SASE ROI Calculator

SASE can save your company a lot of money. Use the industry’s-first SASE ROI calculator to quantify the cost savings you can achieve in services, asset consolidation, and labor when deploying Versa SASE.

SASE ROI Calculator

SASE can save your company a lot of money. Use the industry’s-first SASE ROI calculator to quantify the cost savings you can achieve in services, asset consolidation, and labor when deploying Versa SASE.

Top Energy Firm Achieves Comprehensive “Work-From-Anywhere” with Versa SASE

A large, publicly traded energy company operating in all areas of the oil and gas industry has dramatically simplified their network stack and realized huge cost savings with Versa SASE.

 
Availability and Buying Options in the Emerging SASE Market

EMA evaluates the different SASE vendors and their approaches to architecture, go-to-market, and support for their cloud-delivered and hybrid services.

 
Gartner Magic Quadrant for WAN Edge Infrastructure

Gartner Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.

Versa Networks - Explained in 1 minute

Learn about the Versa Secure SD-WAN solution in a high-level, one minute overview.

Versa SASE (Secure Access Service Edge)

SASE is the simplest, most scalable way to continuously secure and connect the millions points of access in and out of the corporate resources regardless of location.

 
Versa Secure SD-WAN – Simple, Secure, and Reliable Branch to Multi-Cloud Connectivity

Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.

The Modern Secure Network Blog

Posts by Winny Thomas

Research Lab

SUPERNOVA: the Invisible Explosion That Caught the Industry Off Guard

winny-thomas
By Winny Thomas
Principal Security Architect
December 29, 2020

On December 13, 2020, FireEye reported a global campaign that targeted a large sector of industries by threat actors who inserted malicious code within a software component used by the popular network management software SolarWinds. It is not yet known how the threat actors managed to gain access to the development environment in which they added and distributed this malicious code as part of an update to the software. This trojanized version of the dynamic-link library (DLL) has been given the name ‘Sunburst’ by FireEye. Surprisingly enough, researchers have found evidence of the presence of a second backdoor in the SolarWinds product.



Research Lab

The NSA’s Top 25 Most Exploited Vulnerabilities

winny-thomas
By Winny Thomas
Principal Security Architect
December 23, 2020

The National Security Agency published a list of 25 CVEs (Common Vulnerabilities and Exposures) that were most exploited by threat actors in recent times. Some of these CVE’s were used to deliver malicious software that allowed monitoring remote networks, maintaining continued access to remote networks, and, in some cases, using these CVEs to pivot to other systems within the internal network. For example, CVE-2019-11510 was used to gain access to sensitive VPN information of user accounts and then use the credentials to deliver ransomware like Sodinokibi. Similarly, CVE-2019-0803 was used to establish a backdoor to gain and maintain access to…



Research Lab

CVE-2020-0796 – A Potential SMB Attack in the Horizon

winny-thomas
By Winny Thomas
Principal Security Architect
April 15, 2020

Server Message Block or SMB is a protocol used extensively by windows. It allows windows computers to communicate, locate file servers, locate and communicate with windows networks services and even communicate with other operating systems that understand the SMB protocol. The latest version of SMB is SMB version 3 which is affected. Over the years numerous vulnerabilities were discovered in the protocol which were actively exploited and used by malware authors to build ransomware, cryptominers, SCADA malware etc. MS08-067 saw the rise of the Conficker worm, MS10-061 was used by the infamous Stuxnet malware and MS17-061 was used by ransomware’s…



Research Lab

COVID-19 Ransomware Analysis

winny-thomas
By Winny Thomas
Principal Security Architect
April 9, 2020

Versa Security Lab recently analyzed couple of malware samples which arrives on a computer through phishing emails containing documents with embedded link which eventually leads to the download of the malware. Some of these may arrive through websites pretending to provide information on the recent Corona virus outbreak. The past few months have seen several malicious webservers and domains being set up, purportedly serving information on the Covid-19 virus outbreak. Most of these sites are hosts to ransomware and other malware types. In this blog we are going to look at one sample which encrypts files contents and updates the…



Research Lab

Internal Network Exposure via UPnP NAT Injection

winny-thomas
By Winny Thomas
Principal Security Architect
December 5, 2018

Universal Plug-n-Play – (UPnP) is a suite of protocols that enables a device to discover other devices on a network, configure itself to operate in the network, and advertise its services. This allows a device to locate routers, printers and other resources on a network. UPnP runs on UDP port 1900 and communicates using SOAP messages over HTTP. The actual configuration and management interface are implemented using a SOAP-based HTTP service running over a dynamically allocated TCP port. The UPnP protocol allows management of aspects of a device’s operation to extend support by the protocol implementation on the device and its…



Research Lab

Lateral Movement – Definition, Causes & Protection

winny-thomas
By Winny Thomas
Principal Security Architect
October 5, 2018

Lateral Movement Definition: Lateral movement is a technique used by cyber attackers to infiltrate and move through a network with the intent of obtaining secure data. The Cause The term “Lateral Movement” has been around for a little over four years and was in the news when ransomware like WannaCry and APT’s like APT28 and APT29 used lateral movement techniques.  Most often an attacker may not have direct access to a machine or resource on the internal network, which the attacker considers a prized trophy. The prized trophy may be the domain controller, a machine hosting confidential information, or the…



Research Lab

FIN7 — the New Avatar

winny-thomas
By Winny Thomas
Principal Security Architect
November 2, 2017

Fin7 is a cybercrime group that employs spear phishing attacks to deliver malware that uses fileless malware techniques, sophisticated evasions and persistence. They mostly target the financial sector. In this blog, we are going to take a high-level look at one such sample seen in the wild, which employs several layers of obfuscated JScript, powershell and DLL embedded within a Microsoft Word document. The sample analyzed has the MD5 hash 29a3666cee0762fcd731fa663ebc0011. Through a series of deeply embedded base64 encoded scripts, obfuscated code and use of powershell, this strain achieves stealth and evasion. The document arrives as an email attachment in…