SASE And Cato; The Fit...

As promised in the previous blog, given the seeming importance of SASE, here’s more definition in terms of what briefings with Cato Networks revealed.

If we look at the key areas where SASE and Cato meet, these could be defined as:

  • Identity-driven:User and resource identity, not simply an IP address, determine the networking experience and level of access rights. Quality of service, route selection, applying risk-driven security controls—all are driven by the identity associated with every network connection. This approach reduces operational overhead by letting companies develop one set of networking and security policies for users regardless of device or location.
  • Cloud-native architecture:The SASE architecture leverages key cloud capabilities including elasticity, adaptability, self-healing and self-maintenance to provide a platform that amortizes costs across customers for maximum efficiencies, easily adapts to emerging business requirements and is available anywhere.
  • Supports all edges: SASE creates one network for all company resources—data centers, branch offices, cloud resources and mobile users. For example, SD-WAN appliances support physical edges while mobile clients and clientless browser access connect users on the go.
  • Globally distributed:To ensure the full networking and security capabilities are available everywhere and deliver the best possible experience to all edges, the SASE cloud must be globally distributed. As such, Gartner noted, they must expand their footprint to deliver a low-latency service to enterprise edges.

Key to the Cato offering is the sheer number of options available and the ability to cherry pick from those, as not every company needs everything, or even the same subset of features. The Cato delivery mechanism is fully cloud-based, designed around a global private backbone of over 50 POPs so all traffic is managed in the same way, on the same network and with no reliance on backhaul traffic. How, then, does this relate to the “new norm” and the huge increase in homeworkers? From a user perspective, you can choose to go down the client or clientless (web browser) routes, including mobile. In terms of security, the solution integrates with a number of identity management providers, to enable a single sign-on, for example using something like Microsoft 365, which can be multi-factor for hardened security. All the remote user’s traffic is inspected en route by Cato; the security stack includes a next generation firewall (NGFW), a secure web gateway, IPS, anti-malware and a managed threat detection and response (MDR) service.

On the SD-WAN side of things, from a WFH perspective, while not offering a unified communications (UC) product – key to the WFH initiative – the Cato solution is designed to optimise all the elements of UC, such as by minimising packet loss and latency, both of which are killers for real-time applications such as voice and video. Equally, the Cato solution has been designed to overcome problems at the sharp end of the delivery mechanism – the last mile, using a combination of bidirectional QoS (Quality of Service) and policy-based routing/real-time optimum path selection – again all designed to minimise latency and packet loss. Moreover, it uses multiple last-mile links in order to ensure traffic availability, with multiple redundancy options available.

Naturally, there is far more to the Cato solution than I’ve touched upon here but, from a “new normal” perspective, the point is that it ticks all the boxes while effectively defining SASE at the same time.  if you want more information related directly to the overview here, eWalk this way: https://www.catonetworks.com/sase.

Gartner noted in a recent report that: “after decades of focusing on network performance and features, future network innovation will target operational simplicity, automation, reliability and flexible business models” and this appears to be both the SASE and Cato Networks mantra. This in itself seems to be a suitable differentiator for now – it’ll be interesting to see how the vendor community attaches itself to this latest Gartner hype curve, and how many can cling on there…