CIO Bulletin

Eliminating the Complexity, Costs, and Risks Associated with Legacy IT Approaches through SASE Platform: Cato Networks

Existing network approaches and technologies simply no longer provide the levels of security and access control digital organizations need. These organizations demand immediate, uninterrupted access for their users, no matter where they are located. With an increase in remote users and software-as-a-service (SaaS) applications, data moving from the data center to cloud services, and more traffic going to public cloud services and branch offices than back to the data center, the need for a new approach for network security has risen. That is when secure access service edge, or SASE plays a crucial role. It is an emerging cybersecurity concept. SASE will converge best-of-breed security and SD-WAN capabilities in the cloud to deliver exceptional user experiences while reducing security risk.

Cato Networks is the world’s first SASE platform, converging SD-WAN and network security into a global, cloud-native service. Cato optimizes and secures applications access for all users and locations. Using Cato, customers easily migrate from MPLS to SD-WAN, optimize global connectivity to on-premises and cloud applications, enable secure branch Internet access everywhere, and seamlessly integrate cloud datacenters and mobile users into the network with zero trust architecture. It has pioneered the convergence of networking and security into the cloud. Aligned with Gartner's Secure Access Service Edge (SASE) framework, Cato's vision is to deliver a next generation secure networking architecture that eliminates the complexity, costs, and risks associated with legacy IT approaches based on disjointed point solutions. With Cato, organizations securely and optimally connect any user to any application anywhere on the globe.

Industry-Leading SASE Services and Solutions Delivered

Global Private Backbone: Enterprises have long struggled with finding reliable and affordable global connectivity. Global MPLS connections come at a high cost for limited bandwidth, if they’re available at all. The Internet, already unpredictable, is only made worse by the latency of long-distance global connections. Cato solves the global connectivity problem. The Cato global private backbone is a private network spanning 60+ points of presence (PoPs) worldwide. The backbone is affordable and managed by Cato personnel. Cato SASE Cloud runs on a private global backbone of 65+ PoPs connected via multiple SLA-backed network providers. The PoPs software continuously monitors the providers for latency, packet loss, and jitter to determine, in real-time, the best route for every packet. Cato’s backbone design delivers end-to-end route optimization for WAN and cloud traffic, and a self-healing architecture for maximum service uptime. Its customers experience connectivity that is superior to the unpredictable public Internet and more affordable than global MPLS and other legacy backbones.

Edge SD-WAN: The Cato Socket SD-WAN device connects a physical location to the nearest Cato PoP via one or more last mile connections. Customers can choose any mix of fiber, cable, xDSL, and 4G/LTE connections. The Socket applies multiple traffic management capabilities such as active-active link usage, application- and user-aware QoS prioritization, and dynamic path selection to work around link blackouts and brownouts, and packet duplication to overcome packet loss. The Socket can also route site-to-site traffic over MPLS and the Internet to address regional and application-specific requirements. The Cato Socket, Cato’s Edge SD-WAN device, is a zero-touch device ready to work in minutes. Sockets come in two models: X1500 for branch offices and X1700 for datacenters. Both are continuously monitored and updated by Cato’s network operations center (NOC).

Security as a Service: Cato uses a full enterprise-grade network security stack natively built into the Cato SASE Cloud to inspect all WAN and Internet traffic. Security layers include an application-aware next-generation firewall-as-a-Service (FWaaS), secure web gateway with URL filtering (SWG), standard and next-generation anti-malware (NGAV), and a managed IPS-as-a-Service (IPS). Cato can further secure your network with a comprehensive Managed Threat Detection and Response (MDR) service to detect compromised endpoints. All layers scale to decrypt and inspect all customer traffic, without the need for sizing, patching, or upgrading of appliances and other point solutions. Security policies and events are managed using the self-service Cato Management Application.

Cloud Datacenter Integration: Cato integrates with major cloud providers, such as Amazon AWS, Microsoft Azure, and Google Cloud with secure IPSec tunnels. By using its global backbone to optimally route traffic from the edge to the cloud providers, Cato eliminates the need for premium cloud connectivity solutions such as AWS DirectConnect and Microsoft Azure ExpressRoute. The integration is agentless and connecting a cloud datacenter to Cato takes minutes. There is no need to deploy or pay for cloud server instances. Lastly, all traffic is subject to full security inspection with Cato’s built-in security stack.

Cato Management Application: Cato provides a cloud-based and self-service management application to control the entire service. It includes full network and security policy configuration, and detailed analytics on network traffic and security events. To experience the ease of use and deep visibility of Cato Management Application, please request a demo. Self-service management is a unique advantage of Cato over legacy managed network services providers that require customers to submit tickets for any change to the network. If needed, Cato and its partners offer managed service options. In all cases, Cato maintains the underlying platform so customers do not need to upgrade, patch, or otherwise maintain the Cato SASE Cloud.

Cloud Application Acceleration: Cato optimally routes public cloud application traffic, such as Office 365, UCaaS, and Cloud ERP from the edge and to the doorstep of the cloud application’s datacenter. Cato’s built-in cloud acceleration maximizes end-to-end throughput up to 20X, boosting application performance for bandwidth-intensive operations like file upload and download. All traffic and files exchanged with the cloud application are fully inspected by Cato security stack to protect end users from malicious files and network-based attacks.

The Pre-Eminent Leader

Shlomo Kramer, Co-Founder serves as the Chief Executive Officer of Cato Networks. He is a network security expert and a serial entrepreneur. Shlomo has co-founded Check Point Software, who created the first commercial Firewall, and Imperva, the innovator of the Web Application Firewall. Shlomo has made early investments in successful cybersecurity companies including Palo Alto Networks, Trusteer, and numerous others. He was named CEO of the Year by SC Magazine in 2008, one of “20 luminaries who changed the network industry” by Network World in 2006, and was inducted into the InfoSec Hall of Fame in April 2013.

Shlomo holds a master’s degree in computer science from Hebrew University of Jerusalem and a Bachelor of Science degree in mathematics and computer science from Tel Aviv University.