Arista NDR
1y ago
10 Views
1 Downloads
847.65 KB
6 Pages
Report/dmca
Download PDF

Transcription

DatasheetArista NDRTraditional security solutions struggle with a landscape where attacks continue to evolve beyond malware: supply chain threats, insiderattacks, and living off the land tactics, among others. At the same time, a new network has emerged with unmanaged Internet ofthings, cloud infrastructure, contractor and third-party devices, and shadow IT. While the new network continues to gain precedenceand transcend enterprise perimeters, it has become vital for organizations to address the cascading attack surface and to build anintegrated cybersecurity strategy that delivers holistic visibility and control.Arista is uniquely situated to address the security gap given its position at the foundation of the network. Implementing security at thenetwork layer reduces operational costs and complexity and represents the most effective way to track and successfully manage threatscoming in from the wider attack surface.The Arista NDR platform is built on a foundation of deep network analysis from AVA Sensors that span the ”new network”—includingthe data center, campus, IoT as well as cloud workload networks and SaaS applications. These sensors come in various form factors frombeing built into Arista switches as well as standalone hardware, virtual and cloud sensors.Unlike other network detection and response solutions, Arista NDR parses over three thousand protocols and processes layer 2 throughlayer 7 data. The platform analyzes encrypted traffic to identify important context such as the nature of traffic (file transfer, interactiveshell, etc.), the applications communicating, and the presence of remote access, all without forcing data decryption. The platform’sEntityIQTM technology uses this information to autonomously profile entities such as devices, users, and applications while preservingthese communications for historical forensics.Only Arista NDRarista.comDelivers EntityIQ to autonomously discover &profile every device, user & application(managed or unmanaged) in the organization.Delivers visibility into encrypted traffic using AIto identify network applications, remotecontrol, file transfers, etc.Enables Adversarial Modeling that exposesattacks including insider threats, credentialmisuse, lateral movement & data exfiltration.Reduces false positives & negatives by avoidingbasic unsupervised learning on IP address data.Automates triage and investigations throughAVA AI, providing a decision support systemto analysts.Requires no agents, manual configuration, orlengthy training periods and can deploydirectly on the network switch.

DatasheetExtracted activity data feeds into the AVA Nucleus that uses a combination of detection models to uncover malicious intent. Anensemble of machine learning approaches avoids reliance on simplistic and noisy anomaly detection or unsupervised learning.Arista’s Adversarial Modeling language enables the uncovering of even the most complex attacker tactics, techniques, andprocedures (TTPs), with extensible AI-driven models that first zero in on the suspicious activity and then gather corroborating evidenceto support conviction. The modeling language delivers rich data analysis capabilities and a vocabulary to express attacker TTPs so thateven a relatively junior analyst can now hunt. The AVA Nucleus provides a single sign-on and role-based user experience and a full APIfor extensibility, notifications, and integrations with other IT and security solutions for automated response and remediation.AVA, Autonomous Virtual Assist, is Arista’s AI-driven decision support system that performs threat hunting and incident triage. AVAautomatically connects the dots across the dimensions of time, entities, and protocols, enabling the solution to present end-to-endSituations to the end user rather than a plethora of meaningless alerts. Analysts thus see the entire scope of an attack along withinvestigation and remediation options on a single screen while avoiding the effort of piecing it together themselves. Importantly,federated machine learning allows Arista customers to gain these capabilities while keeping their private data firmly within theirinfrastructure.“Arista NDR has exceeded our expectations and empowered us to secure our connected workplacemore effectively and autonomously than ever.”– Rich Noguera, Fmr. CISO, Gap Inc.arista.com

