Solution
SecureConnect is a new paradigm in network connectivity and security built on Veea Edge Platform’s core capabilities of networking, computing, cybersecurity, storage, IoT and AI/ML skillsets.ing, computing, cybersecurity, storage, IoT and AI/ML skillsets.
THE PROBLEM & THE OPPORTUNITY
- Existing solutions for network connectivity and security are complex, vulnerable, brittle, and labor intensive, resulting in high cost and risk and unserved markets.
- AI requires granular network information and needs the ability to drive/control actions within the network.
- A cybersecurity solution that is not a fully integrated solution with a “secure-by-design” device with active network monitoring is inherently vulnerable and exposed to cyberattacks.
SecureConnect cybersecurity Platform solution provides a simplified and cost-effective means to address these challenges/ opportunities for a broad variety of markets.
SecureConnect Introduction
SecureConnect is a hybrid edge-cloud managed product platform with a full software stack that provides for a virtualized software environment on a range of devices at the edge with the highest level of security at their core. SecureConnect is a highly performative, light-weight, containerized, AI-enabled software application that provides an architecturally superior approach to SD-WAN and SASE without the cost, and complexity of VPNs, agents, and physical firewalls. Scalable from simplified SMB implementations (“CIO in a box”) to complex enterprises, legacy environments –no rip and replace required |
SecureConnect Highlights
- Policy driven security, controlled from the cloud, but executed from the edge, ensures that only authorized devices or users connect only to what they are allowed to connect to.
- Cloud-based network and device management
- Highly secure remote device and application authorization, authentication and management.
- Cloud-based network and device management
- Simplified and redefined approaches to SD-WAN, that eliminates complex network management.
- Dynamically creates secure tunnels based on policies.
- Agentless approach means simplified administration that provides isolation and AI monitoring for even the simplest of IoT devices.
- Edge-based control, avoids the complexity of VPN management and resulting loss of privacy and performance.
SecureConnect Overview
- SecureConnect’s containerized App runs on VeeaHub devices and a variety of third-party consumer and business router or network edge devices, enabled by VeeaWare middleware agent, managed globally and locally by VeeaCloud.
- SecureConnect provides a unique and powerful way to identify, isolate, and connect users, devices, and applications in both legacy and greenfield networks, for maximum simplicity, security and performance.
System Architecture
SecureConnect acts as an “intelligent, policy controlled, router inside a router” and can provide rich SecureConnect Insights into and control of all elements of the network, including LAN and WAN-side behavior. Profile policies for devices and users define connectivity, access and security rules for granular control and AI automation. |
SecureConnect Profiles
SecureConnect Insights
See and Control Your Network: SecureConnect Insights enables you to view advanced details about where your data is flowing and how your network is performing, helping you to better understand and protect network. Insights evaluates traffic on a per stream or even per packet basis to deliver unique application and device awareness and to provide granular network traffic information, including factors such as bandwidth and latency. |
Powering Unique Capabilities
SecureConnect drives unmatched capabilities within the network. Some examples:
- Insights
- Dynamic Isolation for Threats and Acceptable Use
- Multifactor Authentication Based on User/Device Profiling
- Application-Aware QOS
- Multi-WAN Concurrency and Failover
- Simplified and Rapid SD-WAN
- AI and Advanced Analytics Anomaly Detection
- AI Driven Control or Response
Simplified SMB Deployment with Multi-Sites
Simplified IoT Factory Deployment
Sample Market Segments
SecureConnect already is used as a white-labeled product and sold as a Value-Added service by leading device manufacturers and internet service providers (ISPs).
Example use cases include:
- SMB and SOHO
- IoT and Critical Infrastructure
- Consumer + Home
- Enterprise
- Multi-Density + High Density Environments
Connectivity Scenarios
Cybersecurity Design Principles
SecureConnect offers a fully integrated cybersecurity solution with the “secure-by-design” VeeaHub devices with active network monitoring and AI-driven countermeasures to make it inherently much less vulnerable to cyberattacks.
Until now, provisioning of networking and cybersecurity have been typically treated as different disciplines resulting in slew of communications products (e.g., modems) and security devices (e.g., firewalls), including all accessories in-between, that had to be integrated, and maintained by users with different levels of know-how, at user premises.
The advancements in the development of highly integrated devices, modern full stack software architecture with virtualized software environments, advanced Software Defined Networking (SDN), Network Function Virtualization (NFV), on-device machine learning and AI1, a wide range of Cloud management tools, and other advancements have dispensed with old paradigms.
