The Cato Journey – Bringing SASE Transformation to the Largest Enterprises  

Listen to post: Getting your Trinity Audio player ready...

One of the observations I sometimes get from analysts, investors, and prospects is that Cato is a mid-market company. They imply that we are creating solutions that are simple and affordable, but don’t necessarily meet stringent requirements in scalability, availability, and functionality.  

Here is the bottom line: Cato is an enterprise software company. Our mission is to deliver the Cato SASE experience to organizations of all sizes, support mission critical operations at any scale, and deliver best-in-class networking and security capabilities.  

The reason Cato is perceived as a mid-market company is a combination of our mission statement which targets all organizations, our converged cloud platform that challenges legacy blueprints full of point solutions, our go-to-market strategy that started in the mid-market and went upmarket, and the IT dynamics in large enterprises. I will look at these in turn.  

The Cato Mission: World-class Networking and Security for Everyone  

Providing world class networking and security capabilities to customers of all sizes is Cato’s reason-for-being. Cato enables any organization to maintain top notch infrastructure by making the Cato SASE Cloud its enterprise networking and security platform. Our customers often struggled to optimize and secure their legacy infrastructure where gaps, single points of failure, and vulnerabilities create significant risks of breach and business disruption. 

Cato SASE Cloud is a globally distributed cloud service that is self-healing, self-maintaining, and self-optimizing and such benefits aren’t limited to resource constrained mid-market organizations. In fact, most businesses will benefit from a platform that is autonomous and always optimized. It isn’t just the platform, though. Cato’s people, processes, and capabilities that are focused on cloud service availability, optimal performance, and maximal security posture are significantly higher than those of most enterprises.  

Simply put, we partner with our customers in the deepest sense of the word. Cato shifts the burden of keeping the lights on a fragmented and complex infrastructure from the customer to us, the SASE provider. This grunt work does not add business value, it is just a “cost of doing business.” Therefore, it was an easy choice for mid-market customers that could not afford wasting resources to maintain the infrastructure. Ultimately, most organizations will realize there is simply no reason to pay that price where a proven alternative exists.  

The most obvious example of this dynamic of customer capabilities vs. cloud services capabilities is Amazon Web Services (AWS). AWS eliminates the need for customers to run their own datacenters and worry about hosting, scaling, designing, deploying, and building high availability compute and storage. In the early days of AWS, customers used it for non-mission-critical departmental workloads. Today, virtually all enterprises use AWS or similar hyperscalers as their cloud datacenter platforms because they can bring to bear resources and competencies at a global scale that most enterprises can’t maintain.  

AWS was never a “departmental” solution, given its underlying architecture. The Cato architecture was built with the same scale, capacity, and resiliency in mind. Cato can serve any organization.  

The Cato SASE Cloud Platform: Global, Efficient, Scalable, Available 

Cato created an all-new cloud-native architecture to deliver networking and security capabilities from the cloud to the largest datacenters and down to a single user. The Cato SASE Cloud is a globally distributed cloud service comprised of dozens of Points of Presence (PoPs). The PoPs run thousands of copies of a purpose-built and cloud-native networking and security stack called the Single Pass Cloud Engine (SPACE). Each SPACE can process traffic flows from any source to any destination in the context of a specific enterprise security policy. The SPACE enforces application access control (ZTNA), threat prevention (NGFW/IPS/NGAM/SWG), and data protection (CASB/DLP) and is being extended to address additional domains and requirements within the same software stack. 

Large enterprises expect the highest levels of scalability, availability, and performance. The Cato architecture was built from the ground up with these essential attributes in mind. The Cato SASE Cloud has over 80 compute PoP locations worldwide, creating the largest SASE Cloud in the world. PoPs are interconnected by multiple Tier 1 carriers to ensure minimal packet loss and optimal path selection globally. Each PoP is built with multiple levels of redundancy and excess capacity to handle load surges. Smart software dynamically diverts traffic between PoPs and SPACEs in case of failure to ensure service continuity. Finally, Cato is so efficient that it has recently set an industry record for security processing — 5 Gbps of encrypted traffic from a single location.  

Cato’s further streamlines SOC and NOC operations with a single management console, and a single data lake providing a unified and normalized platform for analytics, configuration, and investigations. Simple and streamlined is not a mid-market attribute. It is an attribute of an elegant and seamless solution.  

