Long known as a high-performance network vendor, Arista Networks has quietly been making a push into security. Last year, it made its first foray into cyber security when it acquired network detection and response (NDR) vendor, Awake Security. This was a logical move because Awake used network data and artificial intelligence (AI) to find threats.
Arista jumps into IoT security
This week Arista made a bold move that further brings networking and security together in the enterprise. The provider of cognitive cloud networking solutions for large data center and campus environments introduced new zero-trust capabilities and group segmentation. Its new Multi-Domain Macro-Segmentation Service (MSS), called MSS-Group, is aimed at making it easier to secure IoT devices. The IoT capabilities are bolstered with its partnership with network access control (NAC) vendor, Forescout, who has a massive database of IoT endpoints profiled.
Typically, VLANs would be used to segment traffic, isolate network problems and improve security, they don’t provide much flexibility. VLANs are rigid and localized, and they can’t easily accommodate changing security policies. On top of it, enterprises have the challenge of managing Internet of Things (IoT) devices entering the network, which can potentially become gateways to malware.
IoT will play a key role in return to the office
As employees start coming back to the office, expect the number of IoT endpoints to explode. Businesses are looking to use connected “things” to automate the cleaning of spaces, monitor people’s temperatures and environmental controls and other functions associated with maintaining a safe work environment. Additionally, many collaboration and video endpoints are being deployed to better enable workers to meet with virtual participants.
Enterprises need better ways to control IoT and unnamed devices. That’s where segmentation grouping comes in. MSS Group simplifies access control for users and IoT devices in enterprise workspaces. The network segmentation service controls authorized network communication between groups by enforcing zero-trust security policies based on logical groups instead of interfaces, subnets or physical ports.
Zero trust is the way moving forward
Zero trust security is based on the belief that nothing should be trusted automatically either inside or outside the network perimeter. It safeguards enterprise networks by leveraging segmentation and perimeter enforcement based on different factors that determine whether a user, device, or app seeking access can be trusted.
In contrast, the traditional security approach assumes that everything inside the network doesn’t pose a threat and only the perimeter must be protected. This approach no longer works for modern enterprises that have cloud applications and users accessing apps from many devices in numerous locations.
“With zero trust, there is situational awareness, which is not merely about device profiling but understanding what is connected to the network based on how that network is behaving,” Alan Bolding, who’s in product management at Arista, explained. “Zero trust is about coupling networking mechanisms with security mechanisms and having one holistic approach.”
Arista’s security is built on artificial intelligence
Arista’s zero trust strategy relies heavily on analytics and artificial intelligence (AI) to manage security policies and identify mal-intent. MSS Group leverages the CloudVision platform for multi-domain automation, telemetry and analytics. CloudVision is offered both as an on-premises solution and as a cloud-based service.
Arista designed MMS Group in a way that’s operationally friendly. The new group segmentation capabilities are rolled into the existing CloudVision platform, which can be easily integrated with identity providers through application programming interfaces (APIs). For example, Arista partnered with Forescout to build a solution that streamlines policy design and management within CloudVision.
MSS Group is going into field trials in the first quarter of this year and will be bundled into the CloudVision subscription.
The launch compliments Arista’s other multi-domain segmentation products, MSS Firewall and MSS Host, which Arista recently enhanced through API integrations with partners like Aruba, Palo Alto Networks, VMware, and Zscaler. These enhancements are already available in CloudVision. Hence, Arista is well-positioned for the biggest transition in networking: network-security convergence across the campus, data center and cloud.