SecureConnect is a Hybrid Edge-Cloud Computing (HEC) cybersecurity solution implemented to provide for a ”Plug & Play” solution that highly simplifies networking and cybersecurity in an “all-in-one” device
SecureConnect Container Structure
With its integrated networking, HEC and AI-driven cybersecurity capabilities, SecureConnect incorporates the elements of the best of breed of what is typically classified by several different categories of cybersecurity solutions:
|
SecureConnect Anomaly Detection
SecureConnect in Legacy Systems
SecureConnect Facilitates Multi-WAN
End User Setup Simplicity
Configuration Simplicity
Comprehensive Enterprise-Grade AI-Driven Cybersecurity Under the Hood
SecureConnect Features and Characteristics
SecureConnect Managed WAN Connections
SD-WAN builds encrypted tunnels to securely connect between:
- Branch offices
- Data centers
- Cloud services (e.g., AWS, Azure)
- SD-WAN gateways or controllers
A Next Generation VPN (NG-VPN) is an evolution of traditional VPN technology, designed to meet the needs of modern, distributed, cloud-native, and security-focused environments - it reimagines how identity, access, and networking should work in today’s world.
SecureConnect wide area connectivity is based on the combined capabilities of an on-device integrated SD-WAN with a modern, zero-configuration NG-VPN solution that simplifies secure networking across a private network with a few nodes to millions of user devices and IoT sensors by creating a mesh network between VeeaHub devices, or the user devices outside the VeeaHub coverage area, globally on the WAN.
Remote-Connect Security & Privacy Features
🔄 End-to-End Encryption
- Built on widely adopted WireGuard® foundation, ensures all device-to-device traffic is encrypted, maintaining privacy and security.
🌐 Networking Capabilities with Seamless Mesh Networking
- Devices connect directly and securely in a peer-to-peer mesh, instead of all routing through a central gateway, avoiding central bottlenecks.
- Subnet Routing: Allows access to entire subnets through a single device, facilitating integration with existing networks.
- Reduces latency, scales better, and improves fault tolerance.
- Automatic NAT Traversal & Peer Discovery: Seamlessly connects devices across different networks (behind NAT or firewalls) using techniques like STUN, DERP, and hole-punching.
⚙️ Software-Defined Perimeter (SDP)
- Creates dynamic, encrypted, just-in-time tunnels only to authorized resources.
- Prevents lateral movement inside the network - unlike traditional flat VPNs.
🧠 Zero Trust Architecture
- Zero Trust Network Access (ZTNA): Implements identity-based access controls, allowing permission-based user identities rather than IP addresses, with existing trusted devices to establish new device connections to user policies on the LAN, and across the WAN, segments.
- Uses user identities (via SSO, OAuth, MFA, etc.) rather than static IPs or shared secrets to control access.
- Enables secure SSH connections only to application containers without managing keys, simplifying remote access while protecting the host OS on the user device.
- Assumes no user or device is inherently trusted — every access request is verified.
- Continuously checks trust signals (device posture, location, behavior).
📱 Cross-Platform Support and Remote-Ready
- Designed for remote, mobile, and hybrid work environments.
- Runs across laptops, phones, cloud instances, containers, and edge devices.
- Integration with Identity Providers: Supports SSO with providers like Google, Microsoft Entra ID, and Okta for streamlined authentication.
- Available on Linux, iOS and Android OS ensuring broad compatibility.
🔐 Identity-Based Access (Not IP-Based)
- VeeaCloud provides for User Management on networks
- Access Control Lists (ACLs): Fine-grained access policies to control which users can access specific devices or services.
- Access controls are tied to user identity, not just static IP addresses or keys.
- Centralized Admin Dashboard: GUI for managing devices, users, access policies, and monitoring.
🖥️ Policy Management with Private Network Profiles
- Adds an extra layer of security by giving the end-users the ability to create different profiles for groups of devices (e.g., Secure, Common, Guest) that enable permission-based connections managed through SecureConnect policy server.
- Eliminates the pain of manually distributing and rotating keys or certs.
- Policies are centrally managed, applied dynamically.
🛡️ Integrated Security Controls
- Built-in DNS filtering, malware blocking, traffic segmentation, and auditing.
- Auto Key Rotation: rotates encryption keys automatically for better security.
- Can integrate with SIEM, XDR, and other security tools.
Remote-Connect General Features
⚙️ Ease of Use
- Zero-Config Setup: Devices connect automatically without manual configuration, firewall adjustments, or port forwarding.
- Simplified DNS: Provides user-defined DNS names for devices, simplifying network navigation.
📊 Monitoring & Management
- Audit Logging: Tracks configuration changes and network activity for compliance and troubleshooting.
- Session Recording: maintains logs on sessions for auditing purposes, enhancing security oversight.
- SIEM Integration: Streams logs to Security Information and Event Management systems for centralized monitoring.
🧩 Groundbreaking Cloud-Managed Private Networking Across the WAN
- Smarter (identity-aware)
- Safer (zero trust, SDP)
- Simpler to manage (auto updates, mesh networking)
- Made for today’s world — cloud, remote work, and edge computing with IoT endpoints.
