Transcription

DatasheetAwake Security Platform“The Awake SecurityPlatform has exceededour expectations andempowered us to secureour connected workplacemore effectively andautonomouslythan ever.”– Rich Noguera, Fmr. CISO, Gap Inc.As attackers have evolved beyond malware, supply chain threats, insider attacks and living offthe land tactics challenge the ability for organizations to defend themselves effectively. At thesame time a new network has emerged with unmanaged Internet of things, cloud infrastructure,contractor and third-party devices and shadow IT. Security teams recognize the need for threathunting to deal with this evolving landscape, but struggle with the time and skills necessary todistinguish between good and bad when everything looks like normal activity.The Awake Security Platform is built on a foundation of deep network analysis from AwakeSensors that span the ”new network”—including the data center, campus, IoT as well as cloudworkload networks and SaaS applications. Unlike other network detection and response solutions,Awake parses over three thousand protocols and processes layer 2 through layer 7 data. Theplatform analyzes encrypted traffic to identify important context such as the nature of traffic (filetransfer, interactive shell etc.), the applications communicating and the presence of remote access,all without forcing data decryption. Awake’s EntityIQTM technology uses this information toautonomously profile entities such as devices, users and applications, while also preserving thesecommunications for historical forensics.Only Awakearista.comDelivers EntityIQ to autonomously discover &profile every device, user & application whethermanaged or unmanaged by the organization.Delivers visibility into encrypted traffic using AIto classify the application communicating,nature of traffic etc.Enables Adversarial Modeling that exposesattacks including insider threats, credentialmisuse, lateral movement & data exfiltration.Reduces false positives & negatives byavoiding basic unsupervised learning on IPaddress data.Includes Ava to automate triage &investigations and provides a decision supportsystem to the analyst.Requires no agents, manual configuration orlengthy training periods.

DatasheetAwake SensorsAwake NucleusAvaThe Awake Expert SystemDatacenter NetworkPerimeter NetworkUser NetworkQAIOT / OT NetworkCloud TapsSaaS ConnectorsPacket StoreExtracted activity data feeds into the Awake Nucleus which uses a combination of detection models to uncover malicious intent. Anensemble of machine learning approaches avoid reliance on simplistic and noisy anomaly detection or unsupervised learning. Awake’sAdversarial Modeling language enables the uncovering of even the most complex attacker tactics, techniques and procedures(TTPs), with extensible AI-driven models that first zero in on suspicious activity and then gather corroborating evidence to supportconviction. The modeling language delivers rich data analysis capabilities as well as a vocabulary to express attacker TTPs, so that evena relatively junior analyst can now hunt. The Nucleus provides a single sign-on and role-based user experience as well as a full API forextensibility, notifications and integrations with other IT and security solutions for automated response and remediation.Ava, Awake’s autonomous security analyst, is the world’s first AI-based security expert system that performs threat hunting and incidenttriage. Ava automatically connects the dots across the dimensions of time, entities, and protocols, enabling the solution to present endto-end Situations to the end user rather than a plethora of meaningless alerts. Analysts thus see the entire scope of an attack alongwith investigation and remediation options on a single screen while avoiding the effort of piecing it together themselves. Importantly,federated machine learning allows Awake customers to gain these capabilities while keeping their private data firmly within theirinfrastructure.arista.com

DatasheetUse CasesDetectionResponseSituational AwarenessThreat HuntingThe platform uses AI todetect & prioritizemal-intent & behavioralthreats from both insiders& outside attackers, whilemapping these to theMITRE ATT&CK framework.Ava forensically correlatesincidents across entities,time, protocols and attackstages, surfacingSituations with all thedecision support datanecessary to respondrapidly to any threat.Awake learns & tracksentities across IT, OT or IoTenvironments whetherthey are on-premise,cloud or SaaS andmanaged or unmanagedincluding contractorsand other third-parties.The platform’s rich dataset and query capabilitiesenable powerful threathunting workflows. Avacan take a single triggerfrom a human analyst andin a matter of minutesautonomously exposethe entire kill-chain.IntegrationsThe Awake Security Platform integrates with and amplifies existing solutions through integrations into industry-leading SIEM, businessintelligence, ticketing and analytics, endpoint detection and security orchestration tools. In addition, the platform supports a full API forcustom workflows and integrations. For instance, the SIEM integration allows an analyst to pivot from an alert containing a IP or emailaddress to a device profile with associated user(s) and roles, operating system and application details, a forensic threat timeline as wellas a listing of similar device(s) for campaign analysis. Similarly, endpoint integrations allow for one click quarantining of compromiseddevices or retrieval of endpoint forensic data.arista.com

