The Forescout and Arista partnership is addressing one of the most prevalent problems we see in global enterprises today – more and more ‘things’ being added to flat and static networks.
“Zero Trust strategies are crucial for reducing risk exposure and defending the evolving workforce and businesses. An incomplete understanding of the location, role, risk and criticality of network connected devices prevents effective Zero Trust roll-out,” said Pedro Abreu, chief product and strategy officer, Forescout. “Forescout and Arista provide organisations with faster, more effective Zero Trust defences by discovering, classifying and segmenting all devices on the network, and aligning device profiles with consistent policies.”
As a result of a year-long co-development effort between Forescout and Arista, customers will have a simplified, secure network architecture with a single solution for policy management and context through to segmentation policy enforcement, with the unique ability to support and secure heterogenous networks without proprietary vendor lock-in.
Forescout eyeSegment is now integrated with Arista CloudVision, the core management platform of Arista’s MSS Group solution architecture. This will allow customers to utilise eyeSegment’s real-time device context to easily create, manage and monitor group-based segmentation policies. Production-ready eyeSegment policy information is then shared with CloudVision to consistently enforce rules across multiple network domains via the MSS Group solution architecture.
“Modern networks are increasingly under attack. To limit that risk and reduce the attack surface, customers need to control access in the most dynamic and granular way possible,” said Anshul Sadana, COO, Arista. “By applying Forescout’s device intelligence and group-based segmentation policies to Arista’s MSS Group solution, customers can rapidly prevent unauthorised network communications and implement zero trust protections.”
CloudVision customers will now be able to enforce segmentation policies based on device profiles, abstracting policies away from static IP or network segment requirements of traditional methods. As new devices are discovered or their security posture changes, they are immediately assigned to the appropriate group-based segment which CloudVision will enforce across campus, data center and cloud environments.