Fiskars Group Boosts Business Agility and Security with Cato SASE Fiskars Group Needed a Network Overhaul Moving at the speed of 21st century business requires a fast, agile, secure WAN that is easy to deploy and manage. Unfortunately, before the Fiskars Group adopted Cato SASE, its WAN had none of those qualities. “Our network was an old-fashioned mess,” says Jesper Hjørland, Service Manager for Network and Connectivity at the Fiskars Group. “We had both MPLS and Internet connections with multiple security solutions from different providers in different locations.  We often had three or four different devices on each site. Deployment and management of all those solutions was very challenging and time consuming.” The time it took just to open a new location was far too slow for the company’s business needs. “Our leadership felt it was critical to be fast and agile to meet the rapidly changing needs of our customers,” says Hjørland. “Before Cato, that simply was not possible,”. Once Fiskars Group had to move a warehouse in Sydney to another location. “It took us four months just to get a new MPLS connection, delaying the move and worrying our management quite a bit,” says Hjørland. After that stressful move, Hjørland knew it was time to find a better, more simple, flexible WAN solution. “We knew we needed the same WAN and security solution in every location, whether it was a small shop or a large factory,” says Hjørland. Fiskars Group Evaluates SD-WAN and SASE, Chooses Cato Hjørland’s needs naturally took him in the direction of SD-WAN and SASE. “We looked at a lot of SD-WAN and SASE solutions, but Cato’s was the only one that allowed us to use the same solution everywhere,” says Hjørland. “It was also the simplest to deploy and manage and much more flexible than the other SD-WAN solutions we evaluated.” Cato’s management interface looked so simple at first that many of Fiskars Group’s network staff thought it wasn’t capable. “They were really nervous,” says Hjørland. “‘It’s too simple,’ they said. ‘It probably can’t do much.’ It turned out we could do much, much more with the Cato interface than ever before, including things that a lot of network people don’t even understand completely. Yet the interface is so easy even the less experienced network staff can work with it.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast, global private backbone. The Cato Socket, Cato’s edge SD-WAN device, extends the Cato SASE Cloud to locations, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, the Cato Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. Aside from the management interface and Cato’s security features, Hjørland liked Cato support. “Cato’s people were always helpful, going over and above to ease our implementation,” says Hjørland. “They had great suggestions to help us use the solution to its full potential for our business and gladly answered all our questions, no matter how stupid, to ensure we understood exactly what we needed to do.” Fiskars Group Gets the Speed and Agility it Needs Deployment of the Cato solution to the Fiskars Groups locations has been very quick and easy. “We changed our supplier in the middle of the implementation and, though they had never heard of nor had any experience with Cato, they were able to do their first deployment in under two hours with minimal Cato support.” Cato SASE has sped up the deployment of moves and new locations dramatically. “We roll out new shops very quickly now,” says Hjørland. “We can just send them a Cato box and explain to store personnel with no network experience how to plug it in and get the service up and running.” Aside from fast deployment, Hjørland likes that every location large and small has the same robust layer of security. “That consistency was something we sorely lacked in the past.” However, agility and simplicity are the main business benefits. “With Cato we’re removing three to four different devices on a site and replacing them with a simple Cato box.” Fiskars Group has started using the Cato mobile VPN in Europe and will soon roll it out in Asia as well. As for cost, Hjørland finds Cato to be very competitive. “The Cato solution has saved us money compared to our previous WAN infrastructure, and that’s not even counting all the additional time and money we spent on consulting services before just to keep everything up and running. There’s definitely a huge cost savings there.” Hjørland most appreciates that Cato has made his job easier. “Thanks to Cato, I can stand by my promises and feel comfortable we can deliver on the company’s business needs quickly, efficiently, and securely.”

