Arista partners with Zscaler to jump into zero-trust networking

This syndicated post originally appeared at Zeus Kerravala – SiliconANGLE.

High-performance network leader Arista Networks Inc. announced today that it’s partnering with cloud security pioneer Zscaler Inc. to enhance network security for businesses by integrating its cloud networking solutions with Zscaler’s Zero Trust Exchange platform.

The coming together of these two best-of-breed companies will offer enterprises a practical way to improve their defense against a growing number of cyberthreats without overhauling existing infrastructure.

The current state of network security is overly permissive, allowing virtually unrestricted communication between devices on the assumption that they’re trusted because they’re “inside.” This is because internet protocol-based networks were built on the premise that everything should be able to talk to every other thing on that network. It’s why the internet is so fast, but it also means that the bad guys have unfettered access to all systems once a business is breached.

Conversely, zero trust is founded on the premise that any node on the network cannot connect with any other without being expressly allowed. Trust is never assumed, whether an entity operates within or outside an organization. Every attempt to gain access must be authenticated, authorized and validated. This methodology is not just a trend but an industry response to the need for robust security at a time when remote work has become the norm.

Arista’s approach to zero trust aligns with guidelines provided by the U.S. Cybersecurity and Infrastructure Security Agency, which advocates for granular security controls. This translates into setting up safeguards around each critical digital asset, a concept known as microperimeter security. Arista sets up individual secure zones using switches at the network’s edge. Therefore, each part of the network is protected or separated without requiring multiple firewalls.

“The idea is to take the perimeter as close to the asset as possible,” said Rudolph Araujo, senior director of marketing at Arista. “Traditionally, you would do this with a firewall. But how many firewalls can you really put up? We have a threat detection sensor built in. So, when we talk about the microperimeter capability, we have that implemented in the switch.”

Arista has been building a suite of security tools, including CloudVision AGNI for secure network connectivity, Macro Segmentation Service or MSS for creating secure zones within the network, and Arista NDR for network detection and response. Now, through a partnership with Zscaler, Arista is taking a major leap forward in cyber, ensuring that access to the network is strictly controlled, regardless of where the access attempt originates.

Cybersecurity incidents are on the rise. Ransomware attacks carried out through compromised systems are just one example, underscoring the urgency for innovative approaches that protect the network and control access. Arista’s approach leverages network switches to perform critical security functions necessary for zero trust. By implementing these functions within switches, organizations can enforce identity-driven policies.

The integration between Arista and Zscaler is like a two-way communication channel for security information. Zscaler’s Zero Trust Exchange platform acts as a database and a security checkpoint in the cloud, keeping tabs on who and what is connecting to the network.

When Arista’s network detection and response system finds something unusual, it sends that information to Zscaler. If Arista flags a device as potentially compromised, Zscaler can prevent it from accessing the internet through its security checkpoints.

Arista uses application programming interfaces to send internet traffic to Zscaler. At the same time, Zscaler is sending back important data from its system to Arista. This means that the companies share information to protect networks from cyberthreats. The idea is to merge the data from the network with security insights, providing a complete view of the network’s activity.

“That kind of protection spreads across the entire ecosystem for the customer. It’s the beginning of a ‘better together story’ for us. Our technologies are complementary because there’s little to no overlap here because we look at different parts of the spectrum,” said Araujo.

The partnership also tackles the challenge of securing unclassified devices, such as the internet of things, by combining Zscaler’s cloud-based telemetry with Arista’s physical network presence. By extending zero-trust principles from the cloud into the network infrastructure, the companies are “closing the security loop” for enterprises, Araujo added.

On a grander scale, the Arista-Zscaler partnership goes beyond their immediate solutions. Together, the companies plan to explore and potentially redefine how network infrastructure can bolster security measures, even in scenarios where conventional methods fall short, such as securing legacy systems that don’t support current security protocols.

Author: Zeus Kerravala

Zeus Kerravala is the founder and principal analyst with ZK Research. Kerravala provides a mix of tactical advice to help his clients in the current business climate and long term strategic advice.