Secure Access Service Edge Protects the Network Edge
Enterprises can’t protect their assets if they don’t know what or where they are. This problem is becoming even more pressing with the growing number of IoT devices. When devices connect to an enterprise’s network, it is hard to tell the good ones from the bad and quickly sort out authorized users from intruders.
Fortunately, companies increasingly understand the importance of the network edge. Realizing that the point of entry can be varied—from an industrial IoT-based sensor to an employee’s mobile phone—they sift through points of contact to classify and fingerprint all devices trying to gain access.
Devices need to be identified and classified by type, risk, and sanctioned versus unsanctioned. “Sanctioned devices must pass through risk and security posture assessments,” says Dogu Narin, Vice President of Versa, a leading Secure Access Service Edge (SASE) provider. “Such a slice-and-dice methodology of granting access simplifies security while also keeping it agile.”
Unified Platform for Secure Access Service Edge (SASE)
“The SASE framework for data security accounts for the way we work today, especially with the growth of SaaS programs resulting in the “cloudification” of everything,” Narin says. “Whether you’re working from home, the office, or traveling, you should be able to use the networking and security functions in a constant way and as a service, which is the primary driver for SASE.”
Too often, checking for security robustness involves a piecemeal approach with separate operating systems for SD-WAN products, firewalls, switches, routers, and more. In many cases, these functionalities are separate and work in isolation. “It’s like needing to speak multiple languages. If one moment you need to speak English, another moment German, French, Spanish…it can get pretty complicated,” Narin says.
Worse, a lack of industry standards for device classification makes the problem even more challenging. A firewall device might label something as a social media application, whereas an SD-WAN device might find it to be something else. Such complications mean security protocols must be repeated over and over again, leading to bottlenecks in network traffic.
The Versa Universal SASE Platform stands on the SASE framework and consolidates multiple security and networking capabilities like fingerprinting, classification, risk assessment, and security posture assessment into a single solution.
Because the Versa SASE solution natively supports all protocols, it provides key advantages, among other things, single-pass packet processing for decreased latency and complexity. “With the Versa OS, all the protocols and device policies are baked in and popular IoT protocols are recognized,” Narin says.
The network administrator can focus on setting and applying policies to devices instead of having to start from scratch in identifying every entry point into the network. And administrators can carry over the Versa software to different environments. “You can deploy across the network and use only one language, one classification method, one policy engine, and one management console to achieve what you want to achieve,” Narin says.
"You can deploy across the #network and use only one language, one classification method, one policy engine, and one #management console to achieve what you want to achieve" — Dogu Narin, @versanetworks via @insightdottech
AI in the SASE Framework
The glut of data flowing into enterprise systems makes infosec especially suited to AI. Versa uses AI to isolate sophisticated day zero malware attacks, where threat actors take advantage of vulnerabilities before developers have had a chance to identify and address them. Its malware analysis and detection mechanisms scan for data leakage to ensure that sensitive data does not get routed to the cloud.
AI is also useful for User and Entity Behavior Analytics (UEBA), which develops a baseline for an individual’s or application’s data usage to find behavioral anomalies. When IoT devices come into play, threat actors can masquerade themselves by taking on different identities or have unauthorized IoT sensors talking to one another. “AI helps us find these base patterns in mountains of data,” Narin says.
Underlying Tech and Partnership
Versa uses processors and hardware offload engines from leading chip vendors. Its software is based on Intel’s open source DPDK (data plane development kit) for optimization of data packet processing.
“DPDK technology uses different low-level and pattern-matching libraries and other software functions to accelerate processing of security and packet forwarding to extract maximum processing power and achieve lowest latency on a given hardware platform, like a branch appliance or data center device. It enables us, to onboard and offer new appliances in a fast way without per appliance custom software development,” Narin says. “And we also use Intel’s high-level software libraries for a variety of different reasons including regex or other pattern matching purposes. It's a broad scope of partnership and leverage between the two companies.”
Versa leverages the “force multiplier” effect that service providers deliver to scale their base of customers. A good partner network with companies that understand the sophisticated technologies that Versa delivers has been a key go-to-market strategy.
The Evolution of Data Security
As adoption of the cloud increases, and with the growing use of proprietary generative-AI models, Narin expects data sovereignty to play a greater role in data security.
“You’re going to see wider use of AI-based solutions, whether it’s in the detection of problems, analyzing large data, or how we apply tools and systems,” Narin says.
Operating and deploying networks are becoming more complex, and hackers also use AI to increase the sophistication of their attacks. In turn, the infosec community will respond by developing more complex mechanisms to detect and eliminate AI-originated attacks.
The future is about improving the customer experience, which demands a solution that interconnects applications and data through a “traffic engineered cloud fabric” for seamless quality without congestion. Such a fabric runs across the globe and connects SASE gateways to sites and users and cloud-based applications. It’s the best of both worlds: SASE-based security and a stellar user experience.
This article was edited by Georganne Benesch, Editorial Director for insight.tech.