Customer Success Stories

“With Cato we have a good, solid sedan with the speed of a Porsche that got us exactly where we needed to go fast.”
icon

Rodney Masney ,

Chief Information Officer

Customer Success Stories

With Cato, we got the functionality of SD-WAN, a global backbone, and security service for our sites and mobile users, integrated together and at a fraction of the cost.
icon

Willem-Jan Herckenrath,

Manager ICT

Customer Success Stories

Since we moved to Cato, our bandwidth increased by approximately 30 times the speed we had before. We’ve stopped receiving complaints since deploying Cato.
icon

Steve Waibel,

Director of IT

Customer Success Stories

With Cato we have a very flexible supplier that understands our requirements and is there when we need help.
icon

Jan Jørgensen,

IT Project Leader, The Flügger Group

Customer Success Stories

The big difference between Cato and other solutions is the integration of network management and security.
icon

Yoshiaki Kushiyama,

Senior Manager, Information Systems, Juki

Customer Success Stories

I’m convinced Cato’s architecture is the future of the WAN. It’s great to be part of it.
icon

Daniel Sollberger,

Lead, Global Based IT Infrastructure

Customer Success Stories

“Cato allowed us the flexibility to incorporate our WAN, Internet and remote access solutions into one neat package that could be managed with a small team of people.”
icon

Joel Jacobson,

Global WAN Manager

Customer Success Stories

Cato’s management interface was so easy to use compared to those of the traditional SD-WAN players we looked at.
icon

Thomas Chejfec,

Group CIO, Haulotte

Customer Success Stories

I see Cato SASE as a tool for digital transformation promotion. Being able to work productively and securely anywhere gives a great boost to all our digital transformation initiatives.
icon

Hitoshi Kusunoki,

Information Planning Department

Customer Success Stories

“Cato’s biggest benefit from my point of view is that our network operators no longer need any specialized knowledge.”
icon

Takashi Nakajima,

Head of the Digital Transformation (DX) Promotion Division and Chief of Business Operations

Customer Success Stories

“When we chose it over a year ago nobody was talking about SASE. Now, everybody is moving towards SASE and you can see it discussed in all the IT media.”
icon

James Bonnaventure,

CTO, Fidal

Customer Success Stories

We have a very close relationship with Cato’s account management team. We get a sense that we are always on their mind, that they understand our business, and their solutions are aligned with our needs.
icon

Kevin Juma,

Technology Operations Manager

Customer Success Stories

"With the Cato SASE Cloud from Cato Networks, we were able to connect locations and employees securely, easily and quickly. We now have the IT solution in-house and can adapt the infrastructure to our needs at any time with the desired flexibility."
icon

Ralf Luchsinger,

Chief IT, Service and Provider Management, Bank Avera

Customer Success Stories

“Thanks to Cato, I can stand by my promises and feel comfortable we can deliver on the company’s business needs quickly, efficiently, and securely.”
icon

Jesper Hjørland ,

Service Manager for Network and Connectivity

Customer Success Stories

“I would recommend the Cato SASE solution to any healthcare organization that needs simple yet very secure connectivity among regional and local sites, remote users, and the cloud.”
icon

Alvin Lim,

Group Technology and Information Security Director

Customer Success Stories

“I know that my company is secure, that all my sites and users can connect with the same solution, and that every time I need something from Cato, they’ll listen carefully and come through. Thanks to Cato I can sleep at night.”
icon

Shira Baum,

CIO

Customer Success Stories

"We have improved the performance of every application on the network by rolling out Cato, We don’t hear about network slowness; we don’t hear complaints."
icon

Nick Hidalgo,

VP, Information Technology

Customer Success Stories

“There are not many times as a CIO that you can check the box in all these areas – faster, more secure, happy users, and a happy team – all for less cost and more business value. That’s the Cato SASE Cloud Platform.”
icon

Dustin Collins,

Global CIO

Customer Success Stories

The Cato team was interested in helping us succeed. After meeting their customer success manager and voicing our feedback on the product, Cato went out and changed the product. That’s what I call partnership.
icon

John Lim Ji Xiong,

Chief Digital Officer

O-I Taps Augmented Reality and Cato SASE Cloud to Realize “Impossible-to-Count” Savings
Alewijnse Transforms Global, Real-Time WAN with Cato Secure SD-WAN
Brake Masters Puts the Brakes on Outages Across 71 Sites with Cato
The Flügger Group Gains Network Flexibility and Security with Cato and Secher Security
JUKI Ramps Up COVID-19 Telework, Boosts Remote Cloud Performance with Cato
Komax Drives Innovation, Cloud Connectivity, and Mobile Collaboration with Cato
Vitesco Technologies Builds New Global Enterprise Network with Cato
Haulotte Halves Network Costs and Boosts Application Performance By Migrating from MPLS to Cato
Waseda University Enables Universal Secure Remote Learning and Digital Transformation with Cato
Topcon Achieves a Fast, Secure Global WAN with Cato
Fidal Boosts WAN Performance, Cuts Costs in Half by Switching from MPLS to Cato
CloudFactory Boosts Network Scalability, Agility, and Security with Cato
Cato SASE Cloud secures networking of Bank Avera locations and its mobile employees
Fiskars Group Boosts Business Agility and Security with Cato SASE
Fullerton Health Builds a Secure SASE Linking 550 Locations and the Cloud, Thanks to Cato
AFI Properties Cures ERP Woes Through Network Transformation with Cato SASE Cloud
How Redner’s Markets Transformed the Retail Experience by Transforming its Network with Cato
Chemical Manufacturer ESI Reduces the Time to Integrate Acquired Companies by 80% with Cato  
Gamuda Redefines IT Operations with the Cato SASE Cloud Platform 

Customer success stories

Forvis Mazars Transforms Network with Cato and Accelerates Customer Innovation 

Financial Services

Forvis Mazars Transforms Network with Cato and Accelerates Customer Transformations
Forvis Mazars Transforms Network with Cato and Accelerates Customer Innovation  Frank Keessen, CIO of the Forvis Mazars Group, transformed the company’s traditional network infrastructure with firewalls, MPLS connections, and data centers into a secure plug-and-play network delivered 'as a Service' by Cato Networks and its partner, IPknowledge.   By doing so, Keessen can now focus on his main task: advancing digital solutions and innovation for Forvis Mazars' clients together with his IT team while safeguarding the continuity of all digital aspects of the Forvis Mazars business. He can also have a good night's sleep with his network running on Cato SASE Cloud while IPknowledge monitors and supports him 24/7.  Forvis Mazars delivers audit, tax, and advisory services across the globe to prepare its clients for the challenges of tomorrow.  As its clients' most trusted advisors,  Forvis Mazars takes good care of their data and ensures they handle it in a reliable and secure manner.  “We used to work with different vendors and solutions to build global connectivity. It proved to be complex to manage our network because each vendor has its own policies and procedures and uses different technologies,” says Keessen. “This makes it difficult to manage global security and to solve issues. To handle this, we had to acquire know-how and technology for each vendor to manage it. Doing this ourselves takes time, attention, and resources and is prone to errors. When an issue arises, the time it takes to pinpoint and solve the problem can be extensive, with an immediate effect on the customer experience and thus the business.”   Moreover, the world of network security has changed a lot. “With more people using the cloud and working from anywhere, we face new security challenges. For example, there is a growing number of user devices we have to connect and protect,” he says  Security is not just about the IT department anymore; it requires a much more integrated approach that has to be addressed company wide.  “So, we need to get ready and make sure we can keep our data safe in the future,” he says.   Forvis Mazars turned to its trusted partner, IPknowledge. The IPknowledge team introduced its Secure Network as a Service concept based on the Cato SASE Cloud Platform.  The team created a test environment by isolating part of the Forvis Mazars’ network. A parallel connection was established to facilitate communication with the Cato SASE Cloud Platform powering Secure Network as a Service.  “The solution from Cato Networks turned out to be easy to use while offering all the functionalities we need,” says Robert Reijerkerk, technical engineer at Forvis Mazars. “In the past, setting up an MPLS connection, for example, was very complex and required extensive network knowledge. Moreover, connecting routers to each other was time-consuming. SASE SD-WAN has simplified this to installing a standard Socket that establishes a secure connection with Azure.”   Read this case study to learn more about Forvis Mazars’ experience and lessons learned while deploying Cato and working with IPknowledge. 
Read customer story Search
Gamuda Redefines IT Operations with the Cato SASE Cloud Platform 

Construction

Gamuda Redefines IT Operations with the Cato SASE Cloud Platform 
Gamuda Redefines IT Operations with the Cato SASE Cloud Platform  Underneath Kuala Lumpur runs one of the greatest tunnels in the world. Spanning 6.02 miles (9.7 kilometers), the Stormwater Management and Road Tunnel (SMART) is the world’s first dual-purpose tunnel, serving as a storm drainage and road structure. Kuala Lumpur is often affected by heavy torrential rainfall. To prevent major flooding, especially within flood-prone areas in the city center, the country built SMART, which can be flooded to divert stormwater and turned back to function as a double-decking motorway within a few hours. The engineering brains behind this marvel? Malaysia-based Gamuda Berhad (Gamuda).  An award-winning engineering, property, and infrastructure company, Gamuda’s projects extend far beyond Malaysia’s borders, from the Sydney Metro West-Western Tunnelling Package in Australia, marine engineering projects in Taiwan, and the development of the prestigious 75 London Wall in the UK. “Construction is known to be one of the oldest industries in the world, but it is set for huge growth,” says John Lim Ji Xiong, the Chief Digital Officer at Gamuda.   Lim heads up an innovation team whose primary function is to ensure that Gamuda can continue to build capabilities to sustain its growth. IT is part of that effort. “You’re starting to see a lot more investment in infrastructure worldwide,” says Lim. “As populations grow in urban centers, we need better transport and utility infrastructure. With climate change being a big priority, renewable energies in construction are also a huge sector.”  To those ends, Lim led a SASE vendor evaluation and, ultimately, a digital transformation project that saw the adoption of the Cato SASE Cloud Platform. "As a decision maker, I have peace of mind sleeping at night knowing that we are well protected through our partnership with Cato,” says Lim. “One thing that struck me about the Cato team was their interest in helping us succeed. After meeting their customer success manager and voicing our feedback on the product, Cato went out and changed the product. That’s what I call partnership.”  Tripling Size in Three Years: A Lofty Goal Undermined by Legacy Infrastructure  Several years ago, Gamuda was still a Malaysian-only company looking to triple its revenue and order book within three years and expand internationally. Strategic partnerships were a key part of that strategy, and Gamuda needed a way to integrate companies faster. Operationally, Lim knew the IT organization would have to evolve to support that growth for many reasons.   Gamuda had accumulated over 103 different point solutions, including firewall appliances for securing sites, MPLS for connecting them, VPN servers for remote users, and additional software and hardware for multifactor authentication. The sheer complexity of legacy infrastructure impacted the company’s security posture, IT operations, and user experience.  Users had to VPN into the network with one vendor’s technology and authenticate with multi-factor authentication from a different vendor. Connections weren’t fast enough as well. “It became a whole nightmare,” says Lim.  The usability problem extended to IT operations. IT had to administer each of the branch firewalls separately. “We’re talking 100 offices or more. It was a big job,” Lim says.   Maintaining the firewalls was so complex and time-consuming that corners were cut. It wasn’t long before ransomware got into the network. “Before I joined Gamuda, the team had backups so they could recover, but it meant scanning the environment and trying to make sure that every device was secure. Every laptop, without exception, needed to be returned to the office for scanning.  It was quite an undertaking,” Lim says.    Cato: A Single Platform Administered Through a Single Console   Lim wanted a platform that could simplify their process, be easy to understand, and not add more tools to an already complicated legacy IT framework. The platform also needed to be agile to accommodate the many teams working on construction and engineering sites in remote locations.   The company had already moved applications to the cloud when they learned about Cato. “It’s about simplifying and standardizing,” says Lim. “Cato provides us a single pane of glass and a single broker that everybody connects to, whether in the cloud, or in the field. We would have clear controls around who has access to what, regardless.”  The Cato SASE Cloud Platform optimally connects and secures all Gamuda’s network “edges,” including branch locations, the hybrid workforce, and physical and cloud data centers, sending traffic to the optimal Cato Point of Presence (PoP), which for Malaysia is in Kuala Lumpur, or one of the 90+ other Cato PoPs worldwide. All PoPs run the same cloud-native Cato’s Single Pass Cloud Engine (SPACE) architecture, share the same functionality, and are interconnected by Cato’s optimized, global private backbone.  Traffic received at the Cato SASE Cloud Platform is optimized, secured, and directed across the optimum path to its destination. Cato SSE 360, the security portion of Cato SPACE, converges network segmentation and zero-trust (FWaaS), threat prevention (SWG, IPS, NGAM, DNS Security, RBI), and application and data protection (CASB, DLP, ZTNA) into a single-pass architecture. Extended Detection and Response (XDR) provides incident management involving all of these capabilities; network management is provided through the Cato Management Application.   Gamuda provides locations with resilient and secure connectivity to the Cato SASE Cloud Platform using Cato Sockets, Cato’s edge SD-WAN device. Secure work from anywhere is provided with Cato’s scalable ZTNA clients. Gamuda also has the option for secure clientless access. Gamuda connects cloud resources via IPsec tunnels.   Gamuda Improves Security Posture, Uplevels IT Operations, and More  Lim and his team deployed the Cato SASE Cloud Platform, connecting and securing 77 sites and 2047 remote users while replacing the numerous networking and security appliances previously comprising the Gamuda infrastructure.   By moving to Cato, Lim realized significant cost savings by eliminating MPLS, branch firewall appliances and their support contracts, VPN servers, and MFA infrastructure. Gamuda also realized savings in less obvious ways, such as eliminating thin-client licensing costs (500,000 Malaysian Ringgits a year (about $115,000).   With a leaner, smarter infrastructure, IT operations shifted towards more strategic work. “Since we have deployed Cato, a lot of our people have started moving more from the day-to-day mindset of operations to strategically thinking about the threats that we face today and the mitigation measures we need to employ. And I think that's a profound shift,” says Lim.   Gamuda could now consider DLP and XDR, which previously would have been too difficult to deploy or to use. Overall, Lim significantly improved Gamuda’s security posture with Cato. “Cato has enabled us as a company to focus on threat hunting. In fact, it has even shown us areas where, in the past, we might not have known that it could have been an issue,” says Lim. “We are very confident that we have a much better security posture.”  Completing the IT work of acquisitions also took less time. “When we acquired DT Infrastructure from Downer Group in Australia, the transaction brought on about 1,200 more staff and tens of sites that we had to manage,” says Lim. “We aimed for a transition and cut off from the parenting company within 12 months. With Cato in place, we achieved that within nine months.”  Cato: A Partnership, Not Just a Technology  For Lim, the move to Cato has been an enormous growth opportunity. But just as important as the technology behind Cato has been the relationship with Cato.   “Partnering with Cato has been the right decision,” he says. “I think there's been a bond of trust that we have built between our companies, and that's very important to me as a decision-maker. Cato is interested in our success, which has enabled us to achieve stellar results.” 
Read customer story Search
Chemical Manufacturer ESI Reduces the Time to Integrate Acquired Companies by 80% with Cato  

Manufacturing

Chemical Manufacturer ESI Reduces the Time to Integrate Acquired Companies by 80% with Cato 
Chemical Manufacturer ESI Reduces the Time to Integrate Acquired Companies by 80% with Cato   Speak with IT leaders about the challenges facing mergers and acquisitions (M&As), and “beating the clock” is a common theme. When companies sign the papers to merge or be acquired, the clock is ticking for IT teams to integrate the two organizations.   “It’s about making one plus one equal three,” says Dustin Collins, Global CIO of Element Solutions Inc (ESI), a leading global specialty chemicals company that has completed many acquisitions. “With every new addition, the name of the game is synergies. The sooner these companies can be integrated into ESI’s processes, the sooner the investments can contribute to our bottom line.”  Collins was a seasoned IT veteran even before he came to ESI.  Versed in the financial and technical aspects of leading IT teams, Collins led diverse projects ranging from service desk consolidation to modernizing the user experience with Microsoft tools to a global SD-WAN deployment. But it was at ESI that he encountered the “M&A Challenge.”  The $2.33 billion specialty chemical manufacturer operates 130 locations and 5,000+ remote users in 100+ countries worldwide. It opportunistically makes a few small acquisitions yearly and occasionally acquires a much larger entity. Integrating business operations and getting all entities operating together as quickly as possible is a key goal for the IT team.  Having completed dozens of M&As, Collins and ESI’s Global CISO, James Schnoebelen, found how to reduce the time it took to realize value from an acquisition by 80% and more while improving security and the user experience. The secret? A combination of technology and great vendor partnership.   Changing Technology Infrastructure Was Essential  ESI’s technology infrastructure is “the backbone of the company,” says Collins. Without it, production plants can’t operate, engineers can’t collaborate, and sales teams can’t generate revenue. Until recently, the 100+ ESI sites had SD-WAN appliances connected by local ISPs. Firewalls at each location secured the network perimeter, and remote access was provided to users through a remote access VPN.  The configuration was complex. The SD-WAN network was a drag on fully integrating new companies into the ESI family of businesses. It took months to increase network capacity and unify a newly acquired entity with the rest of ESI.   Complexity also impacted the remote experience.  “Using the old VPN was confusing because it was inconsistent in terms of being on the road versus in the office. People had problems even just connecting,” says Collins.  “There were blind spots in the network,” says Schnoebelen. “We were concerned that we might miss something on our network, whether related to a cyber scenario or egress of Internet traffic.”  ESI sought a less complicated networking solution and stronger security capabilities. More importantly, the company needed the means to accelerate its business results.  SASE Simplicity Changes IT Operations, Staffing, and the User Experience  After evaluating the market, Collins and Schnoebelen settled on Cato, replacing the old SD-WAN appliances and remote VPN infrastructure with the Cato SASE Cloud Platform. Cato is the only SASE solution built from the ground up on a global, resilient, scalable, open, and modular SASE architecture. By converging SD-WAN, a purpose-built global cloud network, and an embedded cloud-native security stack, Cato connects and secures the complete enterprise–sites, remote users, and cloud resources.  With smarter, simpler infrastructure, Collins found that ESI could shorten their M&A times dramatically. “It used to take us three or four months to bring a new office into our fold, now we can do that in just a few weeks,” says Collins.  Equally as important, though, was the impact on IT operations. “We are no longer focusing only on connecting devices or connecting sites. We can leverage the capacity that we’ve gained by putting our efforts into other value-added activities that deliver more results to the business,” Collins says. “Now we’re spending more time on strategic projects like business process automation and business continuity planning instead of worrying about what connects to what. We leave the IT grunt work to Cato.”  IT staffing and career progression at ESI have also radically changed for the better.  Cato is so smart that it’s simple for non-security or networking specialists to handle operations that previously required far more training. This has an enormous impact on hiring.  “Now, when we hire people, we don’t have to pay for hard-to-find specialization capabilities. We can hire generalists who bring more diverse value to the company,” according to Collins. “The result is amazing. Not only does our business benefit from value-added resourcing and capacity, but our IT employees are happier because they are working on more meaningful projects that deliver tangible business results, rather than the thankless job of just keeping the lights on.”  The simplicity and elegance of Cato also extend to resolving user complaints. “We’ve been able to remove some of the friction users have felt with IT for years,” explains Collins. “Our users complain less now because the network access is seamless.”  Deployment Ease Enables Improving ESI’s Security Posture   With SASE, Schnoebelen and Collins improved ESI’s security posture. The Cato platform makes high-quality, contextualized data available in one place for real-time protection and detection.  “We’ve been able to add layers of security for all users that would have been more challenging to deploy in the past—services such as advanced anti-malware, NGFW, SWG, and threat prevention (IPS),” says Schnoebelen. “It’s not that those technologies weren’t in place before. They were. But Cato simplifies how they are delivered, and that makes all the difference.”  Schnoebelen emphasizes that it’s not a matter of if one will be attacked, but when, and so he and his team have put and continue to improve the processes for addressing that situation in place. “The key is being able to detect a threat and respond quickly and efficiently,” he says. “This comes down to visibility to identify the problem as well as simplicity to resolve the issue without too much fanfare. Cato provides us with both.”  Cato: A New Kind of Business Partner   Converting to SASE has been transformational for ESI, but the collaboration with Cato has also transformed what it means for a vendor to be a partner.  “Cato’s responsiveness to our requests and needs are unmatched, from my perspective,” says Schnoebelen. “One example of that partnership was supporting our requirement to deploy Cato globally to more than 100 sites in four months—and they did it.”  “We started with Cato looking to shorten the time needed to complete the integration of acquisitions and improve our security. We found a true partner who helped us reimagine how IT can serve the business. We achieved our initial aims and much more,” said Collins.  “With Cato, we’ve been able to save money, all the while improving our security posture, enhancing our employees’ user experience, and transitioning our network and security staff to focusing on more value-added projects,” says Collins. “There are not many times as a CIO that you can check the box in all these areas – faster, more secure, happy users, and a happy team – all for less cost and more business value. That’s the Cato SASE Cloud Platform.” 
Read customer story Search
O-I Taps Augmented Reality and Cato SASE Cloud to Realize “Impossible-to-Count” Savings

Manufacturing

O-I Taps Augmented Reality and Cato SASE Cloud to Realize “Impossible-to-Count” Savings
O-I Taps Augmented Reality and Cato SASE Cloud to Realize “Impossible-to-Count” Savings O-I Needed a Quick Digital Transformation For many organizations, digital transformation can be a painful experience that consumes lots of time and resources. If you’re a small IT department at a large enterprise, a single solution that can transform and simplify several functions at once can be a big transformation enabler. Such was the case with O-I, formerly Owens Illinois, one of the world’s leading glass bottle and jar manufacturers. In just a few months, O-I deployed the Cato SASE to 200 locations, boosting cloud and internal application performance, enabling work-at-home for its 24,000 employees, and beefing up security across 70 plants in 19 countries.   Before Cato, O-I’s carrier-based MPLS network was showing signs of age in a cloud-enabled, hybrid work environment. “We were a long-term traditional MPLS customer with the typical routers on the edge, network-based firewall appliances, and legacy VPN concentrators,” says CIO Rodney Masney. “As we reached the end of our agreements, we felt the time had come to rethink our approach to networking and security.”  O-I had been transitioning applications to the cloud, with a broad implementation of Microsoft 365 and plans for other SaaS and cloud services. “There simply wasn’t enough bandwidth for all we had to do, whether it was SharePoint access, Microsoft Teams video conferencing, or working with our other cloud and internal applications,” says Masney. “We needed a cost-effective way to increase bandwidth to our locations and to the cloud.”   Security had always been a top priority of Masney’s relatively small IT team and maintaining and refreshing multiple legacy firewall appliances took time and resources away from transformation initiatives.   Perhaps the final straw was the sudden explosion of the COVID-19 epidemic. “We had to send thousands of employees home where it was challenging for our legacy VPN to provide the bandwidth and utility executives and other staff needed every day to get their work done,” says Masney.   In summary, OI faced a lot of challenges all at once. “Swizzle all that together and you come to the sudden realization that you need to do something transformational,” says Masney.   O-I Crafts an RFP, Chooses Cato SASE O-I put out an RFP to find solutions for its various issues. “We sent RFPs to several suppliers, including our incumbent, and looked at a range of alternatives, from continuing with our current provider at lower cost to solutions that could provide a total transformation.   After some research, Masney’s team narrowed the choices down to two principal contenders, a major security solution provider and the Cato SASE. “I liked the other provider’s technology from a security perspective, and it worked well,” says Masney, “but it was a lot more complex and time consuming to deploy than the Cato SASE.”  After doing proofs of concept for both, Masney’s team felt strongly that Cato was the best solution for O-I in terms of technology, cost, ease of deployment, and support. Masney knew that with a team so committed to the Cato solution, he would get the best results.   Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast, global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last-mile links in physical locations. At the same time, Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.   Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss.   O-I’s deployment of the Cato solution to almost 200 locations and thousands of home users was quick and easy. “We’ve installed Cato to internal locations, the cloud, and home and hybrid work users at a much faster pace than we ever thought possible,” says Masney. “We don’t have to wait weeks or months for circuits to be upgraded or changed like we did with traditional MPLS. The Cato Sockets just show up at our plants, we connect them, and off we go.”  Cato Delivers Transformation with Cost Savings  The business benefits of the switch to Cato have been dramatic. “Cato has transformed our ability to connect to our network in a very different, meaningful way,” says Masney. “People working at home and the office get much better throughput for both internal and cloud application performance with much higher levels of security. The Cato solution has improved our ability to service our plants, including those in obscure locations, by collaborating using MS Team’s video and audio, which didn’t work very well before. MPLS circuits are expensive in some areas but with Cato we can get tens or hundreds of megabits at a very favorable cost.”   Hybrid work has also been a big success thanks to Cato. “The VPN client is a real treat,” says Masney. “It’s easy to deploy, works very well, and we haven’t seen any service issues. I’m really pleased with it.” Cato has since enabled O-I to move to a connected work policy that encourages employees to work at home but also provides the option to work at the office.   Since the Cato transition, O-I has started taking advantage of Microsoft HoloLens, an augmented reality application that allows engineers to troubleshoot plant manufacturing issues from afar. “If someone has a problem at a plant, an engineering expert at another location can just slip on a HoloLens headset, see for themselves exactly what’s happening, and give relevant, specific advice without having to hop on a plane. You can’t use HoloLens if your bandwidth is always getting tapped out. The savings we get with Cato and HoloLens are almost impossible to count.”   Masney estimates that with Cato alone he’s saving somewhere around 20 % in communications costs compared to the previous solution, even though he’s still running MPLS to some locations, while getting the security bonus Cato provides for both locations and home and mobile users.   He feels that the strong security services the Cato solution provides fit the purpose for his company. “It has improved our security posture immensely,” he says. “Cato is much simpler to deploy and quicker to value than other systems we evaluated,” says Masney.    He adds, “With Cato we have a good, solid sedan with the speed of a Porsche that got us exactly where we needed to go fast.”     
Read customer story Search
Vitesco Technologies Builds New Global Enterprise Network with Cato

