14 December 2017
| Sponsored content
Capacity speaks to Cato Networks about the benefits of SD-WAN
1.Tell us a bit about Cato Networks
- your history and offering?
Gur Shatz, our CTO, and I founded Cato Networks in 2015
based on our many years in networking and security. He
co-founded and was the CEO of Incapsula Inc., a cloud-based
global network designed to protect websites against DDoS
attacks. I co-founded Check Point Software, the company that
introduced the market’s first commercial firewall,
and later started Imperva, which invented the web application
We saw the problems enterprises faced with their networking
and security architectures. So we started Cato Networks with
the goal of making networking and security simple and
affordable. The Cato Cloud is a
cloud-based SD-WAN converging six products in one. The Cato
Cloud replaces global MPLS services, edge SD-WAN appliances,
secure web gateway (
SWG), firewall appliances, cloud access security brokers
(CASBs), and remote access solutions.
2. You mention that enterprises faced "many
problems." Can you be more specific? What kinds of
As we spoke with IT managers, we heard how their wide area
networks (WAN) were becoming incompatible with the business.
The traditional, MPLS-based WAN is a major headache for many
with its high bandwidth costs, long deployment required times
(up to 90 days for new sites), and poor Internet and cloud
performance. Network security appliances brought their own
complaints, namely their purchase costs, deployment and
maintenance challenges, and how appliances could not
simultaneously use features and functions on all
3. You’ve spoke about Cato Cloud. Can
you explain exactly "WHAT" is Cato Cloud?
Cato Cloud is comprised of two complementary layers. The
Cato Cloud Network is a global, geographically distributed,
SLA-backed network of PoPs, interconnected by multiple tier-1
carriers. Enterprises connect to Cato using the Cato Socket, a
zero-touch SD-WAN device, via any last mile transport
(Internet, MPLS, and 4G/LTE). Cato Security Services are the
fully managed suite of enterprise-grade and agile network
security capabilities we spoke about that are directly built
into the network. Customer and providers interact with Cato
Cloud through the Cato Management Application, configuring
corporate network and security policies and viewing detailed
analytics on network traffic and security incidents.
4. So is Cato Cloud a managed SD-WAN
Cato Cloud is a true cloud service. As in many areas of IT,
the initial SD-WAN services were managed SD-WAN services. These
offerings continue to rely on discrete networking and security
appliances, maintaining the same high-costs and complexity that
impacted IT. The only difference is those costs now get passed
onto enterprise customers as a monthly bill.
Cloud-based SD-WAN services (also called
SD-WAN-as-a-Service) are fundamentally different. The SD-WAN,
routing, and security code are rewritten from the ground up as
a fully-distributed, multitenant software stack.
It’s elastic, allowing resources to be pooled and
easily allocated by the service provider which can use this
efficiency to lower costs. The distributed architecture is also
built for resiliency and redundancy for improved uptime. And,
like any cloud service, networking and security can be fully
self-managed by IT without impacting other customers. This is a
fundamental departure from SD-WAN appliances or managed SD-WAN
services, one I believe represents the future of security and
5. How then does Cato help organizations to address
The Cato Cloud gives organizations an
affordable MPLS alternative. High network latency can
undermine user productivity in remote locations, forcing
enterprises to make a tough trade-off between an affordable,
but high latency, internet-based network or an expensive,
low-latency MPLS network. With Cato Cloud, they can get both
performance and low-price. As a
firewall-as-a-service, Cato Cloud eliminates the cost and
overhead associated with deploying and managing branch security
appliances. Cato Cloud also enables enterprises to seamlessly
extend their WANs to include mobile users, cloud
datacenters, and cloud applications.
6. Should enterprises move to SD-WAN?
In principle, yes. SD-WAN lets IT use the right
transport for the right job. You can continue to use MPLS where
necessary, deploy 3G/4G if deployment is urgent or
infrastructure is unavailable, tap xDSL or cable for home users
and manage everything as one seamless network.
That’s incredibly powerful.
7. You say "in principle." Is SD-WAN a good
replacement for MPLS?
If by SD-WAN you mean replacing a global MPLS network with
SD-WAN appliances and public Internet connections then
companies will face problems. High latency and unpredictability
make the Internet a poor alternative for delivering predictable
performance. This is particularly true for real-time
applications, such as voice, that are sensitive to fluctuations
in latency and packet loss. SD-WAN appliances lack the
middle-mile to solve these problems.
This is where Cato can be so helpful. We provide SD-WAN and
an affordable alternative to MPLS. We use multi-segment
optimization to compensate for the unique performance and
availability problems of the middle- and last-miles.
Cato’s SLA-backed backbone consists of more than
30 PoPs across the globe, avoiding the fluctuations in latency
and loss SD-WAN appliance experience when traversing the
global, public Internet. Throughput maximization algorithms
further improve data transfer performance. Within the
last-mile, Cato Cloud uses a range of optimizations, such as
Forward Error Correction (FEC), application QOS, and bandwidth
throttling. Taken together, Cato Cloud provides companies with
a backbone where applications perform well at a global scale
and within budget.
For more information on, please
<< CLICK HERE >>
Shlomo is co-founder and CEO of Cato Networks. He is a
network security expert and a serial entrepreneur. Shlomo has
co-founded Check Point Software, who created the first
commercial Firewall, and Imperva, the innovator of the Web