Topcon Achieves a Fast, Secure Global WAN with Cato The Challenge: A Single, Fast Global WAN Proved Challenging with MPLS Global enterprises often struggle to provide consistent WAN performance and security across all their locations. MPLS is very expensive or unavailable in some remote regions and VPN alternatives can be slow and unreliable. Topcon Corp knew this problem only too well.Topcon is based in Tokyo, Japan with offices spread across the Americas, Middle East, Africa, Asia Pacific, and China. With expertise in advanced technology and global business development, the company provides global solutions to meet societal challenges in healthcare, agriculture, and infrastructure. Some of these include technologies that automate the operation of agricultural equipment and harness digital sensors to manage the growth of agricultural crops. “Seventy-seven percent of our sales come from overseas and nearly 80% of our employees are not Japanese,” says Takashi Nakajima, Head of the Digital Transformation (DX) Promotion Division and Chief of Business Operations. Topcon was struggling to provide fast, secure connectivity to its offices in China. Most of its other locations took advantage of fast MPLS connections, but China’s offices had slower connections that were often problematic. “We started seeing the limitations of MPLS for worldwide deployment and started looking for a next generation network we could deploy everywhere,” says Nakajima. “We needed a simple, fast, secure solution for regions in Asia where MPLS hadn’t yet been established.” Topcon Searches for a Global WAN Solution, Chooses Cato GlobalDots, a global cloud solutions provider, introduced Nakajima to the Cato solution and he was immediately impressed. “I had already been working with a local SD-WAN deployment in my previous job, so I was familiar with the technology. I liked that the Cato SASE could give us the fast connectivity in China and other parts of Asia that we needed while also keeping our communications secure and allowing us to monitor everything properly.”Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS.Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance, which links automatically to the nearest of Cato’s more than 75 globally dispersed Points of Presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and five nine’s uptime; it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features, improving remote access performance.Nakajima was sold on Cato, but convincing internal management was another story. “We had a lot of conversations in which I had to explain Cato and SD-WAN to management and field staff and assure them that I couldn’t find anything else with all the built-in security and monitoring that Cato had,” says Nakajima. “I made those features the big selling points and got it though the internal approval process.” Fast, Secure WAN and Remote Access Worldwide Implementing the Cato solution was quick and smooth, thanks to Cato’s simple socket appliances and help from GlobalDots. “They did most of the work,” says Nakajima. “As long as there was an Internet connection in our Asian offices, GlobalDots could handle just about everything else remotely. We also replaced our remote access service with Cato’s for about 600 employees, starting with smart phones. It took a little education to get them started but it was pretty smooth.” Staff PC’s will come next.Performance in China and other regions without MPLS has been fast, but its Cato’s simplicity that has really impressed Nakajima.“Cato’s biggest benefit from my point of view is that the network operators no longer need any specialized knowledge,” says Nakajima. “We have a small network staff, and they have to look after the internal network, the Asian network, and our domestic WAN. Now they don’t have to deal with all those version upgrades, security patches, outages, and support issues. Aside from the time and resources saved, there are no more of the human configuration errors we used to have.”Nakajima is also impressed with how easy and quick bandwidth upgrades are with Cato. “We’ve been moving to cloud services such as AWS and Azure, and in the initial design phase we can invest in the minimum bandwidth we need. Then we can quickly ramp up the bandwidth with Cato when we need it.” Topcon had a WAN connection in the U.S. that was impacted by wildfires, requiring a quick replacement, which came easily with Cato SASE. “Normally we would have had to run another MPLS line, which would have taken a long time, but with Cato we were able to recover immediately with nothing more than a contract change,” says Nakajima. “It’s so great for our business when we can do these kinds of things so fast.”Nakajima also saw the true value of Cato’s remote access service when Covid hit. “Basically, nothing happened,” said Nakajima. “Cato’s remote access was already deployed for our workers so there wasn’t much to do. And since nothing happened, management was amazed when they started reading about all the problems other companies were having giving their employees the capability to work from home.”Overall, the Cato SASE solution has been a big success for Topcon. “We were able to provide a fast connection and secure environment for our employees, even when Covid hit and they had to work from home, “says Nakajima.“ The Wi-Fi networks users had at home were not very secure after all, but it didn’t matter with Cato’s security services. Management has been happy with how quickly we can set up Cato at new locations and how well work-from-home went during Covid.”As for the future, Nakajima plans to use Cato to create a business continuity/disaster recovery plan that will fail over from AWS to Azure or vice versa. “I’m trying to create a structure where if one cloud service goes down the network won’t be cut off,” says Nakajima. “I would recommend Cato most of all for its flexibility,” says Nakajima. “It’s so easy. Jut try it out and see if it works for you. We started with our overseas WAN, expanded to remote access and now we’re moving on to other locations. We really haven’t had any major issues.” Background With expertise in advanced technology and global business development, Topcon Corp provides global solutions to meet societal challenges in healthcare, agriculture, and infrastructure. Solutions include agricultural equipment automation and agricultural crop management using digital sensors. Topcon is based in Tokyo, Japan with offices in the Americas, Middle East, Africa, and Asia Pacific. Before Cato, Topcon relied on MPLS connections where they were available and VPN connections where they were not, with firewall appliances at each location and a VPN service for remote access.