Manufacturing

Vitesco Technologies Builds New Global Enterprise Network with Cato
Vitesco Technologies Builds New Global Enterprise Network with Cato Business Division Spinoff Requires New Strategy With new companies comes the opportunity to do things right. Offices can tap the newest of designs and technologies. Users can be equipped with the newest phones and laptops. And IT can tap the newest in networking and security technologies. Such was the opportunity facing Vitesco Technologies. An international leader in intelligent and electrified drive systems for sustainable mobility, Vitesco had been spun out of Continental AG,  the German automotive parts manufacturing company, into a separate company. Previously, Vitesco’s locations had been connected via MPLS, but once the carve-out was announced, Joel Jacobson, Global WAN Manager at Vitesco Technologies, realized he needed a new approach to the company’s network and security architecture. “At the end of the day, we needed a way to support our 70 locations and 20,000 remote users with a solution that was simple, allowed us to co-manage because we like to maintain control, and with a dev ops approach within IT of whoever builds and runs it.” "Cato allowed us the flexibility to incorporate our WAN, Internet and remote access solutions into one neat package that could be managed with a small team of people.” So he turned to C3 Technology Advisors, to help narrow down the options. “It wasn’t very difficult from there to see that there was only one solution – Cato SASE Cloud. Cato allowed us the flexibility to incorporate our WAN, Internet and remote access solutions into one neat package that could be managed with a small team of people,” says Jacobson. Vitesco Technologies Sets Up New Sites in Minutes One of the first capabilities Cato provided Vitesco Technologies was a unified management interface that allowed setting up new sites with minimum effort. “What would have taken us days in the past to do with other solutions, we could now do in minutes. We no longer had to have a separate IDS/IPS, on-premises firewalls, or five different tools to report on each of those services. We could bring our cloud-based services directly into Cato’s backbone with our existing sites and treat them all the same.” Addressing Multiple Use Cases with Cato There were various critical use cases Jacobson needed to address, and Cato SASE Cloud proved to support them all. Supporting users and locations in China: One of the most critical topics Jacobson faced was the Great Wall of China. “We needed to get our Office 365 traffic out of China without breaking any laws. With Cato, we were able to steer our traffic in through a PoP in Tokyo and Office 365 works just as well in China as in any other location.” Supporting AWS connectivity at scale: An additional concern for Jacobson was AWS. “We have regional installations of cloud providers, and we needed to connect these sites into our network without complicated pairing or setup. It was also crucial for us to reach two gigs of throughput, and we were very happy with the results.” Supporting access to special applications: Jacobson needed to ensure that specific applications (such as HR, legal or engineering tools) were always up. “Like many global companies we had to secure traffic from various applications behind a single IP. With Cato’s dedicated IP support, we could steer specific websites and eliminate complicated routing or proxy settings.” Supporting threat prevention across all traffic: Finally threat prevention was needed everywhere. “With Cato SASE Cloud, threat prevention is built into our services so that even our smallest locations are protected from threats.” Gradual Deployment of Cato SASE Cloud One of the biggest advantages for Jacobson was the ability to roll out gradually at a pace that fit the company’s needs. “We knew we would need to start slowly and pick up speed during the middle and end of the migration as we worked out any issues with them.” “By the time we got to our tenth site, our window dropped to two hours, and we rarely needed more than one hour to cut a site over from the old service to the new, and the actual outage time was usually no more than 15 minutes.” With Cato, Jacobson found location migration to be quick and painless. After establishing the company’s datacenters and peering points, the process of migrating sites began. “By the time we got to our tenth site, our window dropped to two hours, and we rarely needed more than one hour to cut a site over from the old service to the new, and the actual outage time was usually no more than 15 minutes.” As for the migration process, Jacobson and his team didn’t have to cut any corners. They worked with their sites prior to the migration to set up Cato sockets in parallel to their existing WAN service. During the outage, they would switch from the old WAN equipment to the new equipment, test the applications, fail over Internet, and any other services that the site deemed critical. “Security was extended at each site on the WAN, no matter the size. And we know that our Internet traffic is properly secured. Extending our WAN to AWS and Azure was easy with the Cato’s virtual sockets and where virtual sockets aren’t ideal, we used IP SEC connections without having to buy or maintain additional firewalls or Internet lines.” Vitesco Technologies Gained: High Availability, Self-Maintenance, Deep Analytics, Policy Consistency Cato SASE Cloud enables very large enterprises to accelerate and transform their global network and security infrastructure. “This is why we moved from our internally managed SD-WAN, remote access service and cloud-based Internet provider to Cato’s SASE platform.” “This is why we moved from our internally managed SD-WAN, remote access service and cloud-based Internet provider to Cato’s SASE platform.” With Cato, Vitesco Technologies achieved high availability across the board, removing the need for a regional hub or expensive co-location facility for WAN or Internet services. Analytics and security events are centralized in one place to make analysis easier. “If we run into any questions, Cato is there to help us. It's easy to know what policies we have applied, and we know they’re consistent across our locations. Our security team is pleased to know that Cato maintains the platform and as we need to add capacity, it's a simple phone call or email to get it resolved.”
Read customer story Search
Forvis Tackles Digital Transformation and M&A Network and Security Challenges with Cato SASE Cloud

Financial Services

Forvis Tackles Digital Transformation and M&A Network and Security Challenges with Cato SASE Cloud
Forvis Tackles Digital Transformation and M&A Network and Security Challenges with Cato SASE Cloud Forvis Sought a Single Network and Security Solution for Digital Transformation and M&A Digital Transformation can be painful but tackling digital transformation and mergers and acquisitions (M&A) at the same time is a particularly daunting challenge. Just ask John Bowles. Bowles was the Chief Information and Digital Officer at Dixon Hughes Goodman LLP (DHG) when in June 2020 the accounting firm merged with BKD, another leading accounting firm, to form Forvis. Today Bowles is the CIO of Forvis, which ranks eighth on Inside Public Accounting’s 2022 list of top 100 U.S. accounting firms. As with many mergers, DHG and BKD had their own infrastructure, which led to an operational challenge. “We had to integrate two very different networks with different staff models,” says Bowles. Ultimately, the team decided to standardize on Cato. “The Cato network run by DHG required very little labor to manage and maintain. We really liked Cato for that reason. The network on the other side required a few more people to manage and maintain.” Bowles and his team began migrating the BKD sites onto Cato. This wasn’t the first time they faced a site migration with Cato. Prior to the merger, Bowles led DHG’s transition from MPLS to Cato. MPLS had been the network solution enabling DHG’s thin client architecture, which connected its staff to centralized datacenter services. “MPLS served us pretty well, but it was expensive, complex, inflexible, and took forever to provision to new locations,” says Bowles. Internet access was provided locally at each site. “We tried backhauling Internet traffic, but it was too complex and too much of a bottleneck to make everyone happy,” he says. Bowles Considers SD-WAN Solutions, Chooses Cato Aside from the drawbacks of MPLS, it was the challenge of balancing digital transformation with mergers and acquisitions that first led to the decision to deploy a Cato SASE. “Even before the BKD merger, we were growing fast, bolting on other new companies at the same time as the technology landscape around us was transforming dramatically,” says Bowles. One strategy for addressing both challenges was to increase the adoption of cloud and managed services. However, doing so created network and security issues that made MPLS look increasingly obsolete. Bowles and his DHG team started investigating SD-WAN as a more agile, cloud friendly alternative to MPLS. “It was a natural progression,” he says. “We didn't know anything about SASE at the time and approached Cato Networks first as an SD-WAN solution.” They evaluated the SD-WAN market with an eye on operational efficiency. “Nobody wanted a small army of network engineers maintaining a very complex environment. We wanted a simple solution that would allow us to be responsive and agile and could scale without us having to redesign or refactor our network,” he says. Other factors in their buying process were network performance and security. “We sought a solution that performed consistently well regardless of country or location, and we were keen to minimize our risk and improve our compliance management.” And Bowles needed a solution that would support the growth and transformation of the firm while maintaining consistent standards and a common network and security infrastructure across it all. “I would say jokingly that it was like driving the car down the highway and changing the tires at the same time,” says Bowles. All of which led him to Cato. “When you take all those factors into consideration, you eliminate a lot of the other hardware and mixed hardware/cloud approaches.” SASE: The Right Solution for Transformation and M&A Bowles decided to deploy Cato SASE Cloud, which would “allow us to scale and be more agile,” he says. Completely cloud-based, Cato SASE Cloud would give Bowles the agility he needed to tackle M&A and transformation challenges simultaneously. Cato optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast, global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last-mile links in physical locations. At the same time, Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. Bowles deployed Cato SASE Cloud to locations gradually in high-availability arrays so if a location lost one circuit it wouldn’t lose the service. When it came to integrating BKD, he started with their smaller offices. “Cato installation is easy, and we can provide our virtual service model more effectively if we’re all on the same network.” He’s also deploying remote access to all 5,400 staff across the merger and expects to finish everything by the middle of summer 2023, working around tax season, when any unnecessary change is frowned upon. Robust Security and Agility for a Growing, Changing Enterprise Cato’s security services have been particularly suited to the firm’s needs. “As we grow, our attack surface grows as well,” says Bowles, “and we must protect ourselves from the growing sophistication of attacks.” With Cato SSE 360, there’s no need to worry about keeping up with security updates, upgrades, and appliance refreshes to scale and tackle the latest threats. He can rely on SSE 360 to handle all that and provide the same robust security to locations, remote users, and cloud access. Cato SSE 360 also helps Forvis address its regulatory issues. “In addition to the highly regulated accounting industry, we practice in a lot of industries that have their own strict compliance standards,” says Bowles. “They want us to produce SOC 2 and other reports, so we need to know we have the systems, platforms, and controls in place to do so. We also work with a lot more third-party workers in North America and other continents who affect our security posture.” In all, with its ease of deployment, agility, fast networking, robust security, and consistent set of standards, Cato SASE Cloud has provided Forvis with the ideal solution to address its dual transformation and M&A challenges.
Read customer story Search
Häfele Recovers from Ransomware Thanks to Cato SASE Cloud 

Manufacturing

Häfele Recovers from Ransomware Thanks to Cato SASE Cloud
Häfele Recovers from Ransomware Thanks to Cato SASE Cloud  In the wake of a severe ransomware attack in February 2023, Häfele, a global leader in the furniture fittings, architectural hardware, and lighting industry, faced a daunting challenge. The attack encrypted all Windows-based server and client systems, bringing the company's IT-based processes worldwide to a complete halt. The Häfele team had to find a way to restore their global network within 30 days while fixing the underlying security problems that might have led to the attack in the first place. Their answer? Cato SASE Cloud. "When your network is down from a cyberattack, every minute counts, and you can't afford to bring back a partially secured network. You have one shot to do it right and fast," says Daniel Feinler, CISO at Häfele. "The deployment speed with Cato SASE Cloud was a game changer. By working with Cato Networks, we brought up the entire network with full security in less than a month. It was so fast that a competing SASE vendor didn't believe us. Cato made it possible." The Challenge Accepted: Build A Global Network in One Month Feinler vividly recalls the crisis: "The attackers gained access to our network and encrypted all Windows-based systems. All IT-based processes worldwide were paralyzed." The company had to shut down its computer systems and disconnect them from the internet. The only good news? The backup was not compromised, enabling the team to restore their systems rather than pay the ransom. The team had been evaluating SASE vendors at the time of the ransomware attack. When the decision was made to rebuild their network, Feinler and his team thought it was an opportune time to "kill two birds with one stone" and move to SASE. The caveat: The entire global network rebuild had to be done within one month. It was an audacious goal that would typically be project-planned for 12 months or more. Encouraged by the positive results of the initial proof of concept, the team turned to Cato Networks. Cato worked closely with Häfele to get its network running and restore the Häfele IT systems. Over the next four weeks, Cato Sockets were delivered and deployed in an astounding 180+ sites across 50+ countries in Europe, Middle East/Africa, the Americas, and Asia-Pacific regions. The small form factor of the Cato Socket, Cato’s edge SD-WAN device, helped speed the deployment. The Socket is so small it can fit inside a backpack, solving shipping issues. In one case, a Cato sales engineer personally drove to a Cato depot and picked up a few Cato Sockets in Switzerland, for installation in the Häfele location in Germany.  Worldwide, the Häfele team configured a global, unified security policy to help prevent another attack, and 8,000 employees regained secure access to the internet and enterprise resources, including 4,000 mobile users who now use Cato Client for ZTNA. "The deployment speed with Cato SASE Cloud was a game changer, enabling us to bring up our entire network with full security in less than a month." The Cato SASE Cloud rollout was so fast that it even surprised Häfele. "I did not think we could shut down, rebuild, and transition our IT systems in less than 30 days," said Mike Bretz, Global Team Lead of Network at Häfele. "Cato defied the odds and performed admirably during a challenging time and under immense pressure. Implementation and Recovery: Cato Deployment Speed and Security Were Essential The speed at which Feinler and his team could connect sites and users was a critical factor in deciding to move with Cato, but it wasn't the only factor. "Our network team was very enthusiastic about the Cato solution," says Feinler. “Especially the easy administration and the fact that everything worked as promised at the proof of concept was convincing. From the hardware, which was quickly shipped, to all the worldwide locations, and to connecting boxes by a non-IT colleague. From a management point of view, I liked the fact that it is a one-stop solution for different security areas that we previously had with different suppliers." Cato provided Häfele with a converged, multilayer security stack for all traffic from all directions at all network edges. The Cato Single Pass Cloud Engine (SPACE), the core security engine of Cato, converges multiple network security functions for flow control and segmentation (NGFW), threat prevention (SWG, IPS, NGAM, DNS Security, RBI), application and data protection (CASB, DLP, ZTNA), and threat detection and incident response (XDR and EPP) into a cloud-native software stack. Cato has autonomous systems and processes sustaining the evolution of service capabilities, resiliency, optimal performance, scalability, global reach, and security posture, requiring no additional customer IT involvement. The Häfele team could protect all network-based vectors worldwide against future breaches and easily maintain an optimal security posture in the future. As for advice to other CISOs, Feinler had this to offer, "You need to invest in cyber defense both in hardware and software (SASE, XDR, SIEM, SOC) and also in your employees. Training for admins and security awareness training for your employees is important. Ensure you have a secure, air-gapped backup and regularly evaluate the restore. If not already done, implement network segmentation and separate IT from OT. Establish MFA for all logins." "Ultimately, you need to strike a good balance between security and usability. Cato gave us that. I would say that we can sleep much more relaxed. I think with Cato, we get the best protection currently. Coupled with the other changes we have introduced; we are in a good current state. The important thing now is to maintain this level and always be one step ahead of the attackers," says Feinler. Not Just the Right SASE Platform, the Right SASE Partner Häfele's experience with the Cato SASE Cloud is a compelling testament to the power of rapid, effective response in the face of cyber threats. It is also the story of the organization that stands behind the Cato SASE Cloud. Pulling together to deliver a global network in one month reflected enormous coordination between the Häfele and Cato teams, from Socket ordering, shipping, and deployment to management configuration and more. The case demonstrates how the right partnership requires excellent service and a service-oriented organization. As Bretz said, "Cato did exactly what they said they would do. This is how you earn customer trust."
Read customer story Search
JUKI Ramps Up COVID-19 Telework, Boosts Remote Cloud Performance with Cato

Manufacturing

JUKI Ramps Up COVID-19 Telework, Boosts Remote Cloud Performance
JUKI Ramps Up COVID-19 Telework, Boosts Remote Cloud Performance with Cato The Challenge: One Network, One Security Solution With users now working from home, enterprises have another reason to be frustrated with global MPLS. Not only are global MPLS services costly, but they’re also unsuitable for connecting the cloud resources consumed by the legions of remote and mobile users. The global Internet is of little help; it’s far too unpredictable. And having sites in China only limits the number of connectivity options. What then can an IT leader do to eliminate the high cost of MPLS while still meeting the needs for predictable, global secure connectivity that will meet the necessary regulations? “To get the best performance we needed to connect all our locations to a single network with uniform security, including locations that hadn’t been connected previously.” This was precisely the challenge facing Yoshiaki Kushiyama, Senior Manager of Information Systems for JUKI Ltd. The global manufacturer of precision equipment and needles for industrial and household sewing machines needed to deliver affordable, global access to Microsoft Office 365. “We had a plan to deploy Office 365 to the entire organization,” he says. “To get the best performance we needed to connect all our locations to a single network with uniform security, including locations that hadn’t been connected previously.” Cost and regulatory compliance were of big concerns. “We sought a solution that would cost as little as possible to deploy and maintain and we needed to comply with stringent VPN regulations in China,” says Kushiyama. Achieving these goals, especially uniform security, was a challenge. “We didn’t have a clear understanding of what security equipment was installed at each location and who controlled what nor the bandwidth and connectivity available at each,” says Kushiyama. “We were also concerned about cloud security since we were deploying Office 365. We had to ensure that the Microsoft applications would be accessible from the company network only.” Kushiyama had also heard that Office 365 deployment could increase bandwidth requirements up to five or ten times. “We wanted centralized network and security visibility, with the ability to upgrade bandwidth quickly if needed.” JUKI Seeks SD-WAN Solution, Chooses Cato Kushiyama knew that SD-WAN was a technology worth exploring when it came to deploying Office 365. “I had heard that SD-WAN, with its flexible deployment and management, was the right technology to get the best performance out of Office 365,” says Kushiyama, “so I started looking for SD-WAN solutions from vendors familiar with Office 365.” Kushiyama contacted an SD-WAN vendor recommended by a colleague and got an introduction to that product. Two months later, Kushiyama was introduced to Cato. “Listening to the company reps, I found Cato’s solution immediately appealing, so I compared both solutions carefully,” says Kushiyama. He was a little wary because at the time, Cato hadn’t been deployed by many Japan-based organizations. “When comparing all the capabilities, however, Cato’s had an overwhelming advantage and met all our requirements, so I was eager to deploy it and promoted it to senior management,” says Kushiyama. “They too were worried about the lack of a track record in Japan, but eventually they approved the Cato solution.” “Cato offered an environment where remote work could be done immediately and successfully using Office 365, letting employees do the same work that they did in the office,” says Kushiyama. “It also let us collaborate face-to-face easily with Microsoft Teams. This gave Cato a great reputation with senior management.” COVID-19 hit in the middle of the evaluation process and Cato’s fast, easy home and mobile VPN deployment helped to tip the scale in the company’s favor. “Cato offered an environment where remote work could be done immediately and successfully using Office 365, letting employees do the same work that they did in the office,” says Kushiyama. “It also let us collaborate face-to-face easily with Microsoft Teams. This gave Cato a great reputation with senior management.” Kushiyama was also impressed that with Cato, the same consistent level of security could be maintained for both the corporate WAN and the Internet. The use of the Internet for WAN connectivity rather than a dedicated line would enable JUKI to keep its network costs down. Cato Delivers Easy Deployment, Fast Performance, Low Cost Deployment of Cato across all JUKI’s global locations was fast and easy, requiring the installation of a simple Cato socket at each. “I went around with another person to each location to deploy the solution,” says Kushiyama. Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next generation firewall, and IPS. Connecting a location to Cato is just a matter of installing the simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 60 globally dispersed points of presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. JUKI’s 2742 mobile users run across the same backbone, benefiting from the same optimization and security features. Cato’s mobile VPN capabilities were the most immediate benefit of the solution for JUKI, allowing employees to work at home with the same performance, and security they had at the office. “Before Cato, the head office had no system for remote working at all,” says Kushiyama. “COVID-19 forced us to find one. With Cato all we needed to do was increase our VPN license and have each group company that was sending staff home install the clients. The move to remote work was so quick and smooth.” “The big difference between Cato and other solutions is the integration of network management and security” Fast connectivity among all the company’s locations was also a major benefit, together with the ability to monitor network connectivity and security from a single console. “The big difference between Cato and other solutions is the integration of network management and security,” says Kushiyama. “It’s great to be able to grasp and respond to both network status and security at the same time on a single screen.” Kushiyama also liked that he could increase network bandwidth easily as Office 365 use grew. “The more we use Office 365 the more bandwidth we need,” he says. “With Cato we just ask for more bandwidth and get it almost immediately. There’s no equipment or infrastructure to upgrade.” [caption id="attachment_12921" align="aligncenter" width="947"] The Juki global network — 2742 mobile device and 37 sites all connected by Cato’s global private backbone.[/caption] Kushiyama and his team have also improved Juki’s security by reducing dwell time and the number of malware infections. “The malware detection rate at the head office has dropped dramatically,” he says. “If there is an infection at a location, it’s visible at the head office so we can alert them and deal with it quickly.” As for cost savings, Kushiyama estimates that cost Cato provided a return on investment (ROI) that was five to ten times higher that of MPLS. In all, JUKI’s switch to Cato has been a great success. Says Kushiyama, “The combination of Cato and Office 365 made all the difference in JUKI’s ability to handle the COVID 19 pandemic and communicate across all company locations and employee homes as if we’re all in the same office.”  
Read customer story Search
Fullerton Health Builds a Secure SASE Linking 550 Locations and the Cloud, Thanks to Cato

Healthcare

Fullerton Health Builds a Secure SASE Linking 550 Locations and the Cloud, Thanks to Cato
Fullerton Health Builds a Secure SASE Linking 550 Locations and the Cloud, Thanks to Cato The Challenge: How to Cope Efficiently with Rapid Data Growth and Increasing Security Risks Secure communications are essential for any organization, particularly for a large, regulated healthcare provider holding sensitive health data for thousands of patients. Such was the case for Fullerton Health. The vertically integrated provider of accessible, affordable healthcare maintains a network of more than 550 healthcare facilities across nine Asia Pacific countries. Thanks to rapid growth and acquisitions, connectivity and security among facilities and Fullerton Health’s Singapore headquarters was a complex affair. “Before Cato, there was no integrated network to link regional offices and local sites, says Alvin Lim, Group Technology and Information Security Director at Fullerton Health, Singapore. “Local sites were managed independently; security was provided by individual firewalls. We were looking to enhance security by improving monitoring of our networks.” Like many healthcare organizations, Fullerton Health grappled with exponential electronic data growth due to rapid digitization. Rising security risks and threat actors were becoming increasingly lethal, not to mention sophisticated. “Our huge data growth was leading to traffic monitoring and bandwidth management challenges,” says Lim. “We take the trust our patients have in our ability to protect their medical records and personal data very seriously. We are always mindful of possible data breaches and constantly look for ways to protect our data. Fullerton Health Considers Network Alternatives, Chooses Cato Lim decided it was time to look for a single integrated secure network solution for all its locations and needs. “We looked at several alternatives, including VPNs over the public Internet, which were not ideal, and leased lines, which are expensive, slow, and offer little security.” “We also looked at SD-WAN, which would have required backhauling data to data centers,” says Lim. In the end, Lim decided a Cato SASE was the answer. It would inspect and secure data at multiple points of presence and was particularly suited to remote work, a growing component of Fullerton’s business. Lim liked that Cato had good coverage in the Asia Pacific Cato SASE Cloud optimally connects all enterprise network resources into a secure global, cloud-native service, including branch locations, the hybrid workforce, and physical and cloud data centers. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast, global private backbone. Cato Sockets, Cato’s edge SD-WAN devices, extend the Cato SASE Cloud to locate, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, Cato Client and Clientless access enables secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. Immediately Lim was impressed with his Cato contacts. “They were wonderful people, very easy to work with,” says Lim, “and had a lot of technical knowledge and experience. We felt we could communicate very freely with them.” Cato’s pricing was also very competitive, and Lim liked that security was tightly integrated with the solution. Deployment of the Cato SASE to all of Fullerton’s sites was easy, even during a global pandemic. “Remote sites with no IT staff had no problems connecting the Cato Socket to their local circuits, and we could activate each site through a central portal. It really was plug-and-play for us.” Fullerton Health connected all its locations over a single year, 2022, even as the Covid-19 pandemic raged. Cato Delivers Bang for the Buck The benefits of the Cato SASE have been dramatic. “Cato gave Fullerton Health a way to connect all those disparate entities and locations, including remote users and the cloud, into a single common, fast, secure transport channel,” says Lim. “It lowered the cost of our investment in telecommunications links by 30 percent compared to alternatives and gave us fast, dedicated connectivity to our cloud providers. And it simplified security and secure remote access, which both happen at its numerous points of presence, rather than individual connections to a central firewall.” Lim is impressed with Cato’s support and continual ideas for improving his organization’s network. “Cato support is very responsive, and Cato is always adding value in their product offerings,” he says. “I would recommend the Cato SASE solution to any healthcare organization that needs simple yet very secure connectivity among regional and local sites, remote users, and the cloud.”
Read customer story Search
The Flügger Group Gains Network Flexibility and Security with Cato and Secher Security

Retail

The Flugger Group Gains Network Flexibility and Security with Cato SASE Cloud
The Flügger Group Gains Network Flexibility and Security with Cato and Secher Security The Challenge: Simplicity and Flexibility In an era of digital transformation, manufacturers need fast, secure WAN connections with datacenter applications, retailers, suppliers, partners, and the cloud. Retailers in turn need fast connectivity with manufacturers and their own datacenter and cloud applications. As both a Danish paint and related products manufacturer and retailer, the Flügger Group needed all of those things. With five manufacturing plants and more than 200 of its own retail locations and 200 franchise stores in Scandinavia, Eastern Europe and China, the Flügger Group was in the midst of a major expansion and digital transformation. Prior to Cato, Flügger relied on MPLS WAN connections and multiple security point solutions to provide secure WAN connectivity. “Our MPLS solution was secure, but it was a very closed, inflexible environment that we couldn’t make changes to without a lot of time and effort” “Our MPLS solution was secure, but it was a very closed, inflexible environment that we couldn’t make changes to without a lot of time and effort,” says Jan Jørgensen, IT Project Leader. “We had to do a lot of workarounds.” Flügger was opening, closing, and moving a lot of stores and it took much too long to get them up and running with MPLS. “It got quite difficult to meet our deadlines,” says Rune Skovsgaard, Head of IT. "We needed an environment that was both more open than MPLS and as secure, and, of course, financially attractive.” Flügger was also modernizing its manufacturing plants. “We were inviting more suppliers and partners directly into our network, including those who would help support and maintain plant IT,” says Skovsgaard. “They had to get into a very closed network to do their work. We needed an environment that was both more open than MPLS and as secure, and, of course, financially attractive.” With all its point solutions, security was also inflexible and time-consuming. “We couldn’t work with our firewalls, honestly,” says Jørgensen. “If we had to make any changes or give an external provider access, it was impossible. It took a lot of work and time even to just open and close the firewall for a specific partner. Sometimes we just left it open.” Flügger Turns to IT Consultant, Adopts Cato Looking to simplify networking and security and make it all easy to manage, Flügger turned to Secher Security, a Danish IT security consultant firm, for help. “They had all sorts of different vendor solutions and partners involved in a lot of different IT projects,” says Kristian Secher, Secher Security CEO. “They were losing money on all those different consultancy services. Immediately we saw that we could simplify their environment with the Cato solution. The Flügger Group took to the Cato solution almost right away. “Things moved quickly and easily because the Flügger team was very interested in the solution and eager to help get the job done and make it a success,” says Secher. Cato connects all global enterprise network resources — including branch locations, physical and cloud datacenters, and mobile users — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, and IPS. Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 70 globally dispersed points of presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Flexible Network, Flexible Partner Aside from being impressed with the Cato solution, Skovsgaard found his Cato partners very flexible and easy to work with. “When we select a new supplier we look both at the technical solutions and whether it will be a good working environment,” says Skovsgaard. “With Cato we have a very flexible supplier that understands our requirements and is there when we need help.” “With Cato we have a very flexible supplier that understands our requirements and is there when we need help.” Many of Flügger’s stores are very small and Skovsgaard appreciated that Cato was willing to accommodate such small network environments. “Cato understood our business and adjusted its own business model and contracts so they would work for us,” says Skovsgaard. “Cato give us both the security and flexibility we need,” says Jørgensen. “We can bring new partners into the network easily and securely.” After 12 months with all Flügger stores now up and running on Cato, the Cato solution has paid for itself compared to MPLS, and is now saving the company money. But there are more important benefits, according to Flügger. “Cato give us both the security and flexibility we need,” says Jørgensen. “We can bring new partners into the network easily and securely.” “It’s also quick and easy to move, open, and close stores compared to how it was with our previous MPLS network, even when they’re in other countries” “It’s also quick and easy to move, open, and close stores compared to how it was with our previous MPLS network, even when they’re in other countries,” says Skovsgaard. “And we have a single reliable supplier for network security instead of having to deal with a lot of different security vendors.” Jørgensen likes that Cato is an Internet solution. “With MPLS you’re bound to a certain Internet provider,” says Jørgensen. “Since Cato uses the Internet, it’s less expensive to maintain and we can shop around for a provider, which saves money.” Jørgensen also likes Cato’s easy management. “We have much more control of the network and can monitor and make changes remotely,” says Jørgensen. “Before Cato, if a retail store dropped a connection, there wasn’t much we could do. With Cato we can see that the line is working fine and find exactly where the errors are in the system. We can make quick security changes remotely and easily to adapt to new threats. Jørgensen recommends the Cato solution to others. “It’s been a great experience, a business critical infrastructure asset that’s stable with a great team that I can trust. And we have a solution we can grow with our business.”
Read customer story Search
Guardian Credit Union Improves Network Control & Security with Cato

