Arista Networks Inc. today announced that it is integrating Network Detection and Response or NDR capabilities into its network switches.
With an upgrade to EOS, Arista’s operating system, the 720XP series of switches will be integrated into the NDR. The NDR capabilities, which Arista gained through its recent acquisition of Awake Security, will give organizations greater visibility, automated threat hunting, and risk mitigation without having to deploy additional network security products. In the past, organizations would have had to deploy a packet broker or agents on endpoints.
Arista’s NDR is powered by its Autonomous Virtual Assistant or AVA, an artificial intelligence-based feature that has two components. The first component, AVA Sensors, can be deployed as a standalone appliance, cloud workload and now in campus Power-over-Ethernet or PoE switches. The sensors transfer data in deep packets to the second component, AVA Nucleus, which is offered either on-premises or as software as a service.
Given the trend towards cloud networking, some might be surprised that Arista offers the solution as SaaS or on-premises, but security and networking professionals are still divided on whether ” to cloud or not to cloud”. During a pre-briefing, I posed this question to Rahul Kashyap, vice president and general manager of cybersecurity and chief information security officer at Arista Networks.
“A lot of organizations still prefer on-premises, so it’s almost 50/50 compared to what we’ve seen in the market,” he told me. Given that Arista deals with large enterprises and adoption of cloud networking is primarily for small and medium-sized businesses, it makes sense for the company to give customers choice. Forcing them in one direction would likely have limited its addressable market.
Device identification and threat detection is done entirely by AI – a major advantage of this technology. The switches themselves have software with built-in NDR, which identifies bad intentions and tracks all users, applications and devices. Additionally, real-time situational awareness provides the full threat landscape of an attack, allowing security analysts to make risk-based decisions.
“We identify and identify every type of device, whether it’s a Windows laptop, iPhone or ‘Internet of Things’ device,” Kashyap said. “All devices get a risk score based on their behavior.”
Historically, network providers have used NetFlow for packet analysis, but this only provides header information. Indeed, NetFlow was designed as a troubleshooting protocol for network operations. The AVA sensor information analyzes the entire packet through layers 2-7, then processes it before sending it to the core. For AI, more context leads to better analytics, which should lead to faster detection and response.
This not only benefits security operations, or SecOps, but also network operations, NetOps for short. NetOps typically struggle to track the footprint of devices on a large campus, especially IoT devices. I expect to see a surge in connected “things” as companies prepare for hybrid working. Businesses will seek IoT endpoints that help keep users safe while in the office, which will lead to the deployment of temperature scanners, QR code readers, environmental sensors, new collaboration endpoints and more.
Arista’s NDR provides device visibility and threat detection in one place, continuing the trend of bringing SecOps and NetOps closer together. It will be interesting to see how this product is received by Arista customers. While there’s a lot of talk about network and security convergence, I still see a lot of resistance to it, especially in large enterprises, where most of Arista’s enterprise revenue comes from. It makes sense for companies to do this, especially in a world that is becoming increasingly cloud and mobile centric, but these trends take time and many companies have continued to separate these functions.
Additionally, while Arista has danced around security for a while, its go-to-market effort has been to sell security to its network engineering audience. It’s arguably the first product that could be purchased and deployed by security operations, but since it’s built into a switch, that could pose a challenge. I think, as the world becomes network-centric, this is the right strategy for Arista, but there could be bumps as network and security teams figure out how to work together.
The shift to cybersecurity will be essential for Arista to maintain its growth rate. Last week the company set a solid rhythm and restart to close out 2021. Arista is approaching $3 billion in annual revenue, and while there is still plenty of networking market to tap into, the cybersecurity industry is massive and could provide a significant engine of growth.
Moreover, as Mike Wheatley pointed out in his earnings article, the only flaw in Arista’s business was the decline in its gross margins from 65% to 64.3%. Typically, security products have gross margins well above this range. This will make any success here accretive to both revenue and profit.
Zeus Kerravala is a principal analyst at ZK Research, a division of Kerravala Consulting. He wrote this article for SiliconANGLE.