The Cloud has brought with it a lot of buzzwords. In the beginning the cloud was little more than a storage alternative, in our opinion not a particularly well-though-out business, technology or security model. Today, just a very few years later, the cloud has begun to mature to an immense compute platform and a way to offload such things as in-house security. That piece is risky at best because it assumes that you are abrogating the security of your enterprise to strangers.
However, there are some cloud models that combine enterprise architecture and security in a way that is both practical and secure. The reason is that cloud providers have the ability to bring a lot more security resources to the party due in part to economies of scale. This has given us cloud versions of the software-defined data center and software-defined security stacks. It also has provided some very heavy-duty compute capabilities that have led to cloud-based security services. Finally, the ubiquity of the cloud allows access from anywhere in the world where there is an Internet connection.
This month’s First Look has combined many of these cloud capabilities into a service they refer to as “Global Cloud-based SD-WAN with Built-in Network Security.” The idea of a software-defined WAN is interesting for a lot of reasons, not the least of which is that it can be a higher performing, more secure alternative to traditional WANs. It also has that ubiquity we mentioned.
Cato Networks is a new company, having launched its product, Cato Cloud, in 2016. Their approach – convergence of network and security in the cloud – is very simple to talk about but not so simple to do. One interesting consequence of a SD WAN is the inclusion of mobile devices, something that is difficult to do with a hardware WAN. Certainly, it presents security challenges.
Cato Cloud builds security into the network and that allows a unified policy no matter from where you are connecting, or what device you use. Performance tends to have less latency as well. In short, it’s a solution to the challenges of wide area connectivity that makes a lot of sense. All processing is done in the cloud so you achieve a unified approach to both connectivity and security.
The virtual network is shared across over 30 points of presence around the world, a mesh network that is checking constantly for the most efficient route. The network sports a next generation firewall, designed and deployed from the ground up as part of the Cato Cloud architecture. This firewall provides traffic inspection, remote access, segmentation, user awareness, and application awareness. There are several ways to connect to the Cato Cloud depending upon your in-house architecture and your use of mobile devices.
When you log ingot the network for administration purposes, you start with a top-level view of your network and what devices are connected. There is a full suite of analytics as well, covering sites, VPN users, applications, domains, threat protection and so on. Because this is a network as well as a security construct, performance is important and there is, of course, a drill-down for that.
On the security side, much is dependent upon the shared next generation firewall resource. There is a full set of firewall administration choices that allow you to configure firewall security policy with considerable granularity. URL filtering, like the rest of the security policy configuration, is very graphical, making policy adjustment quick and easy. Threat protection includes anti-malware, IPS and geographic restrictions. Their malware engine is from Kaspersky.
Overall, this is an impressive service and our brief experience with it was equally impressive. Pricing is based upon data throughput and support is included. The web site is largely a marketing site with the twist that it actually contains a wealth of useful information in the form of webinars and e-books.
It is not surprising that Cato is headed for success. It is well-thought-out and the leadership is very experienced, having been involved in such notable startups as Check Point, Imperva and Palo Alto Networks. We like the model – from a business, technical and security perspective – and we predict that this young company has the potential to set a high bar for integrated SD wide area networks with high security and performance.
Product: Cato Cloud
Company: Cato Networks – http://catonetworks.com
Price: Starting at $4 per Mbps/month
What it does: Global Cloud-based SD-WAN with Built-in Network Security
What we liked: Excellent mix of security and performance designed to address business needs as well as technological ones.
The bottom line: It is likely that SD WANs are a new concept for you. Cato Cloud is SLA-backed and is a good way to start the process of simplifying, protecting and improving performance of your global network requirements.