Traffic patterns are shifting, agent deployments are multiplying, and cloud environments keep expanding. The point tools enterprises use to manage each layer are not keeping pace. Versa Networks is addressing those challenges with three coordinated updates to its VersaONE Universal SASE Platform. The first is a Cloud Security Posture Management (CSPM) capability that brings cloud risk visibility into the same view as access security. The second is a significant update of its Concerto orchestration platform. The third is an AI agent trust and verification framework due later this month.
New research backs the strategic rationale. Versa’s inaugural State of SASE + AI Report, a survey of 525 senior IT and security decision-makers at U.S. enterprises, found that 35% of organizations suffered a breach in the past year tied to coordination gaps between networking and security teams. Nearly three quarters (73%) say technical integration complexity has delayed or derailed a critical project. Some 99% have named convergence a strategic priority, yet only 30% have done it.
What the research found
Versa’s report covers organizations across financial services, retail, energy, manufacturing, healthcare, technology and government. Key findings include: 35% reported a security breach in the past year linked to coordination gaps; 53% report higher operational costs from managing redundant tools; 73% say technical integration complexity has delayed or derailed a critical project; 99% have named convergence a strategic priority, but only 30% have implemented shared ownership of SASE strategy; 95% say AI is forcing networking and security teams to collaborate more closely; 58% cite strengthening security posture as the top driver for convergence, compared to 19% who cited lowering total cost of ownership.
Organizations running 50 or more vendors are nearly twice as likely to report delayed application rollouts as those with leaner stacks (61% vs. 34%) and more likely to report inconsistent policy enforcement (57% vs. 40%). The report also surfaces a shadow AI problem: more than 80% of organizations say AI is in use somewhere in their environment, yet fewer than 20% said they knew what it was being used for.
Improving orchestration with Concerto update
The complexity findings in the research point directly at an orchestration problem, and it is one Versa says it has been spending significant engineering resources to solve. The concern is that with different islands of policy, administrators struggle to maintain consistency across sites, users, and cloud environments. Concerto 13.1.1 is the response. The release redesigns the SD-WAN configuration experience and unifies security and authentication profiles across SD-WAN and SSE, collapsing those islands into a single construct.
The idea is that when an organization sets a policy for a user, whether at a site or in the cloud, it can be done once and applied consistently everywhere. The release also adds hierarchical policy templates, letting organizations define a master policy and extend subsets to different user groups and departments without rebuilding from scratch. The target is enterprise-grade SD-WAN without the staffing overhead that has traditionally come with it. Scaling support while simplifying configuration is crucial for large enterprises that may have hundreds or thousands of branch locations.
SD-WAN has historically required specialized expertise to manage routing policies, traffic shaping, and security integration. By collapsing policy management into a single pane, Versa aims to reduce the burden on IT teams, who often must juggle separate consoles for networking and security. The orchestration update also includes improvements to visibility and analytics, allowing operators to see how policies are affecting performance and security in real time.
Closing the two-portal problem: CSPM joins VersaONE
Policy configuration is one layer of fragmentation. Cloud risk visibility is another. Cloud Security Posture Management (CSPM) continuously monitors cloud infrastructure for misconfigurations, compliance gaps and security risks. Google’s $32 billion acquisition of Wiz earlier this year underscored how contested that space has become. Versa says its CSPM plans predate the deal, driven by customer demand for a unified view of risk.
Most enterprises run ZTNA or a secure internet gateway for user and device posture and a separate CSPM tool for cloud configuration risk, managed by separate teams with no shared context. Versa is adding CSPM directly to VersaONE, extending access security into continuous cloud risk visibility across AWS, Azure, GCP and OCI, with telemetry feeding into Concerto alongside access risk data. This integration means that a misconfigured cloud storage bucket or an overly permissive IAM role can be correlated with user access events to identify potential attack paths.
The industry has been talking about unifying risk intelligence for years, yet most organizations still rely on two different portals: one for ZTNA or secure internet, and another for cloud. Without shared context, it is difficult to understand how cloud risks might be exploited through compromised user credentials or misconfigured network policies. By bringing CSPM into the same platform as access security, Versa allows security teams to see the full risk landscape and prioritize remediation based on both cloud posture and user behavior.
CSPM capabilities include automated scanning for compliance frameworks such as CIS benchmarks, NIST, and SOC 2, as well as detection of misconfigurations like open ports, unencrypted data, and overly permissive bucket policies. The telemetry is fed into Concerto’s analytics engine, which can trigger alerts and recommended actions. This closed-loop approach reduces the mean time to detect and respond to cloud misconfigurations.
AI agents are the next enforcement problem
CSPM extends the platform’s visibility into cloud infrastructure. The next challenge is what happens when AI agents start changing that infrastructure. One single user prompt can actually trigger many agents coming up, and then they can actually start to make changes inside your environment to policies and configuration, and many of them are invisible to the operator.
Versa’s response, due around May 21, is a trust and verification framework that applies policy-based access controls to agents the same way they apply to users and devices, functioning as a verification gateway inside the management and orchestration layer. Putting a human in the review path is not a viable answer at this scale, because the number of agent actions can quickly overwhelm manual oversight.
For the framework itself, Versa is drawing on what it has already built for user and device access. The company is looking at all the things that have been done for user and device, secure access, and seeing which ones can be applied to agentic actions as well. This includes identity verification, role-based access controls, and activity logging. The AI agent verification layer will inspect requests from agents to cloud APIs, network controllers, or security tools, and enforce policies that limit what an agent can do based on its purpose and scope.
The rise of agentic AI—where autonomous agents perform tasks without direct human supervision—presents a unique security challenge. Unlike users, agents can execute thousands of actions per minute, and their behavior may be unpredictable. Traditional security controls that rely on user authentication and session management are insufficient. Versa’s framework aims to treat agents as first-class entities in the policy model, allowing organizations to define what types of changes an agent is permitted to make and under what conditions.
As enterprises continue to adopt AI-powered tools for network optimization, incident response, and cloud management, the need for such controls will only grow. Versa’s proactive stance on agent governance positions it well in a market where many vendors are still grappling with the implications of autonomous operations.
The combination of CSPM, orchestration simplification, and AI agent controls represents a comprehensive approach to the fragmentation that has long plagued enterprise security. By bringing visibility, policy, and enforcement into a unified platform, VersaONE aims to reduce the coordination gaps that lead to breaches and delays. The research underscores that convergence is not just a nice-to-have but a critical need for organizations facing increasing complexity from cloud, AI, and multi-vendor environments.
With these updates, Versa is betting that enterprises will be willing to consolidate their networking and security stacks in exchange for greater efficiency, fewer tools, and better risk visibility. Whether the market will embrace this vision depends on execution and the ability to integrate with existing ecosystems. For now, the updates are available to VersaONE customers, and the AI agent framework is expected in late May.
Source: Network World News