Arista targets lateral security threat in campus and data center networks

Arista Networks is bolstering a key part of its security software with new features that help customers reduce the blast radius of security breaches by setting up «microperimeters» to restrict lateral movement in campus and data center networks.

The new features are in the vendor’s Macro-Segmentation Service (MSS) software, which is an extension of its core Extensible Operating System (EOS) software. They’re tightly integrated with the company’s CloudVision management platform, which provides wired and wireless visibility, orchestration, provisioning, telemetry, automation and analytics across the data center, campus, and IoT devices on edge networks.

One rationale for microperimeters is the idea that firewalls are not optimized to protect against all lateral movement, which would require a proliferation of security appliances, soaring costs, and an explosion of complex rule sets that would still fail to protect against lateral movement, according to Arista.

«Historically, adding multiple layers of network security with the consequential add-on hardware deployments, ongoing operational costs, and configuration changes needed at the network infrastructure level has been cumbersome. These mechanisms are even less effective for the new network,» wrote Arista CEO Jayshree Ullal in a blog about the enhancements.