From network security to secure networks

A new age of edge-less, multi-cloud, multi-device collaboration for hybrid work has given rise to a new network that transcends perimeters. As hybrid work models continue to gain precedence through the new network, it has become vital for organizations to address the cascading attack surface. Continuously evolving cyber threats can no longer be mitigated by reactionary bolt-on security measures. Instead, organizations need security to permeate everything that happens on the network today.

Security measures need to pivot from reactive to a more proactive approach of continuous contextual network monitoring that ensures a threat is detected before it can lead to a significant data breach.

Being secure in the new network, the zero trust way.

A zero trust networking approach to security is paramount for organizations looking to build a robust cybersecurity ecosystem today. Based on the premise of explicit trust, zero trust security ensures complete visibility and control over any enterprise network activity, regardless of which device, application, or user is accessing that resource.

This paradigm shift has prompted best-in-class enterprises to bake security into the core of their network infrastructure. Implementing security at this layer reduces operational costs and complexity and represents the most effective way to track and successfully manage threats coming in from the wider attack surface.

Zero Trust Networking

Arista’s suite of security solutions helps customers accelerate their journey towards zero trust maturity. Based on the CISA Zero Trust Maturity Model, Arista supports all the key functions CISA recommends for the network: network segmentation, network traffic management, traffic encryption, and network resilience along with controls for visibility and analytics, automation and orchestration, as well as governance.

Arista Security: Zero Trust Everywhere

The new network needs security that can scale and adapt based on context. Traditional security measures were simply not built to scale for the new network. Legacy solutions lack the deep integrations necessary to ensure real-time context flows through the entire system. Instead, most organizations struggle with a security strategy that relies on multiple vendors and individual point solutions that are narrowly focused.

How does Arista help? As evidenced by the Universal Cloud Network (UCN) architecture, Arista helps customers build networks that are secure by design. Arista’s zero trust portfolio eliminates the need for several network monitoring and security tools by delivering a unified architecture that provides real-time visibility to the threat posture across the network and the ability to take action. Arista is uniquely positioned to deliver these capabilities across a variety of networks: from the campus to the data center and the cloud.

Zero Trust for the Data Center:

Arista’s DFX (DANZ Forensics Exchange) solution combines the network packet filtering, forwarding, and storage capabilities of DANZ Monitoring Fabric™ (DMF) with the advanced Network Detection and Response (NDR) capabilities of the Arista NDR Platform powered by AVA™ (Autonomous Virtual Assist), the world’s first AI-based security expert system. Arista offers the industry's first multi-hundred gigabit solution for NDR that allows security teams to capture and monitor aggregated data center traffic, detect mal-intent or potential threats, and provide full packet network forensics.

DFX delivers visibility at the network, device, workload, application, and user level while also enabling autonomous threat hunting, detection, and response. It also offers fully programmable and API-friendly capabilities: from selecting the specific traffic to be monitored, to easily creating custom threat hunting models for threats unique to an enterprise’s data center and applications.

Zero Trust for the Cognitive Campus:

Arista’s zero trust campus solution embeds AVA NDR sensors into the switches and is thus uniquely able to offer a deep packet-inspection security analytics solution built into the campus network fabric. Unlike legacy NetFlow-based solutions that are limited in their depth of visibility–just port and IP address information along with the protocols, Arista AVA sensors analyze the full packet for a number of protocols and send that information to the NDR nucleus for further analysis.

Similarly, CloudVision Arista Guardian for Network Identity™ (CV AGNI) is a software-as-a-service network access control (NAC) solution that simplifies the onboarding and ongoing governance of network identity across users, their associated devices, and the Internet-of-Things, for both wired and wireless campus networks. CV AGNI uses existing identity providers and performs dynamic authorization via real time posture assessments based on data from Arista NDR as well as from third party technologies such as endpoint detection and response solutions.

Having AVA Sensors and CV AGNI capabilities provides the enterprise with broader visibility, increased traffic analysis, and robust enforcement mechanisms across the campus, and an integrated solution that enables both manual and automated remediation actions.

Securing the New Network with a Unified Security Strategy

Networks have evolved in the last 20 to 30 years, but network security still hasn’t. Siloed traditional models persist. Most organizations have several diverse cybersecurity solutions that are patched together to fix known threats. Arista’s solutions are designed to scale and support a variety of networks. Arista’s security approach allows organizations to proactively set up enforcement mechanisms via scalable encryption and segmentation approaches; enable predictive analytics that uncover malicious intent as early in the attack lifecycle as possible, and deliver prescriptive guidance so analysts can take remedial action. Arista’s security solutions support out-of-the-box automated integrations with the rest of the infrastructure while also delivering the necessary decision-support data to the human analyst.

