Arista expands its Macro-Segmentation Service (MSS) to include MSS-Group, software that enables creation of logically assigned security groupings. Credit: Netskope Arista has expanded its security software to let customers control authorized network access and communication between groups from the data center to the cloud. The new software, Macro-Segmentation Service (MSS)-Group, expands the company’s MSS security-software family, which currently includes MSS Firewall for setting security policies across customer edge, data-center and campus networks. Additionally, the company’s MSS Host focuses on data-center security policies. MSS software works with Arista Extensible Operating System (EOS) and its overarching CloudVision management software to provide network-wide visibility, orchestration, provisioning and telemetry across the data center and campus. CloudVision’s network information can be utilized by Arista networking partners including VMware, Microsoft and IBM’s Red Hat. MSS-Group authorizes access based on logical groups rather than traditional approaches based on interfaces, subnets, or physical ports, according to Jeff Raymond, vice president of Arista EOS Product Management and Services. Unlike proprietary products, the MSS-Group segmentation architecture does not rely on proprietary Ethernet tags or protocols to work, Raymond said. That means upstream and downstream leaf and spine switches can be mixed and matched across multiple vendors. Arista MSS-Group-capable switches are agentless and can be deployed across client to campus to cloud in network-wide deployment, all orchestrated via CloudVision, Arista stated. As part of this product rollout, Arista and Forescout announced the result of a year-long co-development effort to streamline policy design and management: Forescout eyeSegment is now integrated with Arista CloudVision. The idea is to let customers utilize eyeSegment’s real-time device context to easily create, manage and monitor group-based segmentation policies. Production-ready eyeSegment policy information is then shared with CloudVision to consistently enforce rules across multiple network domains via the MSS-Group architecture, according to Forescout. “Organizations can use Forescout eyeSegment to automatically apply real-time context to associate each connected device with its relevant security segmentation group, easily design and monitor group-based policies, and communicate the appropriate segmentation policies to CloudVision. CloudVision is then responsible for the dynamic orchestration of the required policy to the Arista switches for enforcement,” Arista stated. Driving the need for better security is the growth of SaaS services and the need to secure access to those services but also the proliferation of IoT devices. “In this world of networked IoT, a camera should only communicate with the DVR and security administrator. Security and network administrators need to have the ability to easily define, classify and group segments concerning who is accessing what, independent of IP addressing and other network protocol constructs,” wrote Arista CEO Jayshree Ullal in a blog about the MSS-Group announcement. Arista’s MSS products are key to its overarching development of a zero trust architecture for enterprise customers that company execs say is built off of NIST’s zero trust framework, which basically states not to trust any user or device by default. “Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned). Authentication and authorization (both subject and device) are discrete functions performed before a session to an enterprise resource is established,” NIST states. For its part, Arista’s zero-trust security includes network-based multi-domain segmentation, situational awareness—what’s connected to what—continuous monitoring for behavior, and AI-driven network detection and response, which is where Forescout and Arista’s Awake platform come in. Arista purchased Awake Security in 2020 for its AI-based network detection and response system. “We need to eliminate the implicit trust associated with traditional network architecture and instead build secure, zero-trust networks that assume devices only have access to resources they need and that once a device is on the network it is continuously monitored and detected for mal-intent,” Ullal stated. MSS Firewall and MSS Host features are available as part of Arista CloudVision. The MSS-Group support will begin trials in the first quarter of this year. Related content news T-Mobile deal could mean advantages for UScellular customers T-Mobile has agreed to buy the bulk of UScellular's wireless operations in a $4.4 billion deal announced Tuesday. By Paul Barker May 28, 2024 3 mins Carriers Telecommunications Industry Mergers and Acquisitions news 2024 global network outage report and internet health check ThousandEyes tracks internet and cloud traffic and provides Network World with weekly updates on the performance of ISPs, cloud service providers, and UCaaS providers. By Ann Bednarz May 28, 2024 50 mins Internet Service Providers Network Management Software Cloud Computing feature How to deploy WPA3 for enhanced wireless security Six key tips for upgrading to the latest version of the Wi-Fi Protected Access standard. By Eric Geier May 28, 2024 7 mins Wireless Security Wi-Fi Network Security news Ampere updates roadmap, heads to 256 cores Among the news from Ampere is the launch of a working group designed to promote joint AI chip development. By Andy Patrizio May 28, 2024 4 mins CPUs and Processors Servers Data Center PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe