Tom Moran
Cato Networks solves the connectivity and security problem with a holistic combination of SD-WAN + Global Network +cloud based, Next Generation firewa
Cato Networks solves the connectivity and security problem with a holistic combination of SD-WAN + Global Network +cloud based, Next Generation firewa
Disclaimer: The views, thoughts, and opinions expressed by guests on this podcast are solely their own and do not necessarily reflect the views or positions of their employers, affiliates, organizations, or any other entities. The content provided is for informational purposes only and should not be considered professional advice. The podcast hosts and producers are not responsible for any actions taken based on the discussions in the episodes. We encourage listeners to consult with a professional or conduct their own research before making any decisions based on the content of this podcast
3 Key Takeaways
Transcript
Speaker 0 | 00:01.732
All right, so everyone out there listening, we got Tom from Cato Networks on the line right now. And I’m recording this just because I’ve been getting a lot of responses, questions about SD-WAN in general lately. And obviously, as the saying goes, not every SD-WAN provider is created equal. And I have my top three SD-WAN providers that I use on a regular basis. Cato Networks is one of them, particularly because we can leverage their global MPLS backbone, which has a lot of benefits to it. But I’ll let… I’ll kind of let you talk about that, Tom, a little bit. And I want to just maybe just give a general overview of Cato and, you know, just maybe some of the main benefits and main differentiators from the other SD-WAN providers and talk even about maybe your managed firewall product and some of the very key security aspects around mobile phones and mobile devices accessing your secure cloud.
Speaker 1 | 00:57.081
Yeah, sure. So appreciate you setting us up here on this. So. Tato Networks is an SD-WAN vendor that, in our opinion, is a little bit different than most of the providers in the market. So a lot of the SD-WAN solutions are kind of an edge appliance. There’s a box that sits in headquarters branch location, and it’s going to look at the best path in and out of the building and kind of manage class of service in the buffers that are on the box. But once that traffic leaves the appliance or the edge, it’s on best effort internet, right? internet service providers are based on a least cost routing model and not on any kind of application performance model. That’s how they’re built.
Speaker 0 | 01:38.213
And that’s assuming they’re not, that’s assuming they’re not leveraging like an MPLS backbone of their own or something like that, or a kind of hybrid network. So, you know, they could be doing that, but they’ll definitely be paying for it if they are.
Speaker 1 | 01:50.382
Yep. You are exactly correct. Right. So the Cato model is a bit different. We’ve built out 50 of our own pops across the world with the the general idea of trying to get you know the vast majority of you know business traffic onto you know one of those pops and you know call it sub 20 milliseconds um and then we use our our application routing to steer that traffic to other locations while riding our network as far as it can before we hand it off or more commonly is to steer that traffic to some cloud resource right whether it’s you know an azure aws gcp whatever it might be or some saas provider where we can actually steer that traffic to a client’s instance. And in a lot of cases…
Speaker 0 | 02:30.818
Let me translate that. Let me translate that into kind of layman terms, right? I.e. my terms and other maybe CEOs out there that could possibly be listening to this and have no clue what we’re talking about. In short, you have applications that you’re hosting up in Azure or you’re hosting in Amazon and you’re paying for expensive circuits right now to leave your building, travel all the way to that data center. and then come back or go back out into the cloud wherever they’re going. Whether that be a label maker that you’re printing for some kind of logistics company, whatever it is that you’re hosting up in the cloud, you can use essentially Kato Networks as an SD-WAN layer, ride their multi-gig backbone all the way to Azure, and you only have to jump on your backbone right down the street. You don’t have to go all the way to Seattle, let’s say, if you’re in Texas. You only need to go down the street, hop on their network. And then you’re riding a much faster backbone that’s private as well. Am I summarizing that correctly?
Speaker 1 | 03:30.083
Yeah, you did a great job with that. Correct.