PlayPower Taps Cato to Streamline its Global Network, Boost Business Agility, and Improve Security The Challenge: M&A Complexity Organizations growing via mergers and acquisitions (M&A) often end up with a complex mix of service provider and point solutions that create significant IT operational and performance challenges. Rationalizing diverse infrastructure not only simplifies the network, it makes the business more agile and responsive. PlayPower, a leading manufacturer of premier commercial recreational equipment, is a case in point. Through a series of mergers and acquisitions, PlayPower found itself with a mix of MPLS services and Internet-based VPNs connecting its 15 sites. The complexity and diversity of the network created a host of operational challenges that Alfred Sobrinho, Vice President of Information Technology at PlayPower, knew could only be eliminated through network simplification. With so many different types of services and equipment, running the PlayPower’s complex network was incredibly time consuming. “Like most mid-sized companies, we don’t have a huge staff of CCIEs,” says Sobrinho. “We needed a network that was easier to administer and run.” Several of PlayPower’s locations lay outside of its MPLS provider’s network, leading to delays and service issues. “In some rural locations, it could take a long time to get a new site on board with MPLS,” says Sobrinho. “There might only be one or two telcos to choose from.” Once sites were connected, the backbone often proved unstable, causing problems for users trying to connect to applications and share resources. “Even IT staff had difficulty connecting to other locations,” says Sobrinho. “The thought of someone in Pennsylvania providing helpdesk services to users in California was basically out of the question, as it meant crossing two or three networks.” Maintaining the company’s security infrastructure also proved challenging. As with many companies, PlayPower had an on-premises SIEM system that needed continuous monitoring and updates. “We didn’t have the resources to have someone sit there all day, monitor security events and rule out false positives,” says Sobrinho. “It made sense to give that function to someone who does this for a living,” he says. Sobrinho decided he had to create a single unified network that made all services and assets available to everyone. “We wanted to locate services where they were needed, without any bandwidth or other network constraints,” he says, “and we wanted to provide services across all of our different brands and business units with a single IT team.” PlayPower Evaluates the SD-WAN Market, Selects Cato Sobrinho began looking into SD-WAN, reaching out for help to Ralph Lewis, CEO at Cumulus Telecom and trusted advisor on infrastructure issues to PlayPower. “We looked at ease of use and price/performance ratios. It was particularly important that the proposed SD-WAN solution work in-line with our current firewalls,” says Sobrinho. “A forklift upgrade was out of the question.” Together, Lewis and Sobrinho vetted all of the major SD-WAN providers, “but Cato looked really good,” says Sobrinho. Cato connects all enterprise network resources—including branch locations, the mobile workforce, and physical and cloud datacenters—into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic. “I was going to schedule our next vendor interview,” says Lewis, “when the team said ‘Stop scheduling! You just showed us what we’re looking for." After evaluating Cato, PlayPower implemented a proof of concept (POC) in an office it was looking to move to a different location. The results were so positive that they chose to replace their firewall appliances with Cato Security as a Service. “By the time the POC was over, we were no longer considering our own firewalls,” says Sobrinho. “We were ready to return the router for the new location because they were going to use the Cato Socket to do the routing,” says Lewis. As PlayPower rolled Cato out to the other