Credit Union

Guardian Credit Union Improves Network Control & Security
Guardian Credit Union Improves Network Control & Security with Cato Cloud applications demand greater network visibility, without compromising security or increasing complexity Guardian Credit Union is a regional business that faced big network challenges. The credit union needed better visibility and application control, without compromising security or making the network so complicated it would require a team of wizards to operate. Like many companies, Guardian had relied on a mix of point-to-point, layer-2 connections to connect sites. The MPLS and Metro Ethernet network was configured in a hub-and-spoke, backhauling requests to Guardian’s central datacenter to access applications, data, and from there through a secured Internet portal. In short, it was the kind of complex configuration typica of legacy enterprise networks. “I have experience in complex environments so it's not hard for me to get it and support it, but I have other things to do too and so does our team,” says Scott Rosen, vice president of technology for Guardian. “I have experience in complex environments so it's not hard for me to get it and support it, but I have other things to do too and so does our team” Managing a complex network requires lots of training, which Rosen wanted to avoid as a requirement for Guardian’s IT operations team. “It takes a ton of time and expertise. You don’t just go out and take a couple of courses in how the network works in a complex environment,” says Rosen. “So for us, moving to SD-WAN wasn’t necessarily about reducing costs, even though that was something that happened, but it was more about visibility of the network. We wanted to reduce the complexity of the network but maintain its protection and resilience.” One reason improving visibility was particularly important for Rosen and his team was because of the struggles voice and cloud applications had across private networks like Guardian’s. The company was increasingly looking to adopt video conferencing, Microsoft 365, and other applications so providing quality of service (QoS) at the edge was very important. SD-WAN Requires Security to Replacing MPLS SD-WAN provided a way to simplify the network but that meant adopting Internet everywhere. The inherent risks were obvious. “Now that we're getting away from private connections, we risk exposing ourselves by providing Internet connections now at all locations. So that was something to weigh. How could we mitigate that risk? “ It meant that security had to be part of his SD-WAN assessment. The notion that traffic across the WAN can be trusted, a common belief in legacy network design, had to be upturned. “If you trust the traffic between a branch and a datacenter, you’re increasing your risk. If there’s a piece of malware in the branch, which thankfully we never had, the malware could propagate across the network. You must inspect the traffic.” And that inspection must be based in the network. “You can use endpoint control in the computers but that doesn't fix IoT or devices that might have different operating systems than the ones you control. You really need to have inspection and control in the network.” Rosen Considers SD-WAN Solutions but Finds Security, Management Lacking Rosen investigated conventional SD-WAN solutions, but none of those alternatives prioritized security. “We led with ‘security first’ in our assessment, but conventional SD-WAN solutions sold security as an add-on or required a separate security solution.” “We led with ‘security first’ in our assessment, but conventional SD-WAN solutions sold security as an add-on or required a separate security solution." Also, conventional SD-WAN solutions required going through a telecom provider or ISP, who would manage the solution for Guardian. The credit union was already dissatisfied with telco support and did not want to give telcos more responsibility. “It’s hard enough to get them to fix the services they were already providing,” Rosen says. “You already experience problems and now they want to sell you a complete turnkey management solution where they manage your entire network.” [caption id="attachment_8224" align="aligncenter" width="1237"] Cato’s SASE architecture allowed Guardian to prioritize traffic to ensure VoIP and other applications received the necessary bandwidth[/caption] Rosen Turns to Cato’s SASE Platform for SD-WAN – And More Cato provided Guardian with the enhanced security, application control, and operational simplicity the credit union required. Cato allowed Guardian to achieve needed security without layering on firewalls and other security service, which would have increased network complexity. “Security wasn’t just part of Cato’s technical solution. It’s in Cato’s roots. Your CEO and founder came from that world,” says Rosen. Cato also proved easy to understand, improving the productivity of the Guardian IT team. The IT team could troubleshoot problems quickly without requiring a great deal of networking expertise. “Anybody on our team now can go in and understand where traffic is flowing and how it’s working,” Rosen says. “Security wasn’t just part of Cato’s technical solution. It’s in Cato’s roots. Their CEO and founder came from that world." And the transition to Cato prepared Guardian for the Covid-19 pandemic. “Who knew that the steps we took months and months ago to improve our network would prepare use for Covid-19,” says Rosen. “But moving to Cato was instrumental in us being able to be elastic and more dynamic in helping us respond to not just the shift to remote workers. Not only could Cato support our remote workers, but we didn’t need to bring cloud and Internet traffic back to our datacenter and consuming our resources. We could keep that traffic where it belonged in the cloud. “ [caption id="attachment_10685" align="aligncenter" width="1291"] With Cato, Guardian gained network visibility into its complete network and security infrastructure.[/caption] Cato Support Proves to be ‘Nimble’ and Responsive Overall, Rosen is extremely impressed by Cato’s commitment to customer service. Rosen notes that one night he called Cato after 9 pm and Cato offered to do a remote support session despite the lateness of the hour. Guardian was at that time doing a proof-of-concept (PoC) with Cato — though Cato didn’t know that until later — and Cato’s above-and-beyond commitment to support helped Guardian decide to give Cato its business. Cato has also proven responsive to enhancement suggestions. “Cato is nimble. When I need something fixed or have a product enhancement, Cato listens,” says Rosen. “Cato is nimble. When I need something fixed or have a product enhancement, Cato listens." And Guardian and Cato both share a common corporate culture, of putting the customer first. “Honestly, I’d love to tell you it was all about the product, but your people, too, are a differentiator.”  
Read customer story Search
Kyocera Senco Improves Availability, Continuity, and Manageability with Cato SASE Solution

Manufacturing

Kyocera Senco Improves Availability, Continuity, and Manageability with Cato SASE Solution
Kyocera Senco Improves Availability, Continuity, and Manageability with Cato SASE Solution Continuity and availability have long been key attributes of enterprise WANs. But as companies turn to SD-WAN, achieving around the clock uptime and network availability is not always a given. Just ask Kyocera Senco. The Dutch-based specialist in fastening solutions had deployed its own SD-WAN solution.  “The performance was good, but we could not always guarantee the needed continuity. Downtime has a big impact on our business and after one time our systems were offline for half a day, we started looking for another solution,” says Peter Fluitsma, Managing Director of Kyocera Senco  The company turned to Cato and Videns IT Services, a leading network-independent service provider of managed SD-WAN solutions, for help. Cato’s revolutionary global secure access service edge (SASE) service converges SD-WAN and network security capabilities into a global, cloud-native platform.   Click here to read more about the Kyocera deployment and key lessons learned while deploying Cato.
Read customer story Search
Fiskars Group Boosts Business Agility and Security with Cato SASE

Consumer Goods

Fiskars Group Boosts Business Agility and Security with Cato SASE
Fiskars Group Boosts Business Agility and Security with Cato SASE Fiskars Group Needed a Network Overhaul Moving at the speed of 21st century business requires a fast, agile, secure WAN that is easy to deploy and manage. Unfortunately, before the Fiskars Group adopted Cato SASE, its WAN had none of those qualities. “Our network was an old-fashioned mess,” says Jesper Hjørland, Service Manager for Network and Connectivity at the Fiskars Group. “We had both MPLS and Internet connections with multiple security solutions from different providers in different locations.  We often had three or four different devices on each site. Deployment and management of all those solutions was very challenging and time consuming.” The time it took just to open a new location was far too slow for the company’s business needs. “Our leadership felt it was critical to be fast and agile to meet the rapidly changing needs of our customers,” says Hjørland. “Before Cato, that simply was not possible,”. Once Fiskars Group had to move a warehouse in Sydney to another location. “It took us four months just to get a new MPLS connection, delaying the move and worrying our management quite a bit,” says Hjørland. After that stressful move, Hjørland knew it was time to find a better, more simple, flexible WAN solution. “We knew we needed the same WAN and security solution in every location, whether it was a small shop or a large factory,” says Hjørland. Fiskars Group Evaluates SD-WAN and SASE, Chooses Cato Hjørland’s needs naturally took him in the direction of SD-WAN and SASE. “We looked at a lot of SD-WAN and SASE solutions, but Cato’s was the only one that allowed us to use the same solution everywhere,” says Hjørland. “It was also the simplest to deploy and manage and much more flexible than the other SD-WAN solutions we evaluated.” Cato’s management interface looked so simple at first that many of Fiskars Group’s network staff thought it wasn’t capable. “They were really nervous,” says Hjørland. “‘It’s too simple,’ they said. ‘It probably can’t do much.’ It turned out we could do much, much more with the Cato interface than ever before, including things that a lot of network people don’t even understand completely. Yet the interface is so easy even the less experienced network staff can work with it.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast, global private backbone. The Cato Socket, Cato’s edge SD-WAN device, extends the Cato SASE Cloud to locations, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, the Cato Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. Aside from the management interface and Cato’s security features, Hjørland liked Cato support. “Cato’s people were always helpful, going over and above to ease our implementation,” says Hjørland. “They had great suggestions to help us use the solution to its full potential for our business and gladly answered all our questions, no matter how stupid, to ensure we understood exactly what we needed to do.” Fiskars Group Gets the Speed and Agility it Needs Deployment of the Cato solution to the Fiskars Groups locations has been very quick and easy. “We changed our supplier in the middle of the implementation and, though they had never heard of nor had any experience with Cato, they were able to do their first deployment in under two hours with minimal Cato support.” Cato SASE has sped up the deployment of moves and new locations dramatically. “We roll out new shops very quickly now,” says Hjørland. “We can just send them a Cato box and explain to store personnel with no network experience how to plug it in and get the service up and running.” Aside from fast deployment, Hjørland likes that every location large and small has the same robust layer of security. “That consistency was something we sorely lacked in the past.” However, agility and simplicity are the main business benefits. “With Cato we’re removing three to four different devices on a site and replacing them with a simple Cato box.” Fiskars Group has started using the Cato mobile VPN in Europe and will soon roll it out in Asia as well. As for cost, Hjørland finds Cato to be very competitive. “The Cato solution has saved us money compared to our previous WAN infrastructure, and that’s not even counting all the additional time and money we spent on consulting services before just to keep everything up and running. There’s definitely a huge cost savings there.” Hjørland most appreciates that Cato has made his job easier. “Thanks to Cato, I can stand by my promises and feel comfortable we can deliver on the company’s business needs quickly, efficiently, and securely.”
Read customer story Search
Topcon Achieves a Fast, Secure Global WAN with Cato

Healthcare

Find out How Topcon Achieved Fast Global WAN Performance and Security with Cato.
Topcon Achieves a Fast, Secure Global WAN with Cato The Challenge: A Single, Fast Global WAN Proved Challenging with MPLS Global enterprises often struggle to provide consistent WAN performance and security across all their locations. MPLS is very expensive or unavailable in some remote regions and VPN alternatives can be slow and unreliable. Topcon Corp knew this problem only too well.Topcon is based in Tokyo, Japan with offices spread across the Americas, Middle East, Africa, Asia Pacific, and China. With expertise in advanced technology and global business development, the company provides global solutions to meet societal challenges in healthcare, agriculture, and infrastructure. Some of these include technologies that automate the operation of agricultural equipment and harness digital sensors to manage the growth of agricultural crops. “Seventy-seven percent of our sales come from overseas and nearly 80% of our employees are not Japanese,” says Takashi Nakajima, Head of the Digital Transformation (DX) Promotion Division and Chief of Business Operations. Topcon was struggling to provide fast, secure connectivity to its offices in China. Most of its other locations took advantage of fast MPLS connections, but China’s offices had slower connections that were often problematic. “We started seeing the limitations of MPLS for worldwide deployment and started looking for a next generation network we could deploy everywhere,” says Nakajima. “We needed a simple, fast, secure solution for regions in Asia where MPLS hadn’t yet been established.” Topcon Searches for a Global WAN Solution, Chooses Cato GlobalDots, a global cloud solutions provider, introduced Nakajima to the Cato solution and he was immediately impressed. “I had already been working with a local SD-WAN deployment in my previous job, so I was familiar with the technology. I liked that the Cato SASE could give us the fast connectivity in China and other parts of Asia that we needed while also keeping our communications secure and allowing us to monitor everything properly.”Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS.Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance, which links automatically to the nearest of Cato’s more than 75 globally dispersed Points of Presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and five nine’s uptime; it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features, improving remote access performance.Nakajima was sold on Cato, but convincing internal management was another story. “We had a lot of conversations in which I had to explain Cato and SD-WAN to management and field staff and assure them that I couldn’t find anything else with all the built-in security and monitoring that Cato had,” says Nakajima. “I made those features the big selling points and got it though the internal approval process.” Fast, Secure WAN and Remote Access Worldwide Implementing the Cato solution was quick and smooth, thanks to Cato’s simple socket appliances and help from GlobalDots. “They did most of the work,” says Nakajima. “As long as there was an Internet connection in our Asian offices, GlobalDots could handle just about everything else remotely. We also replaced our remote access service with Cato’s for about 600 employees, starting with smart phones. It took a little education to get them started but it was pretty smooth.” Staff PC’s will come next.Performance in China and other regions without MPLS has been fast, but its Cato’s simplicity that has really impressed Nakajima.“Cato’s biggest benefit from my point of view is that the network operators no longer need any specialized knowledge,” says Nakajima. “We have a small network staff, and they have to look after the internal network, the Asian network, and our domestic WAN. Now they don’t have to deal with all those version upgrades, security patches, outages, and support issues. Aside from the time and resources saved, there are no more of the human configuration errors we used to have.”Nakajima is also impressed with how easy and quick bandwidth upgrades are with Cato. “We’ve been moving to cloud services such as AWS and Azure, and in the initial design phase we can invest in the minimum bandwidth we need. Then we can quickly ramp up the bandwidth with Cato when we need it.” Topcon had a WAN connection in the U.S. that was impacted by wildfires, requiring a quick replacement, which came easily with Cato SASE. “Normally we would have had to run another MPLS line, which would have taken a long time, but with Cato we were able to recover immediately with nothing more than a contract change,” says Nakajima. “It’s so great for our business when we can do these kinds of things so fast.”Nakajima also saw the true value of Cato’s remote access service when Covid hit. “Basically, nothing happened,” said Nakajima. “Cato’s remote access was already deployed for our workers so there wasn’t much to do. And since nothing happened, management was amazed when they started reading about all the problems other companies were having giving their employees the capability to work from home.”Overall, the Cato SASE solution has been a big success for Topcon. “We were able to provide a fast connection and secure environment for our employees, even when Covid hit and they had to work from home, “says Nakajima.“ The Wi-Fi networks users had at home were not very secure after all, but it didn’t matter with Cato’s security services. Management has been happy with how quickly we can set up Cato at new locations and how well work-from-home went during Covid.”As for the future, Nakajima plans to use Cato to create a business continuity/disaster recovery plan that will fail over from AWS to Azure or vice versa. “I’m trying to create a structure where if one cloud service goes down the network won’t be cut off,” says Nakajima. “I would recommend Cato most of all for its flexibility,” says Nakajima. “It’s so easy. Jut try it out and see if it works for you. We started with our overseas WAN, expanded to remote access and now we’re moving on to other locations. We really haven’t had any major issues.” Background With expertise in advanced technology and global business development, Topcon Corp provides global solutions to meet societal challenges in healthcare, agriculture, and infrastructure. Solutions include agricultural equipment automation and agricultural crop management using digital sensors. Topcon is based in Tokyo, Japan with offices in the Americas, Middle East, Africa, and Asia Pacific. Before Cato, Topcon relied on MPLS connections where they were available and VPN connections where they were not, with firewall appliances at each location and a VPN service for remote access.
Read customer story Search
PlayPower Taps Cato to Streamline its Global Network, Boost Business Agility, and Improve Security

Manufacturing

Learn now a leading manufacturer replaced its MPLS- and VPN-based network with Cato, while improving security with the Cato MDR service.
PlayPower Taps Cato to Streamline its Global Network, Boost Business Agility, and Improve Security The Challenge: M&A Complexity Organizations growing via mergers and acquisitions (M&A) often end up with a complex mix of service provider and point solutions that create significant IT operational and performance challenges. Rationalizing diverse infrastructure not only simplifies the network, it makes the business more agile and responsive. PlayPower, a leading manufacturer of premier commercial recreational equipment, is a case in point. Through a series of mergers and acquisitions, PlayPower found itself with a mix of MPLS services and Internet-based VPNs connecting its 15 sites. The complexity and diversity of the network created a host of operational challenges that Alfred Sobrinho, Vice President of Information Technology at PlayPower, knew could only be eliminated through network simplification. With so many different types of services and equipment, running the PlayPower’s complex network was incredibly time consuming. “Like most mid-sized companies, we don’t have a huge staff of CCIEs,” says Sobrinho. “We needed a network that was easier to administer and run.” Several of PlayPower’s locations lay outside of its MPLS provider’s network, leading to delays and service issues. “In some rural locations, it could take a long time to get a new site on board with MPLS,” says Sobrinho. “There might only be one or two telcos to choose from.” Once sites were connected, the backbone often proved unstable, causing problems for users trying to connect to applications and share resources. “Even IT staff had difficulty connecting to other locations,” says Sobrinho. “The thought of someone in Pennsylvania providing helpdesk services to users in California was basically out of the question, as it meant crossing two or three networks.” Maintaining the company’s security infrastructure also proved challenging. As with many companies, PlayPower had an on-premises SIEM system that needed continuous monitoring and updates. “We didn’t have the resources to have someone sit there all day, monitor security events and rule out false positives,” says Sobrinho. “It made sense to give that function to someone who does this for a living,” he says. Sobrinho decided he had to create a single unified network that made all services and assets available to everyone. “We wanted to locate services where they were needed, without any bandwidth or other network constraints,” he says, “and we wanted to provide services across all of our different brands and business units with a single IT team.” PlayPower Evaluates the SD-WAN Market, Selects Cato Sobrinho began looking into SD-WAN, reaching out for help to Ralph Lewis, CEO at Cumulus Telecom and trusted advisor on infrastructure issues to PlayPower. “We looked at ease of use and price/performance ratios. It was particularly important that the proposed SD-WAN solution work in-line with our current firewalls,” says Sobrinho. “A forklift upgrade was out of the question.” Together, Lewis and Sobrinho vetted all of the major SD-WAN providers, “but Cato looked really good,” says Sobrinho. Cato connects all enterprise network resources—including branch locations, the mobile workforce, and physical and cloud datacenters—into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic. “I was going to schedule our next vendor interview,” says Lewis, “when the team said ‘Stop scheduling! You just showed us what we’re looking for." After evaluating Cato, PlayPower implemented a proof of concept (POC) in an office it was looking to move to a different location. The results were so positive that they chose to replace their firewall appliances with Cato Security as a Service. “By the time the POC was over, we were no longer considering our own firewalls,” says Sobrinho. “We were ready to return the router for the new location because they were going to use the Cato Socket to do the routing,” says Lewis. As PlayPower rolled Cato out to the other sites, Sobrinho decommissioned MPLS services. Benefits with Cato The move to Cato provided PlayPower with both tangible and intangible benefits. With Cato, PlayPower could replace a hodgepodge of MPLS services and Internet-based VPNs with a single network supporting the entire organization. The IT team could now deliver services everywhere, supporting all the company’s divisions and business units. Cato’s simplicity and cloud architecture yielded significant operational savings. Management and support were mostly handled by Cato, rather than PlayPower’s IT staff. "If you need specialists, such as CCNEs, you need more IT people and a bigger network team to support the same kind of networking capabilities you get with Cato,” says Sobrinho. Cato’s flexibility let PlayPower reduce its network costs. “With Cato, we can use any available last mile provider or service,” says Sobrinho, “which means we can negotiate rates and make providers compete to keep our costs down,” he says. "The Cato Sockets are truly plug and play, so we don’t have to do all that routing and deep network configuration we used to do." Cato gave PlayPower a built-in onramp to the cloud. "Cato's agentless cloud capabilities make integrating leading cloud providers and hosting centers so easy,” says Sobrinho. “You have those connections already without having to configure dedicated IPsec tunnels to the provider.” So positive was the initial foray into SD-WAN that the team decided to expand the relationship. A few months later it became the second customer to go live with Cato Managed Threat Detection Response (MDR) service. With Cato MDR, Cato engineers monitor the network for key security events, alerting the customers only as needed. "Rather than having a bunch of warm bodies sifting through the traffic, Cato uses data mining to drill down to the few events that warrant human attention,” says Sobrinho. “I have an analytics and applications background, so that approach makes a lot of sense to me." “Cato’s SOC team reaches out to us with an alert and one of our IT members responds with the appropriate action,” says Sobrinho. “We’ve been very happy with that service.” A Fast Work-from-Home Ramp-up As with many organizations, the spread of Covid 19 forced PlayPower to shift employees to working from home on a large scale. "It meant more than doubling the number of remote workers,” says Sobrinho. Cato made it easy. “With Cato, we didn't have to worry about adding VPN servers,” says Sobrinho. “All it took was a single phone call. Within a day, the extra VPN capabilities were deployed. No need to monkey around with switches, concentrators and cabling.” Cato’s flexible cloud architecture was a great benefit when companies had to adapt to Covid and vacate their physical offices. “PlayPower was able to take the entire workforce across all its sites and business units remote in a day or two with no loss of productivity,” says Sobrinho. “It was remarkable that we did not have to frantically add VPN concentrators or network infrastructure like our peers and competitors who were on legacy networks and took weeks and months to transition to a remote work-from-anywhere business.” Most importantly, the user experience was excellent. “With Cato, our users don't even know they’re connected to a network backbone -- and they shouldn’t have to. They just know they can access all their applications and services seamlessly, says Sobrinho.” The support experience has also been positive. “We’re very happy with the service levels we've been getting Cato,” he says. “We don’t have to tie up IT people to handle a maintenance outage or a hardware or software upgrade to enhance uptime. We spend a lot less time on network administration." Perhaps that greatest benefit: PlayPower can make business decisions without worrying about network limitations. Says Sobrinho, "With Cato, we can tap the right location to provide the right service based on business need, not some artificial network constraint such as bandwidth."
Read customer story Search
Oil and gas company implements SASE to energize IT resiliency, connection speed and network security

Manufacturing

Oil and gas company implements SASE to energize IT resiliency, connection speed and network security
Oil and gas company implements SASE to energize IT resiliency, connection speed and network security Ranger Energy Services had a legacy VPN with high latency, as it required routing through another vendor’s data center. The IT team received a huge number of tickets related to network issues. Ranger Energy Services started by replacing its legacy VPN with the Cato SASE Cloud Platform and the Cato Client offered by Windstream Enterprise Software. With Cato, a single zero-trust policy guides user access regardless if the user is inside or outside the office. The Cato Client provides remote users with Zero Trust Network Access (ZTNA). The ability to provide a high-quality ZTNA solution was a key factor in Ranger Energy Services' transition to SASE from Windstream Enterprise. The ZTNA clients significantly improved Ranger’s remote users and work-from-home employees' performance. ZTNA traffic was routed to the closest regional SASE point of presence (PoP), which meant a much lower latency and a significant reduction in trouble tickets. Ranger’s IT staff members were impressed with the support teams at Windstream Enterprise throughout the deployment of ZTNA and SASE. “Ever since bringing on Cato and Windstream Enterprise, we’ve had a marked improvement in our networks,” says Matthew Bennett, senior IT manager at Ranger Energy Services....Click here to read the complete story of the Cato-Windstream Enterprise deployment.
Read customer story Search
How Redner’s Markets Transformed the Retail Experience by Transforming its Network with Cato

