Arista targets lateral security threat in campus and data center networks

In addition to the stateless wire-speed component, Arista MSS can integrate with firewalls and cloud proxies from partners such as Palo Alto Networks and Zscaler for stateful network enforcement, especially for north-south and inter-zone traffic, Ullal stated. “MSS thus ensures the right traffic is sent to these critical security controls, allowing them to focus on L4-L7 stateful enforcement while avoiding unnecessary hairpinning of all other traffic,” Ullal stated.  

The features, expected in MSS by the third quarter, are all supported by Arista’s CloudVision, which offers deep, real-time visibility into packets, flows, and endpoint identity. It gives customers a central ability to perform and control the east-west segmentations as well as manage any microperimeters they set up, Arista stated.  

To manage the microperimeters, MSS has been extended to support Arista’s Ask AVA (Autonomous Virtual Assist) service to provide a chat-like interface for operators to navigate the dashboard data and query and filter policy violations, Ullal stated.  

Arista’s MSS products are key to its plans to offer a zero-trust architecture for enterprise customers. Other components of MSS include Macro-Segmentation Service-Group, which authorizes network access based on logical groups rather than traditional approaches based on interfaces, subnets, or physical ports. MSS Firewall is software for setting security policies across customer network fabric, and MSS Host focuses on data-center security policies.