Edge computing is a term that is becoming increasingly popular not just as a buzzword but as a way of understanding and modeling IT infrastructure in an era of pervasive cloud computing. With the rise of edge computing has come a need for edge security.
Edge security isn’t just about securing edge computing though; it’s also potentially a new approach to defining user and enterprise security in the cloud-connected world.
While there are no shortage of meaningless buzzwords in IT, edge computing isn’t an abstract concept and neither is edge security. For both edge computing and edge security, there is an emerging set of definitions and standards.
In this eSecurity Planet guide, we look at what edge security is all about and some of the top vendors in the space.
- Defining Edge Computing
- Understanding Edge Security
- Secure Access Service Edge (SASE)
- Top Edge Security Vendors
In many modern IT deployments, a data center stands at the core of a network architecture. That data center can be an on-premises, corporate-owned facility, or increasingly the data center can be a collection of public cloud resources.
Edge computing is often defined as computing that happens at the edge of a network. The broader corporate campus, branch offices and retail locations can be considered at the edge of the network, since the core of the network is the data center or cloud. With the emergence of 5G cellular, with base station deployments that integrate powerful compute capabilities, 5G is also considered part of edge computing.
Simply stating that compute that is at the edge of the network is edge computing is not the formal definition, however, at least according to the Open Glossary of Edge Computing, an open source effort led by the Linux Foundation’s LF Edge group.
“By shortening the distance between devices and the cloud resources that serve them, and also reducing network hops, edge computing mitigates the latency and bandwidth constraints of today’s Internet, ushering in new classes of applications,” the glossary explains.
As edge computing is a growing area, so too is edge security. There are several aspects involved in edge security, including:
Application security: Beyond the network layer, edge compute devices run applications that must be secured
Threat detection: As edge computing is by definition not centralized, it’s critically important for providers to employ proactive threat detection technologies to identify potential issues early
Vulnerability management: There are both known and unknown vulnerabilities that need to be managed
Patching cycles: Automated patching to keep devices up to date is important for reducing the potential attack surface
In 2019, a new term was coined by Gartner to define a category of hardware and services that help enable edge security; that term is Secure Access Service Edge (SASE).
According to Garnter, SASE is an emerging offering combining comprehensive WAN capabilities with comprehensive network security functions, such as secure web gateways (SWG), CASB, firewalls as a service (FWaaS) and zero trust network access (ZTNA), to support the dynamic secure access needs of digital enterprises.
Even though the term SASE is new, in August 2019 Gartner forecast that by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.
Though the term edge security is relatively new, there are multiple vendors in the space that have product offerings. Not all the vendors listed below fall into the SASE category, as some lack the WAN functionality and only provide a subset of edge security needs.
- Palo Alto Networks
- Cato Networks
Akamai was once primarily known as a content delivery network (CDN), with its global distributed network. In recent years, Akamai has expanded significantly into security, with multiple capabilities to help organizations defend against both network and application layer attacks.
The Akamai Intelligent Edge Platform provides what the company refers to as a defensive shield that can surround and protect users from the edge all the way up to full data centers.
Cisco has long been a dominant vendor in the networking market, with an expansive product portfolio that includes both hardware and software.
When it comes to edge security, Cisco is positioning a number of its capabilities as part of a security stack that includes traditional perimeter security as well as cloud-based security controls.
Cloudflare is a global cloud platform that has multiple content and application delivery services as well as security capabilities.
Fortinet is a network security vendor that has increasingly been active in the SD-WAN space.
The FortiGate Secure SD-WAN offering can potentially fit in the SASE category of edge security, providing organizations with secure access as well as threat protection for edge computing deployments.
Palo Alto Networks
Palo Alto Networks got its start as a network security vendor and has come to fully embrace the SASE model.
The Prisma Access platform integrates Firewall as a Service (FWaaS), threat prevention, DNS security and data loss prevention (DLP) capabilities for edge resource protection.
Cato Networks got started in 2016 with a Security-as-a-Service model for network security, headed by Shlomo Kramer, perhaps best known as the founder of Check Point Software.
Cato Networks has strongly embraced the SASE model and its Cato Cloud provides a global SD-WAN architecture that delivers security services, including FWaaS, SWG, anti-malware, IPS and threat detection capabilities to both the edge and data center use cases.
While VMware is well known for its virtualization technologies, it is now also a strong player in the emerging SASE market as well, thanks to its SD-WAN by VeloCloud platform.
VMware acquired VeloCloud in 2017 and has steadily improved the platform since with increased security capabilities that can help to protect edge computing.
Zscaler has a global clout network that provides security-as-a-service that can be used to create a SASE-style deployment.
The Zscaler Cloud Security platform can provide full content inspection of both inbound and outbound traffic, and also benefits from the integration of threat intelligence feeds to help correlate and block threats in real time.