Versa enhances SASE package with AI-based security tools

Versa is bolstering the AI security management features of its integrated Secure Access Service Edge (SASE) package to include improved malware detection for Advanced Threat Protection, network microsegmention and generative AI protection to help customers better detect and quickly mitigate threats to their networked service and applications.

The vendor supports AI in its integrated Versa SASE package that includes SD WAN, a next-generation and web application firewall, intrusion prevention, zero trust support and data loss prevention.

The Versa SASE platform works by integrating telemetry data from a variety of Versa networking product including its WAN Edge, Cloud, Campus, remote locations, users and devices – into a unified data lake. VersaAI then taps into this data lake to extract AI/ML insights.

“Our advantage lies in our ability to train and correlate data across extensive unified security and networking telemetry,” said Kumar Mehta, Founder and Chief Development Officer of Versa Networks in a statement. “With our vast SASE deployment base, the telemetry data is leveraged to fine tune Large Language Models (LLMs) to bolster security in real time with a high degree of accuracy and automation, and optimize network operations and performance.”

To that end the company is adding AI/ML-Enhanced Malware Detection for Advanced Threat Protection to its SASE package.  The idea is to set up what Versa calls multi-stage AI/ML that will look at traffic in real time for files and code snippets to identify malware.

In addition, Versa AI can now use the platform’s User and Entity Behavior Analytics (UEBA) support to assess user behavior and then isolate potential threats into microsegments in real-time. Potential threats are identified closest to the host, limiting the blast radius for a possible attack within the enterprise perimeter, the vendor stated.

Also new to the package is enhanced AI data loss prevention support. This new capability enhances pattern-recognition with context-based analysis by fine-tuned LLMs to identify sensitive data. The idea is to  protect enterprises from data leakage of company proprietary information, including source code and personal identifiable information within prompt windows, documents, and images, Versa stated. 

Another core feature of VersaAI is its natural language chatbot, Verbo, and a machine learning core called VANI. To these features Versa has added a Predictive Traffic Steering feature that customers can use to pre-emptively adjust traffic paths in real time to avoid degradation or reachability issues, and to help maintain application and network SLAs, the vendor stated.

VersaAI also now includes a feature that lets customers set up a policy to prevent sensitive data from being uploaded into Generative AI tools such as ChatGPT.

“ChatGPT, while offering productivity benefits, presents risks including potential data leakage due to its training on vast datasets,” wrote Sridhar Iyer, director ML/AI at Versa Networks in a blog about securing generative AI.

 “Like other SaaS tools, it’s vulnerable to credential abuse and unintended access. Moreover, there are privacy concerns as users might unintentionally share sensitive information.”

“Data controls can prevent unauthorized or unintended access to sensitive data. And companies should ensure that proper visibility into generative AI activity is available- this includes regularly monitoring system logs and events to track interactions and identifying malicious activities early on,” Iyer wrote.

Like its competitors in the evolving single vendor SASE world – which includes Cisco, HPE’s Aruba, Fortinet, Palo Alto and others, Versa is looking to reinforce its SASE package and try to stay ahead of the market with useful security options for enterprise customers. 

Gartner says the single-vendor SASE trend is a growing one and that by 2025, there will be over a 50% increase in the number of vendors with generally available single-vendor SASE offerings, compared to mid-2023 and that by 2026, 60% of new SD-WAN purchases will be part of a single-vendor SASE offering, up from 15% in 2023.