Tales from the Trenches: What I Love About My Cato CloudDecember 11, 2018
I’ve been an IT manager for a long time, only recently joining the Cato team. Prior to Cato, you might say that I lived my life in a box — a Cisco box, a Palo Alto box, a Checkpoint box….you get the point. Now, as the IT manager at Cato, I’ve been using Cato Cloud to run Cato’s internal network. I’ve seen first hand how Cato can simplify the life of an IT manager. Below are some of my tips and observations for how I’ve gotten the most of being “out of the box” with this cloud-based security and networking service.
- Bye, bye VPN. I don’t know about you but I’ve never liked my mobile VPN. It’s a pain to configure and even once you get it operational, performance can be pretty debilitating. I used to field many complaints from salespeople or executives on the road as to “how $%^* bad my mobile connection is working.” When I got to Cato, I fell in love with Cato Cloud’s mobile capabilities. The Cato mobile client works faster than any VPN I’ve experienced. Instead of having to connect back to a home office across the globe, the Cato mobile client connects to the nearest Cato PoP regardless of where in the world the device is. All of which cuts latency down because the traffic has less distance to travel and, more importantly, makes for happier roaming executive.
- The cloud in my pocket. Before joining Cato, my users would constantly complain about the performance of cloud resources. With the Cato Cloud, my offices feel like they sit right next to the biggest cloud services around, like AWS, Azure, Office 365 and Jira. The performance is that good. That’s because Cato co-locates many of our PoPs in the same physical data centers as the IXPs of leading cloud providers. I’ve been able to configure rules such that our Office 365 traffic from our Tel Aviv office, for example, enters through our Tel Aviv PoP, travels across the Cato Cloud network and, then egresses in Amsterdam right next to the Internet destination. The alternative would have been sending the traffic across the Internet core which is always a crapshoot.
- A huge time saver. I used to waste what felt like hours each month jumping between consols, figuring out new UIs, and the like. The simplicity of managing my Cato network has meant I can save a ton of time on the most mundane things like setting up security policies, onboarding new users, or managing a branch. I can’t quantify exactly how much time has been saved but I can tell it’s a lot. Who couldn’t use more time in their workday?
- The eye in the sky. Cato gives me real-time transport monitoring through a single pane of glass. This helps me keep an eye on the Internet lines, in particular, in the event of a slowdown during the workday. In the days before we enabled bandwidth throttling, a worker started to upload 520 GB of files to Amazon S3, hogging the site’s upstream capacity. I was quickly able to see which user, what application and what type of traffic was responsible for this massive slowdown and, politely, get him to stop.
- Real-time network monitoring makes me look smarter than my users. I use Cato’s analytics to monitor our Internet service usage and the connectivity of our branches. If there’s a problem, I’m the first one to get notified. I get a good chuckle when my sales guys in Atlanta are surprised to find out that they’re having an Internet problem — and I’m already working on it from halfway across the globe.
- Security is so much simpler than with a traditional network. With traditional firewalls and security appliances, you need to know the nuances of the different systems you’re working with. They might all block access to specific IPs but some had you thinking in terms of applications while most others built rules based on IP. The transition can be confusing and that’s just one example. Security rules in Cato Cloud were, well, simple. I could choose to define rules how it was most conformable to me — by IP, application, and even by user identity. There aren’t a lot of “vendor extensions” that need to be mastered just to get your security going. If you know the basics of firewall operation that’s enough.
- Keeping tabs on security. In most legacy systems that I worked with there was a possibility of receiving a daily or weekly report of security incidents but nothing in real-time. Even with a SIEM, we’d need to have someone examine the logs and reports to determine if there’s been an attack. It meant I was constantly reacting to incidents, a step behind the attackers launching the attacks and often the users who were calling about them. Cato’s real-time alert security notifications put me ahead of our security threats and complaints. I receive email notifications when “something’s up” and can take action right from my mobile device, if necessary.
As an IT manager, I appreciate the simplicity of setting up and managing my company’s network and all the security we need for our users, branches, applications, and data. Cato Cloud might have been early when I first looked at it years ago, but now it’s definitely time for everything the Cato Cloud has to offer.