Info Image

Arista Networks Unveils New and Enchanced Zero Trust Network Architecture

Arista Networks Unveils New and Enchanced Zero Trust Network Architecture Image Credit: Mvelishchuk

Arista Networks yesterday announced an expanded zero trust networking architecture that uses the underlying network infrastructure to break down security silos, streamline workflows and enable an integrated zero trust program. Through a combination of Arista-developed technologies and strategic alliances with key partners, this approach uses the network to compensate for harder-to-implement zero trust controls across the domains of devices, workloads, identity, and data.

Enterprise networks today range from traditional campuses and data centers to IoT, work from anywhere, and cloud. Defending this distributed infrastructure requires a “microperimeter” around each critical digital asset. With this in mind, the United States Cybersecurity and Infrastructure Security Agency (CISA) laid out a Zero Trust Maturity Model with prescriptive guidance across five foundational pillars: Identity, Devices, Networks, Applications and Workloads, and Data.

The Arista zero trust architecture uses the underlying network infrastructure from switches to WAN routers to deliver key security capabilities while integrating seamlessly with the organization’s existing security program and tools. The key components of this integrated security solution are:

  • Arista CloudVision AGNI greatly simplifies the secure onboarding and troubleshooting for users and devices, as well as ongoing posture analysis and network access control.
  • Arista Macro Segmentation Service (MSS) enables the creation and enforcement of microperimeters through edge switches that can protect or isolate each asset without requiring the deployment of firewalls all across the enterprise network. Segmentation policies can be defined once in Arista CloudVision and enforced dynamically based on real-time network, application, device, or user identity information.
  • Arista NDR autonomously discovers, profiles, and classifies every device, user, and application across the distributed network. Based on this deep understanding of the attack surface, the platform detects threats to and from these entities while providing the context necessary to respond rapidly.
  • Arista natively supports encryption capabilities such as MACsec and Tunnelsec, enabling organizations to encrypt data to and from legacy applications and workloads without changing those systems but instead relying on the network to protect data from unauthorized access, interception, and tampering.

Powered by Arista NetDL and AVA AI Insights

Arista’s zero trust architecture is built on the foundations of a unified operating system in EOSⓇ and a common management plane in CloudVisionⓇ. The EOS Network Data Lake (NetDL™) provides a single source of network data ‘truth’ and a common sensor/collector architecture that enables forensics and analytics for threat hunting, network, and application observability, as well as network detection and response.

Arista Autonomous Virtual Assist (AVA™) utilizes machine learning and other artificial intelligence (AI) technologies to augment pervasive visibility, continuous threat detection, segmentation, and access control. Combined with distributed network-wide state and telemetry data and third-party integrations, AVA drives automation and extensibility to greatly reduce the manual operational burden of operating and securing networks.

The Arista zero trust architecture is designed to be open and API-friendly. This approach is focused on leveraging the underlying network to eliminate blindspots and silos while streamlining workflows across key security pillars that sit above the network stack. Partners within the Arista zero trust ecosystem include Microsoft, CrowdStrike, and our newest partner Zscaler. Arista is a member of the Microsoft Intelligent Security Association (MISA), having integrated with Microsoft’s security technology offerings.

The newly introduced integration with the Zscaler Zero Trust Exchange platform, the cloud-native platform that connects and secures users, workloads, and devices over any network and any location, brings critical domain and attacker infrastructure intelligence into Arista NDR. Additionally, this integration allows Zscaler Internet Access (ZIA) to block access from devices Arista identifies as compromised or domains or IP addresses Arista has discovered to be malicious.

Rahul Kashyap, Vice President and General Manager for Cybersecurity at Arista Networks

Arista’s suite of zero trust solutions maps tightly to the networking pillar in the CISA model and is designed to help organizations accelerate their journey toward zero trust maturity. Our ability to do this friction-free via the network helps overcome roadblocks across the other domains of identity, devices, workload, and data.

Amit Raikar, VP of Business Development and Technology Alliances at Zscaler

With the acceleration of cloud adoption and blurring perimeters, organizations' legacy approach to security is proving ineffective. It is crucial to adopt a zero trust approach to ensure the security of users and assets. Zscaler and Arista’s joint customers will be able to control risk and enforce policy for the entire workforce, ultimately making their enterprises more secure.

NEW REPORT:
Next-Gen DPI for ZTNA: Advanced Traffic Detection for Real-Time Identity and Context Awareness
Author

Principle Analyst and Senior Editor | IP Networks

Ariana specializes in IP networking, covering both operator networks - core, transport, edge and access; and enterprise and cloud networks. Her work involves analysis of cutting-edge technologies that drive application visibility, traffic awareness, network optimization, network security, virtualization and cloud-native architectures.

She can be reached at ariana.lynn@thefastmode.com

PREVIOUS POST

Sprint to Showcase Live 5G Demo in Copa Soccer Stadium

NEXT POST

STC Signs New Contract with Intelsat to Grow VSAT Services