Subscribe to Blog Notification Emails

Latest Blog Post

The Era of Microperimeters

Jayshree Ullal
by Jayshree Ullal on Apr 30, 2024 6:00:00 AM

Paradigm Shift to Zero Trust Networking

The new age of edge, multi-cloud, multi-device collaboration for hybrid work has given rise to a new network. Historically, adding multiple layers of network security with the consequential add-on hardware deployments, ongoing operational costs, and configuration changes needed at the network infrastructure level has been cumbersome. These mechanisms are even less effective for the new network. Security teams are, therefore, forced to reckon with bare minimum network visibility and tactical solutions.

The paradigm shift to a vanishing perimeter has prompted organizations to embed security into the network infrastructure as a proactive zero trust approach to tracking and successfully managing risk from the wider attack surface. Arista’s zero trust networking is based on these prescriptive principles and builds security into the network by default.

Time to Rethink Firewalls with Microperimeters

Classical perimeter firewalls have three essential functions: network routing, segmentation with access lists ( ACLs), and stateful inspection of L4-L7 traffic for compliance purposes.  The CISA Zero Trust Maturity Model, based on NIST 800-207, requires perimeters around each asset the organization seeks to protect. Putting classical firewalls all across the enterprise is not a practical option. Instead, Arista’s network-based approach delivers zero trust segmentation and enforcement to prevent east-west lateral movement. Thus, the network switch creates the microperimeters, while the classical firewall can continue inspecting north-south L4-L7 traffic. The combination delivers an elegant and secure network, bringing the best of both worlds, as shown in the figure below.


Moving Firewall Functions Into The Network


Arista MSS: Enabling Microperimeters

Arista MSS delivers three capabilities that enable organizations to build microperimeters:
  • Stateless wire-speed enforcement in the network: Arista EOS-based switches deliver a simple policy and enforcement model for fine-grained, identity-aware microperimeters that enable east-west lateral segmentation, which organizations are often missing today. Thus, even the most minor breach can result in a significant impact. Our approach also offloads the capability from firewalls, which must be explicitly deployed for this purpose at great cost.
  • Redirection to Stateful Firewalls: Arista MSS can seamlessly integrate with firewalls and cloud proxies from partners such as Palo Alto Networks and Zscaler for L4-L7 stateful network enforcement, especially for north-south and inter-zone traffic. This integration avoids hairpinning all other traffic while addressing the organization’s compliance needs.
  • CloudVision for Microperimeter Management: Arista CloudVision powered by NetDL™ provides deep real-time visibility into packets, flows, and endpoint identity. In addition, MSS dashboards within CloudVision ease operator effort to manage the microperimeters. We are also enhancing our Ask AVA™ (Autonomous Virtual Assist) service to provide a chat-like interface for operators to navigate the dashboard data, query policy violations, and understand them.


It is the right time to unify the network and security world as organizations look for zero trust at terabit scale with flexible support for identity and microperimeters. Security must permeate everything we do on the network today to bring a proactive and continuous approach to active and pervasive segmentation, enforcement, and threat mitigation. Lethal threats must be detected and intercepted before they can expand to a massive data breach. Welcome to the holistic zero trust networking era built on Arista MSS microperimeters!

To learn more or see a demo, visit booth #6453 in the North Hall at the RSA Conference in San Francisco.


Opinions expressed here are the personal opinions of the original authors, not of Arista Networks. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Arista Networks or any other party.

Jayshree Ullal
Written by Jayshree Ullal
As CEO and Chairperson of Arista, Jayshree Ullal is responsible for Arista's business and thought leadership in AI and cloud networking. She led the company to a historic and successful IPO in June 2014 from zero to a multibillion-dollar business. Formerly Jayshree was Senior Vice President at Cisco, responsible for a $10B business in datacenter, switching and services. With more than 40 years of networking experience, she is the recipient of numerous awards including E&Y's "Entrepreneur of the Year" in 2015, Barron's "World's Best CEOs" in 2018 and one of Fortune's "Top 20 Business persons" in 2019. Jayshree holds a B.S. in Engineering (Electrical) and an M.S. degree in engineering management. She is a recipient of the SFSU and SCU Distinguished Alumni Awards in 2013 and 2016.

Related posts

The New AI Era: Networking for AI and AI for Networking*

As we all recover from NVIDIA’s exhilarating GTC 2024 in San Jose last week, AI state-of-the-art news seems fast and furious....

Jayshree Ullal
By Jayshree Ullal - March 25, 2024
The Arrival of Open AI Networking

Recently I attended the 50th golden anniversary of Ethernet at the Computer History Museum. It was a reminder of how familiar...

Jayshree Ullal
By Jayshree Ullal - July 19, 2023