Arista Networks Inc. announced today that it’s embedding network detection and response or NDR capabilities into its network switches.
With an upgrade to EOS, Arista’s operating system, the 720XP series of switches will have NDR baked into it. The NDR capabilities, which Arista gained through its recent Awake Security acquisition, will give organizations greater visibility, automated threat hunting and risk mitigation without having to deploy additional network security products. In the past, organizations would have needed to deploy a packet broker or agents on endpoints.
Arista’s NDR is powered by its Autonomous Virtual Assist or AVA, an artificial intelligence-driven function that has two components. The first component, AVA Sensors, can be deployed as a standalone appliance, cloud workload and now within a campus Power-over-Ethernet or PoE switches. The sensors transfer deep-packet data to the second component, AVA Nucleus, which is offered either on-premises or software as a service.
Given the trend to cloud networking, some might find it a surprise that Arista is offering the solution as SaaS or on-prem, but security and network pros are still split on whether “to cloud or not to cloud.” On a pre-briefing, I asked Rahul Kashyap, vice president and general manager of cybersecurity and chief information security officer at Arista Networks, this question.
“Many organizations still prefer on-prem, so it’s almost 50/50 from what we have seen in the market,” he told me. Given that Arista deals with large enterprises and the adoption of cloud networking has primarily been in the small and mid-market, this makes sense for the company to give customers choice. Forcing them in one direction would likely have limited its addressable market.
The device identification and threat detection is completely done by AI — a major benefit of this technology. The switches themselves have software with NDR built in, which identifies mal-intent and tracks all users, apps and devices. On top of that, real-time situational awareness provides the entire threat landscape of an attack, enabling security analysts to make risk-based decisions.
“We fingerprint and identify every type of device, whether it’s a Windows laptop, an iPhone or an ‘internet of things’ device,” said Kashyap. “All devices get a risk score based on their behavior.”
Historically, network vendors have used NetFlow for packet analysis, but that only provides header information. This is because NetFlow was designed as a troubleshooting protocol for network operations. The AVA sensor information analyzes the whole packet across layers 2 to 7 and then curates it before sending to the nucleus. For AI, more context leads to better analytics, which should lead to faster detection and response.
This benefits not only security operations, or SecOps, but also network operations, NetOps for short. NetOps typically struggle to keep track of the device footprint on a large campus, especially IoT devices. I’m expecting to see a sharp rise in connected “things” as businesses prepare for hybrid work. Companies will be looking for IoT endpoints that help keep users safe when they are in the office and this will drive the deployment of temperature scanners, QR code readers, environmental sensors, new collaboration endpoints and more.
Arista’s NDR provides device visibility and threat detection in one place, which plays into the trend of bringing SecOps and NetOps together. It will be interesting to see how this product is received by Arista’s customers. Although there is a lot of talk of converging networking and security, I still see a lot of resistance to it, particularly in large businesses, which is where most of Arista’s enterprise revenue comes from. It makes sense for companies to do this, particularly in a world that is becoming increasingly cloud and mobile centric, but these trends do take time and many businesses have continued to separate these functions.
Also, although Arista has danced around security for some time, it’s go-to-market effort has been to sell security to its network engineering audience. This is arguably the first product that could be bought and deployed by security operations, but because it’s integrated into a switch, that might pose a challenge. I do think that, given the world is becoming network centric, this is the right strategy for Arista but there might be some bumpiness while network and security teams figure out how to work together.
Moving into cybersecurity will be a key to Arista maintaining its growth rate. Last week the company put up a solid beat and raise to close out 2021. Arista is nearing $3 billion in annual revenue, and although there is still plenty of networking market to go after, the cybersecurity industry is massive and could provide a significant growth engine.
Also, as Mike Wheatley pointed on in his earnings story, the only blemish in Arista’s business was its gross margins declining from 65% to 64.3%. Typically, security products carry gross margins well above that range. That will make any success here accretive to both revenue and profit.