Go to Market: The Mid-Market is the Starting Point, Not the Endgame 

Cato is not a typical cybersecurity startup that addresses new and incremental requirements. Rather, it is a complete rethinking and rearchitecting of how networking and security should be delivered. Simply put, Cato is disrupting legacy vendors by delivering a new platform and a completely new customer experience that automates and streamlines how businesses connect and secure their devices, users, locations, and applications.  

Prospects are presented with a tradeoff: continue using legacy technologies that consume valuable IT time and resources spent on integration, deployment, scaling, upgrades, and maintenance, or adopt the new Cato paradigm of simplicity, agility, always on, and self-maintaining. This is not an easy decision. It means rethinking their networking and security architecture. Yet it is precisely the availability of the network and the ability to protect against threats that impact the enterprise’s ability to do business. 

Cato SASE vs. The SASE Alternatives | Download the eBook

With that backdrop, Cato found its early customers at the “bottom” of the mid-market segment. These customers had to balance the risk of complexity and resource scarcity or the risk of a new platform. They often lacked the internal budgets and resources to meet their needs with existing approaches; they were open to considering another way.  

Since then, seven years of technical development in conjunction with wide-spread market validation of single-vendor SASE as the future of enterprise networking and security have led Cato to move up market and acquire Fortune 500 and Global 1000 enterprises at 100x the investment of early customers – on the same architecture. In the process, Cato replaced hundreds of point products, both appliances and cloud- services, from all the leading vendors to transform customers’ IT infrastructure.  

Cato didn’t invent this strategy of starting with smaller enterprises and progressively addressing the needs of larger enterprises. Twenty years ago, a small security startup, Fortinet, adopted this same go-to-market approach with low-cost firewall appliances, powered by custom chips, targeting the SMB and mid-market segments. The company then proceeded to move up market and is now serving the largest enterprises in the world. While we disagree with Fortinet on the future of networking and security and the role the cloud should play in it, we agree with the go-to-market approach and expect to end in the same place.  

Features and Roadmap: Addressing Enterprise Requirements at Cloud Speed 

When analysts assess Cato’s platform, they do it against a list of capabilities that exist in other vendors’ offerings. But this misses the benefit of hindsight. All too often, so-called “high-end features” had been built for legacy conditions, specific edge cases, particular customer requirements that are now obsolete or have low value. In networking, for example, compression, de-duplication, and caching, aren’t aligned with today’s requirements where traffic is compressed, dynamic, and sent over connections with far more capacity that was ever imagined when WAN optimization was first developed.  

On the other hand, our unique architecture allows us to add new capabilities very quickly. Over 3,000 enhancements and features were added to our cloud service last year alone. Those features are driven by customers and cross-referenced with what analysts use in their benchmarks. For that very reason, we run a customer advisory board, and conduct detailed roadmap and functional design reviews with dozens of customers and prospects. Case in point is the introduction of record setting security processing — 5 Gbps of encrypted traffic from a single location. No other vendor has come close to that limit.  

The IT Dynamics in Large Enterprises: Bridging the Networking and Security SILOs 

Many analysts are pointing towards enterprise IT structure and buying patterns as a blocker to SASE adoption.  IT organizations must collaborate across networking and security teams to achieve the benefits of a single converged platform. While smaller IT organizations can do it more easily, larger IT organizations can achieve the same outcome with the guidance of visionary IT leadership. It is up to them to realize the need to embark on a journey to overcome the resource overload and skills scarcity that slows down their teams and negatively impacts the business. Across multiple IT domains, from datacenters to applications, enterprises partner with the right providers that through a combination of technology and people help IT to support the business in a world of constant change.  

Cato’s journey upmarket proves that point. As we engage and deploy SASE in larger enterprises, we prove that embracing networking and security convergence is more of matter of imagining what is possible. With our large enterprise customers’ success stories and the hard benefits they realized, the perceived risk of change is diminished and a new opportunity to transform IT emerges.  

The Way Forward: Cato is Well Positioned to Serve the Largest Enterprises 

Cato has reimagined what enterprise networking and security should be. We created the only true SASE platform that delivers the seamless and fluid experience customers got excited about when SASE was first introduced.  We have matured the Cato SASE architecture and platform for the past eight years by working with customers of all sizes to make Cato faster, better, and stronger. We have the scale, the competencies, and the processes to enhance our service, and a detailed roadmap to address evolving needs and requirements. You may be a Request for Enhancement (RFE) away from seeing how SASE, Cato’s SASE, can truly change the way your enterprise IT enables and drives the business.