Security

Security for Cloud Datacenters

Organizations today are embracing cloud-based approaches in their datacenter to achieve greater levels of agility and operational efficiency. Greater network scale, dense virtualization, information profusion by big data and analytics need security, protecting critical data and end-user privacy, and assuring business continuity. This is leading to a demand for a new approach in network and data security.

Arista's Software Driven Cloud Networking provides IT and security operations teams with software-driven visibility and control that encompasses automation, services and comprehensive visibility needed to:

  • Maintain an agile and cost-efficient cloud infrastructure for any workload on-demand
  • Inspect all east-west traffic for profiled attack patterns with redirect analysis
  • Maintain next-generation firewall security rules for all at-risk traffic at any scale, in-line, all the time

Featured Video: Macro-Segmentation Service

Cloud Network Data Security

Arista CloudVision® provides a seamless and consolidated view of the entire cloud infrastructure and provides the foundation for automating integration of next-generation firewalls, security monitoring tools, and application delivery controllers.

This new approach to security device deployment has enabled integration of advanced security into the dynamic network segmentation of the cloud datacenter, by workload and by tenant, without any dependency on proprietary packet headers or protocols. Arista EOS software automates the insertion of security services with CloudVision Macro-Segmentation Service (MSSTM) for both physical and virtualized (i.e., P-to-P and P-to-V) workloads anywhere on the network with leading ecosystem of service and security partners including Check Point Software, F5 Networks, Fortinet and Palo Alto Networks.

With Arista DirectFlow Assist (DFA), an Arista network scales up the achievable performance of security services with hardware assisted forwarding while maintaining operational control of the security platform. DFA is an EOS extension that runs on an Arista switch to dynamically insert flow table entries via Arista's DirectFlow API, in order to offload flows, thereby assisting attached in-line or out-of-band security appliances such as firewalls and DDOS protection platforms. By providing integrated control over network forwarding to the security platform, DFA allows dynamic security policies to be applied in the network based on intelligence derived from out-of-band monitoring, deep packet inspection (DPI), and other analysis technologies.

For security monitoring and traffic analysis Arista has pioneered the integration of DANZ, for out of band monitoring of any cloud workflow. DANZ allows the datacenter security team to cost effectively scan for vulnerabilities while watching for signs of attack at up to 100 Gbps per link and is widely used in sensitive cloud computing environments today.