Versa Secure SD-LAN delivers zero trust and IoT security
Versa Networks announced Versa Secure SD-LAN, a software-defined branch and campus Local Area Network (LAN) solution to deliver zero trust and IoT security natively at the LAN Edge.
This software-defined approach makes campus and branch networks more agile and integrated, and zero trust improves the security posture.
For years, enterprises have grappled with the limitations and vendor lock-in from traditional LAN solutions. Legacy LAN architectures create painful operational challenges and cannot meet the evolving business needs of a secure modern enterprise.
These issues are driven by the need to stitch together a fragmented set of point products, rigid architectures that lack business flexibility, and disjointed box-by-box configuration and management that is onerous and error prone. In addition, product refresh cycles continually force upgrades and migrations that are expensive and time-consuming.
Traditional LAN architectures continue to use outdated perimeter-oriented security that implicitly trusts users and allows them to access all resources on the network. If a threat actor or a ransomware-infected device is able to initially authenticate, it can move laterally and compromise other devices on the network.
This approach runs counter to today’s security best practices which apply zero trust and continuously authenticate users while limiting access to only necessary resources. The rise of IoT devices further expands this unsecured internal attack surface area.
Versa Secure SD-LAN brings a software-defined approach to the LAN to improve agility and security. The solution deploys Versa software on Ethernet switches and access points to deliver integrated switching, routing, security, and network services.
Versa Secure SD-LAN can co-exist and interoperate with existing campus or branch LAN products from other vendors. Versa Secure SD-LAN extends Versa’s Unified SASE platform capabilities into the LAN Edge.
The solution provides user, device, and application awareness combined with a centralized policy repository to give enterprises full visibility and control across the branch or campus network, including OT and IoT devices. This approach enables every switch and access point to become a Zero Trust enforcement point that continually assesses the security posture of users, devices and the network to identify internal and external threats and stop the spread of potential attacks.
Available now, the solution includes:
Versa Secure SD-LAN software. Software-defined architecture for the campus and branch delivering integrated L4-7 security with the standards-based networking found in today’s switches. This sets the foundation for in-line least privilege access and adaptive micro-segmentation to limit lateral movement and reduce the risk of compromise, while delivering unprecedented agility and deployment flexibility for the LAN.
Certified appliances. Versa Secure SD-LAN runs directly on the following newly released certified bare metal appliances to provide the scale and capacity needed for today’s branch and campus:
- CSG3300 and CSG3500 appliances. Converges routing, SD-WAN, SD-LAN, and security into a single branch appliance to deliver simplified management and lower Total Cost of Ownership (TCO).
- CSX4000 and CSX8000 series. Ethernet switches that deliver line rate L2, L3, VXLAN, and L4-7 security including firewall, application identification, adaptive micro-segmentation, IoT fingerprinting, and inline ZTNA.
Versa zero trust – premises. A secure access solution that extends the same ZTNA principles used for remote workers to those that are on-premises. Consistent and granular policies are enforced based on identity and a continuous assessment of user, device and network posture. This solution can be used together with Versa Secure Private Access to provide an integrated ZTNA solution for both remote and on-premises users with a single integrated policy repository.
Software-defined adaptive micro-segmentation. Continuously assesses user behavior using AI/ML-based user and entity behavior analytics (UEBA) and device posture to identify potential threats and isolate security-degraded devices into microsegments in real-time. Potential threats are identified closest to the host, limiting the blast radius of a possible attack.
VersaAI. A shared set of fine-tuned AI/ML engines natively integrated into the platform and embedded into the LAN to identify malicious behaviors in real time and enhance network and security operational excellence. The solution is configured, provisioned, and managed through a unified console with a unified policy repository and data lake to reduce complexity and enhance visibility.
- VersaAI for security. Versa’s UEBA and AIOps identify threats and anomalous behaviors and deliver actionable insights for accelerated remediation.
- VersaAI for networking. Pre-emptively adjusts traffic paths in real-time, automates troubleshooting, optimizes operations, reduces network downtime, and improves predictability.
“Versa has continued to lead the industry in delivering secure software-defined solutions with SD-WAN and Unified SASE,” said Apurva Mehta, CTO for Versa Networks. “Now we are the first to fully software define and secure the Enterprise LAN with a modern approach. With Versa Secure SD-LAN, we are transforming the campus and branch and bringing in-line Zero Trust, automation, and unmatched control and visibility to the Enterprise LAN.”