Arista Launches Next Generation Multi-Domain Segmentation for Zero Trust Networking
30 Avril 2024 - 3:00PM
Business Wire
Microsegmentation solution mitigates threats
across east-west lateral networks
Arista Networks (NYSE: ANET), a leading provider of cloud
networking solutions, today announced a significant update to its
Arista MSSⓇ (Multi-Domain Segmentation Service) offerings that
address the challenge of creating a truly enterprise-wide zero
trust network. Without the need for endpoint software agents and
proprietary network protocols, Arista MSS enables effective
microperimeters that restrict lateral movement in campus and data
center networks and thus reduces the blast radius of security
breaches such as ransomware.
Enterprise-wide Zero Trust Requires Effective
Microsegmentation
Today’s distributed IT infrastructure with work-from-anywhere,
the explosion of IoT devices and multi-cloud applications has
upended the traditional security perimeter and led to a dynamic and
unpredictable attack surface. To improve their defensive posture,
organizations have embarked on zero trust efforts that require
granular control of both north-south and east-west communication
paths. Firewalls are simply not optimized to protect against all
lateral movement, which would require a proliferation of security
appliances, soaring costs, and an explosion of complex rule sets
that still fail to protect against lateral movement.
To address this challenge, the Cybersecurity and Infrastructure
Security Agency (CISA) “Zero Trust Maturity Model” recommends the
adoption of microsegmentation for highly distributed, fine-grained
enforcement through microperimeters. While many microsegmentation
solutions are available on the market, both network and
endpoint-based, they struggle with operational complexity,
interoperability and portability challenges, and cost, which has
limited their widespread adoption across the enterprise. As a
result, zero trust efforts often stall.
Standards-based Network Microsegmentation
Arista MSS offers standards-based microsegmentation using
existing network infrastructure while overcoming the challenges of
existing solutions. MSS is network-agnostic and
endpoint-independent. It avoids proprietary protocols and can thus
seamlessly integrate into a multi-network vendor environment. The
solution also does not require endpoint software, avoiding the
portability limitations and operational complexity typical of
agent-based microsegmentation solutions.
"We are very impressed with the potential of Arista's MSS
microperimter segmentation technology,” said Evan Gillette,
Security Engineering, Paychex Inc. “We view this technology as
highly promising and believe it has the potential to transform our
approach to security and segmentation from a traditional perimeter
approach to a more distributed network-centric architecture. We are
excited to be working with Arista to explore the possibilities of
this innovative technology and its applications in our
infrastructure.”
Arista MSS combines three capabilities that enable organizations
to build microperimeters around each digital asset they seek to
protect, whether in the campus or the data center. Arista MSS
enables:
- Stateless Wire-speed Enforcement in the Network: Arista
EOSⓇ-based switches deliver a simple model for fine-grained,
identity-aware microperimeter enforcement. This enforcement model
is independent of endpoint type and identical across campus and
data center environments, simplifying day two operations.
Importantly, Arista MSS thus enables lateral segmentation that is
often missing today and offloads the capability from firewalls that
would have to be explicitly deployed for this purpose.
- Redirection to Stateful Firewalls: Arista MSS can
seamlessly integrate with firewalls and cloud proxies from partners
such as Palo Alto Networks and Zscaler for stateful network
enforcement, especially for north-south and inter-zone traffic. MSS
thus ensures the right traffic is sent to these critical security
controls, allowing them to focus on L4-L7 stateful enforcement
while avoiding unnecessary hairpinning of all other traffic.
- CloudVision for Microperimeter Management: Arista
CloudVisionⓇ powered by NetDL™ provides deep real-time visibility
into packets, flows, and endpoint identity. This, in turn, enables
effective east-west lateral segmentation. In addition, MSS
dashboards within CloudVision ease operator effort to manage the
microperimeters. MSS extends Arista’s Ask AVA™ (Autonomous Virtual
Assist) service to provide a chat-like interface for operators to
navigate the dashboard data and query and filter policy
violations.
“As a bank, we are committed to delivering comprehensive
financial products and solutions, while putting customer's data and
security as our top priority. Security is also embedded in one of
our core architectural principles when designing our data center
networks,” said Komang Artha Yasa, Technology Division Head, OCBC.
“Arista MSS completes our zero trust posture by working efficiently
with our firewalls to microsegment our critical payment systems.
Arista's approach is easy for us to adopt since it avoids
software-based agents and still gives us interoperability across
our entire data center environment.”
Zero Trust Ecosystem
Arista MSS seamlessly integrates with the broader Arista Zero
Trust Networking solution, including Arista CloudVision, CV AGNITM
and Arista NDR. It also integrates with industry-leading firewalls
such as Palo Alto Networks, IT service management (ITSM) such as
ServiceNow, and virtualization platforms such as VMware.
"Arista MSS has been a welcome addition to our zero trust
strategy,” said Dougal Mair, Associate Director, Networks and
Security at The University of Waikato. "The ability to provide an
open but secure network for many users (e.g., students, faculty,
guests), IT (e.g., laptops, printers), and IoT devices (including
sensors and smart lighting) in a large environment was a huge
challenge at the university. Arista MSS prevents any unauthorized
peer-to-peer and lateral movement on our dynamic network."
Availability
Arista MSS is in trials now, with general availability in Q3
2024.
Visit us at booth #6453 in the North Hall at the RSA Conference.
Learn more about multi-domain segmentation services at Arista’s
webinar on May 9. For more insight on this announcement, read
Jayshree Ullal’s blog here.
About Arista
Arista Networks is an industry leader in data-driven,
client-to-cloud networking for large data center/AI, campus, and
routing environments. Its award-winning platforms deliver
availability, agility, automation, analytics, and security through
an advanced network operating stack. For more information, visit
www.arista.com.
ARISTA, AGNI, AVA, CloudVision, MSS and NetDL are among the
registered and unregistered trademarks of Arista Networks, Inc. in
jurisdictions worldwide. Other company names or product names may
be trademarks of their respective owners. Additional information
and resources can be found at www.arista.com. This press release
contains forward-looking statements including, but not limited to,
statements regarding the performance and capabilities of Arista’s
products and services. All statements other than statements of
historical fact are statements that could be deemed forward-looking
statements. Forward-looking statements are subject to risks and
uncertainties that could cause actual performance or results to
differ materially from those expressed in the forward-looking
statements, including rapid technological and market change,
customer requirements and industry standards, as well as other
risks stated in our filings with the SEC available on Arista's
website at www.arista.com and the SEC's website at www.sec.gov.
Arista disclaims any obligation to publicly update or revise any
forward-looking statement to reflect events that occur or
circumstances that exist after the date on which they were
made.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240430857259/en/
Media Contact Amanda Jaramillo Corporate Communications Tel:
(408) 547-5798 amanda@arista.com
Investor Contact Liz Stine Investor Relations Tel: 408-547-5885
liz@arista.com
Arista Networks (NYSE:ANET)
Graphique Historique de l'Action
De Avr 2024 à Mai 2024
Arista Networks (NYSE:ANET)
Graphique Historique de l'Action
De Mai 2023 à Mai 2024