sites, Sobrinho decommissioned MPLS services. Benefits with Cato The move to Cato provided PlayPower with both tangible and intangible benefits. With Cato, PlayPower could replace a hodgepodge of MPLS services and Internet-based VPNs with a single network supporting the entire organization. The IT team could now deliver services everywhere, supporting all the company’s divisions and business units. Cato’s simplicity and cloud architecture yielded significant operational savings. Management and support were mostly handled by Cato, rather than PlayPower’s IT staff. "If you need specialists, such as CCNEs, you need more IT people and a bigger network team to support the same kind of networking capabilities you get with Cato,” says Sobrinho. Cato’s flexibility let PlayPower reduce its network costs. “With Cato, we can use any available last mile provider or service,” says Sobrinho, “which means we can negotiate rates and make providers compete to keep our costs down,” he says. "The Cato Sockets are truly plug and play, so we don’t have to do all that routing and deep network configuration we used to do." Cato gave PlayPower a built-in onramp to the cloud. "Cato's agentless cloud capabilities make integrating leading cloud providers and hosting centers so easy,” says Sobrinho. “You have those connections already without having to configure dedicated IPsec tunnels to the provider.” So positive was the initial foray into SD-WAN that the team decided to expand the relationship. A few months later it became the second customer to go live with Cato Managed Threat Detection Response (MDR) service. With Cato MDR, Cato engineers monitor the network for key security events, alerting the customers only as needed. "Rather than having a bunch of warm bodies sifting through the traffic, Cato uses data mining to drill down to the few events that warrant human attention,” says Sobrinho. “I have an analytics and applications background, so that approach makes a lot of sense to me." “Cato’s SOC team reaches out to us with an alert and one of our IT members responds with the appropriate action,” says Sobrinho. “We’ve been very happy with that service.” A Fast Work-from-Home Ramp-up As with many organizations, the spread of Covid 19 forced PlayPower to shift employees to working from home on a large scale. "It meant more than doubling the number of remote workers,” says Sobrinho. Cato made it easy. “With Cato, we didn't have to worry about adding VPN servers,” says Sobrinho. “All it took was a single phone call. Within a day, the extra VPN capabilities were deployed. No need to monkey around with switches, concentrators and cabling.” Cato’s flexible cloud architecture was a great benefit when companies had to adapt to Covid and vacate their physical offices. “PlayPower was able to take the entire workforce across all its sites and business units remote in a day or two with no loss of productivity,” says Sobrinho. “It was remarkable that we did not have to frantically add VPN concentrators or network infrastructure like our peers and competitors who were on legacy networks and took weeks and months to transition to a remote work-from-anywhere business.” Most importantly, the user experience was excellent. “With Cato, our users don't even know they’re connected to a network backbone -- and they shouldn’t have to. They just know they can access all their applications and services seamlessly, says Sobrinho.” The support experience has also been positive. “We’re very happy with the service levels we've been getting Cato,” he says. “We don’t have to tie up IT people to handle a maintenance outage or a hardware or software upgrade to enhance uptime. We spend a lot less time on network administration." Perhaps that greatest benefit: PlayPower can make business decisions without worrying about network limitations. Says Sobrinho, "With Cato, we can tap the right location to provide the right service based on business need, not some artificial network constraint such as bandwidth."

