Versa Advanced Networking Insights Overview
For supported software information, click here.
The Versa Advanced Networking Insights software as a service (SaaS) uses the data collected by Versa Analytics to provide predictive capabilities for a wide range of network signals, offering insights that allow you to anticipate network requirements and issues. The predictive capabilities of Versa Advanced Networking Insights extend to all aspects of network signal behavior, providing a proactive approach to network management. These capabilities allow you to plan capacity, manage traffic, and mitigate potential issues, and they can provide a holistic understanding of network performance.
Versa Advanced Networking Insights provides the following:
- Network signal prediction—Versa Advanced Networking Insights integrates an artificial intelligence–powered signal prediction engine that can detect and predict in a wide array of network-based signals.
- Anomaly detection—Versa Advanced Networking Insights performs anomaly detection by processing the Versa Analytics raw event logs, which eliminates the need for baseline or manual configuration, accelerates identification of irregularities, and enhances the accuracy of the findings.
- User and Entity Behavior Analytics (UEBA)—Versa Advanced Networking Insights uses UEBA algorithms and machine learning to detect anomalies in user, device, and network behavior, accessing a variety of access logs, including firewall logs, endpoint logs generated by Secure Access Service Edge (SASE) agents, and logs from third-party sources. to significantly enhance the visibility of and control over network security.
- Alarm suppression, compression, and prioritization—Versa Advanced Networking Insights alarm management features, which include alarm compression, suppression, and prioritization, facilitate a streamlined approach to investigation and debugging.
These features are described in the following sections.
Network Signal Prediction
The Versa Advanced Networking Insights network signal prediction uses artificial intelligence to allow you to be proactive, informed, and responsive in managing your network's performance and capacity. Versa Advanced Networking Insights integrates an artificial intelligence-powered signal prediction engine that can detect and predict and detecting in a wide array of network-based signals, including session counts, traffic rates, CPU usage, memory usage disk usage, application usage, application performance, and SLA parameters such as jitter, latency, and delay between branches.
Based on the past month's data, Versa Advanced Networking Insights can forecast signal behavior one week in advance. It generate alerts if the actual signal exceeds the prediction or if the predicted signal breaches the configured threshold.
A common use case is for bandwidth usage planning. Versa Advanced Networking Insights can predict the amount of traffic sent or received and can then to trigger capacity planning alarms if the predicted bandwidth for the upcoming week exceeds the configured bandwidth. These alarms would allow you to proactively contact your ISP to increase your bandwidth.
The Versa Advanced Networking Insights alerts can signal anomalous network activity, thus allowing you to take action in response to unexpected network behavior.
Versa Advanced Networking Insights monitors and predicts latency in the underlay network. You can use this data to inform policy decisions and to optimize traffic routing to enhance network performance. You can use monitoring parameters such as Versa's application link rank and mean opinion score (MOS) and then notify users about deteriorating device performance.
The Versa Advanced Networking Insights actual and predicted data are displayed on dashboards. For example, the following screenshot shows the prediction for the average amount traffic sent on a WAN interface. The lower section graphs the traffic variation by day of the week. You can configure the parameters to display on the dashboard. The base device provides information that Versa Advanced Networking Insights can use for predicting the system load, such as CPU, memory, and disk load, and for predicting WAN traffic.
Anomaly Detection
The Versa Advanced Networking Insights artificial intelligence (AI)–based anomaly detection engine processes raw event logs and identifies anomalies, to provide insights into user behavior and network activity. The event logs typically consist of summarized access logs for each user and application at 10-minute intervals, and they include key information such as frequency of application usage and the amount of data uploaded or downloaded.
Versa Advanced Networking Insights pinpoints anomalous access, which can include approved applications, such as SharePoint, being used anomalously, accessing unauthorized applications, such as a gambling website, and downloading large amounts of data during off-peak hours. This information allows network managers to maintain an optimal and secure network environment.
The Versa Advanced Networking Insights anomaly detection engine can operate without first creating a baseline, thus enhancing the product's scalability and responsiveness, facilitating rapid and real-time anomaly detection, and delivering a robust and adaptable solution for modern network management.
The following screenshot shows a graph reporting the detection of anomalous access by appliance and user. You can drill down to view the details of each anomalous event.
UEBA
The Versa Advanced Networking Insights User and Entity Behavior Analytics (UEBA) algorithms and machine learning are designed to monitor and identify anomalous behavior across all types of entities, including users, laptops, phones, and IoT devices. UEBA processes and analyzes data from Versa firewall logs, SASE gateway login logs, CASB logs, and other third-party logs. UEBA leverages the power of big data, AI, and graph theory to provide comprehensive, real-time insights into network behavior, to strengthen security posture and mitigate risks.
