Arista Networks unveils zero trust networking vision
Arista Networks has expanded its zero trust networking architecture that uses the underlying network infrastructure to break down security silos, streamline workflows and enable an integrated zero trust programme. Through a combination of Arista-developed technologies and strategic alliances with key partners, this approach uses the network to compensate for harder-to-implement zero trust controls across the domains of devices, workloads, identity and data.
Enterprise networks today range from traditional campuses and data centres to IoT, work from anywhere and cloud. Defending this distributed infrastructure requires a ‘microperimeter’ around each critical digital asset. With this in mind, the United States Cybersecurity and Infrastructure Security Agency (CISA) laid out a Zero Trust Maturity Model with prescriptive guidance across five foundational pillars: Identity, Devices, Networks, Applications and Workloads, and Data.
“Arista’s suite of zero trust solutions maps tightly to the networking pillar in the CISA model and is designed to help organisations accelerate their journey toward zero trust maturity,” said Rahul Kashyap, vice president and general manager for cybersecurity at Arista Networks. “Our ability to do this friction-free via the network helps overcome roadblocks across the other domains of identity, devices, workload and data.”
The Arista zero trust architecture uses the underlying network infrastructure from switches to WAN routers to deliver key security capabilities while integrating seamlessly with the organisation’s existing security program and tools. The key components of this integrated security solution are Arista CloudVision AGNI, Arista Macro Segmentation Service (MSS) and Arista NDR.
Arista natively supports encryption capabilities such as MACsec and Tunnelsec, enabling organisations to encrypt data to and from legacy applications and workloads without changing those systems but instead relying on the network to protect data from unauthorised access, interception and tampering.
Arista’s zero trust architecture is built on the foundations of a unified operating system in EOS and a common management plane in CloudVision. The EOS Network Data Lake (NetDL) provides a single source of network data ‘truth’ and a common sensor/collector architecture that enables forensics and analytics for threat hunting, network, and application observability, as well as network detection and response.
Arista Autonomous Virtual Assist (AVA) utilises machine learning and other artificial intelligence technologies to augment pervasive visibility, continuous threat detection, segmentation and access control. Combined with distributed network-wide state and telemetry data and third-party integrations, AVA drives automation and extensibility to greatly reduce the manual operational burden of operating and securing networks.
The Arista zero trust architecture is designed to be open and API-friendly. This approach is focused on leveraging the underlying network to eliminate blindspots and silos while streamlining workflows across key security pillars that sit above the network stack. Partners within the Arista zero trust ecosystem include Microsoft, CrowdStrike and Zscaler. Arista is a member of the Microsoft Intelligent Security Association (MISA), having integrated with Microsoft’s security technology offerings.
The newly introduced integration with the Zscaler Zero Trust Exchange platform, a cloud-native platform that connects and secures users, workloads and devices over any network and any location, brings critical domain and attacker infrastructure intelligence into Arista NDR. Additionally, this integration allows Zscaler Internet Access (ZIA) to block access from devices Arista identifies as compromised or domains or IP addresses Arista has discovered to be malicious.
“With the acceleration of cloud adoption and blurring perimeters, organisations’ legacy approach to security is proving ineffective. It is crucial to adopt a zero trust approach to ensure the security of users and assets,” said Amit Raikar, VP of business development and technology alliances at Zscaler. “Zscaler and Arista’s joint customers will be able to control risk and enforce policy for the entire workforce, ultimately making their enterprises more secure.”