Versa extends SASE platform to the LAN edge

Versa Networks has bumped up its secure access service edge (SASE) software with a variety of features, including AI to help customers better manage LAN resources at the edge of their networks.

The company announced Versa SD-LAN, a software package that the company says will let customers integrate security, switching, routing, network and AI management services on approved white box Ethernet switches and access points.

“Versa Secure SD-LAN is built as an extension of Versa’s Unified SASE platform, so it shares the same management console, policy repository, and data lake as our Versa Secure SD-WAN, cloud, and data center products,” according to Kevin Sheu, vice president of product marketing with Versa.  

The Versa Secure SD-WAN provides a range of networking capabilities, including packet steering and packet loss reduction. Secure SD-WAN is part of Versa’s broader SASE platform, which runs the Versa Operating System (VOS) and integrates networking and security services into a platform that supports cloud, on-premises, and hybrid environments. Versa SASE includes VPN, secure SD-WAN, edge compute protection, next-generation firewall, firewall as a service (FWaaS), secure web gateway (SWG), data leak protection, zero-trust network access (ZTNA), and cloud access security broker (CASB).

The goal with SD-LAN is to eliminate the need to stitch together a fragmented set of point products that lack business flexibility, and disjointed box-by-box configuration and management that is onerous and error prone. In addition, traditional LAN architectures continue to use outdated perimeter-oriented security that implicitly trusts users and allows them to access all resources on the network, Sheu said. The SD-LAN package is looking to eliminate those issues and more, Sheu said.

On the zero-trust front, the software lets customers set up local access policies that can be adjusted based on identity, user or device posture, and the specific application being accessed, Sheu said.  

The platform provides user, device, and application awareness combined with a centralized policy repository to give enterprises full visibility and control across the branch or campus network, including OT and IoT devices. This approach lets every switch and access point become a zero-trust enforcement point that continually assesses the security posture of users, devices and the network to identify internal and external threats and stop the spread of potential attacks, Sheu said.

“The SD-LAN package can be used together with Versa Secure Private Access program to provide an integrated ZTNA for both remote and on-premises users with a single integrated policy repository,” Sheu said.

For AI, the new package supports VersaAI, which is made up of a shared set of fine-tuned AI/ML engines that are natively integrated into the platform and embedded into the LAN to identify malicious behaviors in real-time, Sheu said.  

It utilizes the Versa Unified SASE Platform to integrate a data set from across an organization’s entire infrastructure – from the WAN edge, cloud, campus, remote locations, users, and devices – into a unified data lake. VersaAI taps into this data lake to extract AI/ML insights that are seamlessly applied across the Versa product suite, now including the LAN.

With AI support, customers can identify threats and anomalous behaviors and deliver actionable insights for accelerated remediation. In addition, customers can preemptively adjust traffic paths in real-time, automate troubleshooting, and reduce network downtime, Sheu said.

The software also supports the vendor’s software-defined microsegmentation feature, which is part of all VOS-based devices. The capability lets customers define network-wide policies that set who has access to specific micro-segments of the network without the limitations of VLANs. The software supports the ability to identify and assess users and devices and then place them into the correct micro-segments. Next, inline L4-7 security functions can be applied depending on security posture and classes of traffic, Versa started.

Versa said the Secure SD-LAN runs directly on approved devices, including its CSG3300 and CSG3500 edge appliances. It also runs on its CSX4000 and CSX8000 Series Ethernet switches, which offer line rate L2, L3, VXLAN, and L4-7 security including firewall, application identification, adaptive microsegmentation, IoT fingerprinting, and inline ZTNA.

“We are working with a portfolio of partners who are developing certified appliances that support Versa Secure SD-LAN,” Sheu said.

Versa Secure SD-LAN is available as a licensed tier of VOS.