Speaker 0 | 03:32.063
All right. Beautiful. So like main bullet point number one, you’re not paying for your own private expensive network. You’re leveraging somebody else’s.
Speaker 1 | 03:41.127
Yeah, exactly. And I think the core piece on that too is for folks that have a presence in AWS or Azure, a lot of folks go out and consume either an express route or a direct connect. to get there and this can completely replace that part of their their portfolio as well um in a lot of the cases we’ve built our points of presence in the same physical data center that these resources are in so you’re you’re never really on that unmanaged you know wild internet right you’re you’re on our network into the same building and you may have a an in-building cross connect for a millisecond or two to get over to the resource you need to consume
Speaker 0 | 04:17.756
So real quick, because we do have to get this done in a very quick soundbite, because I don’t want to waste a lot of people’s time. We got maybe 15 minutes here. Go over the device real quick that we’re using to connect. So we’re not looking at kind of like an SD-WAN light or a router where we’re going site to site. You guys have a little bit of a different way that you do that.
Speaker 1 | 04:38.521
Sure. So the device that we deploy on the edge, we call it a socket, but essentially it’s a low impact device that… has a couple of jobs in life and one of them is to always find the closest or best performing Cato pop to it at any given point in time of those 50 that are around the world. And the second is to, you know, set up a DTLS or secure encrypted tunnel between that site and our pop, right? So it’s going to, it’s going to. do those two things. And then all of the other heavy lifting in terms of the, the routing and the security services are all done at the, at the pop level. So it really makes that, that box easy to deploy. And it’s, it’s a really low touch box on, on the edge.
Speaker 0 | 05:19.846
Gotcha. So without mentioning any names of my customers, cause I haven’t quite gotten permission yet and they are getting permission for us to do a much larger kind of podcast on it, but we can kind of talk just in general about some of the solutions. Let’s just say hypothetically speaking, You have manufacturing in mainland China. You have manufacturing in Thailand. You have sales in the UK. You got software development in, I don’t know, India and Canada. And we need to kind of bring all these locations together on your WAN. And we’ve got traveling sales reps everywhere with mobile phones and things of the sort. Maybe speak to how you guys could… benefit in an organization like that that might get shut down when the Chinese Congress goes into power and wants to shut down all the VPNs in the country?
Speaker 1 | 06:11.096
Yeah, sure. So China is a very common use case for us. So we actually have agreements set up with the Chinese government. We see a lot of it in the manufacturing space just based on the nature of the business and the economy in China. But essentially, those different locations in China can either connect over MPLS or over internet. and MPLS and mainland China is very expensive and internet runs through the state-run firewall that the Chinese government maintains and you know enforces policy on. Unfortunately as they do that they introduce a lot of latency and packet loss as you know the an application may run through that right and one of the more common ones might be like ERP for a manufacturing facility. So what we can do is we can take that end user’s traffic we set up one of our you know, devices on the edge or a client that is on the mobility side. We’ll touch on that in a minute. But essentially, we have a couple of POPs in mainland China, and we have permission to haul that traffic out of China to our POP in Hong Kong. And at that point, it gets connected up to the rest of the world, right? So we’ve essentially bypassed the state-run firewall. So there are some caveats. I can’t get users in mainland China to, you know, to Facebook or Google or some of the same. you know, things that are blocked, but I can take them and have a secure and consistent experience in terms of, you know, latency and packet loss for business applications, right? That’s the big piece that we see where, you know, somebody needs to get to, you know, Azure or AWS or Office 365 or their ERP platform, and they struggle sometimes with, you know, a consistent performance in country, or like you said, you know, times where they may decide to block, you know, certain VPNs, or we told her maybe a month ago where, you know, China shut down access to Zoom without any real notification to folks. So on the Cato platform, you can build a simple rule that says, I want this particular application traffic to flow through Cato in Hong Kong. And those users were back on Zoom 30 seconds later after that rule set was built. So it’s a quick and easy solution, but certainly one that’s fairly common in that space.