Retail

How Redner’s Markets Transformed the Retail Experience by Transforming its Network with Cato
How Redner’s Markets Transformed the Retail Experience by Transforming its Network with Cato Grocers may not be the first industry that comes to mind when one thinks of digital transformation challenges. But between the use of smart shelves, just on time delivery, online ordering and more grocers and retailers in general have relied on digital transformation to stay competitive. The same was true for Redner’s Markets. The Pennsylvania-based grocer relied on technology extensively to keep competitive, but it was technology that was posing a problem for employee-owned, family-run grocery chain. The staff was unable to place clear voice calls across the company’s network. Customer-facing loyalty applications weren’t working. Some of the grocer’s pharmacies couldn’t fax in their orders. Employees complained and customers were kept waiting. All of which was interfering with the company’s business. “We just want to provide quality food to our communities and provide a great and reliable place to work,” said Nick Hidalgo, VP of Information Technology at Redner’s Markets. Redner’s problem was that its network wasn’t keeping up with growth.  The business has grown from its founding with two stores in 1970 to 64 U.S. warehouse markets and convenience stores today. In addition to employee- and customer-facing problems, Redner’s faced difficulties getting its several network systems to work together. The network operations team needed multiple skill sets for multiple providers’ technologies. Delivering policy consistency over various vendor platforms throughout the company was a significant challenge. Disaster recovery was impacted as data replication between sites lagged an hour or two behind real-time. Employees faced complications with two-factor authentication. Hidalgo and his team found that the network problems were largely caused by their security architecture. For the company’s previous firewall to gain sufficient insight, all the company’s traffic had to be first backhauled across the internet to Redner’s Markets’ datacenter. The additional latency imposed by that backhaul was disrupting Redner’s applications and processes. The Platform Offers a Better Way Hidalgo began looking for a solution, defining his requirements and speaking with his incumbent vendors.  Quickly he realized that trying to solve each point problem would lead to integration challenges, longer time to value, and still fail to deliver the visibility into the network that he wanted.   “We turned to our partner Avail, a team of technology procurement and management advisors. They recommended considering a SASE platform and suggested we try Cato,” Hidalgo said, “We took the interview and 45 minutes later were blown away by the solution and ready to sign a PoC.” We took the interview and 45 minutes later were blown away by the solution and ready to sign a PoC.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Cato connects locations with its simple Cato Socket appliance that automatically links to one of Cato’s ~90 Points of Presence (PoP) locations, all interconnected by Cato’s fast, global private backbone. Remote users automatically connect to the nearest PoP using Cato Client and Clientless access, and Cloud resources connect using IPsec tunnels, vSockets, or for large capacity connections, Cato Cloud Interconnect. The Cato Single Pass Cloud Engine (SPACE) software runs in all PoPs, converging multiple network security functions for flow control and segmentation (NGFW), threat prevention (SWG, IPS, NGAM, DNS Security, RBI), application and data protection (CASB, DLP, ZTNA), and threat detection and incident response (XDR and EPP) into a cloud-native software stack. Cato has autonomous systems and processes sustaining the evolution of service capabilities, resiliency, optimal performance, scalability, global reach, and security posture, requiring no additional customer IT involvement.  The Cato platform vastly simplified the Redner’s network, enabling Redner’s to remove the head-end firewall at the corporate data center and disaster recovery site, as well as aggregators that were feeding those firewalls. “Transitioning to Cato allowed us to establish direct traffic paths from the branches, leading to a remarkable 10x performance boost and vastly improved visibility,” Hidalgo said. Redner was able to replace SD-WAN solutions from another vendor. Reducing the number of systems supported eliminated the need for Redner’s IT team to maintain skills on multiple systems. Cato’s policy management tools solved the struggle to maintain uniform policies across the network. “With Cato’s built-in management tools, we set policies, and they apply everywhere. Previously, we set bandwidth priorities and hoped they worked on our three different implementations,” Hidalgo said. He added, “The convergence of security and network in one solution—one pane of glass—was where we wanted to go. Cato provided us with that. Other solutions didn’t make sense.” From User Complaints to User Kudos With Cato SASE Cloud, faxing over the network became reliable and hassle-free. Difficulties with Redner’s customer-facing loyalty application have been resolved. Changes in IT infrastructure are generally not met with cheers from end users. But with Cato deployed, Hidalgo says he’s seen a qualitative difference from users. “We have gotten rave feedback. They see a performance change. They don’t need to know anything besides that. We just deliver what they need.” Cato smoothed over Redner’s multi-factor authentication difficulties. “We rolled Cato out, and within two seconds, someone can authenticate and access the network remotely. They’re just raving about the experience compared with what they had before.” The Cato platform helped resolve Cato’s data recovery concerns, replicating data in real time between sites. And the Cato platform delivered improved voice and video performance with packet loss correction techniques to improve last-mile quality. “We have improved the performance of every application on the network by rolling out Cato,” Hidalgo said. “We don’t hear about network slowness; we don’t hear complaints.” “We have improved the performance of every application on the network by rolling out Cato,” Additionally, Cato XDR made Redner’s team more efficient in remediating security incidents. “Cato XDR is a timesaver for us,” he says. “The XDR cards let us see all the data relating to an incident in one place, which is valuable. Seeing the flow of the attack through the network—the source of the attack, the actions taken, the timeframe, and more—on one page saves a lot of time. If a user has a network issue, I do not have to jump to various point product portals to determine where the application is being blocked.” (For additional information about Redner’s Markets’ experience with Cato XDR see this blog.) “Cato XDR is a timesaver for us,”
Read customer story Search
From Garage to Grid: How Cato Networks Connects and Secures the TAG Heuer Porsche Formula E Team

Automotive

From Garage to Grid: How Cato Networks Connects and Secures the TAG Heuer Porsche Formula E Team
From Garage to Grid: How Cato Networks Connects and Secures the TAG Heuer Porsche Formula E Team The IT leadership of TAG Heuer Porsche Formula E Team shares insights about the value of a platform, Cato XDR, Cato DLP, and more. "I'd definitely give Cato the pole position. I can honestly say Cato does a remarkable job making networking and security much, much better." -- Friedemann Kurz, head of IT for Porsche Motorsport. Moving at speeds up to 320 Km/h, sleek, aerodynamic Gen 3 Formula E racecars slice through city circuits, combustion engine roar replaced by the high-pitched whine of arguably the most advanced electric motors in the world. The vibrant, thrilling spectacle that is Formula E is taking center stage yet again as the industry hurdles into Season 10. Last season, Cato was selected to secure and connect the TAG Heuer Porsche Formula E Team with their cloud and on-premises applications and race engineers in Weissach, Germany. This season that relationship has only matured and includes even more Cato capabilities. With a season spent running Cato SASE Cloud, where would the IT team behind the TAG Heuer Porsche Formula E Team place Cato? "I'd definitely give Cato the pole position," says Michael Wokusch, senior IT product manager for Porsche Motorsport. "I can honestly say Cato does a remarkable job making networking and security much, much better." "Depending on your stack, mid-size enterprises easily have two full-time people doing only networking and network security. Or, you can run Cato and have one person handling the network and doing security on the side," he says. Formula-E: The Ultimate IT Challenge Behind the thrilling speeds and split-second race decisions of Formula E lies an enterprise security and networking stress test like no other. There’s the security challenge: An event as high-profile and technology centric as Formula E with a brand like Porsche Motorsport makes for an enticing cyber target. The attack doesn't need to penetrate defenses; disrupting communications with a denial of service (DOS) would be disastrous. But with only one IT person at a race event, TAG Heuer Porsche Formula E Team needed a security platform that was powerful, smart, and simple to operate. Then there’s the logistics challenge. Formula E races (16 events in season 10) happen globally, often in remote regions with limited infrastructure. Shipping lots of equipment isn't an option. "Every kilogram saved on freight saves on costs and reduces emissions," says Friedemann Kurz, Head of IT at Porsche Motorsport. "It's like a race car. The lighter the race car, the more agile it can be. So, too, with IT. The less equipment we ship, the more agile we can be." "It's like a race car. The lighter the race car, the more agile it can be. So, too, with IT. The less equipment we ship, the more agile we can be." Kurz and his team rely heavily on the cloud to reduce local footprint. “Less equipment means lower shipping costs, faster deployment time, and less emissions. Every kilogram we save in shipped equipment saves on carbon emissions," he says. The teams arrive at the location 2-3 days before the event. They only have a few hours to build the race garage and IT infrastructure before the cars arrive. "It's why it's so important to have streamlined IT infrastructure and operation. Onsite at the racetrack is just one person, and that person needs to monitor the deployment, pack it down, and do it all over again," says Kurz. If parts need to be changed, that also needs to happen within those initial hours. All to get the cars on the track to collect as much information as possible so the race engineers can optimize the car software and, more specifically, its energy consumption. "Calculations need to be done in a very short time frame, and a stable network is essential to that goal," says Kurz. "Calculations need to be done in a very short time frame, and a stable network is essential to that goal," Finally, there’s the networking challenge. Race regulations restrict Formula E teams to 50 Mbps Internet connections. Across that narrow connection, the IT department supporting TAG Heuer Porsche Formula E Team had to run application sessions carrying telemetry data during testing, file synchronization between the local NetApp server and the cloud, video sessions for remote race engineers to see what's happening at the track, and voice for communications. Quality of service policies are essential for ensuring applications get the necessary throughput, which is made all the more critical given the Internet connection. The high packet loss and unpredictable public Internet routing limit the connection's throughput. (For example, at 200 milliseconds of latency and 1% packet loss, theoretical TCP throughput would drop to about half a megabit.) "If you're on the other side of the world, well, you can imagine the user experience. It was terrible when we ran over the Internet," says Wokusch. "File synchronization between servers and racetrack alone could occupy the local bandwidth.” Cato Answers the TAG Heuer Porsche Formula E Team Security Challenge To meet those challenges, the IT department behind the TAG Heuer Porsche Formula E Team turned to Cato. At each race event, the team deploys a Cato Socket, Cato's edge SD-WAN device. The half-u Socket is so small it can sit on a shelf. With the Socket and cloud resources, IT travels light. "This season was the first time that we traveled without a server rack,” says Kurz. “Everything we needed is built into our [garage] walling. It's super slim." During season 9, the team ran Cato in hybrid mode, connecting their local equipment to a Cato Socket and a dedicated connection for an IPsec tunnel. After seeing the reliability of Cato, the TAG Heuer Porsche Formula E Team has gone 100 percent Cato. “It's looking good. We are more than happy," says Wokusch. All traffic from the TAG Heuer Porsche Formula E Team is sent through the Cato Socket to the Cato PoP, where networking and security policies are applied, and the traffic is forwarded either across the Cato backbone to the Cato PoP closest to the traffic's destination or onto the Internet. Every Cato PoP runs the Cato Single Pass Cloud Engine (SPACE), the core security engine of Cato, converges multiple network security functions for flow control and segmentation (NGFW), threat prevention (SWG, IPS, NGAM, DNS Security, RBI), application and data protection (CASB, DLP, ZTNA), and threat detection and incident response (XDR and EPP) into a cloud-native software stack. Cato has autonomous systems and processes sustaining the evolution of service capabilities, resiliency, optimal performance, scalability, global reach, and security posture, requiring no additional customer IT involvement. The Cato SASE Cloud built-in multi-segment optimization dramatically improves the throughput of the last-mile connection. "Our applications perform better because our network is better with Cato. The average packet loss is now below 1 percent. With the Internet, 5 percent packet loss was normal," says Wokusch. With Cato’s application analytics, Wokusch could identify the most popular applications and start by optimizing them first. As a result, users are having a much better experience. "Complaints about the network decreased once we deployed Cato,” says Wokusch. "From an IT perspective, we saw the biggest change by far in file transfer, but applications in general are loading faster and are more responsive." "From an IT perspective, we saw the biggest change by far in file transfer, but applications in general are loading faster and are more responsive." Cato Answers the TAG Heuer Porsche Formula E Team Security Challenge Formula E drivers rely on a detailed dashboard of dials and digital readouts embedded in their steering wheels to drive their cars. "Cato is the steering wheel for our infrastructure," says Wokusch. "At a glance on the Cato management console, I can understand everything I need to know to drive my network and security infrastructure." To keep an eye on security threats this season, the team relies on Cato XDR. "The great thing about the Cato XDR dashboard is the visibility to trace events end-to-end," says Wokusch. "Cato already showed us two potential threats and blocked them, threats that would have been missed otherwise by the rest of our security measures. That was excellent." But what most impressed Wokusch was what Cato XDR didn't do. "I'm amazed about the lack of false positives. I haven't seen a single one.” "Cato accurately identified and classified typical Internet security scans as ‘low impact,’ he says. “We also had two events where somebody tried to download a legitimate application from a non-official mirror on the Internet, and, on one occasion, the application contained a bot. Cato immediately recognized it and flagged it for us.” Cato XDR makes security simple for IT pros to work with. "It's super easy to follow up. You don't need to be a security expert to follow the dashboard and stories, so that's cool. And when you need to deep dive into a topic, you can still do it because you have every event stored," he says. "It's super easy to follow up. You don't need to be a security expert to follow the dashboard and stories, so that's cool. And when you need to deep dive into a topic, you can still do it because you have every event stored," Cato Makes Restricting Access Policies Possible and Easy to Implement Intuitive and granular event filtering enables IT to improve security posture by creating precise ZTNA policies. "Now, we can easily generate access policies that open applications to users based on facts and not just on our instinct,” he says. A TAG Heuer Porsche Formula E Team user wanted to run a particular software package. "We looked up the application in the Cato Application Library and got an excellent summary of the compliance and security measures that needed to be taken,” he says. "We could see the application gave users two options for connecting the software client to the backend. One approach is SSL encrypted, which was fine, but a second option allowed the software client to establish an unencrypted connection. If the user makes a mistake and doesn't click the SSL checkbox, they could share credentials in the clear. For us, that would be absolutely a no-go." Wokusch defined a very granular firewall rule that only allowed encrypted transfers. “It was fast. It took us about 10 minutes to see the communications flow and then build the firewall rule,” he says. "With some of the other solutions we’ve seen, it would not have been so easy. We would have had to allow or block the whole service entirely.” Better security doesn't just reduce risk. It also changes the IT posture towards the enterprise. With Cato DLP, for example, Wokusch says IT can be more accommodating and flexible because of Cato's improved controls. "We can say to our users, "Okay, we do have our sanctioned online storage apps, and we prefer to use them, but if you want access to your online storage app, that's fine. I can let them access them and download files knowing that with Cato DLP, I can block any sensitive uploads." Empowering Local Teams Without Compromising Corporate Policies Empowering drivers to make decisions helps them be nimbler and win races. Empowering local IT teams to make their own decisions is no different. With Cato, the TAG Heuer Porsche Formula E Team IT department is more agile and addresses new challenges faster while adhering to Porsche IT policies. "If a router rule needed to be configured, we needed our counterpart in central IT to take that action. With Cato, we can add the firewall rule ourselves. We do more in less time without more people." Another example is remote access. "Previously, we would need to request an official Porsche remote access setup with a Porsche laptop, a PKI card, and the whole end-to-end toolchain. It could take months." Now, we can connect them with Cato and restrict their access to the two applications they need to use, and once they're done, easily remove them." Winning the Formula E Car and IT Race Many sectors may lack the allure of motorsport, but the lessons from Formula E remain. Everyone needs to improve security posture without increasing headcount. Everyone needs a reliable, predictable network for mission-critical data and cloud transformation. Supporting drivers hurtling around a track at heat-stopping speeds may not be every IT team’s call, but that doesn't take away from meeting the demands of executives and users in any business. "Sure, our business might be higher profile than some, but our IT challenges aren't all that different," says Wokusch. "If you're facing anything like we've seen, all I can say is give 'Cato a shot.' You won't regret it." "Sure, our business might be higher profile than some, but our IT challenges aren't all that different," Give 'Cato a shot.' You won't regret it." To see how you can take Cato for a test drive, click here.
Read customer story Search
Inspiro Boosts VoIP Reliability and Cloud Application Access with Cato SASE Cloud

Technology

Inspiro Boosts VoIP Reliability and Cloud Application Access with Cato SASE Cloud
Inspiro Boosts VoIP Reliability and Cloud Application Access with Cato SASE Cloud Inspiro Call Centers Struggled with Poor VoIP Performance and Slow Application Access Few functions depend on low latency more than voice and video and few businesses depend on clear voice and fast application access more than customer call centers. Rey Picar, Vice President of IT Service Delivery for Inspiro, a leading customer experience outsourcing firm, knows that only too well. “Voice and data traffic performance are critical to our operations with clients worldwide,” says Picar. Before Cato, Inspiro’s call centers relied entirely on local ISPs and the Internet for voice interactions with customers and access to client customer service applications. Unfortunately, with its unpredictable performance and latency, the Internet couldn’t deliver, which had a direct impact on revenues. “Our staff was often challenged by one-way, garbled, and dropped calls,” says Picar. Even when voice calls went smoothly, accessing client customer service applications was often slow, hampering the ability of call center staff to address customer issues promptly and slashing the number of customer calls agents could handle each day. “Our agents are expected to meet certain volume requirements for our SLA’s,” says Picar. “If they don’t, we suffer financial penalties that affect our revenue directly.” Not to mention dissatisfied clients and their customers. Aside from call quality issues, Inspiro was in the process of moving more applications to the cloud, which meant even more reliance on WAN performance and latency. Picar knew that he had to come up with a faster, more reliable network solution than the public Internet, so he started looking for a replacement. “Our three priorities were low latency, reliability, and cost efficiency,” says Picar. Inspiro Investigates WAN Alternatives, Chooses Cato That’s what led him to Cato. Picar and Ray Segaya, Vice President for IT Service Management, were intrigued by the Cato SASE Cloud approach to SD-WAN and security. The Cato SASE Cloud could provide fast performance and low latency at a cost that was affordable. But there were other pluses as well. “It was clear that the Cato SASE Cloud would improve scalability and speed of deployment,” says Segaya, “and it would help us meet our goal of minimizing the data center’s carbon footprint.” The Cato SASE Cloud platform optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud data centers, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 80+ PoP locations and its fast, global private backbone. The Cato Socket, Cato’s edge SD-WAN device, extends the Cato SASE Cloud to sites, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, the Cato Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Remote Browser Isolation (RBI), Zero Trust Network Access (ZTNA/SDP), and Firewall as a Service (FWaaS) with Advanced Threat Prevention (IPS, Next Generation Anti-malware). It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. Picar and Segaya ran a proof of concept (POC) with the Cato solution and were impressed by the results. Voice quality was much improved, as reflected in the Mean Opinion Scores (MOS) recorded by the team. MOS is a metric used to measure VoIP or digital audio quality, where 1 is the lowest quality and 5 is the highest quality possible. “After deploying Cato, our MOS ranged from 4 to 5,” says Picar. There were other performance gains as well. “Our data transfer rates increased by 30 times,” says Picar, “and our agents saw significant improvement in the speed at which they could access client applications, improving their ability to resolve customer issues quickly.” Deployment of the Cato solution went smoothly, thanks to its ease of use and the skills of the teams from Cato and solution provider KDDI. “Deployment was a great experience for us--very professionally executed by Cato and KDDI from proof of concept to implementation,” says Picar. “Cato’s personnel are very knowledgeable about their product and very patient explaining its benefits and their project plans. They responded to all our questions quickly and accurately.” Serving More Customers Boosts the Bottom Line The results of the deployment matched the POC experience, with high MOS and no complaints from customers or staff. “With Cato there’s been a big improvement in VoIP performance and application access. We have yet to receive any complaints about voice quality issues from our users or operations group.” Cato’s management tools have greatly enhanced Inspiro’s ability to monitor the network as well. In terms of ROI, Picar estimates that Cato is saving Inspiro 20 to 30 percent in telecommunications costs compared to its previous solutions. “What’s more, thanks to better connections and application access, we can meet our service level commitments, which enhance the company’s revenues directly.” No more SLA fines. Cato’s support has been excellent, according to Picar. “Cato competes very well with other vendors in terms of its technical skill set, 24-by-7 support, and, most of all, the continuous improvement of the Cato solution by its research and development group.” Now that its network issues have been solved by Cato, Inspiro aims to implement Cato’s security services as well. “We’re looking to replace our on-premises security technology with the Cato SASE,” he says.
Read customer story Search
Help at Home Centralizes and Boosts Security, Eliminates Network Outages with Cato SASE Cloud

Healthcare

Help At Home Needed a Simpler and More Reliable Network to Serve its Clients
Help at Home Centralizes and Boosts Security, Eliminates Network Outages with Cato SASE Cloud Help At Home Needed a Simpler and More Reliable Network to Serve its Clients Few industries have undergone a faster, more dramatic digital transformation than healthcare. Today about every aspect of patient care depends on timely access to fast, secure systems and networks for the information and collaboration critical to achieving optimum results. Chris Lockery, Chief Information Security Officer and Head of IT Infrastructure for Help at Home, the nation’s largest provider of personal home care services, knows this reality extremely well. Based in Chicago, Help at Home delivers home care for more than 70,000 elderly and disabled clients in 12 states via 63,000 caregivers and 3,000 knowledge workers. “Many of our clients rely on our caregivers just to have a normal day,” says Lockery. “If they can’t call into the office or their caregivers can’t access our networks and systems to schedule appointments, it means a client can’t even get out of bed, take a shower, or have a home-cooked meal. All those day-to-day things most of us take for granted are critical for our clients’ wellbeing.” Until Lockery deployed Cato, the complexity and unreliability of Help at Home’s network made delivering that personal care difficult. “Before Cato, we had more than 40 different telecom carriers across 150 branch offices in 12 states with legacy, on-premises technology that took lots of IT time to support and maintain,” said Lockery. Having to deal with all that billing complexity and maintain all that disjointed, often poorly integrated, legacy equipment often led to outages, which made it challenging for Help at Home to take care of its caregivers and their clients. Lockery said, “In one year, Help at Home had an average of 40 outages per month affecting the phone systems, Internet, or both. Those outages had an impact on both client services and employee morale.” Help At Home’s CISO Evaluates SASE Solutions, Chooses Cato Lockery knew he had to overhaul Help at Home’s infrastructure to deliver a standardized, simplified network that was more secure, reliable, and easy to maintain. “In evaluating alternative network solutions our top three priorities were making sure that our network was always on and available to service clients; that it was secure to protect our clients’ most sensitive information; and that it delivered a good customer support experience,” says Lockery. Immediately Lockery turned to SASE and SD-WAN solutions. Unfortunately, with the notable exception of Cato SASE Cloud, most of the solutions Lockery investigated were anything but simple. “Many of the other vendors claimed to have an all-in-one SASE and SD-WAN solution, but in reality, they strung together multiple different products that had been acquired and not fully integrated. Only Cato delivered a true all-in-one network and security solution.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud data centers, into a secure global, cloud-native service. Connecting a location to Cato is a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 80+ Points of Presence (PoPs) and its fast, global private backbone. The Cato Socket, Cato’s edge SD-WAN device, extends the Cato SASE Cloud to locations, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, Cato Client and Clientless access enables secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security service edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), Remote Browser Isolation (RBI), Zero Trust Network Access (ZTNA/SDP), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. 150 Offices Upgraded in 6 Months Lockery worked with Cato and technology solutions provider Windstream Enterprise to deploy and manage Cato SASE Cloud across all of Help at Home’s branch offices and cloud AWS and Azure datacenter links. His ambitious goals included not just replacing his complex infrastructure with a single SASE but rebuilding the entire network, including cabling, switches, and access points. “With Windstream and Cato’s partnership we were able to deliver that all-in-one solution in all 150 offices in less than six months,” says Lockery. Lockery credits Cato’s support for his smooth, rapid deployment. “One thing I really liked about the support from Cato and Windstream was our direct access to their leadership teams and sponsorship from their CEOs and heads of engineering,” says Lockery. “This allowed them to really tailor the solution to meet our needs and cause minimal disruption to our branch offices during installation.” Cato also invited Lockery to join its customer advisory board. “They show a keen interest in our input and feedback to help them provide a better product,” said Lockery. Unmatched Reliability and Robust Security to Serve Clients Better Almost immediately Lockery noticed the simplicity and robust security and reliability the Cato solution delivered. “It quickly brought our network security and availability up to speed with a firewall, data loss protection, network intrusion prevention, and a cloud access security broker,” says Lockery. “And Cato centralized it all so we could deploy new cybersecurity capabilities and consistent policies across our more than 150 branch offices.” Lockery no longer has to manage all those different legacy on-premises firewalls, switches, and access points. “We now have 24-by-7 monitoring on all our network and security infrastructure, so we are notified immediately of any issues and can respond rapidly.” Perhaps best of all, however, the Cato solution has eliminated outages. “Thanks to Cato, our network is always on and available. You just can’t put a price on that benefit when it comes to serving clients.” Prior to the Cato solution, Lockery was fielding a lot of complaints and “noise” from the branch offices. “The best thing an IT person can hear from the field is quiet,” says Lockery, “and quiet is what we’ve achieved with the Cato SASE solution.” Lockery urges other organizations to consider the Cato solution. “Cato offers flexibility and a level of partnership that I haven’t seen with other vendors,” says Lockery. “Cato SASE gave us an all-in-one network availability and security operations center that removed the unnecessary cost and positioned our network better for next-generation capabilities and rapid growth.” 
Read customer story Search
AFI Properties Cures ERP Woes Through Network Transformation with Cato SASE Cloud

Construction

AFI Properties Cures ERP Woes Through Network Transformation with Cato SASE Cloud
AFI Properties Cures ERP Woes Through Network Transformation with Cato SASE Cloud AFI Properties Needed to Speed Up ERP Access Making smart business decisions relies on good business intelligence and that often means an up-to-date ERP system. But keep ERP or any application current is challenging when users can’t gain easy access to the system. Just ask Shira Baum, CIO of Africa Israel (AFI) Properties. AFI Properties is a rapidly growing global real estate firm specializing in income-generating commercial and residential properties. Today, the firm has eight locations spread across in Israel, the Netherlands, and Eastern Europe. When Baum first joined the company, AFI users ran virtual desktops over the Internet to connect with an ERP server in Israel. The VDI solution gave AFI the security it needed but proved unresponsive, frustrating users. In fact, the experience proved so bad that users ended up with two laptops, one for connecting to the ERP server and the other for business productivity needs. “I had to work from home my first week and it took me more than 20 minutes to connect to the ERP system,” says Baum. “I went to the bathroom and came back and needed another 20 minutes to reconnect. I called the infrastructure manager and I said, ‘We can’t go on like this.’” Later Baum found out that most employees didn’t even bother connecting from home because it was too complicated and time-consuming. “They just left their laptops at the office.” To make things worse, each of AFI’s eight locations ran most of their own IT infrastructure. “Each had different networks, security solutions, and servers,” says Baum. Some sites had firewall appliances but configuring and enforcing security polices with them was complex and inconsistent across locations. “Most of our locations had very low security, perhaps some routers with a few rules in the firewall and that’s it,” says Baum. “Some didn’t even have that.” AFI Chooses Cato SASE to Transform the Hybrid Work Experience Baum set about transforming and modernizing AFI Properties’ IT infrastructure with a focus on faster application access. “My goal was to have everyone on the same platform with one desktop, one network, one way to connect to applications, including ERP, and one security methodology.” While security was obviously a major concern, Baum set out to upgrade the network first so employees could at least get their work done. Baum looked at several solutions for office connectivity but was immediately intrigued by the Cato SASE Cloud platform. Not only was Cato a quarter the cost of other solutions and cloud-based, but it would also solve all AFI Properties’ application, network, and security problems at once. “Cato came to me with a single SASE solution for remote access, fast networking, and powerful security for all our sites,” says Baum. “Having the firewall and VPN in the cloud was a great way to give everyone the same security no matter where they were working. I could manage it all from here. All I had to do was give each site a Cato Socket.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud data centers, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 80+ Points of Presence (PoPs) and its fast, global private backbone. The Cato Socket, Cato’s edge SD-WAN device, extends the Cato SASE Cloud to locations, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, Cato Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), Firewall as a Service (FWaaS), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), and Remote Browser Isolation (RBI) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. Easy Installation, Fast ERP Access With Cato, Baum simplified the connection and work environment for employees with proper networking. In the process, she gave them a more responsive, easier to user remote access experience. Today, AFI users can connect to any business application, whether in the data center or the cloud, the same fast way with the same laptop. Baum loves that she can monitor the entire network and security infrastructure on a single pane of glass, and never has to update any software or appliances herself. All of that is handled in the cloud by Cato. She only had to set a few firewall rules, which were easy to deploy globally and update. “I configure a rule, and instantly it’s effective at every site,” she says. Deploying Cato to all AFI Properties’ sites was as easy as promised. “I carried the first Cato Socket appliance to our Krakow server room in a suitcase,” says Baum. “I called Cato, and they told me to plug this in here and plug that in there, and that was it. In just a minute it was working.” When COVID-19 hit and working at home exploded, Baum was ready, thanks to Cato. “I called my Cato account manager and told him we needed everyone on the Cato VPN now and he said, ‘No worries,’” says Baum. “15 minutes later the VPN was on my account. I deployed the VPN and the next day everyone was working from home with their laptops.” Other companies she spoke to didn’t believe that she could get everyone on the Cato VPN so quickly. “It’s amazing how easily remote users can connect to the network and ERP application today compared with the old way,” says Baum. “They tell me how much fun it is just to click and be at the office, no matter where they are,” says Baum. What Baum appreciates the most is the peace of mind the Cato SASE Cloud solution gives her. “I know that my company is secure, that all my sites and users can connect quickly with the same solution, and that every time I need something from Cato, they’ll listen carefully and come through,” says Baum. “Thanks to Cato I can sleep at night.” Her advice for other companies considering Cato to connect multiple sites? “Go for it!”
Read customer story Search
Devro Boosts Network Visibility and Enhances the Hybrid Work Experience with Cato

