Versa Networks, the global pioneer in AI/ML-powered Unified Secure Access Service Edge (SASE) and Software-Defined WAN (SD-WAN) announced Versa Secure SD-LAN, the industry’s first software-defined branch and campus Local Area Network (LAN) solution to deliver Zero Trust and IoT Security natively at the LAN Edge.
This software-defined approach makes campus and branch networks more agile and integrated, and Zero Trust improves the security posture.
Operational challenges
For years, enterprises have grappled with the limitations and vendor lock-in from traditional LAN solutions. Legacy LAN architectures create painful operational challenges and cannot meet the evolving business needs of a secure modern enterprise.
These issues are driven by the need to stitch together a fragmented set of point products, rigid architectures that lack business flexibility, and disjointed box-by-box configuration and management that is onerous and error-prone. In addition, product refresh cycles continually force upgrades and migrations that are expensive and time-consuming.
Traditional LAN architectures
This approach runs counter to the current security best practices which apply Zero Trust
Traditional LAN architectures continue to use outdated perimeter-oriented security that implicitly trusts users and allows them to access all resources on the network. If a threat actor or a ransomware-infected device is able to initially authenticate, it can move laterally and compromise other devices on the network.
This approach runs counter to the current security best practices which apply Zero Trust and continuously authenticate users while limiting access to only necessary resources. The rise of IoT devices further expands this unsecured internal attack surface area.
What’s new?
Versa Secure SD-LAN brings a software-defined approach to the LAN to improve agility and security. The solution deploys Versa software on Ethernet switches and access points to deliver integrated switching, routing, security, and network services.
Versa Secure SD-LAN can co-exist and interoperate with existing campus or branch LAN products from other vendors. Versa Secure SD-LAN extends Versa’s Unified SASE platform capabilities into the LAN Edge.
User, device, and application awareness
The network to identify internal and external threats and stop the spread of potential attacks
The solution provides user, device, and application awareness combined with a centralised policy repository to give enterprises full visibility and control across the branch or campus network, including OT and IoT devices.
This approach enables every switch and access point to become a Zero Trust enforcement point that continually assesses the security posture of users, devices, and the network to identify internal and external threats and stop the spread of potential attacks.
The solution includes
Versa Secure SD-LAN software:
Software-defined architecture for the campus and branch delivering integrated L4-7 security with the standards-based networking found in today’s switches.
This sets the foundation for in-line least privilege access and adaptive micro-segmentation to limit lateral movement and reduce the risk of compromise while delivering unprecedented agility and deployment flexibility for the LAN.
Certified appliances:
Versa Secure SD-LAN runs directly on the following newly released certified bare metal appliances to provide the scale and capacity needed for branch and campus:
- CSG3300 and CSG3500 Appliances. Converges routing, SD-WAN, SD-LAN, and security into a single branch appliance to deliver simplified management and lower Total Cost of Ownership (TCO).
- CSX4000 and CSX8000 Series. Ethernet switches that deliver line-rate L2, L3, VXLAN, and L4-7 security including firewall, application identification, adaptive micro-segmentation, IoT fingerprinting, and inline ZTNA.
Versa Zero Trust – Premises:
Consistent and granular policies are enforced based on identity and a continuous assessment
A secure access solution that extends the same ZTNA principles used for remote workers to those that are on-premises. Consistent and granular policies are enforced based on identity and a continuous assessment of user, device, and network posture.
This solution can be used together with Versa Secure Private Access to provide an integrated ZTNA solution for both remote and on-premises users with a single integrated policy repository.
Software-Defined Adaptive Micro-segmentation:
Continuously assesses user behaviour using AI/ML-based user and entity behaviour analytics (UEBA) and device posture to identify potential threats and isolate security-degraded devices into microsegments in real time.
Potential threats are identified closest to the host, limiting the blast radius of a possible attack.
VersaAI™:
The solution is configured, provisioned, and managed through a unified console with a unified policy
A shared set of fine-tuned AI/ML engines natively integrated into the platform and embedded into the LAN to identify malicious behaviours in real-time and enhance network and security operational excellence.
The solution is configured, provisioned, and managed through a unified console with a unified policy repository and data lake to reduce complexity and enhance visibility.
- VersaAI™ for Security: Versa’s UEBA and AIOps identify threats and anomalous behaviours and deliver actionable insights for accelerated remediation.
- VersaAI™ for Networking: Pre-emptively adjusts traffic paths in real-time, automates troubleshooting, optimises operations, reduces network downtime, and improves predictability.
Secure software-defined solutions
“Versa has continued to lead the industry in delivering secure software-defined solutions with SD-WAN and Unified SASE,” said Apurva Mehta, Co-Founder and CTO for Versa Networks.
“We are the first to fully software define and secure the Enterprise LAN with a modern approach. With Versa Secure SD-LAN, we are transforming the campus and branch and bringing in-line Zero Trust, automation, and unmatched control and visibility to the Enterprise LAN.”