Enterprise security has long been plagued by fragmentation. Traffic patterns shift, agent deployments multiply, and cloud environments expand, yet the point tools used to manage each layer rarely communicate effectively. Versa Networks is addressing these challenges with three coordinated updates to its VersaONE Universal SASE Platform, aiming to close visibility gaps, simplify orchestration, and prepare for the rise of AI agents.
Research highlights the cost of fragmentation
Versa's inaugural State of SASE + AI Report, based on a survey of 525 senior IT and security decision-makers at U.S. enterprises, underscores the urgency. The survey found that 35% of organizations suffered a breach in the past year directly tied to coordination gaps between networking and security teams. Nearly three-quarters (73%) said technical integration complexity had delayed or derailed a critical project. While 99% named convergence a strategic priority, only 30% have actually implemented shared ownership of SASE strategy.
The financial impact is significant. Over half of respondents (53%) reported higher operational costs from managing redundant tools. Organizations running 50 or more security and networking vendors were nearly twice as likely to report delayed application rollouts compared to those with leaner stacks (61% vs. 34%), and more likely to experience inconsistent policy enforcement (57% vs. 40%).
The research also surfaced a widespread shadow AI problem: more than 80% of organizations confirmed AI was in use somewhere in their environment, yet fewer than 20% could identify what it was being used for. This lack of visibility compounds existing coordination challenges and creates new attack surfaces.
Orchestration overhaul with Concerto 13.1.1
One of the core issues identified by the research is policy fragmentation. Different teams manage SD-WAN and SSE through separate administrative consoles, leading to inconsistent rules, misconfigurations, and security blind spots. Versa's answer is Concerto 13.1.1, a major update to its orchestration layer that redesigns the SD-WAN configuration experience and unifies security and authentication profiles across SD-WAN and SSE.
The release collapses previously separate policy islands into a single construct. Administrators can now define a policy once and apply it consistently whether the user is at a branch site or accessing cloud resources. Hierarchical policy templates allow organizations to define a master policy and extend subsets to different user groups or departments without rebuilding from scratch. This reduces staffing overhead while enabling enterprise-grade SD-WAN at scale.
“Getting that scale, supporting that scale, but also simplifying how they configure it is crucial,” said Versa's CEO. The orchestration update aims to let IT teams manage complex hybrid environments through a unified interface, reducing the risk of human error and ensuring consistent security posture across all connection points.
CSPM brings cloud risk into the same view
Another longstanding fragmentation issue is the separation between access security tools (ZTNA, secure web gateway) and cloud security posture management (CSPM). Most enterprises rely on two different portals, often managed by separate teams, with no shared context about risk. Versa is adding native CSPM capabilities directly into VersaONE, extending access security into continuous cloud risk visibility across major providers including AWS, Azure, GCP, and OCI.
The CSPM module continuously monitors cloud infrastructure for misconfigurations, compliance gaps, and security risks. Telemetry feeds into Concerto alongside access risk data, enabling correlated risk analysis for the first time. This unification matters because a misconfigured cloud storage bucket might be exploited by an attacker who gains access through an insecure VPN, but without shared risk context, security teams may never connect those dots.
The market for CSPM has heated up considerably, highlighted by Google's $32 billion acquisition of Wiz earlier this year. Versa says its development plans predated that deal and were driven by direct customer feedback about the pain of managing separate risk consoles. By integrating CSPM into the SASE platform, Versa offers a single pane of glass for both user/device posture and cloud configuration posture.
AI agent trust and verification framework
As enterprises adopt AI agents for tasks ranging from automated incident response to infrastructure provisioning, a new security challenge emerges: ensuring that agents themselves are trusted and their actions are verified. Unlike human users, AI agents can spawn multiple sub-agents, make changes to policies and configurations rapidly, and operate invisibly to operators. A single user prompt can trigger an entire chain of automated actions with no human oversight.
Versa's response, slated for release around May 21, is a trust and verification framework that applies policy-based access controls to AI agents in the same way they apply to users and devices. This framework functions as a verification gateway inside the management and orchestration layer. It monitors agent activities, enforces least-privilege policies, and logs all changes made by agents. The goal is to provide enterprise-grade governance without requiring a human in the loop for every decision, which would negate the efficiency benefits of agentic automation.
“Putting a human in the loop will only slow things down,” noted Versa's leadership. The framework reuses established principles of secure access for users and devices, extending them to cover agent identity, authentication, authorization, and auditing. This approach addresses the shadow AI problem highlighted in the survey, giving organizations visibility into what AI agents are doing and the ability to enforce policies consistently.
Broader context: the push for SASE convergence
Versa's three updates reflect a broader industry trend toward SASE convergence. The Secure Access Service Edge (SASE) framework, originally articulated by Gartner, calls for merging networking and security into a unified cloud-delivered service. However, most enterprises have implemented SASE incrementally, resulting in the very fragmentation the framework was supposed to solve. Versa's updates aim to close the integration gaps that have persisted even in organizations that have adopted SASE.
The orchestration update addresses the management layer, the CSPM addition extends visibility into cloud infrastructure, and the AI agent framework prepares for the next wave of automation. Together, they represent an effort to deliver on the promise of a truly unified security and networking platform. The company's survey data reinforces the business case: reduced operational costs, faster project delivery, and fewer breaches tied to coordination lapses.
With these updates, Versa is betting that enterprises will prioritize integration over best-of-breed point tools, especially as AI agents introduce new risks and complexity. The challenge will be execution: ensuring that the new capabilities work seamlessly together and that customers can migrate from fragmented tool sets without disruption. As the survey shows, technical integration complexity remains the top barrier to convergence, and Versa's engineering resources have been heavily focused on simplifying that complexity.
Source: Network World News