Why Cato will beat legacy techs in the SASE race

In a recent article, a Fortinet executive said: “It’s impossible for a company like a Cato to build all these things out. It’s just incredibly hard for a small company.”.

Here is my take.

It is true that Cato’s vision is one the biggest undertakings in IT infrastructure over the past two decades. We set out to create a completely new way of delivering and consuming networking and security services from the cloud. To do that, we built a full stack of routing, optimization, deep packet inspection, and traffic processing engine. We built, from scratch, all these capabilities as an elastic cloud service running on 58 global Points of Presence (PoPs) processing multi-gig traffic streams for hundreds of customers, thousands of locations, and hundreds of thousands of remote users.

And we did it in less than 5 years.

Gartner says: “While the term originated in 2019, the architecture has been deployed by early adopters as early as 2017.” There was only one SASE company in 2017: Cato Networks. Cato is the inspiration for SASE, and the most mature SASE platform in the market today.

Company size comes with age, company DNA is determined at birth. Fortinet is 20 years old; Palo Alto Networks is 15; Checkpoint is 27; and Cisco is 36. When you think about their appliance roots as well as the companies they acquired over the years, it becomes clear, that there is a huge amount of redundancy and waste. Imagine buying another appliance company when you have your own appliances. All the effort that went into creating the appliance, the operating system, the management, the performance optimization – everything that isn’t the actual value-added functionality – all that effort is wasted. And then you must integrate it all. The same is true when you think about new product releases: How much net new functionality is broadly used? Many new features are needed by only a few large customers. Huge efforts go into patching of bugs. And, with appliances, everything takes forever – a typical release cycle of new appliance software can take a year, which then generates a wave of bug fixes that slows innovation to a crawl.

Cato is leveraging a “build once, use for everything” platform. When we built a multi-gig packet processing engine, we could immediately deploy it for routing, decryption, intrusion prevention, anti-malware, and URL filtering. This engine looks at every packet and implement a single pass processing of that packet for multiple networking and security objectives. We don’t have multiple appliances or code bases, we have a single code base on a single CPU that processes the stream coming from any source: branch, user, cloud. Cato doesn’t have to develop, re-develop, acquire, rationalize, integrate, package and deliver multiple products that will never work as “one”. If Cato wants to process the stream for new additional capabilities such as data security, the effort will be about 10% of what a new company in data security will need to invest to deliver that functionality. This is because all the engines, infrastructure, and operational know-how are already built and tested.

We also have the benefit of hindsight. If 80% of functionality that is built into products is never broadly adopted, we can work with our customers to deliver the exact capabilities they need, when they need it. After all, SASE isn’t about totally new capabilities, but the delivery of existing capabilities via the cloud. Using an agile DevOps process, we can build these capabilities at high velocity, deploy them into the cloud, and immediately get feedback on how they are used and how they should evolve. No appliance company can match that.

If you have the right architecture, building these incremental capabilities, simply isn’t the “impossible challenge” an appliance-centric company will make you believe it is. In fact, the appliance baggage and heaps of dated technologies from acquisitions, prevent these large companies from delivering a SASE platform in time, if ever.

Stay tuned, as Cato continues to roll out new SASE capabilities at Cloud speed, making them available with a click of a button.