A few weeks back, I authored this post summarizing a ZKast video on how the pandemic has accelerated the convergence of networking and security. These two historically separate domains have been on a collision course for decades as businesses become more network-centric. The pandemic chased people out of the office, forced businesses to shift to cloud resources and made the mobile phone the primary computing for many people. These shifts escalated the role of the network and made it a more important aspect of threat protection.
Security and networking have come together
This shift was already happening, but the pandemic certainly accelerated it. This was the main motivation behind Arista’s 2020 purchase of network detection and response (NDR) vendor, Awake Security. This week Arista announced some new capabilities, which integrate Awake’s NDR capabilities with Arista’s rich network information resulting in faster, more accurate threat detection. Given the intense focus on cybersecurity today, even small improvements in threat hunting can have a big impact on a business.
Arista Networks is boosting its zero-trust security offerings by infusing artificial intelligence into Awake’s NDR capabilities. The enhancements enable allow security pros to detect advanced threats and perform forensic investigations on all devices within a network. Arista has integrated Awake into its zero-trust and DANZ Monitoring Fabric (DMF) visibility solutions for both north-south and east-west network traffic. Together the combined technologies protect high-throughput networks and provide continuous monitoring to identify malicious intent, both outside and inside the network perimeter.
Arista adds role-centric user experience
There are three key elements of Awake’s NDR platform for zero-trust security. First, the platform provides an intelligent role-centric user experience. Analysts using the platform can choose the amount of data and the capabilities they want to have. The information a Level 1 analyst requires varies greatly from what a Level 3 threat hunter needs. With role-centric elements in the Awake platform, analysts can make quick risk management decisions, instead of being overloaded by additional data and tools.
EntityIQ offers AI-based fingerprinting for situational awareness
Second, the platform provides situational awareness via EntityIQ, which tracks devices, users and applications as they move around the network using AI-based fingerprinting. The platform uses AI and encrypted traffic analysis to automatically discover devices that aren’t managed by IT. So, organizations can deal with shadow IT and internet of things (IoT) devices that are otherwise invisible and pose security threats to enterprise networks.
Simply tracking devices based on their IP address is not an effective strategy, since IP addresses are cheap to buy and change all the time, Rudolph Araujo, Awake’s vice president of marketing, told me. “No matter how sophisticated machine learning is, if it’s based on an ephemeral piece of data like an IP address, it’s going to produce false positives,” said Araujo.
The Awake platform is different because it fingerprints every device based on how it behaves on the network, not based on its IP address. Let’s say someone is connected to a home Wi-Fi network with one IP address, then connects to a VPN using another IP address and to a different one at the office. A security analyst will see that the device had several different IP addresses, because EntityIQ creates an association not just with the device but with the user.
Virtual SOC analyst Ava sees things people can’t
Third, the platform provides autonomous threat hunting and investigations with the help of Awake’s autonomous security analyst called Ava. Arista recently made enhancements to Ava, which sits within the technology and assists with threat hunting. Security analysts can interact with Eva, much like people interact with Google. Ava can build out the entire attack surface on all devices within a network, as well as other domains and destinations that might be involved in threat intelligence. Many IT pros consider AI to be a threat to their jobs, but virtual assistants such as Ava can remove much of the heavy lifting from their jobs.
Here’s an example of a scenario where Ava might be of assistance:
In a typical threat hunt, a security analyst is looking for a device and trying to figure out where it is located while interacting with Ava throughout the process. With the enhancements, Ava can now perform open-source intelligence analysis of discovered devices using natural language processing and topic modeling. Ava then finds incident-related activity and generates forensic investigation reports, which Arista found to be more accurate than having human senior analysts investigating the same activity.
With all these capabilities combined in one platform, organizations have advantages over traditional security solutions. They can uncover attacks with lower false positives and negatives and take remedial action faster.
“Organizations are asking for these capabilities, not just detection and response or risk assessment, but to dynamically create policies with segmentation,” Araujo said. “Ultimately, we’d like to see a secure network fabric where you’re not really having to dabble with it too much, because you know the platform is smart enough to take all of these different data sources and help you secure it.”
Zeus Kerravala is an eWEEK regular contributor and the founder and principal analyst with ZK Research. He spent 10 years at Yankee Group and prior to that held a number of corporate IT positions. Kerravala is considered one of the top 10 IT analysts in the world by Apollo Research, which evaluated 3,960 technology analysts and their individual press coverage metrics.