New Gartner Report Identifies Four Missed Tips When Evaluating SASE Platform Capabilities

Gartner has long been clear about the core capabilities that comprise a SASE solution. And as a Representative Vendor in the 2022 Gartner® Market Guide for Single-Vendor SASE, Cato meets those capabilities delivering SWG, CASB, ZTNA, SD-WAN, FWaaS, and Malware inspection all at line-rate operation even when decrypting traffic.  

While a single platform providing those capabilities is certainly impressive, we at Cato have never thought those features alone make for a single-vendor SASE platform. To radically simplify and improve their security and network operations, IT teams require a fully converged platform. Platforms where capabilities remain discrete and fail to share context and insight forces IT operation to continue juggling multiple consoles that leads to the difficulties IT has long faced when troubleshooting and securing legacy networks. 

Gartner would seem to agree. In the 2022 Gartner Market Guide for Single-Vendor SASE (available here for download),  Gartner explains how the core capabilities of a well-architected single-vendor SASE offering should be integrated together, unified in management and policy, built on a unified and scalable architecture and designed in a way that makes them flexible and easy to use. 

You Say Integrated, We Say Converged 

What Gartner describes as integrated we prefer to call converged. But whether it’s converged or integrated we both agree on the same point — all capabilities must be delivered as from one engine where event data is stored in one common repository and surfaced through a common analytics engine. 

Cato Networks Has Been Recognized as a Representative Vendor in the 2022 Gartner® Market Guide for Single-Vendor SASE | Read now

Unified Management and Policy: Essential for Visibility and Enforcement 

Arguably the biggest operational challenge for legacy networks post-deployment is with data distributed across appliances and, by extension, data repositories. How do operational teams quickly identify and address and diagnose potentially malicious or problematic activity and then enforce consistent security policies across the enterprise? And, as a cloud service, how is that done in a way that gives enterprise customers complete control over their own networks while running on a shared platform?

At Cato, we’ve developed the Cato SASE Cloud so that a single management console gives enterprises control over all Cato capabilities – networking and security. A single policy stack uses common data objects enabling enterprises to set common security policies for users and resources in and out of the office. And the Cato architecture is a fully multitenant, distributed architecture giving users complete control over and visibility into their own networks.  

The Cloud Provides Unified and Scalable Architecture

With legacy networks, IT teams must invest considerable time and resources on maintaining their branch infrastructure. Appliances need to be upgraded as new capabilities are enabled or traffic volumes grow.  And with each new security feature enabled, there’s a performance hit that further degrades the user experience.  

All of which is why Cato built the Cato SASE Cloud platform on a global network of PoPs. Every Cato PoP consists of multiple compute nodes with multiple processing cores, with each core running a copy of the Cato Single Pass Cloud Engine (SPACE), Cato’s converged networking and security software stack. Cato SPACE handles all routing, optimization, acceleration, decryption, and deep packet inspection processing and decisions. SPACE is a single-pass architecture, performing all security inspections in parallel, which allows Cato to maintain wire-speed inspection regardless of traffic volumes and enabled capabilities.

Make it Flexible, Make it Easy

With legacy networks, IT leaders had a tough choice: backhaul traffic to a central inspection point simplifying operations, but add latency and undermine performance, or inspect traffic on-site for better performance but far more complicated operations and deployment.   

At Cato, we found a different approach: bring processing as close to the user as possible by building out a global network of PoPs. With the Cato SASE Cloud spanning so many PoPs worldwide, enterprise locations are typically within 25ms RTT of a Cato PoP. In fact, today, Cato serves 1,500 enterprises customers with sites and users in 150+ countries. With PoPs so nearby, enterprises gain the reduced latency experience of local inspection without burdening IT. All with the simplicity of a cloud service. 

Single-Vendor SASE: It’s Not Just About the Features

SASE didn’t introduce new capabilities per se. Firewalling, SWG, CASB, ZTNA, SD-WAN, and malware inspection — all of SASE’s core capabilities receded SASE. What SASE introduced was a new way of delivering those capabilities: a singular cloud service where the capabilities are truly one — fully converged (or integrated) together — managed from one console and delivered globally from one platform, everywhere. Yes, evaluating features must be part of any SASE platform assessment, but to focus on features is to miss the point. It is the SASE values of convergence, simplicity, ubiquity, and flexibility — not features — that ultimately differentiate SASE platforms. 

Related Topics