DatasheetUse CasesDetectionResponseSituational AwarenessThreat HuntingThe platform uses AI todetect & prioritizemal-intent & behavioralthreats from both insiders& outside attackers whilemapping these to theMITRE ATT&CK framework.AVA forensically correlatesincidents across entities,time, protocols, andattack stages, surfacingSituations with all thedecision support datanecessary to respondrapidly to any threat.Arista NDR learns & tracksentities across IT, OT, orIoT environments,whether on-premise,cloud or SaaS, andmanaged or unmanaged,including contractors andother third parties.The platform’s rich dataset and query capabilitiesenable powerful threathunting workflows. AVAcan take a single triggerfrom a human analyst andautonomously expose theentire kill-chain in amatter of minutes.IntegrationsThe Arista NDR platform integrates with and amplifies existing solutions through integrations into industry leading SIEM, businessintelligence, ticketing and analytics, endpoint detection, and security orchestration tools. In addition, the platform supports a full API forcustom workflows and integrations. For instance, the SIEM integration allows an analyst to pivot from an alert containing an IP or emailaddress to a device profile with associated user(s) and roles, operating system and application details, a forensic threat timeline as wellas a listing of a similar device(s) for campaign analysis.Similarly, endpoint integrations allow one-click quarantining of compromised devices or retrieval of endpoint forensic data.arista.com

DatasheetDeployment ModesArista NDR can be deployed in two modes depending on customer requirements and network architecture:All-in-oneThe AVA Sensor and AVA Nucleus in this case are deployed on a single appliance. This deployment is ideal for customers who deploya single instance of Arista NDR or would like to maintain an isolated view of their deployment.SplitIn this mode, the AVA Sensor and AVA Nucleus are deployed separately. AVA Sensors can be deployed in a variety of form factorsincluding on Arista switches, physical or virtual appliances and within Amazon Web Services (AWS) or the Google Cloud Platform(GCP). The AVA Nucleus is offered as on-premises hardware which can be configured in cluster mode to support higher performancerequirements. It is also available as a SaaS service from Arista.NucleusAwakeNucleusCLOUDSITE AServersDesktops /BYODIoT & OTSwitch / RouterSensorInternetAvaAVASITE BLAN Management Linkarista.comCapture Feed(From TAP, SPAN or Cloud Traffic Mirroring)Internet Connectivity

DatasheetAwake Security Platform Hardware SpecificationsModel DR-A5DCA-NDR-CCPERFORMANCE & CAPACITIESFunctionSensor OnlySensor OnlySensor OnlyNucleus OnlyAll in OneCentral ConsoleNetworkPerformanceUp to 100 MbpsUp to 1 GbpsUp to 5 GbpsUp to 10 Gbps1Up to 5 GbpsN/AMeta DataStorageN/AN/AN/A90 days90 daysN/AHARDWARE SPECIFICATIONSRack Unit1U1U2U2U2U2UCPU Cores83264969696RAM64 GB512 GB512 GB1 TB1 TB1 TBDisk Storage4x6 TB4x10 TB12x 6 TB10x 8 TB10x 8 TB10x 8 TBSSD-1x 1 TB2x 480 GB2x 480 GB2x 480 GB2x 480 GBNon-volatileMemory1x 256 GB--2x 3.2 TB PCIeNVME2x 3.2 TB PCIeNVME2x 3.2 TB PCIeNVME2-port 10GbpsSFP 2x 1Gbps OnboardEthernet2x 1 Gbps Onboard2x 1GbpsOnboard Ethernet Ether-net4X 10 Gbps IntelSFP 4x 10 Gbps IntelSFP Ports1x Out of BandManagementInterface1x Out of BandManagementInterface1x Out of BandManagementInterface2x 750W –Power Supply Redundant andHot Swappable2x 750W Redundant andHot Swappable2X 1400W2X 1400WRedundant and Hot Redundant andHot SwappableSwappableNetwork4x 1 Gbps4x 1 GbpsOnboardOnboard Ether-netEther-net2x 10 Gbps Intel4x 10 Gbps IntelEthernetSFP Ports1x Out of Band1x Out of BandManagementManagementInterfaceInterfaceModel # (Switch Sensors)SS-NDR-G-SWITCH-1MFunctionSensorSYSTEM d Arista 6arista.com2X 1400WRedundant andHot Swappable4x 1 GbpsOnboardEthernet2x 10 Gbps IntelEthernet1x Out of BandManagementInterface2X 1400WRedundant andHot Swappable