How Redner’s Markets Transformed the Retail Experience by Transforming its Network with Cato Grocers may not be the first industry that comes to mind when one thinks of digital transformation challenges. But between the use of smart shelves, just on time delivery, online ordering and more grocers and retailers in general have relied on digital transformation to stay competitive. The same was true for Redner’s Markets. The Pennsylvania-based grocer relied on technology extensively to keep competitive, but it was technology that was posing a problem for employee-owned, family-run grocery chain. The staff was unable to place clear voice calls across the company’s network. Customer-facing loyalty applications weren’t working. Some of the grocer’s pharmacies couldn’t fax in their orders. Employees complained and customers were kept waiting. All of which was interfering with the company’s business. “We just want to provide quality food to our communities and provide a great and reliable place to work,” said Nick Hidalgo, VP of Information Technology at Redner’s Markets. Redner’s problem was that its network wasn’t keeping up with growth.  The business has grown from its founding with two stores in 1970 to 64 U.S. warehouse markets and convenience stores today. In addition to employee- and customer-facing problems, Redner’s faced difficulties getting its several network systems to work together. The network operations team needed multiple skill sets for multiple providers’ technologies. Delivering policy consistency over various vendor platforms throughout the company was a significant challenge. Disaster recovery was impacted as data replication between sites lagged an hour or two behind real-time. Employees faced complications with two-factor authentication. Hidalgo and his team found that the network problems were largely caused by their security architecture. For the company’s previous firewall to gain sufficient insight, all the company’s traffic had to be first backhauled across the internet to Redner’s Markets’ datacenter. The additional latency imposed by that backhaul was disrupting Redner’s applications and processes. The Platform Offers a Better Way Hidalgo began looking for a solution, defining his requirements and speaking with his incumbent vendors.  Quickly he realized that trying to solve each point problem would lead to integration challenges, longer time to value, and still fail to deliver the visibility into the network that he wanted.   “We turned to our partner Avail, a team of technology procurement and management advisors. They recommended considering a SASE platform and suggested we try Cato,” Hidalgo said, “We took the interview and 45 minutes later were blown away by the solution and ready to sign a PoC.” We took the interview and 45 minutes later were blown away by the solution and ready to sign a PoC.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Cato connects locations with its simple Cato Socket appliance that automatically links to one of Cato’s ~90 Points of Presence (PoP) locations, all interconnected by Cato’s fast, global private backbone. Remote users automatically connect to the nearest PoP using Cato Client and Clientless access, and Cloud resources connect using IPsec tunnels, vSockets, or for large capacity connections, Cato Cloud Interconnect. The Cato Single Pass Cloud Engine (SPACE) software runs in all PoPs, converging multiple network security functions for flow control and segmentation (NGFW), threat prevention (SWG, IPS, NGAM, DNS Security, RBI), application and data protection (CASB, DLP, ZTNA), and threat detection and incident response (XDR and EPP) into a cloud-native software stack. Cato has autonomous systems and processes sustaining the evolution of service capabilities, resiliency, optimal performance, scalability, global reach, and security posture, requiring no additional customer IT involvement.  The Cato platform vastly simplified the Redner’s network, enabling Redner’s to remove the head-end firewall at the corporate data center and disaster recovery site, as well as aggregators that were feeding those firewalls. “Transitioning to Cato allowed us to establish direct traffic paths from the branches, leading to a remarkable 10x performance boost and vastly improved visibility,” Hidalgo said. Redner was able to replace SD-WAN solutions from another vendor. Reducing the number of systems supported eliminated the need for Redner’s IT team to maintain skills on multiple systems. Cato’s policy management tools solved the struggle to maintain uniform policies across the network. “With Cato’s built-in management tools, we set policies, and they apply everywhere. Previously, we set bandwidth priorities and hoped they worked on our three different implementations,” Hidalgo said. He added, “The convergence of security and network in one solution—one pane of glass—was where we wanted to go. Cato provided us with that. Other solutions didn’t make sense.” From User Complaints to User Kudos With Cato SASE Cloud, faxing over the network became reliable and hassle-free. Difficulties with Redner’s customer-facing loyalty application have been resolved. Changes in IT infrastructure are generally not met with cheers