Microsegmentation solution mitigates threats across east-west lateral networks

SANTA CLARA, Calif.,-- April 30, 2024 -- Arista Networks (NYSE: ANET), a leading provider of cloud networking solutions, today announced a significant update to its Arista MSS (Multi-Domain Segmentation Service) offerings that address the challenge of creating a truly enterprise-wide zero trust network. Without the need for endpoint software agents and proprietary network protocols, Arista MSS enables effective microperimeters that restrict lateral movement in campus and data center networks and thus reduces the blast radius of security breaches such as ransomware.

Enterprise-wide Zero Trust Requires Effective Microsegmentation

Today’s distributed IT infrastructure with work-from-anywhere, the explosion of IoT devices and multi-cloud applications has upended the traditional security perimeter and led to a dynamic and unpredictable attack surface. To improve their defensive posture, organizations have embarked on zero trust efforts that require granular control of both north-south and east-west communication paths. Firewalls are simply not optimized to protect against all lateral movement, which would require a proliferation of security appliances, soaring costs, and an explosion of complex rule sets that still fail to protect against lateral movement.

To address this challenge, the Cybersecurity and Infrastructure Security Agency (CISA) “Zero Trust Maturity Model” recommends the adoption of microsegmentation for highly distributed, fine-grained enforcement through microperimeters. While many microsegmentation solutions are available on the market, both network and endpoint-based, they struggle with operational complexity, interoperability and portability challenges, and cost, which has limited their widespread adoption across the enterprise. As a result, zero trust efforts often stall.

Standards-based Network Microsegmentation

Arista MSS offers standards-based microsegmentation using existing network infrastructure while overcoming the challenges of existing solutions. MSS is network-agnostic and endpoint-independent. It avoids proprietary protocols and can thus seamlessly integrate into a multi-network vendor environment. The solution also does not require endpoint software, avoiding the portability limitations and operational complexity typical of agent-based microsegmentation solutions.

"We are very impressed with the potential of Arista's MSS microperimter segmentation technology,” said Evan Gillette, Security Engineering, Paychex Inc. “We view this technology as highly promising and believe it has the potential to transform our approach to security and segmentation from a traditional perimeter approach to a more distributed network-centric architecture. We are excited to be working with Arista to explore the possibilities of this innovative technology and its applications in our infrastructure.” Arista MSS combines three capabilities that enable organizations to build microperiemeters around each digital asset they seek to protect, whether in the campus or the data center. Arista MSS enables:

  • Stateless Wire-speed Enforcement in the Network: Arista EOS-based switches deliver a simple model for fine-grained, identity-aware microperimeter enforcement. This enforcement model is independent of endpoint type and identical across campus and data center environments, simplifying day two operations. Importantly, Arista MSS thus enables lateral segmentation that is often missing today and offloads the capability from firewalls that would have to be explicitly deployed for this purpose.
  • Redirection to Stateful Firewalls: Arista MSS can seamlessly integrate with firewalls and cloud proxies from partners such as Palo Alto Networks and Zscaler for stateful network enforcement, especially for north-south and inter-zone traffic. MSS thus ensures the right traffic is sent to these critical security controls, allowing them to focus on L4-L7 stateful enforcement while avoiding unnecessary hairpinning of all other traffic.
  • CloudVision for Microperimeter Management: Arista CloudVision powered by NetDL™ provides deep real-time visibility into packets, flows, and endpoint identity. This, in turn, enables effective east-west lateral segmentation. In addition, MSS dashboards within CloudVision ease operator effort to manage the microperimeters. MSS extends Arista’s Ask AVA™ (Autonomous Virtual Assist) service to provide a chat-like interface for operators to navigate the dashboard data and query and filter policy violations.

“As a bank, we are committed to delivering comprehensive financial products and solutions, while putting customer's data and security as our top priority. Security is also embedded in one of our core architectural principles when designing our data center networks,” said Komang Artha Yasa, Technology Division Head, OCBC. “Arista MSS completes our zero trust posture by working efficiently with our firewalls to microsegment our critical payment systems. Arista's approach is easy for us to adopt since it avoids software-based agents and still gives us interoperability across our entire data center environment.”

Zero Trust Ecosystem

Arista MSS seamlessly integrates with the broader Arista Zero Trust Networking solution, including Arista CloudVision, CV AGNITM and Arista NDR. It also integrates with industry-leading firewalls such as Palo Alto Networks, IT service management (ITSM) such as ServiceNow, and virtualization platforms such as VMware.

"Arista MSS has been a welcome addition to our zero trust strategy,” said Dougal Mair, Associate Director, Networks and Security at The University of Waikato. "The ability to provide an open but secure network for many users (e.g., students, faculty, guests), IT (e.g., laptops, printers), and IoT devices (including sensors and smart lighting) in a large environment was a huge challenge at the university. Arista MSS prevents any unauthorized peer-to-peer and lateral movement on our dynamic network."

Availability

Arista MSS is in trials now, with general availability in Q3 2024.

Visit us at booth #6453 in the North Hall at the RSA Conference. Learn more about multi-domain segmentation services at Arista’s webinar on May 9. For more insight on this announcement, read Jayshree Ullal’s blog here.

About Arista

Arista Networks is an industry leader in data-driven, client-to-cloud networking for large data center/AI, campus, and routing environments. Its award-winning platforms deliver availability, agility, automation, analytics, and security through an advanced network operating stack. For more information, visit www.arista.com.

ARISTA, AGNI, AVA, CloudVision, MSS and NetDL are among the registered and unregistered trademarks of Arista Networks, Inc. in jurisdictions worldwide. Other company names or product names may be trademarks of their respective owners. Additional information and resources can be found at www.arista.com. This press release contains forward-looking statements including, but not limited to, statements regarding the performance and capabilities of Arista’s products and services. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Forward-looking statements are subject to risks and uncertainties that could cause actual performance or results to differ materially from those expressed in the forward-looking statements, including rapid technological and market change, customer requirements and industry standards, as well as other risks stated in our filings with the SEC available on Arista's website at www.arista.com and the SEC's website at www.sec.gov. Arista disclaims any obligation to publicly update or revise any forward-looking statement to reflect events that occur or circumstances that exist after the date on which they were made.

 

Media Contact
Amanda Jaramillo
Corporate Communications
Tel: (408) 547-5798
该邮件地址已受到反垃圾邮件插件保护。要显示它需要在浏览器中启用 JavaScript。

 

Investor Contact
Liz Stine
Investor Relations
Tel: 408-547-5885
该邮件地址已受到反垃圾邮件插件保护。要显示它需要在浏览器中启用 JavaScript。

 

The links above are for the viewer’s convenience, and Arista has not reviewed and is not responsible for their content.

1