The links below dive deeper into the various components of Arista’s Zero Trust Networking solution:

DANZ Monitoring Fabric (Arista DMF)

Edge Threat Management (Arista ETM)

CloudVIsion AGNI (CV AGNI)

Macro Segmentation Services (Arista MSS)

Network Detection and Response (Arista NDR)

See More | Know More | Protect More

With a variety of devices - desktops, laptops, IoT, OT, cloud, SaaS, work-from-anywhere, supply chain systems, and contractor devices-- seamlessly connected to an organization’s infrastructure, visibility, detection and response for these “new” networks has become increasingly important. Network detection and response (NDR) technology is designed to tackle today’s pressing security threats.

How does Arista NDR secure the new network?

Why Arista NDR?

Powered by AVA Sensors, Arista NDR provides deep network analysis across the data center, campus, Internet of Things, and cloud workload networks. These sensors are available in a variety of form factors: from Arista switches with built-in NDR capabilities to standalone, virtual and cloud-based offerings. The sensors feed security-relevant layer 2 - layer 7 data into the AVA Nucleus where a combination of AI-driven detection models are used to uncover malicious intent. The AVA Nucleus can run entirely on-premises or in the Arista cloud as a SaaS offering. The platform also automates threat hunting and incident triage using artificial intelligence and presents the user with end-to-end attack analysis rather than a plethora of meaningless alerts. Analysts thus see the entire scope of an attack along with investigation and remediation options on a single screen while avoiding the effort of piecing it together themselves.


Forrester, a leading research and advisory firm, has recognized Arista as a market leader in The Forrester Wave™: Network Analysis and Visibility (NAV) report. Their comprehensive analysis and evaluation resulted in Arista finishing in the top place for the Current Offering category and receiving more of the highest possible scores across the Strategy and Current Offering criteria than any other provider.
Get the report here.




Use Cases



Situational Awareness

Threat Hunting

The platform uses AI to detect & prioritize mal-intent & behavioral threats from both insiders & outside attackers while mapping these to the MITRE ATT&CK framework. AVA forensically correlates incidents across entities, time, protocols, and attack stages, surfacing Situations with all the decision support data necessary to respond rapidly to any threat. Arista NDR learns & tracks entities across IT, OT, or IoT environments, whether on-premise, cloud, or SaaS, and managed or unmanaged, including contractors and other third parties. The platform’s rich data set and query capabilities enable powerful threat hunting workflows. AVA can take a single trigger from a human analyst and autonomously expose the entire kill-chain in a matter of minutes.

Download the Arista NDR datasheet and whitepaper to learn more. 


Arista’s Awake Labs offers comprehensive security strategy, operations, and advisory solutions focused on the customer’s unique breach response needs. This team collectively has more than 200 person-years of security experience, including responding to some of the most significant breaches in the world. Network detection and response, digital forensics, and threat hunting are key components of Arista NDR's ability to provide protection against non-malware and insider threats as well as support for investigative workflows.  


Watch a 3-minute Arista NDR demonstration


Designed to be deployed in a few hours, Arista NDR also accelerates an organization’s zero-trust journey. The seamless integration of Arista NDR into other Arista technology as well as a customer’s existing security investments allows security teams to quickly identify high-risk incidents and compromised entities across their organization without requiring agents, manual configuration, or lengthy training periods. 

Secure Networks vs. Network Security


Narrow Insights

Increased Vulnerabilities

Many modern threats blend in with business-justified activities. Traditional security tools focus on malware, letting many behavioral threats go undetected. Traditional security systems do not connect the dots across the entire attack, instead leaving a trail of breadcrumbs that analysts have to piece together. If the enterprise security team can’t see every threat, detect malicious intent, or get insights to respond effectively, the enterprise can become extremely vulnerable to cyberattacks.

To discover how network and security can be integrated BOOK A DEMO.

Arista's Awake Labs team can help- RESOLVE AN INCIDENT. Contact them now! Learn more about Arista NDR here.

Read our blog to learn more about network security and Arista NDR platform

Get the Awake Security Resources

Follow NDR!

To overcome the new security challenges and the explosion of clients in today’s perimeter-less enterprise networks, Arista delivers a novel AI-driven network Identity service, Arista Guardian for Network Identity or AGNI to connect the network, users, and devices across remote and geographically dispersed locations. Based on Arista’s flagship CloudVision, the new AGNI platform brings a revolutionary improvement to scale, simplicity, and security across users, their associated endpoints, and IoT devices.