Speaker 0 | 08:19.183
Great. Now, not everyone wants to do this and hand over their firewall rules. A lot of people do want to do that because you can make changes across your entire network. And then. in an SD-WAN scenario, but maybe talk about the firewall thing. And actually, before we even get to that, what’s this mobile security thing? Like, maybe just hit on some of the mobile security aspects where people accessing the network via their, like, a cell phone. You’ve got someone traveling from country to country, and there’s some security concerns there.
Speaker 1 | 08:45.875
Sure. So the mobility piece we see both on the security side and on the routing side. So we have a client that’s available on Windows, Mac, iOS, Android, Linux. And essentially, your users, when they connect, that client is always looking to find the closest Cato pop as well, right? So if you’re in Boston one day, in San Fran the next, in Singapore the next, it’s going to connect you to the local Cato resource versus you setting up a VPN that historically has gone back to a firewall or concentrator that may be on the other side of the world, right? So it’s reduced a lot of latency for mobile clients. So we avoid all of that. And then the security side of it is because the Cato security stack and rules live in all of those pops that are set up per customer instance. Anybody that’s in a brick and mortar building with a Cato socket or device or anyone that has our client can have the same set of rules in terms of what that experience is, what they can or can’t get to on the Internet. So we do see a lot of folks that maybe had run a VPN client on. you know, a corporate device. But they only turn it on when they need to get to a corporate resource. And if they’re browsing the web from a Wi-Fi at Starbucks, they’re not sitting behind any security policy. So we solve quite a bit on that side and provide some value for IT staff to not have to worry about certain things that maybe their end users are getting themselves in trouble with.
Speaker 0 | 10:17.619
Gotcha. Now, so last thing. speaking specifically to mid-market IT directors that might have a staff of one person, five people, and a thousand end users in multiple, multiple locations. And just speak to kind of maybe the managed firewall and how that’s been a blessing for some people just as far as making changes and really cutting back on time and, you know, just really kind of freeing up your life in general.
Speaker 1 | 10:48.439
Sure. So we talk to folks all the time in that mid-market space that, you know, may have, you know, aging firewalls that are out at multiple locations, you know, around the U.S., around the world. And anytime they want to make a rule change or, you know, patch or upgrade or anything, they have to log into individual firewalls to make those changes. And a lot of times you’re making the same rule change and, you know, multiple firewalls. And it consumes a lot of your time and energy. And it often involves, you know, paying maintenance on a bunch of different, you know. firewalls that are spread out throughout the world. So, Cato’s model is a bit different. Again, as you connect, your traffic flows through that Cato POP, right? So, all of your traffic, whether it’s site-to-site or internet-bound traffic, we see at our POP and we let you build out a set of rules there, right? So, we have kind of our WAN firewall rules, essentially, you know, site-to-site or user-to-user or user-to-application, whatever you’d like to see on that side. And then we have our own set of internet firewalls, you know, rules that you can build out as well. So, you know, just protecting in terms of what users have access to, providing IPS, anti-malware, all of those advanced threat protection services that, you know, folks are looking to have available. But it’s done through one set of rules and one orchestrator and distributed throughout the world at that point. Again, for folks that are, you know, in an office sitting behind one of our appliances or anybody that is using that mobile client as well. So definitely a different approach and certainly one that’s easier to manage than.
Speaker 0 | 12:16.715
than a lot of different disparate boxes in other words they don’t have to be in the office they could be at a laptop on the beach hopefully and they could log into your gui and make changes across their entire organization that is exactly correct okay i mean i like to put this in realistic terms here you know um and i think we’re we’re both rooting for them to be on the beach somewhere right um all right man thank you uh so much for taking this call real quick with me uh this is And what I’ll do is I’m going to actually, I might even have this transcribed. I’m definitely going to produce this recording and I’ll send it back to you so you can have it as well to deliver to whoever you like, man. And thanks for doing this call real quick. And we’ll talk soon.