Manufacturing

Devro Boosts Network Visibility and Enhances the Hybrid Work Experience with Cato
Devro Boosts Network Visibility and Enhances the Hybrid Work Experience with Cato Devro Investigates Firewall Replacements, Chooses Cato SASE Cloud It was clear that Devro needed to replace its aging firewall appliances, which is why it started working with its technology partner to investigate options, including those from firewall appliance vendors. It soon became evident, however, that there were business benefits to a single solution encompassing firewalls and other functions, such as a secure Web gateway and even SD-WAN connectivity. “Some of our manufacturing plants are in remote locations where connectivity wasn’t always great,” says Cappie. “That is what made Cato’s SASE, SD-WAN solution so appealing. Once we saw what Cato could do for us in terms of SD-WAN, remote access, and security, we started discussing those capabilities with competing vendors.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud data centers, into a secure global, cloud-native service. Connecting a location to Cato is a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast, global private backbone. The Cato Socket, Cato’s edge SD-WAN device, extends the Cato SASE Cloud to locations, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, Cato Client and Clientless access enables secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), Firewall as a Service (FWaaS), Secure Web Gateway (SWG), Data Loss Prevention (DLP), and Remote Browser Isolation (RBI). It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. It soon became apparent that Cato was the only solution that combined so many critical functions under a single SASE and management pane of glass. “Other solutions felt like a bunch of separate pieces bolted together and had too many add-ons and options,” says Cappie. “Cato’s single pane of glass made a big difference for us in simplification, standardization, and troubleshooting across all those functions and using role-based access to divide the management of areas, regions, or subsets of users amongst the team,” Cappie said. Getting support directly from Cato, rather than a third party was also appealing. With Cato’s single sign-on users would no longer have to log onto the VPN every day for remote access or the Web gateway client for Internet access, and IT would get 24/7 visibility across user and remote office systems. “Thanks to Cato we’ve been able to run vulnerability scans, security updates, and policies across all connected systems any time night or day,” said Cappie. Cappie also liked that deployment of the Cato SASE Cloud solution would be seamless and non-disruptive. “It was clear that the other solutions would have required more planned downtime,” says Cappie. “From a business perspective, Cato’s easy deployment was a big selling point.” At Last, Reliability and a Single Pane of Glass Deployment of the Cato solution was easy as promised and Cappie found Cato support responsive--not only for user and IT troubleshooting but adding new features. “There were a number of things we and other customers suggested that ended up in the platform within a matter of months,” says Cappie. “With the other vendors, it would more likely have taken years, if it ever happened.” And Cato was always there to suggest ways to use its solution more effectively. “We leaned heavily on Cato’s professional services team, which was really good at coming back and saying that we’d be better off doing something one way instead of another or trying this other option.” What Cappie likes best about the Cato solution is its ease of management. “The platform interface is well laid out,” says Cappie. “It is so easy to access lots of detailed information, or just the high-level stats if that is all you need. It is great to have that dashboard with the overview showing all your sites online and how many users are connected at any given time and the event screen is incredibly useful. Our old firewall interface seems so archaic in comparison.” And all of Cato’s functions are baked in, rather than bolted on as options. “In terms of being intuitive, Cato’s platform is undeniably the best possible solution,” Added Cappie.  Reliability and performance have been excellent with Cato and user feedback has been overwhelmingly positive. “Users love that once they do that initial sign-on, the VPN is always on and they can just do their work and forget about it,” Cappie said. “Cato’s user experience, easy management, and robust security have come together to make a significant difference for everyone at our company, even at the board level.” “The platform interface is well laid out,” says Brian Cappie. “It’s so easy to access lots of detailed, useful information, or just the high-level stats if that’s all you need.” “Some of our manufacturing plants are in remote locations where connectivity wasn’t always great,” says Brian Cappie. “That is what made Cato’s SASE, SD-WAN solution so appealing. Once we saw what Cato could do for us in terms of SD-WAN, remote access, and security, we started discussing those capabilities with competing vendors.” “Cato’s single pane of glass made a big difference for us in simplification, standardization, and troubleshooting across all those functions and using role-based access to divide the management of areas, regions, or subsets of users amongst the team,” Brian Cappie said.
Read customer story Search
Gordon Brothers Achieves Major Cloud Migration, WFH Transition and Centralizes Security with Cato SSE 360

Financial Services

Gordon Brothers Achieves Major Cloud Migration, WFH Transition and Centralizes Security with Cato SSE 360
Gordon Brothers Achieves Major Cloud Migration, WFH Transition and Centralizes Security with Cato SSE 360 Gordon Brothers Needed a Network Solution for Cloud Migration and Security The cloud offers organizations agility, flexibility, scalability, and the means to ramp up new services with incredible speed. Migration to the cloud doesn’t happen all at once, however, and can be challenging for global organizations with lots of dispersed locations and IT solutions. Add in a global pandemic and you’re looking at a possible recipe for major business disruption. Such was the case for Gordon Brothers, a global enterprise that partners with companies, advisors, investors, and lenders to fuel growth, facilitate strategic consolidation, and finance new opportunities. David Cherenson, Director of IT Operations, sought a way to migrate globally dispersed applications to Microsoft Azure. “In 2017 our apps and data were spread across our main Boston datacenter, the Midwest, London, and some other locations,” says Cherenson, “all of which were connected with point-to-point circuits or site-site VPNs.” Security came from a mix of dispersed appliances with different capabilities and sets of policies, and management divided between IT and service providers depending on location. “We work with a lot of finance companies, so we’re always asked about security,” says Cherenson. “At that time, I felt security was all over the map.” Gordon Brothers’ small IT staff rarely had the time or resources to monitor network traffic consistently for suspicious activity. Cherenson felt strongly that he needed to centralize security and get the monitoring piece in place. Gordon Brothers Starts its Cloud Migration Gordon Brothers started its cloud shift with Office 365 and Azure Active Directory and then decided on a major Azure migration. They interviewed several IT cloud migration partners and looked at the proposals, but Cherenson couldn’t shake the feeling that something big was missing. “Nobody talked very much about networking,” says Cherenson, “except maybe how to connect directly to an Azure datacenter. How were we going to move things without impacting our users if the users, data, and applications were spread out all over the place? It was clear to me that we needed a network that could connect to all of them throughout the whole migration process so we could move things around transparently.” Cherenson started looking for a network solution that could help make the migration seamless. “I did a lot of research, talked to a lot of people, and looked at some companies,” says Cherenson. That was when he found Cato. “Right away I thought Cato was what I was looking for because we could use it to connect all of our offices, and even our remote users, to one central cloud.” He also realized that the Cato solution would also solve his security issues. “With Cato Security Service Edge (SSE) 360 we could centralize our security policy globally, rather than having to deal with different policies and brands of firewall appliances in different locations,” says Cherenson. “Other contenders had security features, but I really felt that with Cato, security was the DNA on which everything else was built, and that’s what I needed to sleep at night.” Cato was also the only alternative that connected remote users to the same network and security architecture as offices and the cloud. Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last mile links in physical locations, while Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. Cherenson went to the CITO and told him why he thought they couldn’t go ahead with their cloud migration project until they figured out how everyone was going to connect to everything simultaneously. “I told him I thought we should tackle the networking piece first,” says Cherenson. “Fortunately, he said, ‘I think that’s a good idea.’” Cherenson did a proof of concept with Cato that went very well, and then moved to a pilot. “We started connecting our main offices and Boston datacenter just so we could try it out,” says Cherenson, “and we connected a small group of users with the Cato VPN client.” Cato Simplifies Security for Business Transformation Cherenson was excited about the security possibilities he saw with Cato during the pilot. “I realized very quickly that Cato SSE 360 took geography out of the equation. We could implement a global policy and use it to control all our network entry points and apply it to every single person on the network. We could also take advantage of Cato’s antimalware, IPS and all that other stuff and apply it not only to WAN traffic but to our Internet traffic as well.” Cato MDR, a part of SSE 360, would solve the monitoring issue. “Cato’s MDR service monitors the network for us and notifies us if they notice anything anomalous, malicious, or otherwise suspicious,” says Cherenson. “We didn’t get lots of those notifications at first, but certainly more than we get now, because we’ve used that information to keep tuning things over time.” With the pilot’s success, he decided it was time to connect anything to Cato that hadn’t been connected yet, including other offices, datacenters, and a pilot Azure environment they were testing. “Cato’s performance with Azure was really good,” says Cherenson, “so I felt we could have that conversation about doing a big migration.” Users didn’t notice any change during the Azure migration. “Let’s say we had a file share in our Boston datacenter. Over a weekend we could cut it over to Azure without having to change anything except DNS and the VPN client would route to the Azure datacenter in Virginia without anyone noticing anything.” Gordon Brothers Transitions to Work-At-Home in a Week March 2020 hit Gordon Brothers like a ton of bricks. “One day we were in the office and the next we weren’t,” says Cherenson, “but in a way we were lucky because I told my boss, ‘We have this pilot group on Cato and it’s working very well. I can get everyone on it pretty quickly.’ Fortunately, he agreed again and, so we did.” Most of the company was on Cato within a week. “We sent out emails to the staff with a few screenshots and the VPN client installers and tweaked as we went along.” Cherenson was concerned that he was putting all his remote access eggs in one basket, but he felt he had no other option. “Fortunately, it worked out really well,” says Cherenson. The Cato solution has paid for itself in cost savings and a quick ROI, but most importantly, it’s allowed Cherenson to eliminate some technical challenges and focus on strategic initiatives. “We’ve made a tremendous amount of overall progress in IT and business transformation in the past few years, and I think the implementation of Cato and SSE 360 were huge building blocks that enabled us to do that. We have a lot of things on our roadmap and now I don’t need to waste my time managing individual firewalls and circuits. “ Today, Cherenson has a quarterly call with the Cato MDR team who audit Gordon Brothers’ Cato configuration and make suggestions about how to tighten security. “I feel like we really have security under control now. And we keep making it better as Cato continues to come out with new features.”
Read customer story Search
James Walker Gains a Streamlined Network and Security Platform for Digital Transformation, Thanks to Cato 

Manufacturing

James Walker Gains a Streamlined Network and Security Platform for Digital Transformation, Thanks to Cato
James Walker Gains a Streamlined Network and Security Platform for Digital Transformation, Thanks to Cato  MPLS Was Not the Right Network Solution for Digital Transformation  MPLS is a good solution for branch offices accessing applications in a centralized corporate datacenter. In an era of digital transformation, work-at-home, and the cloud, however, MPLS has become much less practical and too expensive.   That was the predicament James Walker found itself in when it started planning its future digital transformation strategy. Based in Woking, UK, James Walker is one of the strategic business units under the James Walker Group. It specializes in the design and manufacture of high-performance sealing and joint integrity systems such as O rings and gaskets.   With 30 sites spread across the Americas, Europe, Africa, and Asia, James Walker initially relied on 20 MPLS and 10 IPsec connections for its office and factory connections. Its MPLS networks were distributed regionally in hub-and-spoke configurations, with different providers and breakout locations for Asia/Africa, Europe, and the Americas. In Europe there was an Internet breakout in the UK.   Twelve firewall appliances, also distributed regionally, handled IPsec VPN connections and security.   “The network was designed originally for the consumption of on-premises applications and services,” says Andrew Story, Senior Infrastructure Analyst. “When the world started changing and the cloud became more prevalent, we decided it was time to reevaluate our network and security strategy.”   For one thing, once cloud services were added it would no longer make sense for James Walker to backhaul data from two-thirds of the company’s locations through a central firewall in the UK. “In terms of performance and latency that certainly doesn’t make sense for an office in Hamburg accessing a cloud service based in Frankfurt,” says Story.   Joining together several MPLS hub-and-spoke networks and suppliers, plus 10 IPsec tunnels was complex and difficult to troubleshoot. “Our network was a beast,” says Story. “All it took was one thing to fail or not work correctly and we were sent down a troubleshooting rabbit hole to pinpoint where the issue was exactly. We would get calls at midnight that the Australian sites couldn’t talk to the ERP solution in our UK datacenter because one network wasn’t talking to the other.” In the meantime, Australia could not place orders or send out invoices.   With the diversity of the installed firewall appliance products, Story found himself managing eleven different rule sets. “If we had to make a change there was no way to do it globally. We had to make it individually on every single firewall,” says Story. He also had to keep each firewall up to date in terms of patches and firmware.   Finally, with all that diverse infrastructure, moving or opening new sites was time consuming. “We were moving one or two sites a year to new locations and the provision of MPLS services for each move was very difficult and took too long.”   James Walker Looks at SD-WAN, Chooses Cato SASE  Story started looking for network alternatives that were more suitable for his company’s cloud transition and digital transformation. He looked at SD-WAN solutions and SASE and quickly concluded that SASE was the way of the future. “We saw SASE as an evolution of SD-WAN such that typical SD-WAN solutions would not be around in a few years,” says Story. “It would all be SASE.”   Story had several requirements that ultimately led him to Cato. “We were looking for a solution that would bundle security with the network and have it all managed by someone else,” says Story, “and we wanted all the security done centrally with policies we could deploy easily. The goal was to make it as simple as humanly possible for us.”   Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last-mile links in physical locations. At the same time, Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.   Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss.   Story liked that Cato would give James Walker the benefit of a high-performing global network without having to pay for it on their own. “We could access the Cato backbone at the nearest point and all our traffic would swing around those 18 time zones on a private network just for us.”   Deployment Was Quick. Platform Ready for Digital Transformation  After an initial POC, deploying Cato to all 30 locations was quick and easy and performance was excellent. “The cost has been roughly the same as our previous setup, but we get much more for that money,” says Story. “We get all that security, including IPS, which we didn’t have before, all managed by someone else. We no longer have to maintain firewall appliances and network hardware. We have multifactor authentication via Azure for our remote users. And we don’t spend nearly as much time troubleshooting network performance issues or outages. Cato does that for us.”  Cato’s support is far superior to the support Story was used to with his MPLS providers. “It’s like night and day,” says Story. “Our experience with our MPLS providers was terrible. We’d constantly have to chase them. We were often telling their engineers what they needed to do when they were supposed to be managing the network. Working with Cato and our new ISP is a breeze in comparison.”   Story can now configure, change, and manage all firewall rules centrally. “We’ve gone from about 500 rules to under 100,” he says, “and we don’t have go to eleven places to change them.”   The addition of IPS has improved the company’s security posture immensely. “When Log4j hit last year. Cato blocked over 1500 attempts to scan our network in the first weekend.   Visibility with Cato is also far superior to the previous solutions. “Everything in networking and security is visible on a single pane of glass,” says Story. “We can optimize the network from end-to-end so our users can access applications from anywhere and no matter where they are in the world. They just join the Cato network and egress close to wherever that application is.”   Story is in the process of deploying Microsoft 365 and a new cloud ERP system and looks forward to the cloud performance he’ll get, thanks to Cato’s PoPs and global network.   Overall, Cato has given James Walker the network and security platform it needs to jumpstart and fulfill its digital transformation goals. “With Cato we were able to deliver a huge amount of change in the middle of a global pandemic,” says Story, “with very little downtime.”  
Read customer story Search
HIS Group Simplifies and Strengthens Global WAN Security and Connectivity with Cato

Retail

HIS Group Simplifies and Strengthens Global WAN Security and Connectivity with Cato
HIS Group Simplifies and Strengthens Global WAN Security and Connectivity with Cato *Video filmed prior to HIS logo change HIS Group Looks to Simplify Security  Global enterprises with lots of dispersed retail locations often struggle with network and security complexity. Such was the case with HIS Group, a diverse global enterprise that specializes in travel products and operates theme parks, hotels, and other businesses. HIS Group runs 233 retail outlets in 141 cities across 66 countries.   “Our network security architecture was different at our headquarters, overseas subsidiaries, and affiliates, says Mr. Takahashi, Infrastructure Team Leader for HIS’s IT Security Group. “We were concerned that we were not always fully aware of the security status of some of our subsidiaries and affiliates,” adds Mr. Ishitani, Security Team Leader for the IT Security Group.   Ishitani and Takahashi knew they had to find a way fast to get better global visibility and improve their overall security posture. “We needed to integrate all those disparate networks and centralize their security and management,” says Takahashi.   Security was provided primarily by diverse hardware appliances, which required complex management and periodic refreshes. “It took a lot of work to reevaluate equipment every three to five years,” says Takahashi. “We wanted a solution that would relieve us of all those hardware upgrades and manage all our networking and security together under a single architecture” says Takahashi.   “Our business was also diversifying,” says Ishitani, “and each new business had its own networking and security needs. Setting up new locations and responding to those needs was taking too much time.”    Cato Offers Network and Security Consolidation That was when a staff member at one of HIS Group’s overseas locations introduced Takahashi and Ishitani to Cato. “He recommended Cato very highly, so I contacted the company,” says Takahashi. Cato was a brand-new company at the time, which, under normal circumstances would be considered a risk for a large enterprise such as HIS Group, but Takahashi immediately liked what he heard. “I was struck by Cato’s spirit, how well they worked together and with us, and how quickly they responded to our concerns,” says Takahashi. “Immediately I felt a strong sense of trust in Cato’s technical expertise and support.   The Cato solution also had a very high level of functionality and met all of HIS Group’s requirements. “It would vastly simplify our operations because we’d no longer have to monitor and manage all that equipment installed at our locations,” says Ishitani. It didn’t hurt also that the Cato solution had some significant cost advantages compared with the current tangle of networks and security solutions.   Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 70+ Points of Presence (PoPs) and its fast global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last mile links in physical locations, while Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.   Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on premises and in the cloud, protecting users against threats and preventing sensitive data loss.   After a short time working with Cato, Takahashi and Ishitani were sold. “We both felt we could trust Cato’s high level of technological expertise and support and that Cato would be the best choice for HIS Group in the future,” says Takahashi. Convincing upper management took some effort, but “they approved the solution after we showed them that it fulfilled all our security requirements, including Zero Trust, and that updates would happen automatically,” says Ishitani.   Cato Centralizes WAN Security and Management, Boosts Visibility Installing Cato at HIS Groups various locations was quick and easy. “There were some challenges, such as dealing with the laws of various countries overseas,” says Takahashi, “but we were able to clear these without major problems,” says Takahashi. “Domestic expansion was very smooth.” Performance has been excellent, and Takahashi is impressed with Cato’s management console. “Cato has made it much easier for us to visualize all our network traffic, monitor performance, and make necessary changes,” says Takahashi. Three-to five-year hardware refreshes are a thing of the past. “Cato handles periodic feature upgrades, so our network and security solutions don’t become obsolete.” There have been a few instances of PoP failures, but the business impact was negligible, thanks to Cato’s PoP redundancy. And, thanks to Cato’s easy installation and fine-grained management, Takahashi and Ishitani can equip new and acquired locations with the exact network and security functionality they need almost instantly. “Cato has definitely turned out to be the best choice for HIS when it comes to speed and ease of implementation,” says Ishitani. As with most organizations, HIS had to send many of its workers home when Covid-19 hit. “We had already set up remote access for everyone through Cato, so it’s no exaggeration to say there was no impact at all,” says Takahashi. “I truly believe that without Cato our current remote work environment would have been unthinkable.” Overall, Cato has been a great choice. “We’ve developed a strong relationship of trust with Cato, and I’ve been very impressed with their quick response and follow-up when any issues come up,” says Takahahi. “I highly recommend Cato as the best solution for any organization that has a lot of office or retail locations and affiliates with a lot of demanding and complex network and security requirements.” “As the number of ways of working increases, the security risks to the network have increased dramatically,” says Ishitani. “Cato solves all of them in one tool.”
Read customer story Search
Cato SASE Cloud secures networking of Bank Avera locations and its mobile employees

Financial Services

Cato SASE Cloud secures networking of Bank Avera locations and its mobile employees
Cato SASE Cloud secures networking of Bank Avera locations and its mobile employees In the name Avera, the Italian words "avere" (to have) and "vera" (real) merge. The name means "to have the real thing". Thus, the bank is characterized by personalized advice, a holistic approach and individually tailored financial solutions. For Bank Avera, it is very important that the locations are well, stably and securely networked. Challenge Bank Avera had previously relied on outsourcing its IT infrastructure. It was an important part of the business strategy to take the reins back into its own hands and run IT services in-house. Important factors for this decision were flexibility, visibility and security across all networks and sites. The systems had to be unified and interconnected. Different variants were evaluated and tested for the networking. Since the system had to run on its own and no infrastructure had to be purchased, the ready-made solution SASE (Secure Access Service Edge) was chosen. The main requirements from Bank Avera's point of view were: Protect Bank Avera's mobile users from threats on all devices. Manage access to all corporate data according to the corporate policies uniformly on one platform Ensure short latency and acceleration of bandwidth at all bank locations Ensure secure Internet access for all Bank Avera branches and for home use Secure and accelerate general access to cloud services Solution Cato’s Secure Access Service Edge (SASE) solution was found to be a global, cloud-native platform that runs a converged software stack to provide an adaptable and secure network service. Cato SASE Cloud's security engines are delivered as part of the cloud service. No additional equipment had to be purchased or configured for Bank Avera's requirements. Cato provides Next Generation Firewall (NGFW), Secure Web Gateway (SWG) with URL filtering, anti-malware service and Intrusion Prevention System (IPS) services. Important aspects were the optimization and encryption of data traffic (WAN) between sites, which are integral parts of the network software stack. The Cato solution uses TCP proxies and quality of services algorithms to maximize the speed of file transfers. Cato Sockets, Cato’s edge SD-WAN device, leverages multiple Internet lines to provide reliable, high-performance access to the globally available Cato SASE Cloud. Traffic can also be routed to third-party devices via IP-sec tunnels. Result: The best solution for all Bank Avera locations. Cato’s solution has significantly contributed to the stability and security of the networked Bank Avera sites and relieves the burden on the systems. Services that were previously outsourced can now be automated in-house. Existing VPN connections were replaced with Cato. Overall, complexity was reduced, uptime increased and processes simplified. The simple integration of the solution made it possible to increase visibility. The IT department can take over the configuration of the arbitrarily scalable solution itself. New users, an increase in bandwidth and additional locations can be easily integrated. The bank integrated the new and better WAN solution within a very short time. In short, the IT management is very satisfied with Cato’s security solution and can guarantee their employees the stability and security of the systems. Success Story Published on 25th November 2021 on https://www.inseya.ch/de/kunden/bank-avera
Read customer story Search
CloudFactory Boosts Network Scalability, Agility, and Security with Cato

Technology

CloudFactory Boosts Network Scalability, Agility, and Security with Cato
CloudFactory Boosts Network Scalability, Agility, and Security with Cato Complex Infrastructure Made Meeting Customer SLA’s Difficult Scale and agility are issues for any growing organization. For a company aiming to grow to a million remote workers, those issues are compounded. Just ask CloudFactory.Based in Reading, UK, CloudFactory provides thousands of remote data analysts from developing markets to support its customer organizations’ AI development projects. CloudFactory calls these remote data analysts “cloud workers.”“We started as a small outfit in Nepal about 11 years ago and we’ve moved into 45 different countries with a workforce of over 650 core team members and more than 8,000 cloud workers,” says Kevin Juma, Technology Operations Manager at CloudFactory. “CloudFactory's focus is creating a million jobs. This essentially stems from the different projects and clients that we have and the different programs that we have with our cloud workers to train them and empower them to be better leaders through delivering work for our clients.”With offices on four continents and cloud workers all over the world, CloudFactory found network and security operations challenging at times. Before Cato, CloudFactory maintained individual operating environments at its office locations and its globally dispersed “delivery centers” in Kenya and Nepal, which, until Covid, hosted up to 1,000 contract workers each.“We had to maintain a lot of complex infrastructure, including routers, switches, and firewalls,” says Shayne Green, CloudFactory Head of Security Operations. “That meant configuring VLANs, maintaining MAC filtering lists and network and Web filtering rules, and building in as much redundancy as possible to give our workers the connectivity quality and security necessary to serve our clients.”Juma agrees. “It took a lot of man hours to implement and manage security protections, optimize our network for resiliency, and monitor it all. We often had to deal with ISP outages, equipment failure, and poor security policy implementation. At times these issues would cascade and make it difficult for us to achieve the level of scalability we needed to onboard more cloud workers and deliver meaningful, secure work to our clients.” Those issues also had an impact on the ability of CloudFactory to meet its SLA agreements.CloudFactory started looking for a way to deliver better security, network agility, and scalability for fast growth, while relieving the IT staff of as much of the infrastructure configuration and management load as possible. CloudFactory Turns to SASE, Chooses Cato “Our top priorities at the time were resiliency, operational efficiency, good quality of service, and the security our clients expected from us,” says Juma. Juma and Green started evaluating SD-WAN and SASE solutions. “We wanted to be asset light,” says Green, “and get away from supporting a lot of heavy infrastructure. We needed a dynamic solution that didn’t have to rely on fixed locations and single points of presence, that could scale by leveraging a global network we didn’t have to manage and deliver a high level of security.”Juma and Green were not impressed with the solutions offered by SD-WAN providers. “Most of them were appliance based and required a high level of administration,” says Green. That’s why they turned to SASE.“SASE would allow us to be hands free without any on-premises equipment and we wouldn’t need to invest our time setting up the solution,” says Juma. “We could entrust the vendor to manage our security, networking, and routing capabilities.”Juma and Green contacted Cato and the rest is history. “From day one, it was clear that Cato was passionate about our business, and keen on what we were trying to do,” says Green. “They aligned with our mission and believed they could really help us scale and get there. That was a key reason we decided to engage with them further.”Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast, global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last-mile links in physical locations. At the same time, Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss.A two-week Cato proof of concept with 10 cloud workers in each location and VPN connections to clients and workers was very successful. “There were clear performance gains and the metrics and event data we could collect through Cato were game changing for us,” says Green. “They gave us a level of visibility we never had before, allowing us to see what our workers were connecting to and what they were doing. We had much more peace of mind with Cato’s level of security and visibility.” Support was also excellent. “We had a few small issues early on that Cato resolved very quickly,” says Green.The workers were impressed as well. “We asked the workers using Cato which solution they would choose, Cato or our previous solutions, and 94% chose Cato,” says Green. Smooth Deployment, Unprecedented Agility and Visibility CloudFactory then moved to a full deployment across locations. “The deployment with Cato was seamless,” says Juma. ”Previously, we would spend weeks coming up with routing optimizations, getting up and running, and assuring users of the availability of what we built. Cato took all of that off our hands and now we have turnarounds of five or ten minutes based on Cato’s wide network of PoPs. “Agility and scalability are much improved. “With Cato we have a very dynamic, scalable network where we can onboard new workers in minutes” says Green, “and make sure they operate within the realms we specify. Our team can work from anywhere, managing and monitoring connectivity. If we lose access to a site, we no longer have to connect directly into an appliance. Without all that overhead we can now focus on other areas of the business.”Troubleshooting network issues is vastly simpler. “We used to have entire sleepless nights troubleshooting the network for our clients, with our cloud workers expected to deliver work by the hour,” says Juma. “Now with Cato we just fire a support ticket and Cato is on it. Within 30 minutes to an hour it’s resolved. And we can monitor every single step with Cato’s QOS metrics. We have goggles and eyes we never had before.” Thanks to Cato’s simplicity, Juma has been able to reduce his network team from eight people to five, and they can divert their energy to better things. Security is much better as well. “Cato has enabled us to provide a secure network with more granular security posture implementations,” says Juma. “We’re able to police our users much better than before.” Green agrees. “Cato gives us secure access with encryption, Web filtering, IPS, next-gen anti-malware, and visibility of what our workers are doing, so that our clients can be confident in the quality of the connection coming into them.”Juma and Green also noted the access they had to Cato. “We have a very close relationship with Cato’s account management team,” says Juma. We get a sense that we are always on their mind, that they understand our business, and their solutions are aligned with our needs. They really help us understand how we can maximize the use of Cato and they’re committed to helping us fulfill the Cloud Factory vision.”Ultimately, CloudFactory found in an architecture in Cato SASE Cloud for achieving its corporate goal. “Cato SASE Cloud gives us great scale, great high availability and resilience, and great visibility,” says Green. “And most importantly a platform to achieve a workforce of one million cloud workers, which would've been more challenging had we have managed the solution ourselves.”
Read customer story Search
Fidal Boosts WAN Performance, Cuts Costs in Half by Switching from MPLS to Cato