Featured Video: Introducing Arista Guardian For Network Identity

Introducing Arista Guardian For Network Identity


CloudVision AGNI embraces modern design principles, Cloud native microservices architecture, and Machine Learning / Artificial Intelligence (ML/AI) technologies to significantly simplify administrative tasks and reduce complexities. It offers a comprehensive range of features to meet the requirements of modern networks.

CloudVision AGNI provides simple self-service onboarding using single sign-on (SSO) for wireless unique pre-shared keys and dot1x digital certificates, complete certificate life cycle management with cloud-native PKI infrastructure, authorization and segmentation, behavioral profiling, and visibility of all connected devices. AGNI integrates with all the leading Identity Providers including Okta, Google Workspace, Microsoft Azure, OneLogin, and Ping Identity. Devices are discovered, profiled, and classified into groups for single-pane-of-glass visibility and control.




CloudVision AGNI integrates with network infrastructure devices (wired switches and wireless access points) through a highly secure TLS-based RadSec tunnel. The highly secure and encrypted tunnel offers complete protection to the communications that happen in a distributed network environment. This mechanism offers much greater security to AAA workflows when compared with traditional RADIUS environment workflows, which are not encrypted. AGNI integrates with Arista products to enable the exchange of important user and client context, secure group segmentation (MSS-G), and authentication telemetry data. Additionally, AGNI can fetch consumer advanced profiling, posture, and network inventory data to provide comprehensive policy management and insights into network security. The platform’s API-first approach enables seamless integration with third-party solutions, allowing for the exchange of user and client context, authentication telemetry, and endpoint protection status. AGNI offers Arista’s Unique PSK (UPSK) solutions to enable secure authentication mechanisms for BYOD, IoT/IoMT, and gaming devices. AGNI extends its feature set to accommodate a wide range of client devices with its support for Captive Portal and MBA authentications.

AGNI integrates with Arista NDR and other third-party XDR and EDR solutions for post-admission control functionality.

Edge Threat Management

Bringing Cloud-managed Security & Connectivity to the Network Edge

Edge Threat Management is a comprehensive approach to security orchestration. Consisting of the award winning NG Firewall, Micro Edge and ETM Dashboard products, Edge Threat Management provides IT teams with the ability to ensure protection, monitoring and control for all devices, applications, and events on a network. This framework helps administrators enforce a consistent security posture across the entire digital attack surface—putting IT back in control of dispersed networks, hybrid cloud environments, IoT and mobile devices.

Featured Video: Arista Edge Threat Management

A Complete Network Security Solution

Edge Threat Management brings together a full range of different networking, security and optimization components to meet the needs of connected organizations, from core to cloud to network edge.


NG Firewall

Secure, Monitor and Manage Networks with Unified Threat Management Capabilities

Powerful policy management tools bring commercial-class security and access policies down to the level of specific devices or people, delivering a comprehensive, commercial-grade network security platform for organizations of any size in any industry.

Enabling IT administrators full access and visibility to monitor, manage, and control their network while also providing protection from evolving threats, NG Firewall simplifies network security implementation for IT administrators.

Micro Edge

Connect Branch Offices and Optimize the Network

Micro Edge is a lightweight network-edge device designed for branch office connectivity, network performance optimization, and business continuity.

Micro Edge uses optimal predictive path selection technology, which incorporates a sophisticated cloud component to identify applications at the first packet. This advanced technology enables Micro Edge to choose the best path for specific applications or categories of network traffic. When performance matters most, such as for business-critical, but bandwidth-intensive applications, Micro Edge will decide in real-time which link to use based on actual current link performance to ensure that traffic utilizes available connections in the most efficient manner.

Micro Edge simplifies and reduces the costs of branch office networking. Micro Edge is a lightweight edge device designed for the needs and budgets of small offices.

ETM Dashboard

Simplify Deployment and Management with Zero Touch Provisioning and Cloud-based Centralized Management

Every NG Firewall and Micro Edge deployment can connect to ETM Dashboard, making configuring and managing one appliance or thousands of appliances, easy.

ETM Dashboard’s integration with industry leading endpoint security vendors provides administrators with an easy way to see the status of remote firewalls and branch office routers, manage devices on the network, and initiate endpoint protection scans.

ETM Dashboard allows network administrators or MSPs to remotely view appliance status, bandwidth utilization and network traffic summaries, gathering valuable auditing logs about administrative changes, key to regulatory compliance, and manage software updates and business-critical data backups.