Comparison of Prominent
WAN Connectivity Cybersecurity Solutions
| Feature / Capability | Veea SecureConnect | Tailscale | Cloudflare Zero Trust | Teleport | NordLayer | Zscaler Private Access (ZPA) | Perimeter 81 |
| Architecture | VeeaCloud-managed ZTNA mesh nodes with Secure WireGuard tunnels | Mesh VPN using WireGuard; peer-to-peer connections | Cloud-native ZTNA; agent-based or agentless access | Identity-based access with short-lived certificates | Centralized VPN with dedicated gateways | Cloud-delivered ZTNA; eliminates need for VPN gateways | Cloud-based VPN with Software-Defined Perimeter (SDP) |
| Identity Integration |
SSO integration with major identity providers | SSO with providers like Google, Microsoft, Okta | SSO integration with major identity providers | SSO integration; certificate-based authentication | SSO with providers like Azure AD, Okta | SSO integration with major identity providers | SSO with providers like Okta, Azure AD |
| Access Control | Network segmentation with policy server Role-Based Access Controls | Fine-grained ACLs based on user/device identity | Contextual access policies based on user, device posture, and location | Role-based access controls (RBAC) | Network segmentation and access control policies | Dynamic access policies based on user identity and context | Granular access policies with network segmentation |
| Device Posture Assessment | Comprehensive device posture assessments with endpoint compliance | Basic device tagging | Advanced device posture checks (e.g., OS version, antivirus status) | Limited device posture capabilities | Device posture checks with endpoint compliance | Comprehensive device posture assessments | Device posture checks with endpoint compliance |
| Audit Logging & Monitoring | Comprehensive logging with real-time monitoring and SIEM tools | Basic logging; session recording with Tailscale SSH | Detailed logging with integration to SIEM tools | Extensive session recording and audit logs | Activity monitoring with centralized logs | Comprehensive logging with real-time monitoring | Detailed logging with integration to SIEM tools |
| Deployment Complexity | “Plug & Play” AI-driven device discovery and Policy-based LAN segmentation | Easy setup; minimal configuration | Moderate setup; requires configuration of policies and agents | Moderate setup; requires configuration of access policies | Easy setup with user-friendly interface | Moderate setup; requires configuration of policies and connectors | Easy setup with user-friendly interface |
| Pricing Model | Included with different grades of VeeaCloud management services | Free for personal use; paid plans for teams and enterprises | Free tier available; paid plans based on usage and features | Open-source core; enterprise features require a subscription | Paid plans starting at $8/user/month | Enterprise pricing based on usage and features | Paid plans starting at $8/user/month |
| Best Use Cases | Secure access over dedicated private wired and wireless networks | Secure access for distributed teams; developers; personal projects | Secure access to internal applications; replacing traditional VPNs | Secure access to infrastructure (e.g., SSH, Kubernetes); compliance requirements | Secure remote access for businesses of all sizes | Large enterprises seeking comprehensive ZTNA solutions | Businesses seeking a balance between traditional VPN and ZTNA features |
SMB Control Center Structure
Operator View
- Administrative view and management
- Portal views
- Organizational views
- Muti-tenant
- Insights
- Devices, applications
- Performance
SMB View - Organization Admins
- User management
- Location management
- LAN and WAN side performance
- Security policy
SMB View - Site Admins
- Mobile application orientation
- Segregation of devices into categories
- Real-time demo: access violation (unauthorized access/ ping attempt)
Typical Configuration for a Small Business
Veea creates a simplified, yet powerful security structure for each SMB location. The structure is as follows: Three networks are established: “Guest”, “Secure” and “Common” with the following characteristics:
|
For each of the three networks “Guest”, “Secure” and “Common”:
- If anyone connects to the “Guest” network, they will connect right away; this will be for visitors to the shop, etc
- Devices on the “Secure” network must be authenticated by mobile app. These may be admin devices, point of sale, security systems, business critical devices.
- Devices on the “Common” profile are shared resources. Some devices may be employee tablets, phones, printers, digital signage, insecure cameras, IoT sensors
- On any connection to the SSID, there is an in- application notification to approve the device connecting to your network. The level of authentication is configurable within the system.
Example Installation
A typical installation could include numerous gateways, in multiple locations. Shown here is a small business with two locations and two gateways. One has an extender for enhanced coverage.
SecureConnect Insights
Insights provides powerful views for SecureConnect Administrators (at both the Operator and Organizational Admin levels)
- Provides detailed views into bandwidth usage
- Devices and device bandwidth
- Protocols used
- Applications and bandwidth consumption
- Many other views network wide or site specific, that can be used for customer care and system management