Speaker 1 | 12:57.990
Sounds good, Phil. Appreciate it.
Speaker 0 | 00:01.732
All right, so everyone out there listening, we got Tom from Cato Networks on the line right now. And I’m recording this just because I’ve been getting a lot of responses, questions about SD-WAN in general lately. And obviously, as the saying goes, not every SD-WAN provider is created equal. And I have my top three SD-WAN providers that I use on a regular basis. Cato Networks is one of them, particularly because we can leverage their global MPLS backbone, which has a lot of benefits to it. But I’ll let… I’ll kind of let you talk about that, Tom, a little bit. And I want to just maybe just give a general overview of Cato and, you know, just maybe some of the main benefits and main differentiators from the other SD-WAN providers and talk even about maybe your managed firewall product and some of the very key security aspects around mobile phones and mobile devices accessing your secure cloud.
Speaker 1 | 00:57.081
Yeah, sure. So appreciate you setting us up here on this. So. Tato Networks is an SD-WAN vendor that, in our opinion, is a little bit different than most of the providers in the market. So a lot of the SD-WAN solutions are kind of an edge appliance. There’s a box that sits in headquarters branch location, and it’s going to look at the best path in and out of the building and kind of manage class of service in the buffers that are on the box. But once that traffic leaves the appliance or the edge, it’s on best effort internet, right? internet service providers are based on a least cost routing model and not on any kind of application performance model. That’s how they’re built.
Speaker 0 | 01:38.213
And that’s assuming they’re not, that’s assuming they’re not leveraging like an MPLS backbone of their own or something like that, or a kind of hybrid network. So, you know, they could be doing that, but they’ll definitely be paying for it if they are.
Speaker 1 | 01:50.382
Yep. You are exactly correct. Right. So the Cato model is a bit different. We’ve built out 50 of our own pops across the world with the the general idea of trying to get you know the vast majority of you know business traffic onto you know one of those pops and you know call it sub 20 milliseconds um and then we use our our application routing to steer that traffic to other locations while riding our network as far as it can before we hand it off or more commonly is to steer that traffic to some cloud resource right whether it’s you know an azure aws gcp whatever it might be or some saas provider where we can actually steer that traffic to a client’s instance. And in a lot of cases…
Speaker 0 | 02:30.818
Let me translate that. Let me translate that into kind of layman terms, right? I.e. my terms and other maybe CEOs out there that could possibly be listening to this and have no clue what we’re talking about. In short, you have applications that you’re hosting up in Azure or you’re hosting in Amazon and you’re paying for expensive circuits right now to leave your building, travel all the way to that data center. and then come back or go back out into the cloud wherever they’re going. Whether that be a label maker that you’re printing for some kind of logistics company, whatever it is that you’re hosting up in the cloud, you can use essentially Kato Networks as an SD-WAN layer, ride their multi-gig backbone all the way to Azure, and you only have to jump on your backbone right down the street. You don’t have to go all the way to Seattle, let’s say, if you’re in Texas. You only need to go down the street, hop on their network. And then you’re riding a much faster backbone that’s private as well. Am I summarizing that correctly?
Speaker 1 | 03:30.083
Yeah, you did a great job with that. Correct.
Speaker 0 | 03:32.063
All right. Beautiful. So like main bullet point number one, you’re not paying for your own private expensive network. You’re leveraging somebody else’s.
Speaker 1 | 03:41.127
Yeah, exactly. And I think the core piece on that too is for folks that have a presence in AWS or Azure, a lot of folks go out and consume either an express route or a direct connect. to get there and this can completely replace that part of their their portfolio as well um in a lot of the cases we’ve built our points of presence in the same physical data center that these resources are in so you’re you’re never really on that unmanaged you know wild internet right you’re you’re on our network into the same building and you may have a an in-building cross connect for a millisecond or two to get over to the resource you need to consume
Speaker 0 | 04:17.756
So real quick, because we do have to get this done in a very quick soundbite, because I don’t want to waste a lot of people’s time. We got maybe 15 minutes here. Go over the device real quick that we’re using to connect. So we’re not looking at kind of like an SD-WAN light or a router where we’re going site to site. You guys have a little bit of a different way that you do that.
