Arista Networks announced a significant update to its Arista MSS (Multi-Domain Segmentation Service) offerings that address the challenge of creating a truly enterprise-wide zero trust network. Without the need for endpoint software agents and proprietary network protocols, Arista MSS enables effective microperimeters that restrict lateral movement in campus and data center networks and thus reduces the blast radius of security breaches such as ransomware. The distributed IT infrastructure with work-from-anywhere, the explosion of IoT devices and multi-cloud applications has upended the traditional security perimeter and led to a dynamic and unpredictable attack surface.

To improve their defensive posture, organizations have embarked on zero trust efforts that require granular control of both north-south and east-west communication paths. Firewalls are simply not optimized to protect against all lateral movement, which would require a proliferation of security appliances, soaring costs, and an explosion of complex rule sets that still fail to protect against lateral movement. To address this challenge, the Cybersecurity and Infrastructure Security Agency (CISA) ?Zero Trust Maturity Model?

recommends the adoption of microsegmentation for highly distributed, fine-grained enforcement through microperimeters. While many microsegmentation solutions are available on the market, both network and endpoint-based, they struggle with operational complexity, interoperability and portability challenges, and cost, which has limited their widespread adoption across the enterprise. As a result, zero trust efforts often stall.

Arista MSS offers standards-based microsegmentation using existing network infrastructure while overcoming the challenges of existing solutions. MSS is network-agnostic and endpoint-independent. It avoids proprietary protocols and can thus seamlessly integrate into a multi-network vendor environment.

The solution also does not require endpoint software, avoiding the portability limitations and operational complexity typical of agent-based microsegmentation solutions. Arista MSS is in trials now, with general availability in Third Quarter 2024.