Financial Services

Fidal Boosts WAN Performance, Cuts Costs in Half by Switching from MPLS to Cato
Fidal Boosts WAN Performance, Cuts Costs in Half by Switching from MPLS to Cato Fidal Needed an MPLS Replacement Global organizations that rely on MPLS for WAN connectivity find it expensive, rigid, and poorly suited to today’s cloud-enabled, collaborate-anywhere business environment. Fidal, a century-old French law firm with 1,300 lawyers at 90 locations in France and one each in Belgium and Morocco, was no exception. Fidal runs applications both in its own datacenter and in Microsoft Azure.Fidal’s MPLS network was aging and expensive. “Today’s collaborative work technologies require much better performance than we were getting with MPLS,” says James Bonnaventure, Fidal CTO. “We were reaching link saturation, our users were dissatisfied, and security was a big challenge. We really needed to reevaluate our network and find a way to meet these challenges.”Bonnaventure set out to find a WAN solution that would meet the firm’s requirements for performance, security, flexibility, and cloud connectivity. “We wanted a solution that was easily managed centrally, with one or two partners at most,” says Bonnaventure.Initially Bonnaventure considered a mainstream SD-WAN solution but switched his focus to SASE to benefit from centralized management and security. “We consulted with a number of vendors but very few were talking about SASE at the time,” says Bonaventure. He consulted his IT solutions partner, Selceon, and they proposed a Cato solution.“Ultimately we chose to work with Cato because its solution gave us much better centralized management and a security overlay,” says Bonnaventure. Fidal Deploys 90 Sites in a Year with Cato Selceon already had a lot of experience with Cato. “We were the first provider in France to deploy Cato Networks for one of our customers, says Eric Tavidian, Selceon co-founder. “As soon as we saw Cato’s value in terms of network performance, optimization, cost, and speed of deployment, we chose to make it one of the strategic offerings in our portfolio. All the other solutions require managing a lot of boxes on sites, rather than Cato’s intelligent, centralized management via the cloud.”Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 70+ Points of Presence (PoPs) and its fast global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last mile links in physical locations, while Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on premises and in the cloud, protecting users against threats and preventing sensitive data loss.Deployment of Cato was fast and smooth. “We deployed Cato to 90 sites in less than a year, thanks to Selceon and Cato,” says Bonnaventure. “That’s quite an achievement considering we were on Covid-19 lockdown at the time. We basically redid our entire wide area network in a year.”Bonnaventure was impressed with Cato support. “Cato’s team was there for us throughout the entire migration and even developed a feature in Azure for our company that didn’t yet exist. Cato ported the entire network, even our phone network, which now runs through Cato. The next step will be replacing our remote access VPN with Cato.” Cato Pulls it All Together Bonnaventure is very pleased with the results. “Cato allows Fidal to have a homogenous network and security architecture across all its sites and even across our mobile users, who will benefit from all of Cato’s security layers when they get on the Cato VPN. It simplified our network by replacing MPLS with fiber, which cuts our communications costs in half, and will ultimately bring the entire network and network security under a single centralized management solution.”Bonnaventure is thrilled with Cato’s management console. “If there’s a network problem we can just go to the console and analyze the incident much more easily than we could before.” Bonnaventure also loves how quickly he can deploy new sites with Cato. “We can deploy a new site in a few weeks without having to reconfigure everything because the architecture is completely centralized. We just bring the links, deploy the boxes on site, and the new sites benefit immediately from the entire Cato network and security infrastructure.Overall, deploying Cato has benefited Fidal. “Cato’s solutions have enabled us to strengthen our security systems and give our mobile users the same level of security as the data center or Azure.” He considers Cato ahead of its time. “When we chose it over a year ago nobody was talking about SASE. Now, everybody is moving towards SASE and you can see it discussed in all the IT media.”
Read customer story Search
Waseda University Enables Universal Secure Remote Learning and Digital Transformation with Cato

Education Technology

Find out How Waseda University Tapped Cato to Enable Secure Remote Learning and Digital Transformation.
Waseda University Enables Universal Secure Remote Learning and Digital Transformation with Cato The Challenge: Universal Remote Learning When Covid-19 hit in 2020, many organizations had to put digital transformation projects on hold while they rushed to accommodate remote work. This often meant a quick network transformation and a dramatic change in security posture. Waseda University is a prime example. Located in Tokyo, Waseda University is one of Japan’s top private institutions of academic research and higher learning. “We were planning and implementing next-generation educational infrastructure with a number of digital transformation initiatives in research, education, and university administration. However, when Covid hit IT’s position suddenly changed,” says Hitoshi Kusunoki in Waseda’s Information Planning Department. “ As with most universities, classes at Waseda were conducted mostly in person using white boards. If there was a network interruption, it didn’t cause a significant classroom interruption. “Suddenly when classes were all online, the IT infrastructure became absolutely indispensable,” says Kusunoki. “It became clear that all our plans for next generation infrastructure would have to ensure that communication would never drop at all.” Waseda had VPN hardware for remote learning, but it was experiencing “VPN traffic jams” from the increased load according to Yokihiro Koizumi, also from Information Planning. Kusunoki realized he would need a large increase in network capacity to support online classes, which meant a major new network investment. “We had to optimize somewhere to get the performance we needed with the budget we could afford.” Waseda Chooses Cato, Sees Digital Transformation Potential Kusunoki was introduced to Cato by a friend and colleague from GlobalDots, a cloud solutions provider. “Initially I had the impression that Cato was just a VPN alternative for remote work and learning,” says Kusunoki. “As we looked at other Cato options, however, we came to the conclusion that Cato could replace our firewalls and other existing security solutions and go a long way towards optimizing future IT investment.” Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance, which links automatically to the nearest of Cato’s more than 70 globally dispersed Points of Presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime; it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features, improving remote access performance. Kusunoki started his Cato investment with home online learning. “This gave everyone the chance to use the system and see how user friendly it was,” says Kusunoki. “I think that was a very significant factor in our decision to move forward with more of Cato’s options. We could see that Cato could consolidate and replace our current equipment and be very effective in reducing our network and security costs.” Home learning deployment was smooth, thanks in part to Waseda’s partnership with GlobalDots. “They helped us do the Proof of Concept (POC) and then we were able to implement the system pretty quickly,” says Koizumi,” Upper management was able to use the system during the POC, which helped lead to their approval. Simplicity and Scalability at Low Cost Koizumi was impressed with how quickly the university could ramp up bandwidth using Cato. “If you’re using on-premises hardware, you often have to replace it to upgrade bandwidth, but with Cato there’s no hardware to replace,” says Koizumi. “Cato let me handle bandwidth upgrades almost instantly.” Quick bandwidth upgrades have been very helpful as the university has relied more and more on cloud services during the pandemic. Koizumi sees a future in which regular costly equipment upgrades may be history. Kusunoki was also impressed with how unintrusive Cato’s security services were. “The security solutions we had been using up until then sometimes had a negative impact on user convenience, but Cato’s security services let people work freely and securely wherever they were,” says Kusunoki. “Even people on site liked Cato.” Koizumi feels that Cato’ identity authentication and detailed monitoring capabilities have improved the university’s security posture immensely. “It’s really easy to visualize all the traffic and users on the network,” says Koizumi, “and keep an eye on what users are doing.” Kusunoki looks at Cato as more than a network and security solution, however. “It’s not something just to put in and get comfortable with,” says Kusunoki. “I see Cato SASE as a tool for digital transformation promotion. We can use it to reorganize our entire security portfolio, reduce costs, and bring out the best in our students, professors, and administrators. The ability to work productively and securely anywhere gives a great boost to all our digital transformation initiatives.” Kusunoki strongly urges other universities and organizations to look into the Cato solution. “Seeing is believing. It’s easy to give Cato a try. You can start with remote workers, but however you start, take a good look at it” Background Based in Tokyo, Waseda University is one of top institutions of academic research and higher learning. Prior to Cato, Waseda relied on VPN hardware to enable its approximately 3,000 students, professors, and administrators to work or learn remotely.
Read customer story Search
The Gnutti Carlo Group Centralizes WAN and Security, Boosts Digital Transformation with Cato

Automotive

The Gnutti Carlo Group Centralizes WAN and Security, Boosts Digital Transformation with Cato
The Gnutti Carlo Group Centralizes WAN and Security, Boosts Digital Transformation with Cato M&A Left a Complex Infrastructure Mergers and acquisitions (M&A) can bring a lot of complexity to an organization’s network and security infrastructure. For the Gnutti Carlo Group, a leading global auto component manufacturer with 16 plants in Europe, the Americas, and Asia, that complexity was becoming a barrier to its digital transformation goals and future acquisitions. “In 20 years, our annual revenue grew continuously to more than 700 million Euros, primarily thanks to M&A” says Omar Moser, Group Chief Information Officer for the Gnutti Carlo Group. “Since 2000, we have started with an intensive program of internationalization, performing various acquisitions of companies of our sector and even competitors, each with different network and security architectures and policy engines. It was getting challenging to keep policies aligned across the company and prevent back doors and other threats.” The Group ran several small datacenters across locations for local IT services and took advantage of Microsoft Office 365, Microsoft Azure, and hosted SAP cloud applications. “We had it all: private cloud, public cloud, and on-premises applications,” said Moser. It connected most plant locations via IPsec VPNs. For China, there was a shared MPLS connection between Frankfurt and Shanghai. The company was also going through a major digital transformation. “We’ve been investing heavily in smart manufacturing and artificial intelligence, which we intend to deploy to all our plants,” says Moser. At a certain point, Moser realized that the only way to serve the business effectively was to centralize security policy and interconnection control among all locations and between plants and suppliers. Starting in 2011, he created and started implementing a roadmap for IT infrastructure standardization and governance. “Adopting MPLS across the board was too expensive,” says Moser, “so to standardize, I had to wait for an SD-WAN solution.” The Gnutti Group Investigates SD-WAN and SASE, Chooses Cato Moser investigated a lot of SD-WAN and security solutions, including traditional appliance-based architectures, but wasn’t satisfied with what he saw. “The other solutions couldn’t give us a single package with integrated security, networking, and remote access,” says Moser. “Only Cato could do it all in a single SASE solution.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last-mile links in physical locations. At the same time, Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. “I liked Cato’s large number of global PoPs, which would allow us to enter our SD-WAN through the closest door,” says Moser. He also liked that Cato didn’t lock the company in with a single intercontinental bandwidth provider and could select the best providers for its customers anytime. Moser used a tool his organization provides for choosing technology platforms to decide which solution would meet his company’s needs the best. “We used the tool to compare a few SASE solutions, evaluating features and functionality such as traffic control, monitoring, malware prevention, and intrusion prevention, as well as less technical criteria such as the company’s enthusiasm, growth path, positive relationship with us, and response time. We had a great relationship with Cato and very good response time.” Other pluses for Cato’s evaluation included Cato’s cloud architecture, forward-looking technology roadmap, single comprehensive network and security dashboard, and the Cato Socket. “I really liked having a very simple device to control the last mile,” says Moser. “If I have a new plant to connect tomorrow, it would be incredibly easy; I just plug in the Cato Socket.” Moser and Cato agreed to a three-month trial. Over those three months Moser and his team connected 10 plants, two service providers, Microsoft Azure cloud services, and 650 remote users to the Cato SASE Cloud, relying on Cato SSE 360 to secure Gnutti’s plants, Internet, cloud, and remote access connectivity. “Everything passed through Cato,” says Moser. Cato shipped Sockets to all the locations, activated connections, and trained Moser and his team on the Cato Management Console. “We spent 45 days defining policies and another 45 days activating and finetuning everything. Much to Moser’s surprise, the China installation was as easy as the others and performance was great. “We were skeptical about how well the China connection would work, but it was probably the simplest installation, and the performance was as good as MPLS or better with noticeably better latency,” says Moser. “Two months later, we closed our MPLS contract for China.” Cato Boosts WAN Performance, Security, Agility At first, replacing all the local appliance security policies with global policies was a little daunting, but the benefits were obvious. “During that time, we were able to identify a lot of new risks that we hadn’t known about before,” says Moser. “We found users doing things we didn’t like and optimized the blocking of some process flows.” In general, security was much improved. “We’ve seen a lot of benefit in controlling and optimizing firewall policies to increase our security,” says Moser. “We have much more control over users--who are connected when and for how long. We can monitor connections and traffic peaks, and the Cato IPS allows us to block risky services that were previously open and ensure users are respecting policies. "Standardizing firewall policies and knowing I can prevent intrusions and malware has allowed me to sleep much better.” At first, users pushed back a little on Cato’s remote access VPN capabilities because IT was able to apply controls and policies, such as preventing movie downloads, more effectively. Performance working at home was great, however, which made up for the controls. Cloud performance was also excellent. Cato also increased the Gnutti Group’s business agility for its digital transformation. “It is my job to be proactive and efficient. If we decide to open a new office, we can do it easily.” Cato support was helpful and responsive. “We have a solid relationship with Cato’s technical support staff. They are always well prepared.” CIO Would Do It All Again The icing on the cake is that Cato has helped the Gnutti Group conform with German Automobile Industry Association’s Trusted Information Security Assessment Exchange (TISAX) framework for auto manufacturing and supplier information security. “Cato supports TISAX, thanks to its interconnection control, anti-malware, and intrusion prevention,” says Moser. “Cato will be the first option for any security initiative we look to down the road.” Moser has been so pleased with Cato that his department and the company named Cato its 2021 Best Supplier in the Innovation category. The award recognizes the high value of the WAN connectivity and security the Cato SASE Cloud delivers in support of the Gnutti Carlo Group’s digital transformation initiative. “Thanks to the Cato platform, together with strategic services, the Gnutti Carlo Group has benefitted from a more structured, controlled, and secure ICT landscape across the entire company,” Moser said of the award. Overall, Moser feels he would do it all over again. Says Moser, “With Cato we have standardization, an innovative approach, and a single partner we can grow with as we transform digitally.”
Read customer story Search
BrandLoyalty Achieves Fast Performance and Network Maturity with Cato

Retail

BrandLoyalty Achieves Fast Performance and Network Maturity with Cato
BrandLoyalty Achieves Fast Performance and Network Maturity with Cato The Network Challenges of a Global Enterprise IT leaders know all too well the challenges of global MPLS solutions. The high costs of global MPLS circuits are well documented but less spoken about are the little things like the lack of network visibility and the integration challenges needed to keep the solution operational to say nothing of the problems with moving to the cloud. Such were the challenges facing BrandLoyalty. A provider of customer loyalty and incentive programs to food retailers worldwide, BrandLoyalty infrastructure connects offices across Europe. “We work with leading global brands & licenses such as Disney or Zwilling that demand a reliable, secure, well-managed infrastructure from their partners, says Ben de Laat, head of IT security at BrandLoyalty. “It’s very important for us to have not only high-quality offices, desks, chairs, awesome coffee, and great lunches, but high-quality Internet and well-managed end-user devices.” “We work with leading global brands & licenses such as Disney or Zwilling that demand a reliable, secure, well-managed infrastructure from their partners, says Ben de Laat, head of IT security at BrandLoyalty. “It’s very important for us to have not only high-quality offices, desks, chairs, awesome coffee, and great lunches, but high-quality Internet and well-managed end-user devices.” With limited IT resources, BrandLoyalty had be very careful about the technology choices it makes. The company was in the middle of a full migration to Microsoft Azure with a WAN infrastructure that was complex and not well suited for the cloud. “Our locations were connected by MPLS and two Internet lines with dynamic routing and failover at each site,” says Arne van Vuuren, Head of IT Operations. “We had WAN optimizers and firewall appliances at each location, with failover for each.” “Our locations were connected by MPLS and two Internet lines with dynamic routing and failover at each site,” The infrastructure was technically sophisticated but had frequent issues. “It was not a well-integrated solution,” says van Vuuren. “There was little visibility and too many end user nuisances. I was always pushing our suppliers to solve our constant network issues. We needed to come up with another solution using SD-WAN that was better integrated and more cloud friendly.” BrandLoyalty Finds a True SASE Solution with Cato Brand Loyalty created an RFP and evaluated four supposed SASE suppliers, one of which was Cato. While de Laat was impressed with Cato right away, van Vuuren was skeptical. “I didn’t believe the Cato solution could work as well as they were claiming,” says van Vuuren. “I thought they were a bunch of cowboys, honestly, and that the network would buckle under all the Zoom and Microsoft Teams we worked with.” Two RFP requirements were that the solution be well integrated and easily managed centrally. Three of the vendors couldn’t meet those requirements. “They offered customized solutions, even our own custom points of presence,” says van Vuuren. “We didn’t want something complex and tailor made for us. We wanted a solution like Office 365, a straightforward cloud service used by everyone that could scale quickly and easily as we grew, have continual service improvements, and gain new functionality without a lot of new cost. And we wanted a SASE solution, not one that required on-premises firewall appliances with all their updates.” Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance, which links automatically to the nearest of Cato’s more than 70 globally dispersed Points of Presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime; it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features, improving remote access performance. Paradoxically, both de Laat and van Vuuren decided on Cato during a phone call with another contender. “We had an epiphany,” says de Laat. De Laat asked the other vendor how they could accommodate BrandLoyalty if it decided to implement a CASB solution in two years. There was a lot of silence on the other end, and then the contender said they would have to do it in only one of our customized PoPs.” That was when it hit De Laat and van Vuuren that they were done with the customized route. They wanted something new and Cato was the only contender offering a new solution. “It was clear Cato was the most mature SASE solution out there,” says van Vuuren. “It was clear Cato was the most mature SASE solution out there,” says van Vuuren. Cato Delivers a Fast Transition, Performance, and Visibility The transition to Cato was fast and easy. “Officially it took four months, but it was really more like two- and-a-half,” says van Vuuren. Setting up the Cato Sockets was a breeze, and the performance was fast from day one. “It took an afternoon for our implementation partner, IPknowledge, to set up all the locations,” says van Vuuren. “I told some friends about the Cato rollout, and they didn’t believe me.” Aside from its top-notch performance, including for Zoom and Teams, configuring the Cato solution was also easy and visibility was dramatically better than with the company’s previous network. “We made a bunch of rules, implemented them, and it all worked right out of the box,” says de Laat. “Immediately we saw new things on our network such as users accessing servers that were supposed to have been decommissioned. Aside from the security functionality Cato offers, Cato’s visibility and control add a lot to your security posture. We have so much more in-depth knowledge our own network than we ever had before.” And Cato’s remote and home users get the same network performance and security as those in the office. “I always assume that the solution a vendor describes is much more beautiful than it is in reality, but with Cato the promises were all true,” says van Vuuren. “Cato’s solution has pushed BrandLoyalty forward with a mature, professional network, which we really needed. And we still have a Cato library of unused functionality to help make our network even more mature down the road.” “I always assume that the solution a vendor describes is much more beautiful than it is in reality, but with Cato the promises were all true,”
Read customer story Search
Moveero Replaces MPLS, Simplifies Networking and Security with Cato SASE Cloud

Manufacturing

Find out how moveero simplified and consolidated networking and security with Cato SASE
Moveero Replaces MPLS, Simplifies Networking and Security with Cato SASE Cloud The Challenge: Simplify Without Risk When it comes to secure global WANs, keeping things simple can be as important as performance and reliability–particularly for a small IT team. Simplification was the goal for Dr. Faisal Jaffri, Global IT Director for moveero, a manufacturer of off highway wheels and wheel systems used in agriculture, construction, and material handling. Shortly after Jaffri came on board, moveero separated from former parent company GKN PLC and divested its Chinese business, leaving seven global locations, including manufacturing plants in Denmark and the UK and product development and testing centers in Italy and USA. The company’s global network was indeed complex. “We had an MPLS cloud connecting all our sites, with Internet breakouts in the UK and USA and Internet over MPLS In Denmark, says Jaffri. “I was managing five different suppliers just in the UK, eight if you include all the other sites.” There were also firewalls and network optimizers at each site managed by the internal IT team, VPN’s for remote connectivity, and a Web filtering service from a major provider. “With eight suppliers and all that equipment it was never easy to address problems that came up,” says Jarffri. “Sure, we had MPLS SLAs, but they’re not all that useful when the firewall and network optimization service levels don’t match,” says Jaffri. “We had to do a lot of work to make sure all those service levels came together as one.” “Sure, we had MPLS SLAs, but they’re not all that useful when the firewall and network optimization service levels don’t match” Since the Chinese business had been divested, there was ample opportunity for simplification and upgrading. “Our MPLS contract had been active for more than five years without any change in price or technology, which meant we were using old technology with no benefit from downward market pressure on pricing,” says Jaffri. Jaffri was also looking to relieve the small IT staff of mundane day-to-day management activities so it could focus on projects that would enhance the business. “With all those suppliers, we used to spend two to four hours every month just reviewing performance of each one.” Moveero Finds Simplicity with Cato It was time to simplify, upgrade, and reduce costs. Jaffri started investigating SD-WAN and SASE and put out an RFP seeking the functionality and capability he already had but delivered through one supplier at lower cost. He spoke to several other vendors, but the Cato SASE Cloud was the only one that looked to him like a true cloud architecture. “With the other options we would still have optimization and firewall appliances on site and perhaps one or two services such as Web filtering in the cloud,” says Jaffri. “As far as I was concerned, they were just putting a wrapper around what we already had and managing it for us.” Jaffri also looked to the future with his team, which was unlikely to grow. “Did I really want all that equipment on site needing to be maintained and supported?” Inherited security practices from previous ownership at moveero were outdated. “Our firewalls had almost 800 rules to manage,” says Jaffri. “That’s two rules for every person with an email account. We really needed to rationalize that rule set, but I didn’t see that happening with the other providers. Only Cato would manage the firewalls for us and let us start with a clean slate.” “Our firewalls had almost 800 rules to manage,” says Jaffri. “That’s two rules for every person with an email account. We really needed to rationalize that rule set, but I didn’t see that happening with the other providers. Only Cato would manage the firewalls for us and let us start with a clean slate.” Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance, which links automatically to the nearest of Cato’s more than 65 globally dispersed Points of Presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime; it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features, improving remote access performance. Cato Simplifies, Delivers, and Cuts Costs Jaffri decided to run a proof of concept to ensure Cato could deliver on all his requirements. Installing Cato was straightforward. “We dropped a Cato appliance onto each site, connected up the last mile link into the cloud and didn’t have to worry about anything else. If we needed anything, which wasn’t very often, we would just raise a request with Cato and it would be done. “We ran MPLS parallel to Cato at first, but it wasn’t long before we switched totally to Cato and were able to remove all that equipment,” says Jaffri. “We’ve had Cato for three years and it’s worked very well with almost no required maintenance. I have no complaints about performance.” “We ran MPLS parallel to Cato at first, but it wasn’t long before we switched totally to Cato and were able to remove all that equipment” Aside from Cato’s performance and reliability, Jaffri likes Cato’s environmentally friendly architecture. “It’s just two lightweight appliances drawing power rather than all those power-hungry firewalls, network optimizers, and other devices,” says Jaffri. He also likes the platform’s self-service model. “We raise a request and usually don’t have to wait long for it to get dealt with,” he says. Thanks to Cato’s self -service, local teams can raise their own issues with Cato, rather than having to wait for the moveero central office to do so, as they did with MPLS. Cato has also allowed the IT team to focus on other issues. “Cato has allowed me to reduce headcount and move our team’s focus to some new thinking that will benefit the business in the long run,” says Jaffri. “Thanks in part to Cato, we can look forward to continuing to evolve the function and greater benefits down the road.”
Read customer story Search
Grant & Stone Taps SASE Platform to Connect Offices, Showrooms, and Mobile Users for Better Agility and Control

