Arista Networks Inc. today announced a new network access control or NAC service on the opening day of this week’s RSA Conference in San Francisco.
The vendor is best known as a high-performance network vendor but moved into the security industry when it acquired Awake Security, which brought network detection and response or NDR. Since then, the company has added wireless intrusion prevention, edge threat management and other services.
The new NAC service, called Arista Guardian for Network Identity or AGNI ingests real-time telemetry information from Arista’s network products and CloudVision platform and then uses artificial intelligence and machine learning to analyze the information. With the launch of CV AGNI, the Arista network will provide connectivity but will play a role in authenticating devices and users before granting them access to the network.
Enterprise networks have undergone significant changes because of cloud adoption and the shift toward a boundaryless workplace model, particularly after the pandemic. However, existing NAC solutions have largely remained unchanged and haven’t taken advantage of advances in modern technologies, such as the cloud and AI. The modernization of NAC is the market shift Arista is trying to capture as CV AGNI offers a new approach to managing enterprise network identities by infusing AI and machine learning throughout the NAC process, which includes onboarding, troubleshooting and administration.
Arista’s main focus was to create a solution that is scalable, simple to deploy, and easy to operate, said Arista’s Group VP and GM of Cognitive Campus, Pramod Badjate. On the call, he claimed that CV AGNI reduces policy deployment by up to 75% and lessens the complexity associated with traditional on-premises NAC solutions. More specifically, the cloud service enables the onboarding of user devices. It authenticates against multiple cloud-based identity directories. And it integrates with both in-house and third-party platforms.
Given the cloud and AI adds both agility and speed, I would expect the complexity to be greatly reduced, although I have no way of quantifying the 75% estimate. From my conversations with network professionals, there has always been interest in NAC, but the complexity of deployment has created a high barrier to entry. Any simplification should help the adoption of a technology that’s becoming increasingly important because of remote work and the internet of things.
“The problem that we’re trying to solve with this new solution is the complexity of deployments due to having virtual machines or appliances that have to be scaled out,” said Badjate. “The feedback we got from many of our customers is that once they got their NAC deployment, it took a long time to get it right. Once they got it right, they were afraid to touch it and add any new security policies because it can be brittle and break. That’s just the nature of legacy NAC deployments and the complexities associated with current products.”
Arista is heavily focused on cloud and data center solutions, having made significant investments in the enterprise sector. Recent developments include the introduction of Extensible Operating System router instances and extending the Pathfinder/a> service to CloudVision for wide-area network provisioning — both catering to enterprise needs. EOS is a modular, Linux-based network operating system developed by Arista. It’s designed to run on Arista’s network switches and routers. When combined with CloudVision, it provides centralized management, automation, and analytics for Arista network infrastructures.
CV AGNI integrates with Cloud Vision and leverages Arista’s network data lake architecture to create a complete identity cloud service. Its features include the ability to connect users to wireless networks with unique keys and digital certificates; simplified certificate management in the cloud; a single view of all the devices connected to the network, organized into groups for easier control; and enhanced security for controlling access between and within groups when used with Arista networking tools.
One unique feature of CV AGNI is the “Ask AVA,” which allows users to configure, troubleshoot, and analyze security policies and device onboarding through a chatlike AI-enabled decision support system. AVA is a conversational user interface that stands for autonomous virtual assist. It employs natural language processing to simplify the troubleshooting process by helping users identify and resolve network connectivity issues.
Additionally, CV AGNI is designed to work with multiple third-party platforms — including endpoint management tools such as Medigate by Claroty, CrowdStrike XDR and Palo Alto Cortex XDR — for securing and managing devices. It also works with management providers such as Okta, Google Workspace, Microsoft Azure, Ping Identity and OneLogin for user access and authentication, as well as Microsoft Intune and JAMF for mobile device management.
CV AGNI supports various networking devices and interoperates with multiple vendors to ensure that it’s versatile enough for a wide range of enterprise environments, said Jeff Raymond, Arista’s vice president of EOS product management and services. Raymond said Arista has a growing vertical install base, which shows the vendor’s traction in the market. For example, Arista customer Baptist Health sees CV AGNI addressing security and management problems that IT currently faces with its healthcare network, particularly related to onboarding devices and third-party integrations for device profiling.
Without divulging specific future plans, Raymond said the vendor’s goal is to make the network central to enforcing enterprise security policies and ensuring consistency across the network. In the meantime, Arista is currently trialing CV AGNI, with general availability expected in the second quarter of 2023.
Arista’s pivot from being a webscale-only company to one that’s now able to serve the needs of the enterprise has been interesting to watch. When Arista first discussed its enterprise ambitions with me, I was skeptical as to whether the company would be successful. Other high-performance brands, such as Foundry and Force10 struggled to gain enterprise relevancy, but Arista has bucked this trend. The main difference is that it never left its swim lane of performance and simplicity, something webscale demanded and it has methodically moved into different enterprise markets – data center, campus, wireless, WAN — and now it’s growing its security portfolio.