Enterprise security has long been a patchwork of point solutions—one tool for network access, another for cloud configuration, and yet another for endpoint protection. The result is a fragmented landscape where risks are siloed, policies are inconsistent, and teams struggle to coordinate. Versa Networks is tackling this head-on with three coordinated updates to its VersaONE Universal SASE Platform, aiming to unify visibility, simplify management, and prepare for the coming wave of AI-driven agents.
The first update introduces Cloud Security Posture Management (CSPM) directly into the VersaONE console, bringing cloud risk visibility into the same pane as access security. The second is a major release of its Concerto orchestration platform (version 13.1.1), which simplifies SD-WAN configuration and unifies security policies across SD-WAN and SSE. The third is a forthcoming AI agent trust and verification framework, due later this month, that applies policy-based access controls to autonomous agents.
These moves come as Versa releases its inaugural State of SASE + AI Report, a survey of 525 senior IT and security decision-makers across U.S. enterprises. The findings paint a stark picture of the current state of security operations: 35% of organizations suffered a breach in the past year tied to coordination gaps between networking and security teams. Nearly three-quarters (73%) say technical integration complexity has delayed or derailed a critical project. And while 99% have named convergence a strategic priority, only 30% have actually implemented it.
What the research found
The report covers financial services, retail, energy, manufacturing, healthcare, technology, and government sectors. Key statistics include: 35% reported a security breach linked to team coordination gaps; 53% report higher operational costs from managing redundant tools; 73% say integration complexity has delayed critical projects; 99% name convergence as a priority but only 30% have shared ownership of SASE strategy; 95% say AI forces networking and security teams to collaborate more closely; and 58% cite strengthening security posture as the top driver for convergence versus 19% citing cost reduction.
Organizations running 50 or more vendors are nearly twice as likely to report delayed application rollouts as those with leaner stacks (61% vs. 34%) and more likely to report inconsistent policy enforcement (57% vs. 40%). The report also highlights a shadow AI problem: more than 80% of organizations say AI is in use somewhere in their environment, yet fewer than 20% say they know what it is being used for.
Improving orchestration with Concerto update
The complexity findings directly point to an orchestration problem. Kelly Ahuja, CEO of Versa Networks, emphasized that the company has been dedicating significant engineering resources to simplifying management. "This is where we’ve been spending a lot of engineering cycles on the management and simplifying the complexity, because what we heard from most users is, 'hey, I’ve got different islands of policy,'" Ahuja said.
Concerto 13.1.1 is the response. The release redesigns the SD-WAN configuration experience and unifies security and authentication profiles across SD-WAN and SSE, collapsing those islands into a single construct. "When you set a policy for a user, whether it’s a site or a cloud, it doesn’t matter where the user is, you actually do it once, and you do it in a consistent way," Ahuja explained. The release also adds hierarchical policy templates, enabling organizations to define a master policy and extend subsets to different user groups and departments without rebuilding from scratch. This targets enterprise-grade SD-WAN without the traditional staffing overhead.
Closing the two-portal problem: CSPM joins VersaONE
Policy configuration is one layer of fragmentation; cloud risk visibility is another. Cloud Security Posture Management (CSPM) continuously monitors cloud infrastructure for misconfigurations, compliance gaps, and security risks. The space has become highly contested, highlighted by Google's $32 billion acquisition of Wiz earlier this year. Versa says its CSPM plans predate that deal. "We were listening to customers, looking at what they’re doing, as opposed to seeing what else is out there in the market," Ahuja said. "It was already on our plans. We were just kind of working our way through it."
Most enterprises run ZTNA or a secure internet gateway for user and device posture and a separate CSPM tool for cloud configuration risk, managed by separate teams with no shared context. Versa is adding CSPM directly to VersaONE, extending access security into continuous cloud risk visibility across AWS, Azure, GCP, and OCI. Telemetry from the CSPM feeds into Concerto alongside access risk data. "While the industry has been talking about unifying risk intelligence for years, everyone still kind of relies on two different portals, one for doing your ZTNA or secure internet, and then second for cloud," Ahuja said. "And there’s no way to really kind of share that context and really kind of pull it together. This is what we’re actually solving for."
AI agents are the next enforcement problem
CSPM extends visibility into cloud infrastructure. The next challenge is what happens when AI agents start changing that infrastructure. One single user prompt can trigger many agents that can make changes to policies and configurations, often invisible to the operator. Ahuja described the scenario: "One single user prompt can actually trigger many agents coming up, and then they can actually start to make changes inside your environment to policies and configuration, and many of them are invisible to the operator."
Versa's response, due around May 21, is a trust and verification framework that applies policy-based access controls to agents the same way they apply to users and devices. It functions as a verification gateway inside the management and orchestration layer. Putting a human in the review path at this scale is not viable: "Putting a human in the loop will only slow things down, because all of a sudden, you’ve got lots of things that you’re trying to do, but somebody has to observe them and do them," Ahuja said. The framework draws on what Versa has already built for user and device access, adapting those controls to agentic workflows. "We’re looking at all the things that have been done for user and device, sort of secure access from those and seeing which one of those can be applied to agentic stuff as well," he added.
These updates reflect a broader industry trend toward convergence—not just of networking and security functions, but of the visibility and control planes that govern them. As cloud environments expand, agent deployments multiply, and traffic patterns shift, the old approach of using separate tools for each layer no longer works. Versa is betting that a unified platform can reduce the fragmentation that leads to breaches, higher costs, and delayed projects. The early research supports that bet: 95% of decision-makers say AI is forcing networking and security teams to collaborate more closely, and 58% cite strengthening security posture as the top driver for convergence. With the addition of CSPM, a revamped orchestration layer, and agent-aware controls, Versa is positioning itself as a one-stop solution for enterprises struggling to keep pace with the evolving threat landscape.
Source: Network World News