Versa SASE SD-WAN Routing ZTNA SWG NGFWaaS CASB Network DLP RBI Analytics
  Deployment Options Multi-tenancy Automation
  SASE Components Endpoints Appliances Control & Management Cloud Gateways
SASE ROI Calculator

SASE can save your company a lot of money. Use the industry’s-first SASE ROI calculator to quantify the cost savings you can achieve in services, asset consolidation, and labor when deploying Versa SASE.

TryIt Now
Solution Overview Work-from-Home Solutions WAN Edge Solutions Secure SD-WAN Security Routing Lean IT Solutions
Industry Solutions Architecture Education Energy & Utilities Engineering & Construction Federal Government Financial Services Healthcare Hospitality
  Legal Manufacturing Public Sector Retail Satellite ISP Technology Transportation
SASE ROI Calculator

SASE can save your company a lot of money. Use the industry’s-first SASE ROI calculator to quantify the cost savings you can achieve in services, asset consolidation, and labor when deploying Versa SASE.

Try It Now
Our Customers Customer Acclaim Customer Videos Customer Support
Case Studies Top Energy Firm Global Satellite Provider Global Pharmaceutical Company Large Food Retailer National Dental Practice Global Retailer Global Financial Services Firm
  Global Credit Card Payments Company Cloud/SaaS Digital Marketing Firm McLaren Racing Limited Leading Media and Communications Service Provider Fortune 500 Financial Services Company
Top Energy Firm Achieves Comprehensive “Work-From-Anywhere” with Versa SASE

A large, publicly traded energy company operating in all areas of the oil and gas industry has dramatically simplified their network stack and realized huge cost savings with Versa SASE.

Case Study
Partner Overview Program Summary Technology Partners Microsoft Azure Google Cloud Dell Technologies
Titan for Partners Find a Partner Become a Partner Partner Portal
 
Availability and Buying Options in the Emerging SASE Market

EMA evaluates the different SASE vendors and their approaches to architecture, go-to-market, and support for their cloud-delivered and hybrid services.

Read the Report
What’s New SASE ROI Calculator Analyst Reports Webinars
Videos Datasheets Solution Briefs White Papers & eBooks
Certificates Versatility 2023 Product Documentation Versa Academy
Gartner Magic Quadrant for WAN Edge Infrastructure

Gartner Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.

Read the Report
Company Overview Leadership Team Our Investors Awards Contact Us
News Latest News Press Releases Media Coverage Events
Careers Current Openings Life at Versa Cultural Values
Versa Networks - Explained in 1 minute

Learn about the Versa Secure SD-WAN solution in a high-level, one minute overview.

Watch the Video
Secure Access Service Edge What are the Major SASE Components? What is Secure Web Gateway? What is ZTNA? What is CASB?
A Quick Introduction to SASE Architecture How to Adopt SASE Primary SASE Challenges Network Transformation with 5G Choosing A SASE Vendor
Why is SASE Necessary? What Kind of Company Should Use SASE? What are the Primary SASE Benefits? How Can SASE Help You and Your Organization?
Versa SASE (Secure Access Service Edge)

SASE is the simplest, most scalable way to continuously secure and connect the millions points of access in and out of the corporate resources regardless of location.

Read the Brief
What is SD-WAN? SD-WAN Tutorial SD-WAN Technology Choosing a Vendor
Hybrid WAN Cloud WAN IDS/IPS
 
Versa Secure SD-WAN – Simple, Secure, and Reliable Branch to Multi-Cloud Connectivity

Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.

Read the Brief

A Quick Introduction to SASE Architecture

SASE converges both networking and security capabilities into a single-service cloud-native architecture that shifts the security focus from traffic-flow-centric to identity-centric. SASE encompasses a package of technologies that embeds security into the global fabric of the network so it is always available no matter where the user is, where the application or resource being accessed is, or what combination of transport technologies connects the user and the resource.

SASE enables ubiquitous and direct client-to-cloud security—based on user identity and context—fully integrated with optimal client-to-cloud WAN routing. This realizes a flexible and scalable network architecture that provides embedded security as well as optimal performance along the Software-Defined Perimeter (SDP) edge.

