Arista and Palo Alto Partner for Data Center Security
Network equipment supplier Arista and security specialist Palo Alto combine switches and firewalls for increased data center security.
(Image: Konstantin Yolshin/Shutterstock.com)
- Benjamin Pfister
Arista Networks and Palo Alto Networks have announced a cooperation for joint security products targeting data center networks. They rely on a combination of centrally managed policies with decentralized application on switches, as well as targeted in-depth analysis of traffic on Next Generation Firewalls. By combining Arista's MSS Fabric with Palo Alto's Next-Generation Firewall, an integrated offering across location and operating model boundaries is to be created.
The cooperation combines Palo Alto Networks' Next-Generation Firewall (NGFW) and Arista MSS (Multi-Domain Segmentation Services). The solution is intended to secure both east-west traffic, i.e., between servers, and north-south traffic, i.e., between client and server. Customers will be able to apply micro-segmentation for performance optimization directly on Arista switches or forward traffic specifically to Palo Alto Networks NGFW clusters for further in-depth traffic inspection. The forwarding is intended to be usable in both single and multiple data centers, thus enabling consistent policies in redundant active/active data centers.
However, the interaction for isolating individual systems in case of detected anomalies and preventing lateral movement within the data center network also appears interesting. Palo Alto Networks NGFW is intended to detect suspicious behavior using machine learning and signal it to Arista's CloudVision MSS. Affected endpoints are then isolated directly at the switch level accordingly.
Palo Alto Networks' management tool centralizes zone and micro-segmentation policies, while CloudVision MSS handles distribution and application on Arista switches. This is intended to treat and manage the entire geographically distributed network as a single logical switch, enabling the migration of workloads across different server locations, from on-premise to various cloud networks.
Videos by heise
However, Arista has not yet specified the interfaces for the integrations and how the data packets will be redirected from the switch for in-depth inspection by the Palo Alto firewalls.
(nen)
