Arista and Palo Alto Networks Strengthen Partnership in the New Age of AI Security

Data centers have evolved into highly distributed, hybrid ecosystems that span private clouds, public clouds, and colocation facilities. This demanding environment enables unprecedented flexibility, allowing DevOps to place and dynamically shift workloads based on performance needs, regulatory requirements, or cost efficiencies. DevOps and CI/CD pipelines demand seamless application scaling, often requiring orchestration across cloud environments. Networking and security must keep pace, minimizing friction that delays the roll out of services and applications.

This demand for agility and geo-distributed scale compounds the already profound security challenges stemming from the sheer scale of east-west traffic, which dramatically expands the attack surface. To exacerbate these issues, a new breed of AI-powered threats, where adversaries are leveraging AI to launch highly evasive attacks with a new level of sophistication and scale, significantly raises the impact of any security incident. Furthermore, AI-powered attacks are designed to slip past legacy defenses at increased speeds. Data exfiltration attacks, vulnerability exploits, or the development of ransomware that used to take weeks or days can now take hours or minutes.

To address these challenges, Arista and Palo Alto Networks are coming together to deliver secure, modern AI and data center networks. This leverages Arista’s AI for networking expertise using AVA^® (Autonomous Virtual Assist) with Palo Alto Networks NGFW (Next Generation Firewalls) and the Strata Network Security platform.

Key Pillars for AI-Driven Security

Arista’s EOS^® (Extensible Operating System) foundation, accompanied by AVA, along with Palo Alto Networks Network Security Platform’s advanced stateful inspection services, including Prisma AIRS (AI Runtime Security), delivers a powerful combination of use cases and solutions: 

1. Zero Trust Segmentation For Data Centers
   This unifies segmentation, visibility and inter-zone protection via Palo Alto Networks NGFW and Arista MSS (Multi-Domain Segmentation Services) fabric. With the integrated solution, every packet traversing east-west or north-south can finally be seen, protected and controlled. Operators can now enforce granular microperimeter policies directly on the Arista switches or intelligently steer traffic to Palo Alto Networks NGFW clusters for advanced stateful inspection. This redirection service operates within a single data center or across multiple data centers, providing an elegant solution to enable symmetric policy enforcement in remote, active-active data centers. 
2. Dynamic Quarantine with Network Offload
   In an era of AI-driven highly sophisticated threats, segmentation policies based on microperimeters minimize lateral movement. The Palo Alto Networks NGFW identifies evasive, machine-learning-powered attacks in real time and instantly signals Arista’s CloudVision MSS to quarantine high-risk endpoints directly within the Arista network at gigabit and terabit line rates.
3. Unified Policy Orchestration
   Distributed data centers spanning on-premise and multicloud environments should not mandate fragmented policy orchestration. Palo Alto Networks management plane centralizes zone-based and microperimeter policies and CloudVision MSS responds with the offload and enforcement of Arista switches. This treats the entire geo-distributed network as a single logical switch, allowing workloads to be migrated freely across cloud networks and security domains. 
4. Operational Flexibility For DevOps, NetOps, SecOps
   Modern data centers must deliver automated, consistent networking and security to support CI/CD pipelines. DevOps demands infrastructure that deploys, scales, and heals code velocity measured in seconds. NetOps and SecOps must operate at DevOps speed, integrating network and security-as-code while automating their respective domains without becoming bottlenecks. Arista Validated Design (AVD) data models enable network-as-a-code, integrating with CI/CD pipelines. AVDs can also be generated by AVA AI agents that incorporate best practices, testing, guardrails, and generated configurations.

Summary   

By maintaining a clean demarcation between Arista’s and Palo Alto Networks best-in-class networks and security, customers can scale topology and upgrade software while managing compliance and configuration boundaries independently.

We are proud to announce the next step in our partnership, which enables holistic zero trust networking at cloud scale and brings unmatched agility, visibility, and consistent policy enforcement at multi-data center scale to meet the performance challenges of modern cloud and AI infrastructure. Welcome to the new world of AI-driven zero trust networking!

References:

• Zero Trust White Paper
• AVA White Paper
• Webinar
• Palo Alto Blog