Menu
Arista embraces segmentation as part of zero trust security

Arista embraces segmentation as part of zero trust security

Arista expands Macro-Segmentation Service (MSS) to include MSS-Group, software that enables creation of logically assigned security groupings

Credit: Dreamstime

Arista has expanded its security software to let customers control authorised network access and communication between groups from the data centre to the cloud.

The new software, Macro-Segmentation Service (MSS)-Group, expands the company’s MSS security-software family, which currently includes MSS Firewall for setting security policies across customer edge, data centre and campus networks. Additionally, the company’s MSS Host focuses on data centre security policies.

MSS software works with Arista Extensible Operating System (EOS) and its overarching CloudVision management software to provide network-wide visibility, orchestration, provisioning and telemetry across the data center and campus. CloudVision’s network information can be utilised by Arista networking partners including VMware, Microsoft and IBM’s Red Hat.

MSS-Group authorises access based on logical groups rather than traditional approaches based on interfaces, subnets, or physical ports, according to Jeff Raymond, vice president of Arista EOS Product Management and Services.

Unlike proprietary products, the MSS-Group segmentation architecture does not rely on proprietary Ethernet tags or protocols to work, Raymond said. That means upstream and downstream leaf and spine switches can be mixed and matched across multiple vendors. Arista MSS-Group-capable switches are agent-less and can be deployed across client to campus to cloud in network-wide deployment, all orchestrated via CloudVision, Arista stated.

As part of this product rollout, Arista and Forescout announced the result of a year-long co-development effort to streamline policy design and management: Forescout eyeSegment is now integrated with Arista CloudVision. The idea is to let customers utilise eyeSegment’s real-time device context to easily create, manage and monitor group-based segmentation policies.

Production-ready eyeSegment policy information is then shared with CloudVision to consistently enforce rules across multiple network domains via the MSS-Group architecture, according to Forescout.

“Organisations can use Forescout eyeSegment to automatically apply real-time context to associate each connected device with its relevant security segmentation group, easily design and monitor group-based policies, and communicate the appropriate segmentation policies to CloudVision. CloudVision is then responsible for the dynamic orchestration of the required policy to the Arista switches for enforcement,” Arista stated.

Driving the need for better security is the growth of SaaS services and the need to secure access to those services but also the proliferation of Internet of Things (IoT) devices.

“In this world of networked IoT, a camera should only communicate with the DVR and security administrator. Security and network administrators need to have the ability to easily define, classify and group segments concerning who is accessing what, independent of IP addressing and other network protocol constructs,” wrote Arista CEO Jayshree Ullal in a blog about the MSS-Group announcement.

Arista’s MSS products are key to its overarching development of a zero trust architecture for enterprise customers that company execs say is built off of NIST’s zero trust framework, which basically states not to trust any user or device by default.

“Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned). Authentication and authorisation (both subject and device) are discrete functions performed before a session to an enterprise resource is established,” NIST states.

For its part, Arista’s zero trust security includes network-based multi-domain segmentation, situational awareness—what’s connected to what—continuous monitoring for behaviour, and  AI-driven network detection and response, which is where Forescout and Arista’s Awake platform come in. Arista purchased Awake Security in 2020 for its AI-based network detection and response system.

“We need to eliminate the implicit trust associated with traditional network architecture and instead build secure, zero trust networks that assume devices only have access to resources they need and that once a device is on the network it is continuously monitored and detected for mal-intent,” Ullal stated.  

MSS Firewall and MSS Host features are available as part of Arista CloudVision. The MSS-Group support will begin trials in the first quarter of this year.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags AristaZero-Trustsecurity

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments