Arista embeds security software in campus switches

Arista Networks will embed network detection and response software in campus switches to provide AI-driven threat detection across the network.

Arista Networks announced it will embed network detection and response security software into its 720XP series switches to provide AI-driven threat protection across the campus network.

Unveiled this week, the software-based upgrade will also offer network detection and response (NDR) visibility without deploying additional hardware. Arista's software approach simplifies NDR deployments and effectively turns the entire network into a security sensor, said ZK Research founder Zeus Kerravala.

Arista's Autonomous Virtual Assist (AVA) technology, obtained through the 2020 acquisition of Awake Security, powers the new security capabilities. Awake, a startup founded in 2017, developed AI to automate threat detection.

AVA comprises two parts, the AVA sensors and the AVA Nucleus. The former analyzes and curates packet data on the switch and reports back to the AVA Nucleus. Nucleus, available as on-prem software or SaaS, processes the data through an AI engine that monitors anomalous behavior.

Arista will install the latest security through a software upgrade on the 720XP series, a fixed-configuration leaf switch introduced in 2019. The company confirmed that it would roll out NDR in more switches over the year, but it declined to identify which products.

Arista's updated 720XPs will compete with Cisco and HPE products that use NetFlow to collect and monitor network packets for malware. NetFlow is a Cisco-developed network protocol.

However, NetFlow provides visibility only into the header of a packet. AVA collects and analyzes more granular data from Layers 2-7.

The latest Arista announcement plays into the industry trend of network and security convergence. But where previous Arista releases targeted network buyers first and security buyers second, the new 720XP does the opposite.

"This is the first offering that targets security professionals," Kerravala said. Until now, Arista sold security only through networking, with limited success.

"Now it's trying to bring these two areas together," Kerravala said.

Kerravala said he believes combining networking and security in a switch is the way of the future, but he's unsure how quickly enterprises will buy integrated products. Most network vendors offer different products, so Arista's strategy stands out.

"In a sense, Arista is fighting legacy mindset, which is still strong," Kerravala said. "To quote [former hockey star] Wayne Gretzky, Arista is skating to where the puck is going to be and not where it is today."

Arista plans to release the NDR update in the second quarter. Early trials will begin next month.

Madelaine Millar is a news writer covering network technology at TechTarget. She has previously written about science and technology for MIT's Lincoln Laboratory and the Khoury College of Computer Science, as well as covering community news for Boston Globe Media.