Full-featured SD-WAN Solution Deep Dive

Learn about the capabilities you should expect to find in a full-featured SD-WAN design and how these features operate within the larger Secure SD-WAN architecture.

SD-WAN Growth Report 2020

Futuriom outlines the market trends for SD-WAN in their June 2020 report and provides their predictions for growth and change in the space.

Versa Redefines McLarens F1 Speed Strategy

NTT Communications and Versa Networks provide McLaren with reliability, security, stability, and flexible management of their data traffic flows so they can set up a secure, optimized network connectivity in preparation of race weekend.

Versa Secure SD-WAN – Simple, Secure, and Reliable Branch to Multi-Cloud Connectivity

Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.

Gartner Magic Quadrant for WAN Edge Infrastructure, 2020

Gartner 2020 Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.

Versa Networks - Explained in 1 minute

Learn about the Versa Secure SD-WAN solution in a high-level, one minute overview.

Versa Secure SD-WAN – Simple, Secure, and Reliable Branch to Multi-Cloud Connectivity

Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.

IDS vs. IPS: What is the Difference?

An Introduction to Intrusion Detection Systems (IDS) & Intrusion Protection Systems (IPS)

An Intrusion Detection System (IDS) monitors all network traffic to detect threats and raise alerts to a control system. An Intrusion Protection System (IPS) inspects network traffic, detects threats, and automatically takes action to avert the attack.

What is the Difference between IDS and IPS?

Similar to a firewall, IPS is deployed inline to the traffic flow. IPS is an active network component that examines every passing packet and takes the correct remedial action per its configuration and policy. In contrast, IDS is a passive component typically not deployed inline and instead monitors the traffic flow via span or tap technology to then raise notifications.

Merging of IDS, IPS, and Firewall in the Market

The detection function of IDS and IPS often overlap and IPS and IDS vendors on the market often integrate both protection capabilities into one. Configuration options allow the administrator to control whether only alerts are raised (traditional IDS), or whether remediating action need to be taken (traditional IPS).

IPS and firewall technology may also be integrated due to the similarity of their rule-based policy controls. A firewall typically allows or denies traffic based on ports or the source/destination addresses. In contrast, IPS compares traffic patterns to signatures and allows or drops packets based on any signature matches found. Therefore, both products have similarities in how they can stop suspicious or malicious traffic activity.

Because overall solution performance improves when unpacking and analyzing a packet only once, security vendors often combine all three products so that they can both keep performance high but enforce the necessary policies, notifications, and actions.

Connectivity Increases Breaches and Attack Surface

A breach or intrusion is any unauthorized access or activity in a network or computing system. Threat actors exploit diverse methods and vulnerabilities to access confidential resources, steal private data, alter data, destroy resources, or block legitimate access to resources to impair productive business operation. Threat actors are motivated by a wide range of goals ranging from monetary gain, revenge, disgruntled employees, ideological or political conflict, or simply for a competitive advantage.

The attack surface is the area of your network and other digital operations potentially open to intrusion by unauthorized access. The more connected your network and resources are, the broader the attack surface.

Traditionally, internal enterprise networks were shielded from the outside world either by denying Internet access altogether or by allowing it only behind the beefy firewall in the data center. But with the advent of the digital transformation—trends in mobility, Internet access everywhere, cloud-based computing, cloud-native companies and services, work-from-home on a scale unimaginable before 2020—businesses now thrive or fail on the very extent of their connectivity. The attack surface is huge. Vigilance is imperative.

How Does IDS/IPS Detect Threats?

IDS/IPS systems detect suspicious or unauthorized activity such as phishing attacks, virus infection and distribution, malware and ransomware installation and download, denial of service (DOS), man-in-the-middle attacks, zero-day attacks, SQL injection, and more. Because of the growth in cloud and mobility, stopping cyber-attacks have become more difficult all while attackers have become more sophisticated in their tactics.

Understanding Your Organization’s Threats

Known threats are typically detected by matching traffic patterns against signature patterns. Frequently updated databases contain vast troves of signatures characterizing existing threats. IDS/IPS systems continuously look for matches against known signatures.

Unknown threats are malicious patterns never seen before—sometimes evasive variations of known threats—and are significantly more arduous to detect. IDS/IPS uses behavioral analysis to pinpoint potentially anomalous traffic patterns. Models of “ordinary” network behavior are established and updated using machine learning, heuristics, and AI. IDS/IPS continuously compares actual network traffic with these models to recognize potentially inconsistent behavior that might indicate an intrusion event.

A Deep Dive Into IDS and IPS

Understanding the Types of Intrusion Detection Systems (IDS)

Intrusion Detection Systems generally come in two flavors:

  • Network Intrusion Detection Systems (NIDS): The system is part of the network infrastructure and monitors packets as they flow through the network. NIDS usually co-resides with devices that have span, tap, or mirroring capability, such as switches.
  • Host-Based Intrusion Detection Systems (HIDS): This software resides on the client, computer, or server devices, and monitors events and files on the device.

Understanding the Types of Intrusion Protection Systems (IPS)

There are multiple types of Intrusion Protection Systems:

  • Network-based Intrusion Prevention System (NIPS): This system is deployed inline in the network infrastructure and examines all traffic in the entire network.
  • Wireless Intrusion Prevention System (WIPS): This system is part of the wireless network infrastructure and examines all wireless traffic.
  • Host-based Intrusion Prevention System (HIPS): This software resides on the client, computer, or server devices, and monitors events and files on the device.
  • Behavior IPS: This system is part of the network infrastructure and examines all traffic for unusual patterns and behavior in the entire network.

Secure SD-WAN Requires Both IDS/IPS

Versa’s Secure Cloud IP Architecture offers a unique Secure SD-WAN solution in an integrated single-stack, hardware-agnostic software-only offering that scales to the needs of any network. The integration of security into the very fabric of the solution simplifies your network architecture, reduces the number of devices to manage, and limits the attack surface.

The Versa Secure SD-WAN single-pass parallel-processing architecture ensures the highest IDS/IPS inspection performance and obviates the need for dedicated single-purpose intrusion inspection devices. Ground-up integration of security within the Versa stack ensures full IDS/IPS functionality is available everywhere in your network to protect against every Internet, public network, personal mobile device, or IoT connection.

Versa Secure SD-WAN Delivers More than Just IDS/IPS

A key aspect of Versa’s Secure SD-WAN software-defined security is the contextual intelligence and awareness of users, devices, sites, circuits, and clouds. This enables robust and dynamic policies that support a multi-layered security posture. For example, IT can deploy contextual IPS policies for specific users and devices, when utilizing certain site-to-site or Internet links.

Versa’s true multi-tenant architecture—which encompasses complete segmentation and isolation of the data, control, and management planes—means that customized IDS/IPS policies can be defined for every sub-network, organization, or business unit within your network.