Secure Access Service Edge (SASE)

Secure Access Service Edge, or SASE, is an emerging cybersecurity concept. In this video, you understand how the key capabilities of SASE address the demands of growing network sprawl and the challenges of digitally transforming your business.

Versa for Work-From-Home

Versa has made it simple for organizations to offer Secure SD-WAN for Work-From-Home users on home appliances or working from anywhere

Top Energy Firm Achieves Comprehensive “Work-From-Anywhere” with Versa SASE

A large, publicly traded energy company operating in all areas of the oil and gas industry has dramatically simplified their network stack and realized huge cost savings with Versa SASE.

 
Availability and Buying Options in the Emerging SASE Market

EMA evaluates the different SASE vendors and their approaches to architecture, go-to-market, and support for their cloud-delivered and hybrid services.

 
Gartner Magic Quadrant for WAN Edge Infrastructure, 2020

Gartner 2020 Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.

Versa Networks - Explained in 1 minute

Learn about the Versa Secure SD-WAN solution in a high-level, one minute overview.

Versa SASE (Secure Access Service Edge)

SASE is the simplest, most scalable way to continuously secure and connect the millions points of access in and out of the corporate resources regardless of location

 
Versa Secure SD-WAN – Simple, Secure, and Reliable Branch to Multi-Cloud Connectivity

Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.



What is Secure Web Gateway?


The Gartner Glossary defines a Secure Web Gateway (SWG) as a solution that:

  • protects users on internet-connected devices from internet-borne threats, and
  • enforces corporate and regulatory policy compliance.

SWG capabilities must, at a minimum, include functions such as URL filtering, data leak prevention (DLP), application-level firewalling and controls for popular web applications, and detection of malware. Rich SWG implementations also include IPS, SSL/TLS Proxy, Forward Proxy, DNS Security and sandboxing.

Why do companies need a Secure Web Gateway?


Data and application-hosting are accelerating towards cloud-based implementations, and users working-from-anywhere (WFA) have become the norm. They access data and applications from internet-connected clients/devices unmanaged by IT.

These trends make it increasingly critical to secure and manage all user and device access to protect your organization from the larger volume and higher sophistication of today’s cyber threat landscape.

Legacy SWG architectures secure web traffic through on-premises hardware to decrypt and inspect traffic. To filter traffic from WFA users, this solution requires the use of VPNs to direct external traffic across the internet to an appliance in a focal point in the enterprise network for security and policy enforcement.

Backhauling traffic to the SWG appliance location is costly, forces remote traffic through an aggregation point that lacks scalability, and uses VPN technology that result in poor QoE and traffic inefficiencies.

Characteristics of Typical SWG Offerings in the Market


SWGs are available as on-premises appliances (hardware and virtual), cloud-based services, or in hybrid mode (combined on-premises appliances and cloud-based services).

Traditionally SWG and SD-WAN were perceived as separate technologies, tempting organizations to augment their existing SD-WAN solution with an SWG from a separate provider. These disparate solutions often fail to blend architecturally, fail to provide functional integration, perform inadequately, and lack end-to-end visibility, configuration and analytics.

Specific shortcomings of a “bolted-on” SWG include:

  • SWG and SD-WAN are each managed from its own console, resulting in management complexities and very limited traffic visibility.
  • Uses inefficient legacy access methods (static VPNs, traffic backhauling) to the SWG.
  • Minimal application-level intelligence, classification and application traffic prioritization.
  • No means to protect against oversubscribed or lossy access links; traffic cannot, or does not, leverage the overlay and traffic management capabilities (such as SLAs, FEC, traffic remediation, and granular application-level prioritization) inherent in an SD-WAN.
  • Not scalable when hundreds of branches are involved (requires hundreds of tunnels to be provisioned to the SWG PoP), or when there is a large percentage of WFA users.
  • Slow and cumbersome to rekey or to re-issue certificates for legacy IPSec.
  • Traffic is not encrypted when GRE tunnels are used, exposing sensitive data to leakage.
  • Traffic segmentation and multi-tenancy for traffic isolation breaks down.
  • Typical SWG services provide north-south traffic paths (to/from Internet and SWG clients), but lacks the architecture to forward and protect traffic across east-west paths (between SWGs).
  • Siloed point-solutions from multiple vendors for different functions — SD-WAN, SWG, ZTNA, CASB — lead to frequent repetition of functions (authentication, en/decryption, TLS Proxy) that increase latency, lower throughput and cause poor QoE.

What to Look for in an Integrated SWG Solution


A leading-edge solution that fully integrates all the capabilities of an SWG with your SD-WAN provides an optimized architecture that works as an extension of your SD-WAN, realizing the following advantages:

  • End-to-end application traffic identification, classification and segmentation for data security and leak prevention.
  • Policy-based traffic management.
  • Intelligent traffic prioritization in both directions (WAN edge or client to/from SWG).
  • Traffic assurance features (FEC, TCP optimization etc.).
  • Traffic steering, optimization and real-time inspection for SaaS/cloud sites, DIA/DCA decisions, and the best voice, video experience.
  • Unified cloud-based management via a single-pane-of-glass with end-to-end application experience metrics.
  • Continuous monitoring of flows to respond to changing network conditions.
  • Simplified encryption key management.
  • SASE fabric to provide a better experience on east-west traffic patterns across the WAN.
  • A global footprint of SWG POPs with close proximity to popular cloud services.

SWG is an Integral Component of a Leading SASE Solution


Enterprise IT and Security Administrators are looking to secure users and devices. They need:

  • An authenticated and access-controlled solution.
  • Strong and proven encryption to secure traffic from WFA users to SWGs.
  • SWGs to secure user traffic to/from Internet-placed applications.

To achieve these goals, a fully comprehensive Secure Access Service Edge (SASE) feature-set is necessary, and an SWG is now an indispensable tool for web security and an integral part of SASE solutions.

The leading edge Versa SASE solution includes fully integrated SD-WAN, SWG, CASB, ZTNA and branch FWaaS capabilities that deliver the following additional benefits:

  • Single-pass data path for optimal efficiency and least latency.
  • Single-pass software architecture eliminating repetition of functions and best QoE.
  • Single-pane-of-glass to manage all functions: SWG, ZTNA, Firewall, Router and SD-WAN Gateway.
  • Single policy language to ensure comprehensive security and compliance for all users.
  • A single Forward Proxy to manage and work with (one company to share certificates with), eliminating proxy chaining. The Versa Forward Proxy serves all functions including SD-WAN, ZTNA, SWG, CASB, and more.
  • A global POP network of Versa Cloud Gateways.
  • Rich access options: A SASE client (with authentication, policy/compliance enforcement, multiple active connections), standard tunnel options (GRE, IKEv2 IPSEC), and integrated SD-WAN options.
Free eBook

SASE
For Dummies

Learn the business and technical background of SASE including best practices, real-life customer deployments, and the benefits that come with a SASE enabled organization.