Secure Access Service Edge (SASE)

Secure Access Service Edge, or SASE, is an emerging cybersecurity concept. In this video, you understand how the key capabilities of SASE address the demands of growing network sprawl and the challenges of digitally transforming your business.

Versa for Work-From-Home

Versa has made it simple for organizations to offer Secure SD-WAN for Work-From-Home users on home appliances or working from anywhere

Top Energy Firm Achieves Comprehensive “Work-From-Anywhere” with Versa SASE

A large, publicly traded energy company operating in all areas of the oil and gas industry has dramatically simplified their network stack and realized huge cost savings with Versa SASE.

 
Availability and Buying Options in the Emerging SASE Market

EMA evaluates the different SASE vendors and their approaches to architecture, go-to-market, and support for their cloud-delivered and hybrid services.

 
Gartner Magic Quadrant for WAN Edge Infrastructure, 2020

Gartner 2020 Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.

Versa Networks - Explained in 1 minute

Learn about the Versa Secure SD-WAN solution in a high-level, one minute overview.

Versa SASE (Secure Access Service Edge)

SASE is the simplest, most scalable way to continuously secure and connect the millions points of access in and out of the corporate resources regardless of location

 
Versa Secure SD-WAN – Simple, Secure, and Reliable Branch to Multi-Cloud Connectivity

Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.

The Modern Secure
Network Blog

Industry Insights

Mitigating Sophisticated Security Threats at the WAN Edge

versa-staff
By Versa Staff
Versa Networks
March 20, 2019

According to several industry surveys, it takes the typical enterprise over 200 days to discover a security breach, such as undisclosed web vulnerabilities or spearfishing for email credentials, according to the 2018 Cost of a Data Breach Study: Global Overview from IBM Security and Ponemon Institute.

The study calculated that the global average cost of a data breach is $3.86 million, up 6.4% from last year. The average cost, globally, for each lost or stolen record containing sensitive and confidential information is also up from last year, landing at $148 per record or a 4.8% increase from 2017.

Although the overall DDoS (distributed denial-of-service) attack volume is somewhat declining, the size of attacks is more foreboding; for example, in 2018 Arbor Networks was able to mitigate the largest DDoS attack ever seen, a 1.7 terabits reflection/amplification attack. DoS (Denial of Service) profiles allow the control of several types of traffic floods such as SYN floods, UDP and ICMP floods. GitHub suffered an attack of more than 500 million packets per second (Mpps), which is believed to be the largest packets-per-second (PPS) attack on record or 1.35 terabits per second. A (DDoS) attack is an attempt to disrupt network services and deny network access by overloading unnecessary traffic using multiple sources.

However, as enterprises increasingly expand applications to the cloud and extend access to mobile devices, many experts say that activist hackers and organized crime will correspondingly promulgate more web-borne and mobile-app attacks. These attack vectors including everything from exploiting backdoor holes in rogue app stores to disparate Android OS versions to SMS (Trojans malware files).

Gartner believes that by 2021, 27% of corporate data traffic will bypass perimeter security (an increase from 10% today) and flow directly from mobile and portable devices to the cloud. Web app vulnerabilities continue to threaten business continuity: according to Imperva, the overall number of new vulnerabilities in 2018 (17,308) increased by 23% compared to 2017 (14,082) and by 162% compared to 2016 (6,615). Imperva says that more than half of web application vulnerabilities (54%) have a public exploit available to hackers. In addition, more than a third (38%) of web application vulnerabilities don’t have an available solution, such as a software upgrade workaround or software patch.

Clearly, the contemporary enterprise has to constantly evaluate cyber threat posture to ensure that its defenses are progressing from a reactive mode to a more predictive posture that results in a self-healing architecture. One of the key elements to achieving such a milestone is to employ an SD-WAN fabric with real-time monitoring and analytics that capture end-user behavior metrics and detect anomalies based on AI and MI algorithms.

While most SD-WAN solutions provide the highest standards of on-premise traffic encryption, the other element to scrutinize is encryption key management, which is the ability to generate, distribute, store, rotate, and revoke/destroy cryptographic keys, partial key-strings and cyphertext as needed to protect the privacy of associated data.

Additionally, there are specific maneuvers enabled by Versa SD-WAN to mitigate DDoS damage, such as creating a profile that allows for setting rules for the maximum number of concurrent sessions as well as for setting independent limits on aggregate as well as source-destination pairs. This protection method involves implementing an extensive DoS template at the outset, which protects the network from high volume DoS attacks and acts as the first security barrier against DoS attacks.

Users can define the profile as a group of common settings for implementing the same settings across various zones. The settings are deployed in the zone where network traffic enters the firewall. The zone protection profile covers the zone and all the interfaces defined with the zone to which the protection is applied.

In terms of endpoint protection, users can configure Versa’s DoS policies to match interface, zones, IP address or user information as match rules for preventing DoS attacks. These zone protection profiles broadly provide defenses at the zone where packets enter the firewall.