NGFW dynamically protects against external threats.
With the rise of cloud-based applications, remote work, and mobile devices, the expanding Enterprise perimeter is becoming more of a point of concern where the growing attack surface can lend itself to a host of external threats.
Securing the data center and branch offices is complicated and backhauling all branch traffic through a centrally deployed firewall in the data center is inefficient, introduces latency, and negatively impacts application performance.
In today’s world maintaining and up-keeping on-prem NGFW & UTM devices to effectively identify and prevent latest attacks is a technical challenge that requires up to date expertise on complex attack and protection methods. Running comprehensive security takes a lot of time and resources.
Market has been adopting NGFW (including UTM) as a Service to address these challenges and to make most use of collective market’s attack and protection information.
As part of Versa SASE product portfolio, Versa offers cloud delivered Next Generation Firewall as a service as part of its Versa Secure Internet Access (VSIA) product offering. Versa’s NGFWaaS provides a comprehensive security scope coverage for WAN Edge purposes together with other elements within the VSIA product offering.
Versa’s NGFWaaS enables the identification of users, flows, packets, and applications while establishing, monitoring, and automatically adjusting security and network policies based on threats, vulnerabilities, and changes in the network environment.
Versa’s NGFWaaS also includes decryption capabilities that perform macro and micro segmentation in addition to full multi-tenancy providing complete protection inside, outside, and along the border of the Enterprise.
Versa’s NGFWaaS being offered as part of VSPIA also addresses this divide in the market while some vendors separate their NGFWaaS from SWG and some others focus one or another. Versa’s VSIA offering provides a comprehensive set of capabilities including NGFWaaS (w/UTM), SWG, CASB, DLP and more, making it very easy to purchase and deploy most effective coverage for our Enterprise customers.
Versa’s Next Generation Firewall offers comprehensive security.
Stateful Firewall – Zone-based Firewall, support Address Objects, Address Groups, Services, Geo-Location, Time-Of-Day, Rules, Policies, Zone Protection, DDoS (TCP/UDP/ICMP Flood), Syn-cookies, Port-scans, ALG support, SIP, FTP, PPTP, TFTP, ICMP, QAT support.
Application Visibility – Identifies more than 3000 applications and protocols, Supports Application groups, Application filters, Application visibility and logging.
Next-Generation Firewall – Coming with a rich policy engine with Policy Match Triggers of Applications, App Filters, App Groups, URL Categories, Geo Location, Application Identity based (AppID) policy rules, Application Group and Filters, Packet Capture on AppID, IP Blacklisting, Whitelisting, Custom App-ID signatures, SSL Certificate-based protection, Expired certificates, Untrusted Cas, Unsupported cyphers and key lengths, Unsupported Versions, NSSLabs Recommended Rating.
IP Filtering – Filtering of traffic based on Geo-Location, DNS name, Reputation of Source/Destination IP Addresses – support for both IPv4 and IPv6. Automatic updates of IP Reputation database.
URL Categorization and Filtering – URL categories and reputation including customer-defined, Cloud-based lookups, Policy trigger based on URL category, URL profile (blacklist, whitelist, category reputation), Captive portal response including customer defined, Actions include block, inform, ask, justify, and override.
Anti-Virus – Network/Flow based protection with auto signature updates, HTTP, FTP, MTP, POP3, IMAP, MAPI support, 35+ file types supported (exe, dll, office, pdf & flash file types), Decompression support, Storage profile support, Auto signature updates.
Intelligent NGFW security for Enterprise needs.
Versa NGFW is dynamic and encompasses the contextual intelligence and awareness of users, devices, sites, circuits and clouds; enabling robust and dynamic policies to achieve a multi-layered security posture. IT teams can deploy contextual network and security policies for specific users and specific devices, such as anti-virus and URL-filtering, when utilizing particular site-to-site or Internet links.
In addition, all connectivity is based on industry standard IPsec tunnel encapsulation and all traffic is encrypted and secure. IT security teams are able to set unique security policies, differentiated services or security service-chains for guest access, corporate access and partner access networks at the branch. This enables the Enterprise to meet business security and compliance policy requirements — all with a single unified software platform.