Arista Networks today embedded the network detection and response (NDR) capabilities from its recent Awake Security acquisition into its campus switches to provide broader visibility, automated threat hunting, and risk mitigation.

“​​What we're trying to do is bake security deeper into the network,” Rudolph Araujo, senior director of marketing at Arista’s Awake NDR division told SDxCentral. Integrating NDR into switch “brings that capability of AI-driven security to self-secure the campus network.”

Arista’s NDR is powered by its Autonomous Virtual Assistant (AVA), which it acquired with the purchase of Awake in 2020. 

Founded in 2017, The startup’s security platform uses AI and machine learning to automate threat detection and hunting. It provides full-packet forensics and supports audits, investigations, and compliance with regulations like PCI-DSS across customers’ hybrid-cloud environments.

At the time, Arista CEO Jayshree Ullal touted Awake’s AI-driven threat detection for IoT networks. Additionally, Arista’s Campus Flow Tracker can work with Big Switch DMF — Big Switch is another recent Arista acquisition — for monitoring and Awake sensors to boost threat detection.

The sensor is one of the two key components of its AVA technology, the other one is the nucleus. Within the campus power-over-ethernet (PoE) switches, AVA sensors analyze the whole packet across layer 2-7, and then curates and transfers the data to the nucleus. This enables customers to improve threat detection and response and track threats "like ransomware making its way through the environment" Araujo said.

Deploying NDR on existing infrastructure also has cost benefits, he added. 

“We're giving the security ops persona a view into that network now, but it's a unified view from a hardware perspective, it's all deployed on the same gear,” Araujo said. “So by integrating this, we're in many ways bringing together the network ops and the security ops persona.”

And for existing Arista customers, it offers a lower barrier to entry for NDR, according to Tag Cyber CEO Edward Amoroso. “It saves having to deal with an external vendor and reduces the risk of trying to make the integration work,” he wrote in responses to questions.

The NDR capabilities, which are slated to launch in the second quarter, will be available as a software upgrade. This means new hardware isn't required to take advantage of security functionality. Meanwhile, the nucleus can either sit in customers' data centers or as SaaS application.

The new functionality is in line with predictions from Sameh Boujelbene, senior research director at Dell’Oro Group. Boujelbene expects to see more security, analytics, and automation capabilities integrating into the campus switches in the near future, as both incumbent and new entrants look for ways to differentiate themselves.

Prior to joining Arista, Awake’s CEO claimed the company had already displaced many established NDR vendors, including Arista arch-nemisis Cisco, which dominates the campus switch market. 

For packet analysis, “​​a lot of these other vendors are restricted, looking at just layer two to layer four data, we're looking at layer two to layer seven” Araujo said, adding that “legacy architectures are limited to NetFlow-type of context.”