The SASE Identity Architecture
SASE – Convergence and Inversion of the Network and Security Architectures

High-level SASE Architecture

In the Gartner representation of SASE architecture, the core of SASE is comprised of:

  1. The users, devices, applications, and resources, and
  2. The identity, risks, roles, profiles, privileges and policies that govern access between them

Encircling this core is the outer SASE layer comprised of all the security and networking technologies required to securely connect core entities: the Software-Defined Perimeter (SDP). The SDP tracks the transient connections between core entities, rather than follow the hard perimeters of traditional network architectures that aligned with fixed locations, geography, physical network zones, IP addressing or buildings.

Five SASE components are involved in defining and protecting the SDP: these components are engaged in a connection when needed (such as an NGFW, SWG or CASB), or are fundamental capabilities integral to the fabric of SASE (such as SD-WAN and ZTNA).

  • Secure SD-WAN
  • Secure Web gateway (SWG)
  • Cloud Access Security Broker (CASB)
  • Zero Trust Network Access (ZTNA)
  • Firewalling: NGFW and Firewall-as-a-Service (FWaaS)

SD-WAN Architecture

SD-WAN architectures enabled organizations to leverage direct internet connectivity to enable client-to-cloud workflows.

Traditional WAN Architecture

Traditional WAN Architecture

Traditional WAN architectures use the internet (if it uses it at all) purely as a point-to-point connection—protected by VPN technology—between an off-prem user and the headquarters or data center location. From there, where security and policies are applied, traffic is routed to cloud destinations. This design suffers from latency and scalability deficits.

SD-WAN Architecture

SD-WAN Architecture

SD-WAN architectures — based on Software-Defined Networking (SDN) principles — everage the internet as a meshed backbone transport, with the data center or cloud destinations equally and directly accessible by any Work-from-Anywhere (WFA) user. This design minimizes latency and optimizes scalability, but necessitates SASE to enable security enforcement in this environment of any-to-any connections where the terms “on-prem” and “off-prem” have lost significance.

SDP Architecture

The SDP concept draws on the 2007 Defense Information Systems Agency’s (DISA) model of restricting connections to those with a need-to-know, rather than trusting everything inside the fixed perimeter of a network. In 2013, the Cloud Security Alliance’s (CSA) SDP Working Group popularized SDP to create highly secure, trusted, end-to-end networks for broad enterprise use, also incorporating:

  • Standards from the National Institute of Standards and Technology (NIST)
  • Zero Trust principles to facilitate secure access between hosts regardless of location

A fundamental attribute of an SDN architecture is the separation of control, data and management planes. This separation allows for control of both the SD-WAN and the SDP control planes in a network, which in turn allows implementation of both SD-WAN and SD-security in the same software control component.

Software Defined Perimeter Architecture

SWG Architecture

A SWG protects enterprises and users from being accessed and infected by malicious web traffic, as well as from being contaminated by hijacked websites that contain malware or viruses.

Based on the user, device, and location context, the SWG evaluates application policy and grants access only if the policy allows the request based on identity context.

FIrewalls
Make decisions on a
packet-by-packet basis

No termination,
Stream scanning only
SWGs – Proxies
Receive complete request from
client before making decisions

Session termination,
Policy enforcement

CASB Architecture

A CASB provides a central location for concurrent policy and governance across multiple cloud services for both users and devices along with granular visibility into, and control over, user activities and sensitive data. There are two deployment options for CASBs, API mode and proxy mode.

API Mode

Proxy Mode

ZTNA Architecture

ZTNA underlies SDP architecture. The essence of ZTNA is to trust nothing and to authenticate every access attempt based on identity and context. ZTNA’s primary function within a SASE architecture is to authenticate users to applications using advanced context and role-based identity combined with Multifactor Authentication (MFA).

Free eBook

SASE For Dummies

Learn the business and technical background of SASE including best practices, real-life customer deployments, and the benefits that come with a SASE enabled organization.

Get the eBook  

Learn More

Find more research, analysis, and information on SASE (Secure Access Service Edge), networking, security, SD-WAN, and cloud from industry thought leaders, analysts, and experts.

 
On-Demand Webinar: 60 min

Secure Access Service Edge (SASE)

Secure Access Service Edge, or SASE, is an emerging cybersecurity concept. In this video, you understand how the key capabilities of SASE address the demands of growing network sprawl and the challenges of digitally transforming your business.

 

 
10:08 min Video

Versa Networks SD-WAN and Security Demo

A comprehensive demonstration providing you with the basics of Versa terminology, device onboarding, application service templates, security, and troubleshooting.

 

 
On-Demand Webinar: 60 min

Comprehensive Integrated Security

Learn how a comprehensive integrated security architecture can drive dramatic improvements in threat protection, performance, and application experience.