Arista Advances Zero Trust Networks with Enhanced MSS Solution

DateApr 30, 2024

An important step forward in the enterprise-wide adoption of zero trust networks has been announced by global cloud networking solutions vendor Arista Networks with the release of a major update to its Arista MSS (Multi-Domain Segmentation Service).

This latest iteration of Arista MSS would mark a strategic move to incorporate effective microperimeters within both campus and data center networks, crucially mitigating threats such as ransomware by restricting lateral movement without the need for endpoint software agents or proprietary network protocols.

The push towards a zero trust architecture has become increasingly critical as distributed IT infrastructure expands, driven by trends such as remote work, the proliferation of IoT devices, and the rise of multi-cloud applications. These factors have effectively dissolved the traditional security perimeter, creating a dynamic and often unpredictable attack surface. Organizations have responded by attempting to bolster their defenses through zero trust initiatives, which would necessitate granular control over both north-south and east-west communication paths within their networks.

Traditional firewalls fall short of fully securing lateral movement within networks, a vulnerability that could be exploited through the unchecked spread of security breaches. This issue has prompted the Cybersecurity and Infrastructure Security Agency (CISA) to recommend microsegmentation (PDF opens in new window) as outlined in their ‘Zero Trust Maturity Model.’ Microsegmentation involves the implementation of finely tuned controls distributed throughout the network, yet despite its benefits, its adoption has been hampered by operational complexity, challenges with interoperability, and significant costs.

Network-Agnostic and Endpoint-Independent

Arista’s MSS solution would stand out by leveraging existing network infrastructure to implement standards-based microsegmentation that is both network-agnostic and endpoint-independent. By sidestepping proprietary protocols, MSS ensures seamless integration across multi-vendor network environments and eliminates the need for endpoint software, thereby simplifying operations and enhancing portability.

Evan Gillette, from Paychex Security Engineering, praised the potential of Arista’s MSS, highlighting its capacity to shift from traditional perimeter-based approaches to a more distributed network-centric architecture. “We view this technology as highly promising and believe it has the potential to transform our approach to security and segmentation,” said Gillette.

The operational capabilities of Arista MSS are multifaceted. It would allow for stateless wire-speed enforcement across networks, which is crucial for maintaining consistency in identity-aware microperimeter enforcement across different environments. Additionally, Arista MSS facilitates redirection to stateful firewalls and integrates with cloud proxies from leading partners such as Palo Alto Networks and Zscaler, optimizing traffic management and enhancing security control focus.

In-Depth Visibility into Network Operations

Arista’s CloudVision further complements MSS by providing in-depth visibility into network operations, from packet flows to endpoint identity, which is vital for managing east-west lateral segmentation. The integration extends to Arista’s Autonomous Virtual Assist (AVA), offering operators an interactive platform to manage microperimeters and address policy violations efficiently.

Komang Artha Yasa, Technology Division Head at OCBC, shared how Arista MSS has bolstered their banking operations. “Arista MSS completes our zero trust posture by working efficiently with our firewalls to microsegment our critical payment systems,” he said, noting the ease of integration due to the solution’s avoidance of software-based agents and its broad interoperability.

The broader Arista Zero Trust Networking solution, which includes Arista CloudVision, CV AGNI, and Arista NDR, ensures comprehensive integration, providing a robust framework that supports a variety of IT service management and virtualization platforms like ServiceNow and VMware.

Dougal Mair, Associate Director of Networks and Security at The University of Waikato, highlighted the practical benefits of Arista MSS in a large, dynamic environment such as a university. “Arista MSS prevents any unauthorized peer-to-peer and lateral movement on our network, which is critical in a setting with diverse user and device profiles,” Mair said.

Arista MSS is currently undergoing trials and is slated for general availability in the third quarter of 2024, promising to be a transformative component in the evolving landscape of network security and zero trust architecture.

Leave a Reply