DatasheetModel # (Virtual Sensors)SS-NDR-SVV.5-1MSS-NDR-SVV1-1MPERFORMANCE & CAPACITIESFunctionSensor OnlySensor OnlyNetwork PerformanceUp to 500 MbpsUp to 1 GbpsSYSTEM REQUIREMENTSSupported HypervisorsVMware ESX/ESXi 6.7 VMware ESX/ESXi 6.7 Supported vCPUs812Minimum Memory128 GB128 GBMinimum Disk Drive500 GB500 GBNetwork Connectivity2x 1 Gbps Ethernet (including 1Management Interface)2x 1 Gbps Ethernet (including 1Management Interface)PCAP Storage Disk DriveAdditional 500 GBAdditional 500 GBModel #SS-NDR-SCA1-1MSS-NDR-SCG1-1MPERFORMANCE & CAPACITIESCloudAmazon Web ServicesGoogle Cloud PlatformFunctionSensor OnlySensor OnlyNetwork PerformanceUp to 1 GbpsUp to 1 GbpsMinimum Instance Size Supportedr5.4xlarge - 16 vCPUn1-highmem-16 - 16 vCPUMinimum Disk Drive160 GB160 GBMinimum Memory128 GB104 GBSYSTEM REQUIREMENTS1 Cluster mode supported for higher throughputs and metadata retention.Santa Clara—Corporate Headquarters5453 Great America Parkway,Santa Clara, CA 95054Phone: 1-408-547-5500Fax: 1-408-538-8920Email: info@arista.comIreland—International Headquarters3130 Atlantic AvenueWestpark Business CampusShannon, Co. ClareIrelandIndia—R&D OfficeGlobal Tech Park, Tower A, 11th FloorMarathahalli Outer Ring RoadDevarabeesanahalli Village, Varthur HobliBangalore, India 560103Vancouver—R&D Office9200 Glenlyon Pkwy, Unit 300Burnaby, British ColumbiaCanada V5J 5J8Singapore—APAC Administrative Office9 Temasek Boulevard#29-01, Suntec Tower TwoSingapore 038989San Francisco—R&D and Sales Office 1390Market Street, Suite 800San Francisco, CA 94102Nashua—R&D Office10 Tara BoulevardNashua, NH 03062Copyright 2022 Arista Networks, Inc. All rights reserved. CloudVision, and EOS are registered trademarks and Arista Networksis a trademark of Arista Networks, Inc. All other company names are trademarks of their respective holders. Information in thisdocument is subject to change without notice. Certain features may not yet be available. Arista Networks, Inc. assumes noresponsibility for any errors that may appear in this document. 2/22arista.com

Threat Hunting The platform's rich data set and query capabilities enable powerful threat hunting workflows. AVA can take a single trigger from a human analyst and autonomously expose the entire kill-chain in a matter of minutes. Detection The platform uses AI to detect & prioritize mal-intent & behavioral threats from both insiders

Related Books

Limited Warranty - Arista Networks

Limited Warranty - Arista Networks

VMware and Arista Network Virtualization Reference Design Guide for .

VMware and Arista Network Virtualization Reference Design Guide for .

Load Balancer Application Mode - Arista

Load Balancer Application Mode - Arista

Data Sheet Product Highlights Overview - Arista

Data Sheet Product Highlights Overview - Arista

Customer outcomes: The cornerstone of exponential growth

Customer outcomes: The cornerstone of exponential growth

NETWORK DETECTION AND RESPONSE (NDR) - Open XDR cybersecurity tools .

NETWORK DETECTION AND RESPONSE (NDR) - Open XDR cybersecurity tools .

Network Innovation using OpenFlow: A Survey

Network Innovation using OpenFlow: A Survey

Arista Networks “A New Era of Networking”

Arista Networks “A New Era of Networking”

Arista Software License Framework

Arista Software License Framework

ARISTA DESIGN GUIDE Data Center Interconnection with

ARISTA DESIGN GUIDE Data Center Interconnection with

Tenets of a Healthy Hospital Infrastructure - Arista

Tenets of a Healthy Hospital Infrastructure - Arista

Arista Cognitive Unified Edge (CUE) Solution Guide

Arista Cognitive Unified Edge (CUE) Solution Guide

PopularTags

Recent Views