Enterprise security has become a patchwork of point tools, each addressing a narrow slice of the threat landscape. Traffic patterns shift as cloud and edge expand, agent deployments multiply, and cloud environments keep growing in complexity. The tools that once served individual layers now struggle to keep pace, creating visibility blind spots and policy inconsistencies that attackers increasingly exploit.
Versa Networks is tackling this fragmentation with three coordinated updates to its VersaONE Universal SASE Platform. The first addition is a Cloud Security Posture Management (CSPM) capability that merges cloud risk visibility with access security in a single pane of glass. The second is a significant update of Concerto, the company's orchestration platform, now at version 13.1.1. The third is an AI agent trust and verification framework, scheduled for release later this month. Together, these updates aim to collapse the operational silos that have long plagued enterprise networking and security teams.
The research behind the strategy
Versa's inaugural State of SASE + AI Report, based on a survey of 525 senior IT and security decision-makers across U.S. enterprises, reveals the scale of the problem. Thirty-five percent of organizations suffered a security breach in the past year directly tied to coordination gaps between networking and security teams. Nearly three-quarters (73%) report that technical integration complexity has delayed or derailed a critical project. While 99% of respondents named convergence a strategic priority, only 30% have actually implemented shared ownership of SASE strategy.
The survey covered financial services, retail, energy, manufacturing, healthcare, technology, and government sectors. Additional findings include that 53% of organizations report higher operational costs from managing redundant tools, and 95% say AI is forcing networking and security teams to collaborate more closely. Fifty-eight percent cite strengthening security posture as the top driver for convergence, compared to just 19% who cited lowering total cost of ownership. Organizations running 50 or more security vendors are nearly twice as likely to report delayed application rollouts and inconsistent policy enforcement as those with leaner stacks.
The research also surfaced a significant shadow AI problem. More than 80% of organizations say AI is in use somewhere in their environment, yet fewer than 20% said they knew what it was being used for. This lack of visibility poses a growing risk as AI agents become more autonomous and capable of altering configurations and policies without human oversight.
Concerto 13.1.1: Simplifying orchestration
The complexity findings in the research point directly at an orchestration problem, and Versa says it has been dedicating substantial engineering resources to solve it. Kelly Ahuja, CEO of Versa Networks, explained in an interview that the company heard from users about different 'islands of policy' that made management cumbersome and error-prone.
Concerto 13.1.1 is the response. The release redesigns the SD-WAN configuration experience and unifies security and authentication profiles across SD-WAN and SSE, collapsing those policy islands into a single construct. Ahuja emphasized that administrators can now set a policy once for a user, whether the user is at a site or in the cloud, and apply it consistently everywhere. The release also adds hierarchical policy templates, enabling organizations to define a master policy and extend subsets to different user groups and departments without rebuilding from scratch. The target is enterprise-grade SD-WAN without the staffing overhead that has traditionally accompanied it.
Closing the two-portal problem with CSPM
Policy configuration is one layer of fragmentation; cloud risk visibility is another. Cloud Security Posture Management (CSPM) continuously monitors cloud infrastructure for misconfigurations, compliance gaps, and security risks. The market space became highly visible after Google's $32 billion acquisition of Wiz earlier this year, but Versa says its CSPM plans predate that deal and were driven purely by customer demand.
Most enterprises currently run ZTNA or a secure internet gateway for user and device posture, and a separate CSPM tool for cloud configuration risk, managed by different teams with no shared context. Versa is adding CSPM directly to VersaONE, extending access security into continuous cloud risk visibility across AWS, Azure, GCP, and OCI. Telemetry from the CSPM module feeds into Concerto alongside access risk data, giving administrators a unified view of risk across both user and infrastructure domains. Ahuja noted that while the industry has talked about unifying risk intelligence for years, most organizations still rely on two different portals—one for ZTNA or secure internet, another for cloud—with no way to share context. This update directly solves that problem.
AI agents: The next enforcement frontier
CSPM extends the platform's visibility into cloud infrastructure, but the next challenge is what happens when AI agents themselves start changing that infrastructure. A single user prompt can trigger multiple agents to spin up, each capable of altering policies and configurations, often invisibly to operators. Ahuja described this as a 'silent risk multiplier' that traditional security tools are not designed to handle.
Versa's response, due around May 21, is a trust and verification framework that applies policy-based access controls to AI agents the same way they are applied to users and devices. The framework functions as a verification gateway inside the management and orchestration layer. Putting a human in the review path for every agent action is not viable at scale, so the system is designed to evaluate agent behavior against predefined policies and automatically block or alert on deviations.
The framework draws on Versa's existing capabilities for user and device access. Ahuja indicated that the company is looking at all the controls developed for secure access and identifying which can be applied to agentic workloads. This includes identity verification, activity logging, and real-time policy enforcement. The goal is to provide the same level of visibility and control over AI agents that customers already have for human users and traditional devices.
The broader context is that as enterprises adopt more AI-driven automation, the security perimeter is no longer just about human access. Agents operate autonomously, often across multiple cloud services and internal systems. Without proper guardrails, a compromised agent could cause widespread damage before any human detects the anomaly. Versa's framework aims to prevent that scenario by embedding security into the orchestration layer from the start.
Industry analysts note that managing agent behaviors is becoming a critical requirement for modern SASE platforms. The convergence of networking, security, and AI workloads is forcing vendors to rethink how policies are defined and enforced. Versa's updates position the company to address this emerging need, while also solving the more immediate fragmentation problems that have been holding back enterprise digital transformation.
Source: Network World News