Arista Delivers Multi-Domain Segmentation for Zero Trust Enterprise

February 9, 2021

Arista Networks announced a new zero trust security framework for today’s digital enterprise. Arista Multi-Domain Macro-Segmentation Service is a suite of capabilities for integrating security policy with the network through an open and consistent network segmentation approach across network domains.

Featured Post Image

Enabled through Arista EOS® (Extensible Operating System) and CloudVision® capabilities, the latest Arista MSS® (Macro-Segmentation Service) functionality includes a new group segmentation approach, MSS-Group, intended to simplify access control for users and IoT devices in today’s enterprise workspaces.

“Security and networking are coming together. Arista’s zero trust strategy relies heavily on analytics and AI to identify mal-intent and is well positioned to capture what could be the biggest transition I’ve seen in networking,” said Zeus Kerravala, Founder and Principal Analyst at ZK Research.

Zero Trust Security in a Cloud and IoT World

Traditional network security architectures guarded users only at the borders. This approach is no longer sufficient with distributed users and a myriad of IoT endpoints in today’s enterprise. A zero trust architecture that assumes no user or thing can have free run of the network is needed to secure modern networks. Zero trust never trusts without verification, restricts access to only required connections and then continually monitors for good behavior. In this new decade, the implicit trust associated with network location needs to be replaced with continuous, proactive network monitoring with behavioral-based situational analysis for asset visibility and rapid incident response. Arista’s zero trust security approach is designed to address this evolution, combining network-based multi domain segmentation, situational awareness and visibility for all network resources, and AI-driven network detection and response.

IoT-ready Group Segmentation

Secure segmentation grouping needs to be defined based on functional roles, such as cameras or DVRs, across enterprise workspaces and independent of traditional network addressing constructs. In addition, any network solution needs to be based on an open framework that allows for deployment in both greenfield and brownfield deployments.

Arista is introducing MSS-Group as a new network segmentation service for controlling authorized network communication between groups. Available on EOS-based switches, MSS-Group implements security policy enforcement based on logical groups rather than traditional approaches based on interfaces, subnets or physical ports. MSS-Group is built on an efficient data plane enforcement mechanism, avoiding the limitations of vendor lock-in solutions that utilize proprietary hardware tags and are limited by inefficient hardware resource mappings. The MSS-Group solution leverages CloudVision, the same management plane platform for multi-domain automation, telemetry and analytics, for security policy management and visibility. In addition, the MSS-Group solution is most powerful when CloudVision integrates with a dynamic identity provider through available APIs.

Arista has partnered with Forescout in building such a solution that streamlines policy design and management. Organizations can use Forescout eyeSegment to automatically apply real-time context to associate each connected device with its relevant security segmentation group, easily design and monitor group-based policies and communicate the appropriate segmentation policies to CloudVision. CloudVision is then responsible for the dynamic orchestration of the required policy to the Arista switches for enforcement.

Arista Multi-Domain Segmentation

Arista Multi-Domain Segmentation converges the network with security across the campus to data center to cloud. The solution avoids the proprietary siloed architectures from incumbent vendors.

With multi-domain and network-security convergence as the goal, Arista is also enhancing MSS for enterprise edge firewall and data center virtualization use cases, delivering comprehensive segmentation solutions for enterprise-wide use cases.

MSS Firewall provides security service insertion, allowing flexible placement of firewall policy across DMZ edge, data center and campus networks. Leveraging open-standards network constructs, MSS Firewall dynamically steers traffic to the firewall policy enforcement point, extending security policy enforcement to address broader traffic patterns. Using the same CloudVision orchestration, MSS Firewall integrates with Palo Alto Networks and other leading firewall solutions from Arista’s security partner ecosystem.

MSS Host is a data center focused solution where security policies are extended from the virtualized host to the physical network. Through an API integration between CloudVision and VMware NSX platform, MSS Host extends NSX micro-segmentation policies to bare-metal workloads.

Arista enables solutions through a broad set of security ecosystem partner integrations with Aruba, Forescout, Palo Alto Networks, VMware, and Zscaler (see industry support here). In addition to advanced MSS-based dynamic segmentation services, Arista continues to support broad network segmentation models such as VXLAN/EVPN, VRFs, VLANs, and Access Control Lists.

Availability

MSS Firewall and MSS Host functionality are shipping as part of Arista CloudVision. The MSS-Group functionality will be available for trials in Q1’21.

About Prozeta

Prozeta is a strategic partner of customers that treat their IT operations as business-critical. Customers from more than 20 countries rely on our products and engineering support. They leverage state-of-the-art technologies from high-performance private cloud services to video delivery platforms to next-generation networking products and IoT.

Prozeta is a distributor of Arista Networks for the Czech Republic and the Slovak Republic and 27 countries in Central and Eastern Europe and Asia.

About Arista Networks

Arista Networks is an industry leader in cognitive cloud networking solutions for large data center and campus environments. Arista’s award-winning platforms deliver availability, agility, automation analytics, and security through CloudVision® and Arista EOS®, an advanced network operating system.

Contact Us
Close icon

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support

Contact details for existing customers.

+420 228 882 121

support@prozeta.eu


Sales

Got a question about our products or services? Please contact us directly.

+420 222 747 923

sales@prozeta.eu

PRO-ZETA a.s.

Address

Tiskařská 257/10

Praha 10, 108 00

Czech Republic

TIN

15891585

VAT

CZ15891585

DPO

Pověřenec pro ochranu osobních údajů

Ing. Olga Kalabisová
3S Consulting s.r.o.
Mail: o.kalabisova@3s-consulting.cz

Bank connection - CZK

Beneficiary name

PRO-ZETA a.s.

Bank

Československá Obchodní banka a.s.

Radlická 333/150, Praha 5

Account name

183670014/0300

IBAN

CZ4103000000000183670014

SWIFT

CEKOCZPP

Bank connection - USD

Beneficiary name

PRO-ZETA a.s.

Bank

Československá Obchodní banka a.s.

Radlická 333/150, Praha 5

Account name

235784348/0300

IBAN

CZ6703000000000235784348

SWIFT

CEKOCZPP

Bank connection - EUR

Beneficiary name

PRO-ZETA a.s.

Bank

Československá Obchodní banka a.s.

Radlická 333/150, Praha 5

Account name

277623198/0300

IBAN

CZ2203000000000277623198

SWIFT

CEKOCZPP