edge security solution, enterprises can protect their business assets and take the necessary steps to secure them from online threats. These solutions work with network perimeters to inspect content entering or leaving an organization’s perimeter, protecting against malware through email or other channels.
Edge solutions integrate with CASB, ZTNA, SWG, and FWaaS to detect malware and provide analytics on suspicious behavior patterns and alerts when a threat is detected. It also protects mobile devices by scanning apps before installation and verifying that all data traffic is encrypted.
Considerations When Implementing Edge Security
There is much to consider when deciding if and how to implement an edge security solution, including size, budget, resources available for implementation, risk assessment, and regulatory requirements.
Many edge security solutions’ attractive capabilities include scalability, centralized management, integration with existing IT infrastructures, and integrations with other enterprise-wide systems such as SIEMs.
When selecting vendors, it’s important to find one with all or most of the features your company needs, so it likely be necessary to shop around do extensive research.