Subscribe to Blog Notification Emails

Latest Blog Post

The Migration from Network Security to Secure Networks

Jayshree Ullal
by Jayshree Ullal on Feb 23, 2022 6:00:00 AM

Over the last few years, we have seen an age of edgeless, multi-cloud, multi-device collaboration for hybrid work giving rise to a new network that transcends traditional perimeters. As hybrid work models gain precedence through the new network, organizations must address the cascading attack surface. Reactionary, bolt-on security measures are simply too tactical and expensive.

Shift to Zero Trust Networking

The perimeter of networks is changing and collapsing. This paradigm shift to a perimeter-less enterprise has prompted organizations to embed security into the network infrastructure as the proactive way to track and successfully manage threats coming in from the wider attack surface. However, historically it has been cumbersome to add multiple layers of network security with the consequential add-on hardware deployments, ongoing operational costs, and configuration changes needed at the network infrastructure level. Security teams have therefore been forced to the bare minimum network visibility.

Arista’s zero trust networking architecture focuses on baking security into the network by default rather than a bolt-on afterthought. Based on NIST 800-207, the Arista approach delivers situational awareness, continuous diagnostics, and zero trust enforcement.

Arista AVA for High Fidelity Secure Networks

Arista AVA™(Autonomous Virtual Assist), derived from our Awake Security acquisition, is a pivotal component of zero trust networking. AVA imitates human expertise at a cloud scale through an AI-based expert system to automate complex tasks like troubleshooting and securing cyber threats. It starts with real-time, ground-truth data about the network devices' state and, if required, the raw packets. AVA uses an expert system to orchestrate an ensemble of AI/ML techniques on this data using supervised and unsupervised NLP (Natural Language Processing). Applying AVA to networking increases the fidelity and security of the network with autonomous network detection and response (NDR), bringing proactive security with enhanced efficacy and coverage.

Introducing AVA for the Cognitive Secure Campus

Traditional NetFlow-based solutions of the 1990s era are limited in their depth of visibility (port, IP address, and basic protocol information) and lack the context to identify modern devices or threats. In contrast, Arista NDR analyzes the full packet, including application layer data which sets the stage for automated and manual threat hunting. Today, Arista is proud to bring the next frontier of security networks for holistic threat hunting to the cognitive campus, as shown in the figure below.

AVABlogPic

For the first time, we are integrating Arista EOS-based campus switching and NDR functions. Powered by AVA, this AI-driven function has two key components: AVA Sensors and the AVA Nucleus. AVA Sensors support a variety of form factors from stand-alone appliances and virtual to cloud workloads and now, within campus power over ethernet (PoE) switches. These sensors curate and transfer the “just right” deep-packet data to the AVA Nucleus, offered as both on-premises and cloud Saas models. The AVA solution delivers persistent threat hunting with a simple switch software upgrade. This has minimal impact on switch performance or reliability and is transparent to the daily network switch operations.

The Time is Now

It is the right time to unify the network and security world for the secure cognitive experience. Security must permeate everything we do on the network today to bring a proactive and continuous approach to contextual monitoring and threat hunting. Lethal threats must be detected before proliferating to a massive data breach. Welcome to the zero trust networking era!

References:

Opinions expressed here are the personal opinions of the original authors, not of Arista Networks. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Arista Networks or any other party.

Jayshree Ullal
Written by Jayshree Ullal
As President and CEO of Arista for over a decade, Jayshree Ullal is responsible for Arista’s business and thought leadership in cloud networking. She led the company to a historic and successful IPO in June 2014 from zero to a multibillion-dollar business. Formerly Jayshree was Senior Vice President at Cisco, responsible for a $10B business in datacenter, switching and services. With more than 30 years of networking experience, she is the recipient of numerous awards including E&Y’s “Entrepreneur of the Year” in 2015, Barron’s “World’s Best CEOs” in 2018 and one of Fortune’s “Top 20 Business persons” in 2019. Jayshree holds a B.S. in Engineering (Electrical) and an M.S. degree in engineering management. She is a recipient of the SFSU and SCU Distinguished Alumni Awards in 2013 and 2016.

Related posts

The New Edge as a Service

As we enter 2022, there is much discussion on the “post-pandemic” world of campus and how it’s changing. Undoubtedly, the...

Jayshree Ullal
By Jayshree Ullal - March 29, 2022
The Next Frontier in AI Networking

The rapid arrival of real-time gaming, virtual reality and metaverse applications is changing the way network, compute memory...

Jayshree Ullal
By Jayshree Ullal - January 27, 2022