Secure Access Service Edge (SASE)

Secure Access Service Edge, or SASE, is an emerging cybersecurity concept. In this video, you understand how the key capabilities of SASE address the demands of growing network sprawl and the challenges of digitally transforming your business.

Versa for Work-From-Home

Versa has made it simple for organizations to offer Secure SD-WAN for Work-From-Home users on home appliances or working from anywhere

Top Energy Firm Achieves Comprehensive “Work-From-Anywhere” with Versa SASE

A large, publicly traded energy company operating in all areas of the oil and gas industry has dramatically simplified their network stack and realized huge cost savings with Versa SASE.

 
Availability and Buying Options in the Emerging SASE Market

EMA evaluates the different SASE vendors and their approaches to architecture, go-to-market, and support for their cloud-delivered and hybrid services.

 
Gartner Magic Quadrant for WAN Edge Infrastructure, 2020

Gartner 2020 Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.

Versa Networks - Explained in 1 minute

Learn about the Versa Secure SD-WAN solution in a high-level, one minute overview.

Versa SASE (Secure Access Service Edge)

SASE is the simplest, most scalable way to continuously secure and connect the millions points of access in and out of the corporate resources regardless of location

 
Versa Secure SD-WAN – Simple, Secure, and Reliable Branch to Multi-Cloud Connectivity

Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.



What is Zero Trust Network Access (ZTNA)?


Gartner defines ZTNA as “a product or service that creates an identity- and context-based, logical access boundary around an application or set of applications. The applications are hidden from discovery, and access is restricted via a trust broker.” In short, ZTNA trusts nothing and considers no network segment inherently safe: ZTNA’s default security posture is “deny all”, an approach that hides asset visibility and significantly reduces the attack surface of your network.

A ZTNA security approach has become imperative due to the increasing popularity of cloud migration, Direct Internet Access (DIA), Work-from-anywhere (WFA), and the use of unmanaged BYOD/IoT devices: trends that have dissolved legacy networks’ hard perimeter. Modern client-to-cloud and WFA networks have a software-defined perimeter: the worker’s home has become a branch office, and the internet is part of the corporate network. “Intranet” no longer has a definitive meaning.

How Does ZTNA Work?


ZTNA is a client-to-application—not network-centric—approach to authenticate security based on:

  • the identity and context of the user, and
  • the device and application (or any other asset) being accessed

The ZTNA security broker verifies each access attempt regardless of location. It applies corporate policy and grants granular, least-privilege access to an asset (an application, URL, data or other destination). A ZTNA architecture:

  • Regards the network as providing only transport, and makes no architectural difference between on-prem and off-prem users, devices or applications/assets.
  • Applies consistent corporate policies to all asset access attempts regardless of the entity (user, device, and application/asset) requesting the access, or the location of the entity or the requested asset.
  • Provides full security for all WFA users, on any device, for any on-prem or cloud application.
  • Segments the network end-to-end to ensure granular access for legitimate users only to applications allowed within their privilege credentials.

ZTNA architecture comprises several components:

  • SDP broker/proxy: Makes outbound-only connections to ensure both the network and the applications are invisible to unauthorized users; the broker may be an appliance or a cloud service.
  • Cloud Gateway: Cloud-deployed, globally distributed gateways securely connect to the enterprise network and cloud/SaaS destinations.
  • Client: SASE client software for end-user devices. A clientless deployment is also available.
  • Authentication services: Interacts with the enterprise’s existing user and device credential management and authentication service.
  • Self-management Portal: Provides administrative visibility and control of users and applications.
  • Transport: Wired, wireless, or cellular internet or intranet connections.

Benefits of Zero Trust Network Access


ZTNA establishes a secure, elastic, software-defined perimeter around your users, devices and assets. This architecture affords many benefits to your IT operations and users:

  • Eliminates the need for appliances and solutions such as VPN aggregation, Captive Portals, DDoS prevention, global load balancing, and firewall stacks.
  • Consistent security policy enforcement for on-prem and cloud; seamless experience for all users and devices; granular access control of on-prem or cloud access; simplified regulatory compliance.
  • Effortless scale, high-performance cloud access from anywhere; least latency QoE; cloud-delivered gateways/brokers readily scale up/down; adjusts for ever-changing user and cloud workload locations; inherent HA.
  • Location-independent, with optimized data path for least-latency application access.
  • Authenticated users and devices including BYOD and IoT; hassle-free inline user authentication. Client and clientless deployment models.
  • Advanced connectivity to secure all transport to corporate-grade, including internet, intranet, wired, wireless, cellular; end-to-end encrypted tunnels for all client-to-application connections.
  • Reduces attack surface, allowing users only least-privilege access; prevents asset discovery and lateral movement; brokers security for every transaction; invisible applications and network topology; prevents unpatched device/server attack targets; granular application segmentation.
  • Quick turnaround to accommodate organizational changes or acquisitions.

Choosing and Deploying ZTNA in Your Organization

ZTNA components are software-based and cloud-delivered, easily fitting into your existing environment. They are maintained and kept up to date by the provider. You can leverage a vendor or provider’s global distribution of gateways and quickly integrate these into your architecture.

ZTNA is an integral element of a leading-edge SASE solution and is best implemented as part of your SASE strategy. No significant change is needed to your network design, topology, or infrastructure—the network becomes transport and authentication/access becomes a software layer on top.

Deploying ZTNA interacts with your existing user/device credential management and security policy management systems which may already be integrated with your SD-WAN architecture.

ZTNA is an Integral Component of a Leading SASE Solution

The Versa SASE solution includes fully integrated SD-WAN, SWG, CASB, ZTNA, branch NGFWaaS and Cloud Gateway capabilities that deliver the following additional benefits:

  • Single-pass data path for optimal efficiency and least latency.
  • Single-pass software architecture eliminating repetition of functions and best QoE.
  • Single-pane-of-glass to manage all functions: SD-WAN, SWG, ZTNA, RBI, CASB, NGFWaaS, and Cloud Gateways.
  • Single policy language to ensure comprehensive security and compliance for all users.
  • A single Forward Proxy to manage and work with (one company to share certificates with), eliminating proxy chaining. The Versa Forward Proxy serves all functions including SD-WAN, ZTNA, SWG, CASB, and more.
  • A global POP network of Versa Cloud Gateways.
  • Rich access options: A SASE client (with authentication, policy/compliance enforcement, multiple active connections), standard tunnel options (GRE, IKEv2 IPSEC), and integrated SD-WAN options.
Free eBook

SASE
For Dummies

Learn the business and technical background of SASE including best practices, real-life customer deployments, and the benefits that come with a SASE enabled organization.