Construction

This building trade supplier boosted network reliability, security, and control with Cato SASE
Grant & Stone Taps SASE Platform to Connect Offices, Showrooms, and Mobile Users for Better Agility and Control The Challenge: Poor Agility, Erratic WAN Performance Suppliers to builders and other trades have had few choices for WAN connections among datacenter applications, warehouses, showrooms, and wholesalers. They could pay for expensive MPLS services, which could take months to deploy. Or, they could rely on more affordable but sometimes complex VPN connections, which are susceptible to the vagaries of the public Internet and so are not always consistent and reliable in terms of performance—until SASE came along. With headquarters in High Wycombe, northwest of London, and 26 showrooms, wholesale, and retail branches throughout the Thames Valley, Grant and Stone previously relied on an IPsec site-to-site VPN mesh with 4G backup maintained by P&C Communications, an enterprise provider of voice and network solutions. Core business systems were hosted in a private cloud. “Anything from a major Windows update to a massive file transfer could eat up our bandwidth and freeze the network.” As with many VPN solutions, performance could be erratic. “We had very little visibility into the network or any ability to implement traffic control,” says Dave Oliver, Grant & Stone IT Manager. “Anything from a major Windows update to a massive file transfer could eat up our bandwidth and freeze the network.” The complex mesh architecture also made onboarding new locations time-consuming. “We needed to add new branches quickly, within days or weeks, not months,” says Oliver. A capital investment firm hired to steer the company’s growth performed a cyber audit, which found several security issues and made a number of recommendations. “The audit recommendations would have required us to put more edge security systems in place, making management even more complex than it already was,” says Oliver. Remote access also relied on a single aging network VPN gateway, which was an obvious single point of failure and reaching the end of its life. “We needed a new redundant solution with seamless security and good performance to support our traveling staff when they met with customers on the road,” says Oliver. Grant & Stone Launches its WAN Transformation Oliver decided to work with P&C Solutions to transition to a more flexible WAN infrastructure that could onboard new sites faster in the case of acquisitions and expansion. He was also looking for WAN failover to 4G LTE to maintain the connection to the firm’s cloud-based merchant system, better network visibility and control, an easier way to fulfill audit recommendations, and a better way to manage remote access and onboard mobile and WFM workers. “Everyone needs fast 24 X 7 access to our systems for quotes and stock checking to continue selling products to our customers,’’ says Oliver. “Everyone needs fast 24 X 7 access to our systems for quotes and stock checking to continue selling products to our customers.’’ Oliver had heard about the advantages of SASE and sought a SASE solution that would fulfill all his requirements. Together with P&C, he looked at several different options, but few could meet the company’s connectivity, security, redundancy, remote access, and management requirements. Some required deploying security appliances, which Oliver wanted to avoid. Only Cato fulfilled all his requirements. Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance, which links automatically to the nearest of Cato’s more than 65 globally dispersed PoPs. At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime; it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features, improving remote access performance. Grant & Stone Taps Cato for Network Agility and Control “P&C felt strongly that the Cato SASE solution would provide all the necessary services in an efficient, simple, all-in-one package,” says Oliver. “We can gather information about circuit quality at each branch and get security alerts for quick remediation of attacks or malware infection. Best of all, we can see which applications and Web sites are using the most bandwidth and implement traffic management rules to prioritize business-critical traffic.” Oliver was impressed with the management and network visibility provided by the Cato management portal. “Every facet of the Cato solution can be monitored and logged,” says Oliver. “We can gather information about circuit quality at each branch and get security alerts for quick remediation of attacks or malware infection. Best of all, we can see which applications and Web sites are using the most bandwidth and implement traffic management rules to prioritize business-critical traffic.” Oliver also loved the single-pane-of-glass management approach Cato provided. “Both my team and the P&C Helpdesk can review the same Cato platform for management and monitoring of alerts and events,” says Oliver. Deployment went smoothly, with dual connectivity at each site--a primary Ethernet or broadband connection and automatic 4G failover to maintain connectivity. “We also rolled out Cato’s VPN clients, which connected everyone to the Cato core, and made sure the right Cato security was in place,” says Oliver. “All site-to-site and Internet breakout traffic passes through Cato’s cloud-based NGFW. We also have subscriptions for Cato’s anti-malware and IPS services to protect all traffic passing through the network. Security at the core of the infrastructure helps us meet our audit and business requirements and maintain standards without having to maintain and manage a lot of security appliances.” In addition to better management, reliability, and security, Oliver found the resilience of the branch connections using fiber broadband and 4G backup made it possible to retire several expensive Ethernet circuits at the end of their contract, leading to considerable cost savings. “Not only did Cato meet all our requirements, but it also turned out to be the most affordable of all the solutions.”
Read customer story Search
finitia Ensures Reliable Connectivity and Security with Cato SASE Cloud from Inseya

Technology

finitia Ensures Reliable Connectivity and Security with Cato SASE Cloud from Inseya
finitia Ensures Reliable Connectivity and Security with Cato SASE Cloud from Inseya Challenge Custom management and technology services provider finitia ag needed a scalable solution that would provide location-independent connectivity and security for all edges – sites, remote users and cloud resources – as well as improving network performance and enabling rapid connection of new branches and cloud services with minimal technical effort. In addition, the solution should provide centralized management that enables corporate policies to be enforced at all times across all edges and connected cloud services. The new solution should also enable architecture firms, finitia's customers, to work virtualized in a VMware environment via remote access without any loss of performance. Solution Swiss IT security specialist Inseya AG proposed an innovative approach to this challenge based on the SASE (Secure Access Service Edge) model that converges network connectivity and security into a cloud service and managed via a single console. At the heart of the new solution is the Cato SASE Cloud which connects and secures enterprise locations (the data center and branch office) and cloud resources (such as AWS, Azure, Microsoft Office 365 as well as other cloud services) and mobile users. To connect new sites, finitia only had to install a Cato Socket, Cato’s zero-touch SD-WAN device, at each respective branch office. The Sockets establish encrypted tunnels across an existing Internet connection to the nearest Cato point of presence (PoP); Cato has 65+ PoPs worldwide. Once connected and admitted by the IT manager, the device automatically integrates the site into the overall enterprise network. Sockets send all outbound site traffic to the PoP, where networking and security policies get applied and traffic is then sent to the Internet or across the Cato global private backbone to its destination. Result As a result of Inseya and the Cato SASE platform, finitia now has a stable connection for prioritized transmission of data such as image and voice. Thanks to intelligent routing of data traffic, critical data is protected from network failure. The entire networking and security infrastructure can be easily managed from a single console. Granular security and networking policies can be uniformly enforced on all edges. Maximum transparency and detailed reporting of all IT activities simplifies administration. New locations, including home offices of finitia employees and customers, can be opened up quickly and securely. Users can work securely on multiple devices regardless of location and without any loss of performance. The IT department has less configuration and support work. This minimizes the risk of errors and keeps operating costs low. When modernizing the IT infrastructure, additional security components such as WAN firewalls and virus scanners can be purchased on a modular basis as required.
Read customer story Search
Lion Adopts Cato to Achieve Fast, Secure Connectivity for Global Locations and Remote Users

Manufacturing

Lion Adopts Cato to boost WAN performance and security across 29 locations and 5,000 remote users
Lion Adopts Cato to Achieve Fast, Secure Connectivity for Global Locations and Remote Users Lion Seeks Network Transformation for Office and Remote Users Manufacturers face new challenges as network usage escalates and more employees work from home. How do they meet these challenges with minimum disruption, maximum performance, and airtight security? Lion Corporation, Japan’s top manufacturer of beauty care products--and one of its oldest--faced just such challenges. With 7,100 employees, 23 Japanese offices, and 11 global locations, Lion Corporation was looking at a future with an increasingly mobile remote workforce and more network usage in general. “It used to be just fine if we were all connected, but now it was becoming more important to be connected securely at all times.” “We saw that the work environment would change dramatically in the future and the use of the network would increase,” says Eiichi Kobasako, Lion Corporation’s Chief of Integrated Systems. “It used to be just fine if we were all connected, but now it was becoming more important to be connected securely at all times.” The Covid-19 pandemic accelerated remote work requirements dramatically as well. “It was clear many more people would be working remotely,” says Atzuyuki Shiina, Lion Corporation Information Security Specialist. “Obviously our old network would not support all these new remote users” Lion had been relying on VPN connections for both location and remote access connections. Security was provided separately by a combination of appliances and services. “Obviously our old network would not support all these new remote users,” says Shiina. Lion was looking to accommodate additional remote users securely and blend connectivity and security across the entire network. “We wanted to unify all the network components, such as security,” says Kobasako. They needed a solution that would accomplish those goals while providing good performance for all users. Perhaps most important for Kobayashi, however, was that the network transition would have to cause as little disruption as possible. “We’re in the manufacturing business with lots of offices, factories, laboratories, and heavy factory equipment. Drastic changes and big disruptions are not acceptable.” “We’re in the manufacturing business,” says Kobasako, “with lots of offices, factories, laboratories, and heavy factory equipment. Drastic changes and big disruptions are not acceptable.” Lion Chooses Cato SASE to Merge Networking and Security Kobasako had heard good things about Cato SASE and decided to give it a try with a proof of concept (POC) implementation. At the same time, the Covid-19 pandemic exploded, so Lion incorporated remote access into the POC as well. He was impressed with the Cato team. “We were worried at first because Cato was a new system and approach for us,” says Kobasako “but the Cato team cleared up all of our concerns.” Cato connects all global enterprise network resources — including branch locations, physical and cloud datacenters, and mobile and home users — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next generation firewall, and IPS. Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 65 globally dispersed points of presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built in WAN optimization to improve throughput dramatically. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. With Cato, mobile and home users get the same network performance and security as their office counterparts. Cato: Smooth Transition, Easy Management “The transition was very smooth. We decided that Cato would be the center of our network, which is the main component of our IT strategy moving forward.” The results of Lion’s POC with Cato were impressive. “It was clear Cato was a very good solution for us and that its management portal would help us cut management costs,” says Kobasako. “The transition was very smooth. We decided that Cato would be the center of our network, which is the main component of our IT strategy moving forward.” In a matter of weeks, Lion deployed Cato to 29 of its locations and to 5,000 users who moved to working at home during the Covid-19 pandemic. It has taken full advantage of Cato’s next generation anti-malware, IPS, and MDR to secure all its users. With Cato SASE, office and remote and home workers connect to the same high-speed backbone. Mobile and home users benefit from the same network optimizations and security inspections as office workers. Aside from excellent performance and Cato’s airtight security, Lion is impressed with Cato’s management portal, which centralizes network and security monitoring and management in a single console. “We really like that Cato is in the cloud so we can manage everything on the network from one place,” says Kobayashi. “That is a huge advantage for us.” “This year, the entire WAN and Internet connectivity will be running on Cato.” “We have many more security controls with Cato’s SD-WAN than we had before,” adds Shiina. “This year, the entire WAN and Internet connectivity will be running on Cato.”
Read customer story Search
Bugaboo Transforms its Network with Cato, Boosting Cloud and Datacenter Application Performance

Manufacturing

Bugaboo Transforms its Network with Cato, Boosting Cloud and Datacenter Application Performance
Bugaboo Transforms its Network with Cato, Boosting Cloud and Datacenter Application Performance The Challenge: Slash Network Complexity and Cost Global manufacturers need fast, secure WAN connections among datacenters, manufacturing plants, sales offices, and the cloud to provide a positive customer experience and compete successfully with fast-moving competitors. Many have relied on global MPLS networks, which are expensive--particularly in the Asia Pacific region--and not always reliable. And still others are relying increasingly on cloud applications, which are ill-suited for legacy networks based on MPLS. Such was the case with Bugaboo, a well-known innovative Dutch designer and manufacturer of baby strollers and parenting solutions. Bugaboo had a datacenter and main office in Amsterdam, a manufacturing plant in Xiamen China, and offices and retailers throughout the EU, North America, Australia, and Asia Pacific. When Rein Droog joined as Vice President, Global IT for Bugaboo in 2019, the company was suffering from WAN and infrastructure complexity. The network had emerged organically, requiring internal technology experts to keep humming. At the time, ERP and other applications were running in the Amsterdam datacenter, connected to global locations either via MPLS or, in the case of the smallest locations, Internet VPNs. “We had somewhere between 10 or 20 different contracts with local providers,” says Droog. “In Asia the MPLS is much more expensive than in Europe. What’s more, IT staff had to fly all over the world to bring up even small, 10-person offices." Not only was the WAN infrastructure complex, it was also expensive. “In Asia the MPLS is much more expensive than in Europe,” says Droog. What’s more, IT staff had to fly all over the world to bring up even small, 10-person offices, he says. Security was also varied and highly distributed among locations. “There had been little to no centralized monitoring or management, which complicated policy configuration and enforcement,” he says. “With all of that expensive MPLS, our China locations still had performance, latency, and downtime issues when connecting to applications in the Amsterdam datacenter. The whole setup was just not economical, and with all the expertise in a few IT staff, not sustainable.” With all this complexity and expense, WAN performance and stability were constant issues. “One month Japan was down, the next month Australia,” says Droog. “With all of that expensive MPLS, our China locations still had performance, latency, and downtime issues when connecting to applications in the Amsterdam datacenter. The whole setup was just not economical, and with all the expertise in a few IT staff, not sustainable.” Bugaboo also sought to kickstart a major digital transformation, which included a “Cloud Unless” policy that mandated moving applications to the cloud whenever it made business sense. MPLS was clearly not the strategic solution. With IPknowledge, Bugaboo Embarks on Total Network Transformation Droog started soliciting feedback from leadership, users, and IT to start building a digital transformation strategy. “All kinds of unfiltered feedback was collected, from the good to the bad,” says Droog. “From Virtual meetings not going smoothly, to latency issues or bad application performance. Some things were working, however, so my task was to find the root cause of the issues we were having and fix it.” Droog drafted a technology transformation roadmap with three major objectives: Fix the foundation, which included hosting and networking, site infrastructure, user and meeting services and security. Improve the application layer by rationalization and simplification. Improve the data reporting and advanced analytics capability by focusing on ownership, quality and tooling. “We looked at the network and site infrastructure as one of the first,” says Droog. To fix the foundation, Droog turned to longtime IT partner IPknowledge, a Dutch provider of Internet access and cloud-native connectivity and security to enterprises like Bugaboo. IPknowledge had already been working with Bugaboo to enhance the existing WAN infrastructure with WAN optimization solutions. In this case, Droog wanted IPknowledge to help him transform the network. “I wanted one reliable partner, not 20 different contracts, and I didn’t want our folks having to deal with 24 X 7 monitoring. The solution had to be simple and sustainable, and it had to just work.” “We had a lot of discussions on how to set up a flexible network that could deal with the number of users we had in our office locations,” says Droog. “I wanted one reliable partner, not 20 different contracts, and I didn’t want our folks having to deal with 24 X 7 monitoring. The solution had to be simple and sustainable, and it had to just work.” Droog wanted to be able to open--and close--offices quickly and easily if necessary, a key requirement of rapid company transformation. “We were changing quickly, and it was difficult to know what was coming in the next three months.” Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS. Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 65 globally dispersed PoPs. At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile and home users run across the same backbone, benefiting from the same optimization features and improving remote access performance. Droog tested several solutions, including Cato. Bugaboo had just switched to Office 365 and Cato worked the best with the service, particularly in China. “Our overall internal network performance also improved with Cato and the performance of our Amsterdam-based applications in China improved significantly.” Network Complexity to Simplicity with Cato and IPknowledge “Cato really is plug and play. It was clear that Cato’s flexibility actually made switching to Cato less risky than staying with the solution we already had.” Setting up the tests was remarkably easy. “That’s one of the things that drew me to the Cato solution,” says Droog. “Cato really is plug and play. It was clear that Cato’s flexibility actually made switching to Cato less risky than staying with the solution we already had.” Rolling out Cato to the other locations over a month was also quick and painless. “There was zero downtime during the rollout,” says Droog. “We just shipped the Cato Socket to each office and walked whoever was there, even a salesperson, through how to plug it in.” No IT travel required. When Covid-19 hit, Bugaboo sent everyone home to use its existing remote access solution but switched gradually to Cato between November 2020 and January 2021. Once remote access moved to Cato, performance for all those work-from-home users improved in Asia and North America as well. “We heard a lot of home users say, ‘Hey, this runs much faster!” says Droog. “With Cato the performance with the cloud was faster than connecting to the cloud directly,” And finally, cloud applications also ran faster under Cato. “With Cato the performance with the cloud was faster than connecting to the cloud directly,” says Droog.   As for security and management, Bugaboo has its own security monitoring tools and policies, but Cato provides the firewall, antimalware, and IPS capabilities in the cloud. IPknowledge also has its own management and monitoring tools to manage the Bugaboo Cato deployment but hooks into Cato’s management system using the Cato API. “Cato’s management portal takes care of a lot of mundane tasks that we had to handle ourselves before,” says Steven de Graaf, managing director of IPknowledge. “With Cato we can be proactive and spend time on architectural improvements instead of configuring and fixing firewall rules. Cato lets us compete with the big telcos and provide a better solution, which is why it has become our principal strategic partner.” “Monitoring and maintenance have improved a lot with Cato and IPknowledge,” says Droog. “And where there were hiccups every month with our previous infrastructure, Cato has been absolutely stable, fast, and available.”
Read customer story Search
Diamond Braces Uses Cato to Boost WAN Security, Performance, and Reliability

Healthcare

Diamond Braces Uses Cato to Boost WAN Security, Performance, and Reliability
Diamond Braces Uses Cato to Boost WAN Security, Performance, and Reliability The Challenge: Easy Deployment and Management; Fast, Reliable Connectivity Doctors’ and dentists’ offices have stringent security requirements, thanks to HIPAA and other regulations for protecting patient data. They work with large X-ray image files and many have been moving medical management applications to the cloud. For dentist office chains, such as Diamond Braces, fast, secure, reliable communications among locations and the cloud are an absolute requirement. The Diamond Braces network spans 32 orthodontist locations in New York State, New Jersey, and Connecticut, with headquarters in New York City. Before Cato, most Diamond Braces locations were connected via Internet VPNs, with fiber running only from its main office and call center. Each location ran a separate firewall gateway/VPN appliance, which led to increasing complexity as the number of locations grew. “It was all getting too difficult to manage and it was taking too much time to ensure it worked properly,” says Alexander Azikov, IT Manager at Diamond Braces. “We had people accessing malicious sites, often unintentionally via a typo or spam mail,” says Azikov. “We needed the capability to warn them or block those sites. I was also looking to add IPS capabilities and I needed an integrated solution that could do it all with a single-pane-of-glass.” For all their complexity, however, the firm’s firewalls couldn’t filter HTTPS traffic, so Diamond Braces was left without any content filtering capability, unless it added it separately, which would only increase complexity and cost. “We had people accessing malicious sites, often unintentionally via a typo or spam mail,” says Azikov. “We needed the capability to warn them or block those sites. I was also looking to add IPS capabilities and I needed an integrated solution that could do it all with a single-pane-of-glass.” Applications such as Office 365 and the firm’s patient management solution were mostly in the cloud, so fast, reliable cloud and office connectivity were vital. Large X-rays averaged 7MB each and the company made extensive use of cloud-based VoIP and videoconferencing, so hefty bandwidth and quality of service were also WAN requirements, as was backup connectivity in the event of service disruptions. With Diamond Braces adding an average of 10 locations a year, quick deployment and easy, centralized management were also key capabilities that IT was not getting from its VPN’s, fiber, and branch-based firewall appliances. “We really needed a scalable solution with unified security and management,” says Azikov. Diamond Braces Taps Cato for Simplicity and Security Azikov had heard how SASE merges WAN and security in a single cloud-native solution and was pretty sure it was what he was looking for. He considered several vendors, but the only one that filled all the SASE requirements was Cato. “One vendor had an excellent infrastructure, but very limited security, so we would have had to go to another vendor for content filtering, just like with our current solution,” says Azikov. “Another vendor relied to a large extent on its endpoint security appliances, so it wouldn’t relieve the complexity of our current appliance-based architecture.” Only Cato offered a completely integrated cloud-native SASE solution with a single management interface for WAN and security. It also had all of the required security functions--firewall, IPS, and content filtering. The only appliance to install was the Cato Socket, which was a cinch to configure and required no real management. Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next generation firewall, content filtering, and IPS. “We had a proof-of-concept stage, during which I was able to set up an office myself,” says Azikov. “I just had to ask some questions about the best way to do certain things. After the first, I could set up locations without even thinking about it.” Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 65 globally dispersed PoPs. At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features and improving remote access performance. “Once we had it all connected on a single Cato network, everything was so easy and reliable,” says Azikov. “We can get by on 25 Mbits/s, but 50 made working very comfortable, and Cato’s QOS made for very smooth video. For the central office, Azikov went for 75 Mbits/s. Installing the Cato solution was incredibly fast and easy. “We had a proof-of-concept stage, during which I was able to set up an office myself,” says Azikov. “I just had to ask some questions about the best way to do certain things. After the first, I could set up locations without even thinking about it.” It didn’t take long to set up all 33 locations with 50 Mbits/s Cato connectivity. “Once we had it all connected on a single Cato network, everything was so easy and reliable,” says Azikov. “We can get by on 25 Mbits/s, but 50 made working very comfortable, and Cato’s QOS made for very smooth video. For the central office, Azikov went for 75 Mbits/s. Cato Brings Security, Reliability, and Easy Management Azikov loves the simplicity and reliability of the Cato solution. “Cato’s centralized management saves tons of time,” says Azikov. “We troubleshoot issues so much faster. When you have everything in one place you can just switch back and forth and analyze different pieces of the puzzle. IT really ticks all the boxes for us.” “We troubleshoot issues so much faster. When you have everything in one place you can just switch back and forth and analyze different pieces of the puzzle. IT really ticks all the boxes for us.” With the original firewall solution, Azikov had to copy and paste text-based configuration information from one site appliance to another. Sometimes there were IP address mistakes, which led to hours of troubleshooting. “We don’t have to deal with all those IP issues. And when there’s a provider issue, I can see it on the Cato interface immediately before employees call me and tell them we’re using a backup connection and I’m already working with the provider to get things up again.” “With Cato it’s all just plug and play,” says Azikov. “We don’t have to deal with all those IP issues. And when there’s a provider issue, I can see it on the Cato interface immediately before employees call me and tell them we’re using a backup connection and I’m already working with the provider to get things up again.” With easy management, Azikov has more time to research new financial and project management tools to improve the business. “I love the analytics Cato provides to help me troubleshoot issues and tweak the system for optimal performance,” says Azikov. “Otherwise, I really wouldn’t know what to change to make things better. This helps especially with QoS on the slower broadband and LTE backup connections.” Azikov’s favorite Cato feature is Event Discovery. “I love the analytics Cato provides to help me troubleshoot issues and tweak the system for optimal performance,” says Azikov. “Otherwise, I really wouldn’t know what to change to make things better. This helps especially with QoS on the slower broadband and LTE backup connections.” [caption id="attachment_17974" align="aligncenter" width="1920"] With Cato’s Event Discovery capability, Diamond Braces can harness detailed analytics to troubleshoot network issues and tweak the network for optimal performance.[/caption] In all, Cato has made business much smoother for Diamond Braces and management of WAN and security much easier for Azikov. Perhaps the best thing: “We have a lot fewer complaints from end users,” says Azikov.
Read customer story Search
Haulotte Halves Network Costs and Boosts Application Performance By Migrating from MPLS to Cato

Manufacturing

Haulotte reduced costs and improved the performance of applications by migrating from MPLS to Cato
Haulotte Halves Network Costs and Boosts Application Performance By Migrating from MPLS to Cato The Challenge: Network Reliability at a Lower Cost than MPLS Global manufacturers face significant challenges in an age of digital transformation. Many have relied on MPLS to connect manufacturing plants, corporate and sales offices, and the datacenter. As mobile/home users and cloud applications have grown in importance, however, MPLS has shown itself to be both too expensive and not agile enough to remain a viable WAN solution. Such was the case with Haulotte, a global manufacturer of materials and people lifting equipment used in construction, warehouses, farms, managed forests, and similar sites. With six manufacturing plants and more than 30 offices across Western Europe, North America, South America, Africa, and Asia Pacific, Haulotte had faced three years of delays and cost overruns rolling out MPLS to all its locations. At the end of those three years MPLS accounted for a whopping 10 percent of the entire IT budget. Service was usually adequate but there were definite issues. “There were outages, complaints, and negative feedback from several internal teams about the service from our major international MPLS provider.” “During my first few months at Haulotte, the network was a daily headache,” says Thomas Chejfec, who joined Haulotte as Group CIO in 2019. “There were outages, complaints, and negative feedback from several internal teams about the service from our major international MPLS provider.” Haulotte was also migrating to Office 365 and MPLS was not a great fit for the cloud. Haulotte Considers Alternate MPLS and SD-WAN solutions, Chooses Cato With several MPLS contracts reaching end of life, Chejfec decided to look at both MPLS and SD-WAN alternatives. “It was clear that switching MPLS providers could save us 20% in budgetary costs but migrating to SD-WAN could save as much as 50%,” says Chejfec. Chejfec’s IT team investigated several SD-WAN providers, including traditional hardware vendors and more specialized service providers. In the end Cato was the clear winner. “It was clear that switching MPLS providers could save us 20% in budgetary costs but migrating to SD-WAN could save as much as 50%” “I went to Tel Aviv to meet with the Cato team, see how they work, and investigate the solution’s coverage,” says Chejfec. “I liked the company’s ‘Unicorn’ spirit, with its young, highly responsive employees at the forefront and Cato’s ultra-simple management software solution.” Cato connects all global enterprise network resources — including branch locations, physical and cloud datacenters, and mobile and home users — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next generation firewall, and IPS. Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 65 globally dispersed points of presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built in WAN optimization to improve throughput dramatically. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. “Cato’s management interface was so easy to use compared to those of the traditional SD-WAN players we looked at” Chejfec felt that Cato’s approach to networking and security was the most user centric of the solutions he considered. “Cato’s management interface was so easy to use compared to those of the traditional SD-WAN players we looked at,” says Chejfec. “That really made a difference for us. It allowed our small team of three, with two based in our Romanian datacenter, to view network traffic across all our sites in real time. We can even see which sites use YouTube and other apps the most and how many gigabytes are transferred.” “Cato let us take advantage of good access at half the price of MPLS.” Chejfec also liked that Cato had its own converged backbone with a high density of global Points of Presence. “And we loved the price, of course!” says Chejfec. “Cato let us take advantage of good access at half the price of MPLS.” He was also impressed with Cato’s security services, including the ability to shut down the entire network with a single phone call to prevent the spread of ransomware and other attacks. Fast Deployment, Fast Performance, Low Cost Chejfec started rolling out the Cato SD-WAN solution to individual sites, leaving deployment of Cato’s security services for the future. When Covid-19 hit, Cato came in very handy for mobile/home user access as well. “For the first lockdown we kept our previous VPN, but we didn’t have enough licenses for all our new home users and activating new licenses would add significant costs and long implementation times,” says Chejfec. “We decided to try the Cato VPN and were able to deploy it to 300 home-based staff in less than a day!” Deploying Cato to its sales offices was also simple. “We just dispatch the Cato Socket with a page of instructions to each location,” says Chejfec. “Our local contact installs it at the site and then we take over remotely to finish the job. It’s truly plug-and-play.” As for the manufacturing plants, IT sent the staff an email notifying them that the network would be unavailable between 7 pm and 10 pm in order to change providers. “At 10 pm the network was up and running and employees could resume work the next morning with no disruption.” “Usually a network migration project is a hot topic of conversation and affects everyone at every level but migrating to Cato was truly seamless.” The migration was delayed by the slow termination of MPLS contracts, but it has been a relatively trouble-free experience. “In my 10 years of experience in IT, this is the only major project that turned out to be a minor project,” says Chejfec. “Usually a network migration project is a hot topic of conversation and affects everyone at every level but migrating to Cato was truly seamless.” Not only was the switchover seamless, but there were notable performance and quality of service improvements with Cato compared to its previous MPLS solution. “We had just migrated to Office 365 and the quality and performance of Microsoft Teams was a definite improvement,” says Chejfec. “I believe this had a lot to do with the switch to Cato. For the network team, the management interface is a godsend,” Chejfec adds, “as Cato anticipates Internet link problems, they can intervene quickly before they affect users.” The next phase in Haulotte’s Cato migration will be to start deploying Cato’s security services globally and the entire Cato solution to a new factory currently being constructed in China, where Cato has several PoPs. Perhaps the best thing about the transition to Cato. “The network is no longer a topic of discussion with users,” says Chejfec. “We never hear about it anymore.”
Read customer story Search
TES Goes Lean Consolidating Global WAN and Security

