Arista Networks announced the expansion of its zero trust networking architecture, a move to further fortify cybersecurity in the ever-evolving landscape of enterprise networks
Modern enterprise networks encompass a spectrum ranging from traditional campuses and data centers to the complexities of IoT, remote work, and cloud computing. To truly defend the distributed infrastructure, there is a need for a "microperimeter" strategy, one that has each critical digital asset within its security domain.
In light of this, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) outlined a comprehensive Zero Trust Maturity Model, which provides prescriptive guidance across five foundational pillars: Identity, Devices, Networks, Applications and Workloads, and Data.
Arista aims to leverage the inherent capabilities of network infrastructure to dismantle security silos, optimize workflows, and facilitate a seamlessly integrated zero trust program.
In response to the current challenges, it leverages a combination of proprietary technologies developed in-house and strategic alliances with key industry partners. Its core objective is to utilize the network itself as a dynamic tool for compensating for the implementation challenges associated with robust zero trust controls across diverse domains such as devices, workloads, identity, and data.
Now, with the expanded zero trust networking architecture, it can provide enterprises with a holistic and integrated solution that aligns with the principles of the Zero Trust Maturity Model by CISA.
“Arista’s suite of zero trust solutions maps tightly to the networking pillar in the CISA model and is designed to help organizations accelerate their journey toward zero trust maturity,” said Rahul Kashyap, Vice President and General Manager for Cybersecurity at Arista Networks. “Our ability to do this friction-free via the network helps overcome roadblocks across the other domains of identity, devices, workload, and data.”
Arista's integrated security solution comprises several key components to enhance cybersecurity. Arista CloudVision AGNI streamlines secure onboarding and troubleshooting for users and devices, along with continuous posture analysis and network access control. The Arista Macro Segmentation Service (MSS) allows the creation and enforcement of microperimeters through edge switches, safeguarding or isolating assets without the need for widespread deployment of firewalls. Segmentation policies defined in Arista CloudVision can be dynamically enforced based on real-time network, application, device, or user identity information. Arista NDR autonomously discovers, profiles, and classifies devices, users, and applications, detecting threats and providing contextual information for rapid response.
Additionally, Arista natively supports encryption capabilities, such as MACsec and Tunnelsec, allowing organizations to encrypt data to and from legacy applications and workloads without altering those systems, relying on the network for protection against unauthorized access, interception, and tampering.
Edited by Greg Tavarez