Speaker 1 | 04:38.521
Sure. So the device that we deploy on the edge, we call it a socket, but essentially it’s a low impact device that… has a couple of jobs in life and one of them is to always find the closest or best performing Cato pop to it at any given point in time of those 50 that are around the world. And the second is to, you know, set up a DTLS or secure encrypted tunnel between that site and our pop, right? So it’s going to, it’s going to. do those two things. And then all of the other heavy lifting in terms of the, the routing and the security services are all done at the, at the pop level. So it really makes that, that box easy to deploy. And it’s, it’s a really low touch box on, on the edge.
Speaker 0 | 05:19.846
Gotcha. So without mentioning any names of my customers, cause I haven’t quite gotten permission yet and they are getting permission for us to do a much larger kind of podcast on it, but we can kind of talk just in general about some of the solutions. Let’s just say hypothetically speaking, You have manufacturing in mainland China. You have manufacturing in Thailand. You have sales in the UK. You got software development in, I don’t know, India and Canada. And we need to kind of bring all these locations together on your WAN. And we’ve got traveling sales reps everywhere with mobile phones and things of the sort. Maybe speak to how you guys could… benefit in an organization like that that might get shut down when the Chinese Congress goes into power and wants to shut down all the VPNs in the country?
Speaker 1 | 06:11.096
Yeah, sure. So China is a very common use case for us. So we actually have agreements set up with the Chinese government. We see a lot of it in the manufacturing space just based on the nature of the business and the economy in China. But essentially, those different locations in China can either connect over MPLS or over internet. and MPLS and mainland China is very expensive and internet runs through the state-run firewall that the Chinese government maintains and you know enforces policy on. Unfortunately as they do that they introduce a lot of latency and packet loss as you know the an application may run through that right and one of the more common ones might be like ERP for a manufacturing facility. So what we can do is we can take that end user’s traffic we set up one of our you know, devices on the edge or a client that is on the mobility side. We’ll touch on that in a minute. But essentially, we have a couple of POPs in mainland China, and we have permission to haul that traffic out of China to our POP in Hong Kong. And at that point, it gets connected up to the rest of the world, right? So we’ve essentially bypassed the state-run firewall. So there are some caveats. I can’t get users in mainland China to, you know, to Facebook or Google or some of the same. you know, things that are blocked, but I can take them and have a secure and consistent experience in terms of, you know, latency and packet loss for business applications, right? That’s the big piece that we see where, you know, somebody needs to get to, you know, Azure or AWS or Office 365 or their ERP platform, and they struggle sometimes with, you know, a consistent performance in country, or like you said, you know, times where they may decide to block, you know, certain VPNs, or we told her maybe a month ago where, you know, China shut down access to Zoom without any real notification to folks. So on the Cato platform, you can build a simple rule that says, I want this particular application traffic to flow through Cato in Hong Kong. And those users were back on Zoom 30 seconds later after that rule set was built. So it’s a quick and easy solution, but certainly one that’s fairly common in that space.
Speaker 0 | 08:19.183
Great. Now, not everyone wants to do this and hand over their firewall rules. A lot of people do want to do that because you can make changes across your entire network. And then. in an SD-WAN scenario, but maybe talk about the firewall thing. And actually, before we even get to that, what’s this mobile security thing? Like, maybe just hit on some of the mobile security aspects where people accessing the network via their, like, a cell phone. You’ve got someone traveling from country to country, and there’s some security concerns there.
