SASE can save your company a lot of money. Use the industry’s-first SASE ROI calculator to quantify the cost savings you can achieve in services, asset consolidation, and labor when deploying Versa SASE.
A large, publicly traded energy company operating in all areas of the oil and gas industry has dramatically simplified their network stack and realized huge cost savings with Versa SASE.
EMA evaluates the different SASE vendors and their approaches to architecture, go-to-market, and support for their cloud-delivered and hybrid services.
SASE is the simplest, most scalable way to continuously secure and connect the millions points of access in and out of the corporate resources regardless of location.
The SASE Framework was initially developed by Gartner for the sole purpose of simplifying the convergence and adoption of a myriad of security and network point solutions which enterprises implemented to address a variety of emerging challenges including poor user experience, limited visibility, and Increased attack surface, while pursuing a Digital Transformation strategy.
Figure 1: Securing Work-from-Anywhere Users
SASE or Secure Access Services Edge as defined by Gartner is a combination of Network-as-a-Service(NaaS) and Security-as-a-Service (SaaS) delivered via the cloud. The SASE framework is itself broken down into three categories of distinct capabilities; Core, Recommended, and Optional:
Core: SD-WAN, Zero Trust Network Access (ZTNA), SWG, and CASB.
Recommended: Web Application & API Protection (WAAP),Remote Browser Isolation (RBI), and Recursive DNS & Network Sandboxing.
SASE market remained crowded and fragmented with over 35 vendors vying for a slice of the market. According to the Del’Oro Report, SASE service providers come from two sub-segments:
Disaggregated SASE
Unified SASE
Disaggregated SASE consists of separate networking (e.g., SD-WAN) and security (e.g., SWG) products and services that can be bundled into a SASE solution, whereby the services may come from a collage of distinct products from the same or different vendors. A majority of SASE vendors belong to this category.
This results in multiple policy repositories (i.e., separate networking and security policies), multiple software stacks, multiple management interfaces, and multiple sources of visibility and analytics.
Unified SASE Approach
The ideal solution to solve customer’s challenges is the unified SASE approach. The defining characteristics of SASE-Unified are:
Networking and security services are integrated into a single platform with all SASE components provided by the same vendor.
Implements a single policy repository that spans network and security policy.
Figure 3: Disaggregated vs. Unified SASE
Versa Unified SASE
Versa SASE delivers a comprehensive integrated SASE solution within a single software stack which mitigates the requirement to perform service chaining, cascading, or virtual interconnect between SASE services required by other solutions in the market. Versa Single-Pass Parallel Processing architecture combines full-featured SD-WAN, complete integrated security, advanced scalable routing, genuine multi-tenancy, and sophisticated analytics into one software image.
Figure 4: Versa Approach to Unified SASE
With a single interface to configure and implement corporate policies, Versa SASE delivers visibility and control through a single pane of glass. Versa protects all corporate resources with unified security policies for every session for every user, on any device, accessing any application. Security is embedded which results in no security breakage from service chaining which leads to better security hygiene, true access authenticity and only one point of decryption.
Figure 5: Versa SASE Architecture
Versa’s Security Evangelists
Tony Garcia DIRECTOR, SECURITY EVANGELISM Tony is a Director of Security Evangelism for Versa Networks. He brings over two decades of experience in the field of technology and cybersecurity. Tony has previously served in many diverse roles in cybersecurity from consultant, strategist and vCISO/CISO in the Fortune 500 space with Deloitte, US Department of Defense, Microsoft, British Telecom, Toyota, and Mr. Cooper Group. He currently holds multiple industry leading certifications, including CISSP, CISM, CRISC, CCSK, and a masters in cybersecurity and information assurance.
Avik Bose SECURITY EVANGELIST Avik is a Security Evangelist with Versa Networks. He brings in over 18+ years of experience in Cybersecurity and Consulting. Avik has previously served in multiple organizations including F5 Networks, Palo Alto, Mcafee, Barclays. in various capacities ranging from a Security Consultant, Principal Security Architect and Presales Lead. His areas of interest include Cloud & Cloud Security, Kubernetes etc. He is a certified AWS Solution Architect-Professional.
Question1: How Security Services Edge (SSE) and SD-WAN Together offer a more comprehensive solution?
Tony – The SASE framework was proposed by Gartner to address a host of challenges organizations were facing while trying to adopt digital transformation. Some of these challenges like optimized network and application performance, better network visibility can only be addressed with a SD-WAN solution. While Security Services Edge can help address the security challenges associated with digital transformation, they cannot do anything to elevate or address the challenges w.r.t network and application performance which can result in poor user experience. Also, more often than not introducing SSE solution in isolation can impact application performance and user experience in a negative fashion by introducing additional overhead/latency to the processed traffic.
Figure 6: Integrated Solution including SWG and SD-WAN
Question 2: How does unified SASE improve end user experience?
Avik – A Unified SASE solution by combining traffic engineering capabilities of the SD-WAN component of the solution ensures that the traffic originating both from Branch Locations and End user’s machine is processed optimally including but not limited to Application –QOS, IP SLA, automatic most optimal gateway selection, automatic failover of the traffic between multiple gateways which results in much lesser latency either for Internet bound or private access traffic.
Figure 7: Advantages of Unified SASE
Question 3: How does unified SASE improve visibility and productivity of operations team?
Tony – A Unified SASE solution by offering a single policy engine and a single pane of glass both for Network as a Service Component and Security as a Service component ensures that the operations teams don’t have to toggle through a multitude of UI’s / Management console to either define the required policies or get the required visibility. Also, integration with 3rd party solution like SIEM and SOAR, ITSM tools also becomes much simpler since instead to trying to get a number of network and security components integrated into them, with a unified SASE solution the number is just reduced to one.
Figure 8: Single Policy for Cloud Security and SD-WAN
Question 4: How does unified SASE reduce cost/time of deployment and operations?
Avik – A unified SASE Solution by design will have a lot a smaller number of components than an independent SD-WAN & SSE solution put together. For example, an Independent SD-WAN + SSE solution will have at the very least 2 different Management /Analytics console + 2 different Logging Services + 2 different Gateway devices + 2 different end point agents while on the other hand a unified SASE Solution will have only 1 Management/Analytics console + 1 logging Service and 1 single gateway device + 1 single endpoint agent. This automatically simplifies the architecture and hence the deployment time and effort to a great degree.
Figure 9: Unified SASE reduce cost/time of deployment and operations
Conclusion: Benefits of Versa’s Unified SASE
Versa’s Unified SASE solutions allows organizations to take full advantage of the SASE framework by combining both the Network as a Service component and Security as a Service Component into one single cohesive solution with a unified policy engine both for network and security components and a single pane of glass to get a consolidated view of both the network and security landscape. This results in:
Better ROI by substantially reducing the implementation time, cost and effort of the SASE framework.
Decrease in operational overhead and complexity by offering a single policy engine and a single pane of glass.
Better visibility which results in improved detection and response times for Security events.
Changes the outlook of the organization from reactive to proactive resulting in higher utilization and productivity of Infrastructure and users.
