アリスタのアウェイクセキュリティがSOCにAvaという名前のAI脅威ハンターを提供
アリスタネットワークスは、自律型脅威ハンティングおよびその他の機能をAwake Securityプラットフォームに追加し、ネットワーク検出および応答(NDR)テクノロジーをDANZモニタリングファブリックにさらに統合しました。Arista Networks added autonomous threat hunting and other capabilities to its Awake Security platform, and further integrated the network detection and response (NDR) technology into its DANZ Monitoring Fabric.
Awake’s NDR platform is a key pillar of Arista’s zero trust security strategy that it announced last month.
The first step in Arista’s zero trust security strategy “is really getting an understanding of what’s actually on the network,” said Rudolph Araujo, senior director of marketing and security strategy at Arista’s Awake NDR division. “And one of the things that we’re announcing is this ability to automatically sense the unmanaged infrastructure on the network.”
Corporate networks likely have visibility into the managed devices on their network, like company laptops or printers. But the unmanaged devices — these are things like employees’ smart watches, personal devices, or even third-party supply chain systems — may not be factored into an organizations’ attack surface, Araujo explained. “And clearly, recent events have shown us that that’s not a very good assumption. We find that, on an average, customers have between 40% and 60% of their attack surfaces in this unmanaged bucket.”
One of the new capabilities, available today, is an autonomous unmanaged device discovery and risk tracking service. It uses encrypted traffic analysis and other artificial intelligence (AI)-techniques to automatically discover everything plugged into the network including devices that do not appear to be managed by corporate IT and security teams. This surfaces, labels, and profiles aspects of the attack surface otherwise invisible to the security team.
“Not only are we surfacing those, but we are tracking them over time,” Araujo added. “We can tell you how the attack surface is evolving.” This could be a new IoT device coming online or something like an endpoint security agent being uninstalled from a company laptop. “Awake, using a variety of AI-based techniques, would detect that and say, hey, you might want to pay attention to this. Something’s changed.”
Another new feature uses Ava, Awake’s autonomous security analyst (think: Siri’s security analyst cousin) to automate forensic investigations. Ava now performs open source intelligence analysis of discovered artifacts using natural language processing and topic modeling.
“The idea is to take the stuff that typically a level two or level three analyst would have to do manually, and not just do it automatically, but allow the human analysts to initiate that transaction,” Araujo said. “So that’s really intended to help both that risk assessment, but then also from a remediation standpoint, through Ava, we can also interact with the other systems in your infrastructure, whether it’s your endpoint solutions, your proxies, your firewalls, Arista’s portfolio, and take remedial action.”
In early February, Arista announced segmentation capabilities that focus on IoT devices for controlling authorized network communication between groups. With Ava’s new autonomous threat hunting and investigations capabilities, security teams can use Ava to isolate a compromised device so that it can’t infect other network-connected things and systems, Araujo explained.
Additionally, Awake is now integrated into Arista’s zero trust and DANZ Monitoring Fabric (DMF) products. DMF provides observability for both north-south and east-west traffic. When combined with the Awake platform, customers can enable use cases such as network detection and response, threat hunting, and full-packet network forensics.
The capabilities of the Awake platform are also available through Awake’s Managed Network Detection and Response service. This managed service includes real-time monitoring, threat hunting, and incident response by Awake Labs’ analysts.
Arista acquired Awake last year, and since then the networking vendor has been integrating Awake’s AI-based network detection and response platform into its products. In addition to integrations with its networking products, Arista also launched a new threat hunting and incident response service, which identifies risks from devices, users, or third-party systems, based on Awake’s technology. And then last month, Arista rolled out group segmentation and a zero-trust framework as it moves deeper into the security market.
In an earlier interview, Allan Bolding, product line manager at Arista Networks, said this move is essential as security and networking become more closely intertwined.
“Arista hasn’t really been a security company, and that all started changing last year with some of the features that we’re developing, but also the acquisition of Awake Security,” he said. “So we are coming out with an extensive security offering, and we feel that we have most of the key things we need to be a solid security company at this point.”
And while it’s not calling the services it provides XDR, or extended detection and response, it sounds like it’s heading in that direction. XDR combines elements of security information and event management (SIEM), security orchestration, automation and response (SOAR), endpoint detection and response (EDR), and network traffic analysis (NTA) in a software-as-a-service platform to centralize security data and incident response.
“What our customers are really looking for is what I call the XDR experience,” Araujo said. “They want the unified workflows, they want the integrations, they want the ability to really use the X for seeing everywhere — IoT, cloud, campus, etc.”
However, customers also want an “open XDR” that can integrate with other vendors as opposed to using a single platform from one vendor, he added. “Customers are saying I want you to integrate with my best-of-breed EDR, so we integrate with the CrowdStrikes, the SentinelOnes, the Carbon Blacks of the world,” Araujo said. “They want us to integrate with their SIEM, their orchestration platform. That’s really how we see XDR manifesting, as opposed to just being a single vendor that does every aspect of security.”