Speaker 1 | 08:45.875
Sure. So the mobility piece we see both on the security side and on the routing side. So we have a client that’s available on Windows, Mac, iOS, Android, Linux. And essentially, your users, when they connect, that client is always looking to find the closest Cato pop as well, right? So if you’re in Boston one day, in San Fran the next, in Singapore the next, it’s going to connect you to the local Cato resource versus you setting up a VPN that historically has gone back to a firewall or concentrator that may be on the other side of the world, right? So it’s reduced a lot of latency for mobile clients. So we avoid all of that. And then the security side of it is because the Cato security stack and rules live in all of those pops that are set up per customer instance. Anybody that’s in a brick and mortar building with a Cato socket or device or anyone that has our client can have the same set of rules in terms of what that experience is, what they can or can’t get to on the Internet. So we do see a lot of folks that maybe had run a VPN client on. you know, a corporate device. But they only turn it on when they need to get to a corporate resource. And if they’re browsing the web from a Wi-Fi at Starbucks, they’re not sitting behind any security policy. So we solve quite a bit on that side and provide some value for IT staff to not have to worry about certain things that maybe their end users are getting themselves in trouble with.
Speaker 0 | 10:17.619
Gotcha. Now, so last thing. speaking specifically to mid-market IT directors that might have a staff of one person, five people, and a thousand end users in multiple, multiple locations. And just speak to kind of maybe the managed firewall and how that’s been a blessing for some people just as far as making changes and really cutting back on time and, you know, just really kind of freeing up your life in general.
Speaker 1 | 10:48.439
Sure. So we talk to folks all the time in that mid-market space that, you know, may have, you know, aging firewalls that are out at multiple locations, you know, around the U.S., around the world. And anytime they want to make a rule change or, you know, patch or upgrade or anything, they have to log into individual firewalls to make those changes. And a lot of times you’re making the same rule change and, you know, multiple firewalls. And it consumes a lot of your time and energy. And it often involves, you know, paying maintenance on a bunch of different, you know. firewalls that are spread out throughout the world. So, Cato’s model is a bit different. Again, as you connect, your traffic flows through that Cato POP, right? So, all of your traffic, whether it’s site-to-site or internet-bound traffic, we see at our POP and we let you build out a set of rules there, right? So, we have kind of our WAN firewall rules, essentially, you know, site-to-site or user-to-user or user-to-application, whatever you’d like to see on that side. And then we have our own set of internet firewalls, you know, rules that you can build out as well. So, you know, just protecting in terms of what users have access to, providing IPS, anti-malware, all of those advanced threat protection services that, you know, folks are looking to have available. But it’s done through one set of rules and one orchestrator and distributed throughout the world at that point. Again, for folks that are, you know, in an office sitting behind one of our appliances or anybody that is using that mobile client as well. So definitely a different approach and certainly one that’s easier to manage than.
Speaker 0 | 12:16.715
than a lot of different disparate boxes in other words they don’t have to be in the office they could be at a laptop on the beach hopefully and they could log into your gui and make changes across their entire organization that is exactly correct okay i mean i like to put this in realistic terms here you know um and i think we’re we’re both rooting for them to be on the beach somewhere right um all right man thank you uh so much for taking this call real quick with me uh this is And what I’ll do is I’m going to actually, I might even have this transcribed. I’m definitely going to produce this recording and I’ll send it back to you so you can have it as well to deliver to whoever you like, man. And thanks for doing this call real quick. And we’ll talk soon.
Speaker 1 | 12:57.990
Sounds good, Phil. Appreciate it.
Share This Episode On:
Are You The Nerd We're Looking For?
ATTENTION IT EXECUTIVES: Your advice and unique stories are invaluable to us. Help us by taking this quiz. You’ll gain recognition good for your career and you’ll contribute value to your fellow IT peers.
Hosted by IT Leaders... for IT Leaders
Resources
Recent Episodes
Company
© Dissecting Popular IT Nerds INC
All Rights Reserved | Terms and Conditions | Privacy Policy