DatasheetDeployment ModesThe Awake Security Platform can be deployed in two modes depending on customer requirements and network architecture:All-in-oneThe Awake Sensor and Awake Nucleus in this case are deployed on a single appliance. This deployment is ideal for customers whodeploy a single instance of Awake or do not require a centralized view of their deployment.SplitWhen deployed in this mode, the Sensor and Nucleus are deployed separately. Sensors can be deployed in a variety of form factorsincluding physical or virtual appliances. The Nucleus can also be deployed as a hardware cluster to support higher performancerequirements as well as in Amazon Web Services to support distributed deployment of sensors.Awake NucleusCLOUDSITE AServersDesktops /BYODIoT & OTSwitch / RouterSensorInternetAvaSITE BLAN Management Linkarista.comCapture Feed(From TAP, SPAN or Cloud Traffic Mirroring)Internet Connectivity

DatasheetAwake Security Platform Hardware SpecificationsModel #ASP-S-NSASP-L-NSASP-L-ANASP-L-Ai1FunctionSensor OnlySensor OnlyNucleus OnlyAll in OneNetwork PerformanceUp to 1 GbpsUp to 5 GbpsUp to 10 Gbps1Up to 5 GbpsMeta Data StorageN/AN/A90 days90 daysPERFORMANCE & CAPACITIESHARDWARE SPECIFICATIONSRack Unit1U2U2U2UCPU Cores32649696RAM512 GB512 GB1 TB1 TBDisk Storage1 TB12x 6 TB10x 8 TB10x 8 TBSSD1x 1 TB2x 480 GB2x 480 GB2x 480 GBNon-volatile Memory--2x 3.2 TB PCIe NVME2x 3.2 TB PCIe NVME2x 1 Gbps OnboardEther-net2x 1/10 Gbps OnboardEthernetNetwork4x 10 Gbps Intel SFP Ports4x 10 Gbps Intel SFP 1x Out of BandManagement InterfacePower Supply1x Out of BandManagement Interface2x 750W - Redundantand Hot SwappableModel # (Virtual Sensors)2X 1400W- Redundantand Hot Swappable4x 1 Gbps OnboardEther-net2x 10 Gbps Intel Ethernet1x Out of BandManagement Interface2X 1400W- Redundantand Hot SwappableASP-S-VS4x 1 Gbps OnboardEther-net4x 10 Gbps Intel SFP Ports1x Out of BandManagement Interface2X 1400W- Redundantand Hot SwappableASP-L-VSPERFORMANCE & CAPACITIESFunctionSensor OnlySensor OnlyNetwork PerformanceUp to 500 MbpsUp to 1 GbpsSYSTEM REQUIREMENTSSupported HypervisorsVMware ESXi 5.5 VMware ESXi 5.5 Supported vCPUs812Minimum Memory128 GB128 GBMinimum Disk Drive20 GB20 GBNetwork Connectivity2x 1 Gbps Ethernet (including 1Management Inter-face)2x 1 Gbps Ethernet (including 1Management Inter-face)Model #ASP-S-AWS-VSASP-S-GCP-VSPERFORMANCE & CAPACITIESCloudAmazon Web ServicesGoogle Cloud PlatformFunctionSensor OnlySensor OnlyNetwork PerformanceUp to 1 GbpsUp to 1 GbpsSYSTEM REQUIREMENTSMinimum Instance Size Supportedr5.4xlarge - 16 vCPUn1-highmem-16 - 16 vCPUMinimum Disk Drive160 GB160 GBMinimum Memory128 GB104 GB1 Cluster mode supported for higher throughputsarista.com

DatasheetSanta Clara—Corporate Headquarters5453 Great America Parkway,Santa Clara, CA 95054Phone: 1-408-547-5500Fax: 1-408-538-8920Email: [email protected]—International Headquarters3130 Atlantic AvenueWestpark Business CampusShannon, Co. ClareIrelandVancouver—R&D Office9200 Glenlyon Pkwy, Unit 300Burnaby, British ColumbiaCanada V5J 5J8San Francisco—R&D and Sales Office 1390Market Street, Suite 800San Francisco, CA 94102India—R&D OfficeGlobal Tech Park, Tower A & B, 11th FloorMarathahalli Outer Ring RoadDevarabeesanahalli Village, Varthur HobliBangalore, India 560103Singapore—APAC Administrative Office9 Temasek Boulevard#29-01, Suntec Tower TwoSingapore 038989Nashua—R&D Office10 Tara BoulevardNashua, NH 03062Copyright 2020 Arista Networks, Inc. All rights reserved. CloudVision, and EOS are registered trademarks and Arista Networksis a trademark of Arista Networks, Inc. All other company names are trademarks of their respective holders. Information in thisdocument is subject to change without notice. Certain features may not yet be available. Arista Networks, Inc. assumes noresponsibility for any errors that may appear in this document. 2/21arista.com

The Awake Security Platform integrates with and amplifies existing solutions through integrations into industry-leading SIEM, business intelligence, ticketing and analytics, endpoint detection and security orchestration tools. In addition, the platform supports a full API for custom workflows and integrations.