Arista has expanded its security software to let customers control authorized network access and communication between groups from the data center to the cloud.\nThe new software, Macro-Segmentation Service (MSS)-Group, expands the company\u2019s MSS security-software family, which currently includes MSS Firewall for setting security policies across customer edge, data-center and campus networks. Additionally, the company\u2019s MSS Host focuses on data-center security policies.\n\nMSS software works with Arista Extensible Operating System (EOS) and its overarching CloudVision management software to provide network-wide visibility, orchestration, provisioning and telemetry across the data center and campus. CloudVision\u2019s network information can be utilized by Arista networking partners including VMware, Microsoft and IBM\u2019s Red Hat.\nMSS-Group authorizes access based on logical groups rather than traditional approaches based on interfaces, subnets, or physical ports, according to Jeff Raymond, vice president of Arista EOS Product Management and Services.\nUnlike proprietary products, the MSS-Group segmentation architecture does not rely on proprietary Ethernet tags or protocols to work, Raymond said. That means upstream and downstream leaf and spine switches can be mixed and matched across multiple vendors. Arista MSS-Group-capable switches are agentless and can be deployed across client to campus to cloud in network-wide deployment, all orchestrated via CloudVision, Arista stated. \u00a0\nAs part of this product rollout, Arista and Forescout announced the result of a year-long co-development effort to streamline policy design and management: Forescout eyeSegment is now integrated with Arista CloudVision. The idea is to let customers utilize eyeSegment\u2019s real-time device context to easily create, manage and monitor group-based segmentation policies.\nProduction-ready eyeSegment policy information is then shared with CloudVision to consistently enforce rules across multiple network domains via the MSS-Group architecture, according to Forescout.\n\u201cOrganizations can use Forescout eyeSegment to automatically apply real-time context to associate each connected device with its relevant security segmentation group, easily design and monitor group-based policies, and communicate the appropriate segmentation policies to CloudVision. CloudVision is then responsible for the dynamic orchestration of the required policy to the Arista switches for enforcement,\u201d Arista stated.\nDriving the need for better security is the growth of SaaS services and the need to secure access to those services but also the proliferation of IoT devices.\u00a0\n\u201cIn this world of networked IoT, a camera should only communicate with the DVR and security administrator. Security and network administrators need to have the ability to easily define, classify and group segments concerning who is accessing what, independent of IP addressing and other network protocol constructs,\u201d wrote Arista CEO Jayshree Ullal in a blog about the MSS-Group announcement.\nArista\u2019s MSS products are key to its overarching development of a zero trust architecture for enterprise customers that company execs say is built off of NIST\u2019s zero trust framework, which basically states not to trust any user or device by default.\n\u00a0\u201cZero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned). Authentication and authorization (both subject and device) are discrete functions performed before a session to an enterprise resource is established,\u201d NIST states.\nFor its part, Arista\u2019s zero-trust security includes network-based multi-domain segmentation, situational awareness\u2014what\u2019s connected to what\u2014continuous monitoring for behavior, and \u00a0AI-driven network detection and response, which is where Forescout and Arista\u2019s Awake platform come in. Arista purchased Awake Security in 2020 for its AI-based network detection and response system.\n\u201cWe need to eliminate the implicit trust associated with traditional network architecture and instead build secure, zero-trust networks that assume devices only have access to resources they need and that once a device is on the network it is continuously monitored and detected for mal-intent,\u201d Ullal stated. \u00a0\nMSS Firewall and MSS Host features are available as part of Arista CloudVision. The MSS-Group support will begin trials in the first quarter of this year.