Menu
Arista streamlines network access control via SaaS

Arista streamlines network access control via SaaS

Arista’s CloudVision Guardian for Network Identity uses AI to implement, troubleshoot, and enforce NAC policies.

Credit: Dreamstime

Arista Networks has rolled out a SaaS-based service aimed at helping enterprises more network access control (NAC) more easily.

The service, called CloudVision Guardian for Network Identity (CV-AGNI) uses real-time telemetry from Arista’s network products, combines it with data from its CloudVision management platform, and uses artificial intelligence to evaluate the information and implement security policies. 

The service can also onboard new devices, authenticate existing users, segment devices on the network, or help troubleshoot problems from a cloud-based system, according to Pramod Badjate, group vice president and general manager, of Arista’s Cognitive Campus group. 

“Historically the enterprise identity store would be in some on-prem system like Active Directory that has hardware or a series of VMs associated with it, and making changes to that system requires lots of manual work. In addition they're very costly to scale up, and difficult to scale down. So if you had a really small organisation, NAC almost cost prohibitive because of the starting scale to deploy the solution,” Badjate said.  “But as cloud application authentication increases we think it only makes sense to do NAC from a cloud, AI-based system that can be updated quickly,” Badjate said. He said that CV-AGNI can cut policy deployment time by up to 75%.

Arista has implemented a natural-language, generative AI-based system in CV-AGNI called Autonomous Virtual Assist (AVA) that utilises Arista and third-party datasets in Arista’s NetDL architecture to support the service.

The Ask AVA service brings a chat-like interface for configuring, troubleshooting, and analysing enterprise security policies and device onboarding, Badjate said. 

“The typical troubleshooting scenario is somebody couldn't connect and you're trying to figure out what happened.  So you can just ask the question, ‘Why is Bob not able to connect?’ and  the system goes and identifies all relevant components or policies related to that person offers up what might be the reason that somebody is not able to connect,”  Badjate said. 

THe company plans to expand AVA's capabilities, wrote Arista’s CEO  Jayshree Ullal in a blog about the news. “In the future, AVA will extend these AI-driven capabilities to other parameters, including anomaly detections,” he wrote.

In its first iteration AGNI integrates with third-party products including:

  • Endpoint Management systems: Medigate by Claroty, CrowdStrike XDR, Palo Alto Cortex XDR.
  • Identity Management: Okta, Google Workspace, Microsoft Azure, Ping Identity and OneLogin.
  • Mobile device management: Microsoft Intune, JAMF
  • SIEM: Splunk

The AGNI software subscription will be license up to three devices per user and will be available in the second quarter.


Events

Show Comments