Never Trust, Always Verify
Combining Network Detection and Response with Pervasive Observability to Strengthen Cybersecurity Across Cloud, Hybrid and IoT Environments
Networks today are more critical than ever to our work and lives. Much of that value has come because those networks have evolved to encompass cloud and SaaS, work-from-anywhere, IoT, shadow IT, supply chain and contractor devices. Unfortunately, network security has simply not kept up with this new network – we still talk about security as a “your mileage might vary” add-on rather than an inherent part of the network. It’s time for a better model, and as Arista CEO Jayshree Ullal aptly said in her blog post a month ago, “The time for zero trust networking is now.”
As we launch major enhancements to our Network Detection and Response (NDR) product line today, I would like to dive deeper into the role we see for a secure network fabric in the context of a zero-trust mindset.
In a Zero Trust World, Identity is the New Perimeter
Zero trust eliminates implicit trust placed on the notion of a secure perimeter. We no longer make security assumptions based on whether a request is being made from the inside or the outside. Instead of location it is all about who is making the request and the context of the request. Guidance from NIST (800-207), the National Security Agency (NSA), and US Cybersecurity and Infrastructure Security Agency (CISA) emphasizes an ongoing process of inventory and assessment illustrated in the figure below.
This is why we were thrilled about the possibility of making security a de facto capability of the network when we became part of the Arista family in October 2020. Today, just a few months later, we see the realization of that potential. By integrating deeply with Arista’s DANZ Monitoring Fabric (DMF), we enable customers to answer questions such as:
- What resources / assets exist on my network?
- Who is accessing these resources?
- Are any of the access patterns suspect?
- Are the resources themselves connecting to locations they shouldn’t be?
Moreover, this combination allows us to scale out and deliver these answers for the high-throughput networks customers have across their campus, data center and hybrid cloud networks.
But Couldn’t We Just Rely on our Active Directory Service or Configuration Management Database?
Your Active Directory, CMDB, SIEM or Endpoint Detection and Response (EDR) console are all good places to start as you think about a zero trust inventory, but how confident are you that those paint a complete picture? In our deployments, we often find that the average customer “manages” less than 50% of the actual resources and devices on the network—think about all the cloud workloads, shadow IT resources, thermostats, conference room TVs, smartwatches and digital assistants—all connected to your network but with no endpoint agent, no domain accounts, no log forwarding. You get the picture.
Today, we announced enhancements to our EntityIQ™ security knowledge graph to address this challenge. Using encrypted traffic analysis and other AI techniques, the Awake Security Platform now automatically surfaces, labels and performs a risk assessment of devices that do not appear to be managed by corporate IT and security teams. Moreover, security teams can track how their digital asset population changes over time, as new unmanaged devices get onto the network or existing devices “fall out” of managed status.
Always Be Verifying: Continuous Diagnostics and Mitigation
Implementing a zero trust architecture is a journey, not a destination, and continuous diagnostics and mitigation is the name of the game to keep you on the right path for that journey. This is no trivial challenge – attackers have evolved beyond malware, supply chain threats, insider attacks, and living off the land tactics, which challenges organizations’ ability to identify the real threats and respond effectively. The good news is that most security teams recognize the need for threat hunting to deal with this evolving landscape. The bad news? Most struggle with the time and skills necessary to distinguish between good and bad when everything looks like regular activity.
We believe the solution lies in enabling humans to do what humans do well and letting machines do what machines do well. With that in mind, in 2019 Awake introduced Ava™, the world’s first security expert system that automatically pre-computes answers to investigative questions a highly skilled analyst would ask during a threat hunt. This process surfaces the weak and early signals of an attack, enabling the security team to disrupt an adversary’s objectives at the outset. Then, about nine months ago, we made Ava directly accessible to our end users as a decision support system: automating the mundane and repetitive analysis tasks but just as importantly, exhaustively hunting through every permutation and combination to surface the full scope of the threat. The field results show that Ava frequently finds more incident-related activity than a senior human investigator analyzing the same activity.
Today, we take Ava one step further on the autonomous security progression. Ava now automatically performs open-source and threat intelligence during her analysis. For instance, just like a human analyst would do an Internet search for a domain or IP address they encounter during their investigation, Ava does the same. Ava then processes the search results using several AI-based techniques, including natural language processing and topic modeling. Our goal is to continue to deliver all relevant context to the security team: whether from within the network or the Internet.
Arista has brought together a strong portfolio across pervasive network visibility, continuous detection and response and finally, mitigation and enforcement, all of which combine to enable your zero trust strategy. The capabilities we’ve announced today continue to enhance the portfolio of offerings and, just as importantly, reinforce our commitment to moving security from being an add-on to something that is simply an inherent quality of the network.
President & CEO
Dig Deeper with These Resources
Awake Security 2 Minute Explainer Video
What if security could think? What if it could sense danger, calculate risk, and react quickly based…
The Internet’s New Arms Dealers: Malicious Domain Registrars
This report dives into the results of a multi-month investigation that uncovered a massive global surveillance campaign…