Security for Cloud Datacenters

Enterprise architectures are transforming, driven by private, public and hybrid cloud architectures delivering virtualized and cloud native applications. Protecting distributed assets on-prem and in the cloud from cyber attacks as well as conforming to new regulations, requires a fresh approach to security framework using open, software defined framework, across network, compute and security domains.

Arista’s Software Driven Cloud Networking provides IT security operations teams with software-driven control and visibility that encompasses:

  • Secure Segmentation: Consistent approach across use-cases and across clouds leveraging native segmentation tools in EOS® / vEOS® as well as integration with a best of breed security ecosystem through CloudVision’s Macro-Segmentation Services (MSSTM)
  • Secure Connectivity: Platform options for MACsec and IPSec encryption between datacenters, campus and the cloud
  • Cognitive Management Plane: Leveraging complete and real time network state data, CloudVision® analytics engine can help administrators automate the provisioning of security policy and the auditing of operational compliance

Featured Video: Securing the Places-In-the-Cloud

Securing the Places-In-the-Cloud

Arista EOS software automates the insertion of security services with CloudVision Macro-Segmentation Service for both physical and virtualized (i.e., P-to-P and P-to-V) workloads anywhere on the network with leading ecosystem of service and security partners including Check Point Software, Fortinet and Palo Alto Networks. This modern approach to security device deployment is enabled via integration of advanced security with the dynamic network segmentation of the cloud datacenter, by workload and by tenant, without any dependency on proprietary packet headers or protocols.

Arista Zone Segmentation Security is a key security feature of vEOS Router. ZSS simplifies access-control by leveraging stateful inspection mechanisms and logical zone groupings. And this feature is cloud-agnostics, working consistently across any cloud network including Amazon Web Services, Microsoft Azure and Google Cloud Platform.

Arista’s Cognitive Management Plane (CMP) delivers cognitive controls needed to secure PICs (Place In the Cloud). Powered by Arista CloudVision, an enterprise can implement network-based segmentation, anomaly and audit controls, and zone segmentation in the cloud as well as modern approach to telemetry & analytics with real time state streaming from EOS to give customers an unprecedented level of visibility into their network operations.

Arista DirectFlow Assist (DFA) is an EOS extension to assist attached security appliances such as firewalls, which allows dynamic security policies to be applied in the network, based on intelligence derived from out-of-band monitoring, deep packet inspection (DPI), and other analysis technologies.

For security monitoring and traffic analysis Arista has pioneered the integration of DANZ, for out of band monitoring of any cloud workflow. DANZ allows the datacenter security team to cost effectively scan for vulnerabilities while watching for signs of attack at up to 100 Gbps per link and is widely used in sensitive cloud computing environments today.