UEBA can detect common anomalous behaviors, including infrequent destinations, impossible, or superman, travel, bulk deletions, bulk downloads, first-time access to applications or subnets, and access from different devices. You can configure and apply custom anomalous policies.
You can integrate UEBA with GraphDB so that you make arbitrary queries into the user access graph. You can use UEBA to make MITRE ATT&CK queries, when you provide UEBA with the necessary data. You can use GraphML features such as blast radius detection, community detection, and malicious actor analysis, to help determine whether a malicious user is an active bad actor or if a user is using a compromised application.
The following screenshot shows a bird's-eye view of network activity provided by the Versa Advanced Networking Insights UEBA.
You can also drill down to view individual issues.
Each UEBA event has an associated event severity score, which is combined with the user to create a user confidence score that identifies the user with a user confidence band—trustworthy, suspicious, and malicious. You can propagate the user confidence score to end devices using Versa Messaging Server (VMS) or using a third-party security information and event management (SIEM) platform.
Alarm Suppression, Compression, and Prioritization
The Versa Advanced Networking Insights alarm management capabilities provides an efficient, focused, and prioritized alarm management system to enhance network management, reduce noise, and allow you to respond swiftly to pressing issues.
To optimize the alarm notification process, Versa Advanced Networking Insights suppresses and compresses device alarms and then prioritizes them so that only the critical alarms are presented. To do this, Versa Advanced Networking Insights captures raw alarm logs directly from Versa Analytics. It processes the logs and identifies the primary devices that are generating alarms and that are causing subsequent alarms from other devices. Versa Advanced Networking Insights uses this information to suppress the generation of alarms and to optimize the notification process. Then, Versa Advanced Networking Insights correlates the suppressed alarms originating from a single device and further compresses alarms. For example, if there is 100 percent probability that a BGP flap can lead to a branch failure, Versa Advanced Networking Insights streamlines the notification process by presenting only the critical Branch Down alarm, suppressing the less important ones.
Versa Advanced Networking Insights also ensures that suppressed alarms are prioritized based on their deviation from the norm. For example, devices generating prolonged unhandled alarms for an extended period, such as a week, are automatically deprioritized. In contrast, devices that experience a sudden increase in alarms, indicating potential issues, are given higher priority.
The following screenshot shows a dashboard that displays a map that highlights prioritized devices, grouping devices by the region to help you visualize regions that require immediate attention.
Deployment Strategies
You can deploy Versa Advanced Networking Insights in one of the following ways:
- Shared account—A shared account provisions a customer in a namespace that is shared with other tenants who use the same set of applications. This type of deployment is suitable for small businesses. Customer uses a shared Kafka channel to feed data and ingest alerts. Shared account mode ensures tenant separation by using per-topic access control lists (ACLs) that are protected by SSL certificates. To avoid noisy neighbor issues, the rate of sending logs is limited for each user.
- Single-tenant account—A single-tenant account provisions a customer in a namespace within the existing namespace of the SaaS service infrastructure. This type of deployment is suitable for medium-sized businesses. The customer uses a shared Kafka channel to provide data and receive alerts. Single-tenant mode enforces tenant separation by using per-topic ACLs that are protected by SSL certificates. In this mode, each customer has their own instances of the applications running in their namespace.
- Enterprise account—For enterprise accounts, the infrastructure is instantiated in a Versa-managed Virtual Private Cloud (VPC) on Google Cloud Platform (GCP) or AWS. This type of deployment is suitable for large enterprises that require their own instantiation of the infrastructure in the cloud. You can integrate additional features such as disaster recovery across multiple regions. You can monitor your infrastructure from your own network, or the Versa Networks NOC team can manage it for you.
For shared and single tenant accounts, Versa Networks monitors the health of the accounts and attempts to remediate issues as they arise.
Onboarding Process
To have devices be monitored by Versa Advanced Networking Insights, you must provide the following information when onboarding the devices:
- Account name
- URL of the Versa Director nodes and credentials to automate initial setup
- Type of deployment strategy choice
After you provision the cloud resources, Versa Networks provides the URL that you use to access the Versa Advanced Networking Insights portal, for example, account-name.versa-vani.com.
You then use your Director credentials to log in to the Versa Advanced Networking Insights dashboard.
The Versa Advanced Networking Insights team provides you with two Kafka alert topics, along with the required certificates:
- syslog.version.namespace.customer.tenant—You configure this on the Analytics node so that the Analytics node forwards logs to the Versa Advanced Networking Insights portal.
- alerts.version.namespace.customer.tenant—You this on the Analytics node to forward logs provided by other downstream services, such as SIEM and VMS, to the Versa Advanced Networking Insights portal
Typically, Versa Networks provides only a single group for each alert topic. If you have multiple downstream consumers, you can request additional groups.
Supported Software Information
Releases 22.1.1 and later support all content described in this article.