Environmental Services

TES Goes Lean Consolidating Global WAN and Security
TES Goes Lean Consolidating Global WAN and Security The Challenge: A Single Network and Security Model   IT service providers need fast, secure connections between locations and customers to deliver digital services and keep the business running smoothly. Such was the case with TES, a Singapore-based IT lifecycle solutions provider specializing in IT equipment deployment, recycling, and disposal with data and brand protection. With nearly 40 sites in 20 countries and thousands of security conscious customers, TES’s security and communications challenges were great. “Once we got to a certain size, we realized we had to implement higher levels of control, security, and protection than we had had when we were smaller,” says Stuart Hebron, Group Chief Information Officer for TES. “Our customers are constantly checking our security model to ensure it’s aligned with their model and compliance requirements.” “We needed to become well connected, resilient, and able to function as a single global business, rather than a group of individual small businesses around the world.” Adding to TES’s challenges were a number of mergers and acquisitions that brought in new networks, people, systems and software. “With our lean IT workforce, we sought a quick and easy way to integrate those sites under a consistent security and operational model,” says Hebron. “We needed to become well connected, resilient, and able to function as a single global business, rather than a group of individual small businesses around the world.” TES Investigates SASE Solutions, Chooses Cato The company looked at several solutions for WAN and security, but Cato was the one that fulfilled all its requirements. “Cato provided us an option to address many things, including security, connectivity, and network resilience, without having to invest significantly in other expensive technologies,” says Hebron. “All the things that were important to us were there.” “Cato provided us an option to address many things, including security, connectivity, and network resilience, without having to invest significantly in other expensive technologies” Cato was also the best deal overall. “Everyone says when it comes to good, quick, and cost efficient, you can only have two, but Cato gave us all three.” Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next generation firewall, and IPS. “Everyone says when it comes to good, quick, and cost efficient, you can only have two, but Cato gave us all three.” Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 55 globally dispersed points of presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features and improving remote access performance. “With Cato, we could bring those new acquisitions in quickly without having to do deep dives into their security and network architectures.” “We liked that we could use standard, conventional Internet access points at all of our sites, which saved a lot of money for us,” says Hebron. “With Cato, we could bring those new acquisitions in quickly without having to do deep dives into their security and network architectures.” Deploying Cato to each of TES’s locations was easy as well. “Cato allowed us to roll out quickly but gradually,” says Hebron. “As COVID hit last year, we found we could literally ship a Cato socket to each location without anyone having to travel to the site, which made things much safer. Through the joys of mobile phone technology and cameras, we could then walk non-IT skilled employees through plugging the sockets into the network and then access and configure them from afar. The speed at which Cato delivered those devices and the ability to deploy them without an on-site specialist made such a huge difference, reinforcing security at a pace that exceeded our initial goals,” says Hebron. Initially Hebron wasn’t even sure TES could achieve its goals quickly with the lean team he had. TES Goes Lean and Mean with Cato Once it was deployed, Cato also made things easier with its single centralized management console for both networking and security. “We needed a solution that would let us monitor and manage our entire network with a small group of specialists,” says Hebron. “Cato delivered that.” Combined network and network security management has also delivered the consistency the company needed across locations as a single global firm. “We have much better capabilities across our environment,” says Hebron, “while at the same we can address regional security concerns. Cato lets us make rapid changes to our overall security model. It also gives us online reporting, visibility across the network at any time at a single glance, and actionable value out of what we see on screen. Instead of just responding all the time we can see things coming.” Support has been excellent as well, according to Hebron. “We’ve had nothing but good experiences. Cato has even helped us with other internal challenges outside of their environment.” Cato has allowed TES to keep its IT workforce lean. “We haven’t had to add any people since we deployed Cato,” says Hebron, “and we’re actually considering ways to do more with the people we have.” “We find that Cato helps us have better conversations with our clients,” says Hebron, “as it’s clear to them that we can achieve all their compliance goals. Audit processes are faster when they look at our internal security around data, brand, and IP protection.” Customer acquisition and retention have gotten easier. “We find that Cato helps us have better conversations with our clients,” says Hebron, “as it’s clear to them that we can achieve all their compliance goals. Audit processes are faster when they look at our internal security around data, brand, and IP protection.” Perhaps the best thing about deploying Cato: “Since deploying Cato in the past six months, I can tell you I sleep much better at night,” says Hebron. “The gray has started to slow,” he laughs, “and I feel as if I’m in a much better position with my role in the organization, which is to protect our customers and the business. It gives me more confidence when I’m with customers that we can actually do what we say.”
Read customer story Search
Hoyer Motors Taps Cato to Connect China Offices and Cato MDR for Better Malware Protection

Manufacturing

The motor manufacturer improved security and control with Cato MDR
Hoyer Motors Taps Cato to Connect China Offices and Cato MDR for Better Malware Protection The Challenge: Keep Firewalls Current Without Sacrificing Control It's no secret that manufacturers everywhere need to protect themselves against malware. But as attacks come faster and attackers become more sophisticated, how do enterprises secure themselves without compromising their budget or relinquishing control? Hoyer Motors faced that same challenge. The near half-century-old Danish manufacturer of electric motors had relied on Internet-based VPN and branch firewall appliances to connect its locations across Europe, Korea, and China. The China office also had an MPLS connection. A third-party managed the company's branch firewall appliances. "It's really, really crucial that a firewall update be applied immediately. Otherwise, you risk being breached. But it could take our management provider 14 days to update our firewalls." And it was in those branch firewalls that the company faced so many challenges. "It's really, really crucial that a firewall update be applied immediately. Otherwise, you risk being breached," says Kenneth Middelboe Carlson, IT Senior Administrator at Hoyer. "But it could take our management provider 14 days to update our firewalls." "By using smaller hardware-based firewall appliance solutions, which were outsourced to another company, Hoyer had no control, no visibility, and no clue the firewalls were working or not working," explains Kristian Secher-Johnsen, CEO at Secher Security, a premium Cato partner and security advisor to Hoyer. Hoyer was also facing service interruptions at many offices. "The offices had difficulties in connecting," says Carlson. And then there was cloud migration. Since Hoyer had first deployed its global network, the cloud services had matured. As a result, Hoyer wanted to migrate to the cloud and wanted an infrastructure that would reflect that change. Hoyer Embarks on Its WAN Transformation Journey Hoyer began looking for another global networking solution. "In general, the core functions we were looking for were some cloud possibilities so that we could get the same benefits in Denmark, Europe, and China," says Carlson. "We wanted something that could be updated and managed easily, something that IT could do themselves." Hoyer was also looking for something easier to manage. "We wanted something that could be updated and managed easily, something that IT could do themselves. We like to do most of the things ourselves instead of paying consultant fees to other companies." And the company wanted SD-WAN to provide last-mile redundancy and high availability by leveraging multiple Internet connections. "In case someone digs up the fiber and cuts it in half, you can still use 4G. It's essential that you do not have a single point of failure because if your infrastructure fails, then our customers, our colleagues, can't do the work, and we lose money," he says. Hoyer Selects Secher Security with the Cato Global SASE Platform Hoyer began looking at various solutions when the team was contacted by Secher Security offering the Cato solution. "I believe we had our little sheet with five key notes and the Cato solution that Secher presented to us was actually down on all of them," says Carlson. "We have WAN optimization. We have SD-WAN. It's a SaaS solution, but it's global everywhere." Carlson was excited by the Secher-Cato proposal but skeptical. "Sometimes you know when a salesperson contacts you, it's like, of course, it can be better. But is it better?" asks Carlson. "4G connections in the outer areas of China where you normally cannot connect to anything just worked with Cato. It was really, really impressive to see." So, Hoyer requested a testing phase. First, they deployed Cato Sockets, Cato's edge SD-WAN devices, in their server room and equipped five users with the Cato Mobile Client. "The improvement, especially in China, was incredible. I have never seen anything like it," says Carlson. "4G connections in the outer areas of China where you normally cannot connect to anything just worked with Cato. It was really, really impressive to see." When Hoyer saw results like those, the outcome was clear. "We knew we needed to agree on a price and terms. But, compared to the MPLS that we already had, which is a pretty hefty price, it didn't really take much to do the change." Hoyer Taps Cato MDR for Improved Security Hoyer eventually equipped remaining mobile users with the Cato Mobile Client and locations with Cato Sockets. Branch firewalls were replaced with Cato's security-as-a-service, which Hoyer can fully manage. Additional insight was provided by Cato Managed Threat Detection and Response (MDR). With Cato, site and mobile users automatically send all traffic to the nearest Cato PoP. With each PoP, Cato's converged networking and security, cloud-native software stack inspects the traffic, applies the necessary security and networking policies before sending the traffic onto to Internet, or optimizing it and sending it across the Cato global private backbone. "Our connection is better than what we have ever had, especially in China. We have people in factories in northern China that have never been able to work on remote desktop to connect to our system, and now with Cato, they can do that, and that is really, really big." "Generally, we have had everything that Secher Security promised," Carlson says. "Our connection is better than what we have ever had, especially in China. We have people in factories in northern China that have never been able to work on remote desktop to connect to our system, and now with Cato, they can do that, and that is really, really big." With Cato, gone are his concerns around timely patching of firewalls. Instead, the Cato team keeps the Cato security stack, which includes a next-generation firewall (NGFW), Intrusion Prevention System (IPS), and Secure Web Gateway (SWG), always current. And by constantly hunting the network for the symptoms indicative of malware and network attacks, Cato MDR often identities threats missed by legacy, anti-malware systems. "Guest computers were brought into our office and connected to the Guest Internet, which is not connected to the company domain. Cato MDR notified us that they were infected with anti-malware even though they were running Windows 10 with active antivirus." "We were pleasantly surprised with Cato MDR," he says, "Guest computers were brought into our office and connected to the Guest Internet, which is not connected to the company domain. Cato MDR notified us that they were infected with anti-malware even though they were running Windows 10 with active antivirus." Cato MDR also flagged unknown devices on the network. In short, "MDR has changed how we look at security," says Carlson. "Right now, we're optimizing security, antivirus, pattern control, and everything more thoroughly than we have ever done before, basically because of MDR. Cato MDR has been more impactful than I ever thought imaginable." Cato: Restoring Control to IT   Hoyer might have gone out looking for a more consistent, more secure network, but in the end, Hoyer gained far more than just better technology. "I believe the biggest thing by moving to Cato compared to what we had before is that I feel that we are in control," says Carlson. "Yes, we've seen increased productivity. It's easier for people to connect globally because of Cato. But for IT, it's all about the management. The more you can manage yourself, the better."
Read customer story Search
Komax Drives Innovation, Cloud Connectivity, and Mobile Collaboration with Cato

Manufacturing

Komax Drives Innovation, Cloud Connectivity, and Mobile Collaboration with Cato
Komax Drives Innovation, Cloud Connectivity, and Mobile Collaboration with Cato The Challenge: Agile Cloud and Mobile Connections Innovative companies need innovative IT solutions to help them collaborate and bring new products to market fast. These include fast, agile connectivity to cloud services and a collaborative mobile workforce. Rigid legacy WAN solutions such as MPLS cannot offer the network flexibility and speed that are vital to innovative success. Komax, a world market leader and innovator in wire processing solutions¬—everything from wire strippers to complex harnesses for automobile electronic wiring systems—knew this all too well. “We are the market and innovation leader in our industry,” says Tobias Rölz, Executive Vice President, Market and Digital Services for Komax. When Komax started a major digital transformation three years ago, Rölz knew the company would have to transform IT. “We analyzed our systems and data and started moving into the cloud, introducing Office 365 for collaboration, Salesforce for CRM, and cloud-based SAP for ERP.” Komax had transitioned from MPLS to SD-WAN six years before that. Unfortunately, the appliance-based SD-WAN solution it deployed as an alternative proved too complex and rigid. “The SD-WAN appliances we had at 35 of our sites were a nightmare,” says Daniel Sollberger, Komax’s Lead, Global based IT Infrastructure, “including the first and second level support from the provider. We felt we needed to get away from all that complex hardware and move towards SASE (Secure Access Service Edge).” “Strategic fit was important,” says Rölz. “We wanted a solution from a company thinking one or two steps ahead of the others that would reduce the operational costs of our network. IT value should come from offering services that improve the quality and productivity of our company, not operating a server or network appliance.” Komax Investigates SASE, Chooses Cato Komax had heard about Cato through Gartner. “Cato Networks was one of the first vendors identified in Gartner’s SASE research,” says Sullberger. The team looked into Cato and liked what they found. “We were impressed by Cato’s thinking. They were really thinking one or two steps ahead of others,” says Rölz, “Cato was moving the network and security into the cloud, which completely fits our vision for more or less a serverless office in a few years from now.” Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next generation firewall, and IPS. Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 60 globally dispersed points of presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features and improving remote access performance. Rölz and Sollberger found moving away from installing and managing SD-WAN appliances very appealing. “We liked that all the interconnected PoPs in the Cato cloud meant we could stop depending on our local on-premises SD-WAN equipment,” says Sollberger. COVID-19 hit just as Komax started rolling out Cato to its 35 locations. “Cato reacted very quickly,” says Rölz. “With Cato, we could move people out from our offices to their home offices fast without a single interruption, ensuring the same security level, performance—the same feel—working from home as at the office,” says Rölz. “That rollout demonstrated the agility and flexibility Cato and its cloud connectivity and security would give us.” Komax also rolled out Cato to the 35 locations that formerly held all that complex SD-WAN equipment. “Even in locations where we had no IT at all, the general manager was able to install the Cato socket quickly and have the network up and running in minutes,” says Rölz. “Cato’s first and second level support is great at helping internal customers directly,” adds Sollberger. Agility, Performance, Security, Cost The result was reduced operational costs and improved agility, flexibility, performance, and security. “When you move into the cloud you need to be agile and flexible,” says Rölz. “Moving security and intelligence to the cloud gave us that agility and helped us reduce our operational costs significantly. Operations are handled by the Cato very smoothly.” Security was another benefit. As Komax moved its employees to their home offices, it saw a significant increase in attacks. “We can see that Cato has been reacting very strongly to protect our network,” says Rölz. Cato’s support has also been a relief. “Cato is able to support our issues in all our locations 24 hours a day,” says Sollberger, “This lets us focus on more important goals, such as helping our customers achieve better quality and operations.” Setting up new sites on Cato is quick and easy. “We can set up new sites and VPN users in minutes or hours,” says Rölz, “and Cato’s agility is helping us adjust the network, bandwidth, and traffic prioritization easily as we migrate step-by-step to the cloud. With Cato, we can even address traffic in the specific country where the cloud solution sits,” says Sollberger, “and it’s easy to increase capacity bandwidth in each site to scale. This helps us improve performance and response times and makes the cloud service much better to use.” Rölz feels that Cato is very in tune to Komax’s needs. “They really listen to us, consider our needs, and adapt to them. It’s a real partnership.” “I’m convinced Cato’s architecture is the future of the WAN,” says Sollberger. “It’s great to be part of it.”  
Read customer story Search
Accounting Firm Boosts WAN Reliability, and Security, Cuts Costs with Cato

Financial Services

Accounting Firm Boosts WAN Reliability, and Security, Cuts Costs with Cato
Accounting Firm Boosts WAN Reliability, and Security, Cuts Costs with Cato The Challenge: Reliable, Secure Office Connectivity Few organizations are as deadline driven as accounting firms, especially during tax season and around other tax milestones. They need fast, reliable networks connecting office locations with cloud applications, mobile staff, and each other to get their clients’ work done on time every time. At a time when most accounting applications have moved to the cloud, MPLS just doesn’t make it as a WAN solution anymore. It’s too rigid, expensive, cloud unfriendly, and in the case of a major North American accounting firm, unreliable. The firm had connected 34 of its offices via MPLS. Security at each location was provided by firewall/IPS appliances, but they were used mainly for direct Internet access (DIA). “MPLS went down enough times that users became accustomed to firing up their mobile VPN clients for communication even though they were inside the office,” says the firm’s Senior Network Engineer. “When an interruption happened close to April 15 it was really disruptive, and disruptions cost money.” “MPLS went down enough times that users became accustomed to firing up their mobile VPN client for communication even though they were inside the office,” As corporate accounting applications moved to the cloud, more and more of the firm’s traffic became cloud based. “We had to go over the Internet for the cloud traffic, so it was getting to where nobody really liked MPLS,” says the network engineer. “The only reason we kept it as long as we did was for contractual agreements and QOS for voice and video.” Until recently, the firm relied on on-premises VoIP from a well-known provider. However, when it moved to a major voice and videoconferencing cloud provider, MPLS looked even more obsolete. “At that point it became clear: Why use a slow, expensive, less reliable circuit when you could get faster, more reliable circuits a whole lot cheaper?” The network engineer had heard “rumblings” about SD-WAN but didn’t know much about it and assumed the technology needed time to mature. When voice and video moved to the cloud, he decided to take a good look. “My feeling was that there is no such thing as genuine QOS over the Internet. I was looking for a platform that would handle QOS as best as it could be handled.” Firm Looks at SD-WAN Alternatives, Falls in Love with Cato The firm went to its VARs and other partners for advice. One recommended another cloud SD-WAN provider and one recommended the Cato SASE platform. “He said, ‘Knowing your company like I do I think Cato would be a great match,’” says the network engineer. More people seemed to know about the other provider so he decided to try them first. “We wanted a solution that was simple, configurable, secure, and that offered some type of QOS,” says the network engineer. The firm set up units in the datacenter and two locations and ran file copy jobs to see how fast and consistent the performance would be. It also tried various ways to “break” the network to see how easy it would be to use the management software to find the source of the problem. It wasn’t pretty. “The other vendor’s software was too complex, with too many dials,” says the network engineer. “They also pointed us to either our existing security platform or another vendor for security. We didn’t like that.” Their partner security vendor’s interface was also complex. “Both were the types of GUIs you would have a lot of trouble with if you didn’t use them every single day.” The company decided to run Cato through the same tests. It set up Cato Sockets at the datacenter and the same locations as it had with the other vendor. Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next generation firewall, and IPS. Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 60 globally dispersed points of presence (PoPs). At the local PoP, Cato provides an on-ramp to its global backbone and security services. The backbone is an affordable MPLS alternative, not only privately managed for zero packet loss and five 9’s uptime but also equipped with WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features and improving remote access performance. “We got pretty far with the first Cato installation without any help, and the few questions I had were answered quickly,” says the network engineer. “When it came to the other two locations, we didn’t even have to call Cato. It was so easy compared to the other vendor solution, which required a lot of tweaking. That’s when we started to fall in love with Cato.” Compared to the other solution, the Cato file copy tests were much more reliable. “The consistency was amazing, almost like a flat line,” says the network engineer. “It really made Cato look good.” Cato’s management GUI was also much easier to use. “Cato didn’t have all the dials the other one and its security partner had, but it had all the controls that mattered,” says the network engineer. “And it was really simple, without all that distracting configuration to worry about.” He showed Cato to his risk and compliance team and they really liked Cato’s interface and capabilities too. “Setting up the network, firewall and other rules was really intuitive. And I love how I can go into the Cato portal, make some changes and watch them take effect in real time.” Compared to the other solution, the Cato file copy tests were more reliable. “The consistency was amazing, almost like a flat line,” says the network engineer.  The network engineer was especially impressed with Cato’s event discovery feature. “Whoever designed that should get a raise. That’s the detail we’re after,” he said. The firm also sent Cato some service tickets. In most cases Cato called back within five minutes It became clear that Cato would enable the firm to rid itself of both MPLS and its current related security infrastructure.   [caption id="attachment_13995" align="alignnone" width="1920"] With Event Discovery, customers can identify root cause in minutes by easily querying their routing, security, connectivity, and system event data.[/caption] Easy Rollout, Lots of Reliability and Savings The firm rolled out Cato to all the other locations that had had MPLS. “The deployment was so easy that in most cases the local receptionist was able to install the socket with a little help from a how-to with pictures we prepared in Microsoft Word,” says the network engineer. “We would get on the phone with them and just say, ‘do step one, now do step two, etc.’ In many cases it took five minutes.” “The deployment was so easy that in most cases the local receptionist was able to install the socket with a little help from a how-to with pictures we prepared in Microsoft Word. The firm installed a high availability configuration in the datacenter and didn’t have to consult Cato at all. An issue with a vSocket for Azure was fixed in time. “Every company and install will have a few problems, but Cato really took ownership of that one and kept us informed until it was resolved.” The firm is also looking at using Cato’s mobile VPN capabilities down the road. “We love that Cato would give us IPS at the PC level, all tied into the Cato portal,” says the network engineer. “We could manage our offices and end users from one location. Why give the money to our current provider?” Cato was also inexpensive compared to MPLS, particularly compared to upgrading and managing all the current routers and security appliances at the company’s locations. “We were going to have to upgrade all those appliances soon and now we don’t have to buy all that new hardware and licensing,” says the network engineer. Cato was also more reliable. “We’ve had six or eight of those appliances die on us and it seemed it was just a matter of time before the others died too,” says the network engineer. “Why bother keeping them when Cato could do all that for us?” It was great to be able to get rid of all that hardware. “Now that we didn’t have to do all that complex routing we could even buy switches at a lower license level, saving us $1,000 per local switch.” Cato was also more secure. “With MPLS we had almost no office-to-office security. An internal security audit concluded we needed to improve that and since everything now goes through the Cato cloud we have.” The network engineer also finds the way rules are configured in Cato inherently more secure than that of his previous appliances. “With Cato you start by denying all traffic and then you build exceptions. With our previous solution it was the opposite, so sometimes we allowed traffic we didn’t mean to allow.” In all the switch to Cato has been a great success. Says the network engineer, “It saved us money, it simplified our network, it made things faster and more reliable, and it gave us a lot of network insight.”
Read customer story Search
Low & Bonar Replace Global MPLS with Cato SASE Service from IPknowledge

Manufacturing

Low & Bonar Replace Global MPLS with Cato SASE Service from IPknowledge
Low & Bonar Replace Global MPLS with Cato SASE Service from IPknowledge From traditional WAN to global network in the Cloud Organizations are constantly on the move. But to be agile, having a flexible network infrastructure is crucial. This certainly applies to organizations such as Low & Bonar, who have international offices and do business all over the world. Mergers and acquisitions have completely changed the business environment within a few years and have created challenges in the areas of costs, management, and digital performance. International WAN Challenges Was it wise to continue the relationship with the telecom company, which was chosen in 2013? With this question, the preparation of a quotation request to several suppliers started in 2018. One thing was certain, namely that the world of international infrastructures had completely changed. It had to be done better, faster and above all cheaper. Due to acquisitions from the past, the L&B IT infrastructure contained a relatively large number of different systems and applications, which resulted in a high management burden. Low & Bonar uses, amongst other things, an Oracle (JD Edwards) ERP system that is hosted on centralized servers in Arnhem. The Intex ERP system is also used for specific business processes (weaving industry). SAP ERP is also used. Other important business applications are also hosted in the central data center in Arnhem. In addition, its own IT department was too dependent on the current supplier. “Creating new locations or change requests did not always go smoothly,” is how Paul Visscher, Head of Infrastructure and Security at Low & Bonar, puts it. The performance of the international network was also very different between the countries. For example, in China, the data first passes through a firewall controlled by the Chinese state. A dedicated bandwidth was needed here anyway, but later it turned out there was an even better alternative. Making choices for the right solution It soon became clear that this time it was not about simply renewing the MPLS network of the telecom provider. Partly due to the new possibilities of SD-WAN technology, there suddenly appeared to be many options. MPLS, Internet and even wireless (4G) connections in combination with various SD-WAN technologies. For Paul Visscher there was something else that was important, namely the ‘co-managed’ model offered by IPknowledge and Cato. As a result, the control and direction of the WAN came primarily by himself and, without management costs. “As a result, I literally have flexibility and scalability in control, which is better for us than a fully managed environment of a traditional CSP, Communication Service Provider or Telco,” he explains…. Read the complete case study to learn more about Low & Bonar’s experience and lessons learned while deploying Cato and working with IPknowledge. Available in Dutch here.
Read customer story Search
Global Food Supplier Uses Cato Cloud to Ensure Global Performance, Security and High Availability

Food

Global Food Supplier Uses Cato Cloud to Ensure Global Performance, Security and High Availability
Global Food Supplier Uses Cato Cloud to Ensure Global Performance, Security and High Availability The Challenge: Improve Network Security and Availability Without Compromising Performance or Agility Manufacturers know all too well the pains of relying heavily on global VPNs. They might be more cost-effective than MPLS, but performance is very unpredictable, and setting up numerous VPN connections, is too time consuming. And none of that touches on the problem of providing local security. These were precisely the challenges facing Global Food Supplier. The company, which asked to be anonymous, develops and delivers healthy feed solutions for fish. It operates 31 manufacturing facilities and offices across Europe and the UK, in Central and South America, Tasmania, and now in China. Prior to coming to Cato, the company ran its own network, connecting locations primarily via a VPN between on-site firewall appliances. Some MPLS links were used to connect several sites. As the company matured, it grew through acquisitions, and with that came the need to update its connectivity and security options. The impending expiration of many of the sites’ license-support for the firewalls drove the company to reassess its security approach. The existing firewalls lacked the capacity to meet the company’s needs and would have required massive upgrades. Otherwise, the company would have had to disable critical services, such as virus scanning and SSL traffic scanning. The company knew it needed to enable advanced security globally, but the cost to do so with firewall appliances was very high. Availability was another critical concern. High availability was only set up in offices in a few countries, leaving the remaining locations exposed with single points of failure. What’s more, the company had little visibility into the network’s operations. If users had performance issues, or worse, the site experienced a network failure, the IT team lacked the insight to know what was going wrong. And as more applications began moving into the cloud, the company needed additional solutions for WAN optimization, and to reduce latency for applications such as SharePoint, team collaboration, email and M3 (ERP). Cato’s SASE Platform Provides Significant Advantages The company’s IT team made the pitch to executive management: standardize on Cato Networks’ global solution to benefit from several advantages. First, every site would be configured for high availability by installing redundant, cost-effective Cato Sockets, Cato’s edge SD-WAN appliances. Second, advanced security is fully converged into Cato’s SASE platform. The company’s network would be continuously monitored and scanned to detect suspicious traffic. Global performance was also key. Cato includes WAN optimization in its global private backbone. By contrast, the existing VPN offered very poor performance in several countries, especially China, Costa Rica, Chile and Ecuador, due to its dependence on the public Internet. This made access to global systems like Office 365 and M3 almost useless. Network visibility was another advantage offered by Cato. The company would now have deep insight into the performance of all last mile connections. Cato provides real-time and historical graphs for throughput, latency, jitter, and packet loss. The company would also have centralized management 24x7 support and monitoring. Finally, there were the cost savings of going with Cato. With Cato’s global private backbone, the company would be able to eliminate all MPLS circuits. And with Cato running security in the cloud, the company would avoid hardware upgrades of its legacy firewalls. How Going with Cato Led to Consistent Performance and Security Worldwide The company wanted a single global solution that could connect and secure all offices and production facilities in a consistent manner. Also, the company lacked internal expertise to support this network, so an external technology partner was needed to make configuration changes and keep the network running. “We had some discussions about going with a global MPLS solution, but we knew we would always end up somehow with more than one supplier and multiple points of contact because of all the countries we are in.” “We had some discussions about going with a global MPLS solution,” says