from end users. But with Cato deployed, Hidalgo says he’s seen a qualitative difference from users. “We have gotten rave feedback. They see a performance change. They don’t need to know anything besides that. We just deliver what they need.” Cato smoothed over Redner’s multi-factor authentication difficulties. “We rolled Cato out, and within two seconds, someone can authenticate and access the network remotely. They’re just raving about the experience compared with what they had before.” The Cato platform helped resolve Cato’s data recovery concerns, replicating data in real time between sites. And the Cato platform delivered improved voice and video performance with packet loss correction techniques to improve last-mile quality. “We have improved the performance of every application on the network by rolling out Cato,” Hidalgo said. “We don’t hear about network slowness; we don’t hear complaints.” “We have improved the performance of every application on the network by rolling out Cato,” Additionally, Cato XDR made Redner’s team more efficient in remediating security incidents. “Cato XDR is a timesaver for us,” he says. “The XDR cards let us see all the data relating to an incident in one place, which is valuable. Seeing the flow of the attack through the network—the source of the attack, the actions taken, the timeframe, and more—on one page saves a lot of time. If a user has a network issue, I do not have to jump to various point product portals to determine where the application is being blocked.” (For additional information about Redner’s Markets’ experience with Cato XDR see this blog.) “Cato XDR is a timesaver for us,”

From Garage to Grid: How Cato Networks Connects and Secures the TAG Heuer Porsche Formula E Team The IT leadership of TAG Heuer Porsche Formula E Team shares insights about the value of a platform, Cato XDR, Cato DLP, and more. "I'd definitely give Cato the pole position. I can honestly say Cato does a remarkable job making networking and security much, much better." -- Friedemann Kurz, head of IT for Porsche Motorsport. Moving at speeds up to 320 Km/h, sleek, aerodynamic Gen 3 Formula E racecars slice through city circuits, combustion engine roar replaced by the high-pitched whine of arguably the most advanced electric motors in the world. The vibrant, thrilling spectacle that is Formula E is taking center stage yet again as the industry hurdles into Season 10. Last season, Cato was selected to secure and connect the TAG Heuer Porsche Formula E Team with their cloud and on-premises applications and race engineers in Weissach, Germany. This season that relationship has only matured and includes even more Cato capabilities. With a season spent running Cato SASE Cloud, where would the IT team behind the TAG Heuer Porsche Formula E Team place Cato? "I'd definitely give Cato the pole position," says Michael Wokusch, senior IT product manager for Porsche Motorsport. "I can honestly say Cato does a remarkable job making networking and security much, much better." "Depending on your stack, mid-size enterprises easily have two full-time people doing only networking and network security. Or, you can run Cato and have one person handling the network and doing security on the side," he says. Formula-E: The Ultimate IT Challenge Behind the thrilling speeds and split-second race decisions of Formula E lies an enterprise security and networking stress test like no other. There’s the security challenge: An event as high-profile and technology centric as Formula E with a brand like Porsche Motorsport makes for an enticing cyber target. The attack doesn't need to penetrate defenses; disrupting communications with a denial of service (DOS) would be disastrous. But with only one IT person at a race event, TAG Heuer Porsche Formula E Team needed a security platform that was powerful, smart, and simple to operate. Then there’s the logistics challenge. Formula E races (16 events in season 10) happen globally, often in remote regions with limited infrastructure. Shipping lots of equipment isn't an option. "Every kilogram saved on freight saves on costs and reduces emissions," says Friedemann Kurz, Head of IT at Porsche Motorsport. "It's like a race car. The lighter the race car, the more agile it can be. So, too, with IT. The less equipment we ship, the more agile we can be." "It's like a race car. The lighter the race car, the more agile it can be. So, too, with IT. The less equipment we ship, the more agile we can be." Kurz and his team rely heavily on the cloud to reduce local footprint. “Less equipment means lower shipping costs, faster deployment time, and less emissions. Every kilogram we save in shipped equipment saves on carbon emissions," he says. The teams arrive at the location 2-3 days before the event. They only have a few hours to build the race garage and IT infrastructure before the cars arrive. "It's why it's so important to have streamlined IT infrastructure and operation. Onsite at the racetrack is just one person, and that person needs to monitor the deployment, pack it down, and do it all over again," says Kurz. If parts need to be changed, that also needs to happen within those initial hours. All to get the cars on the track to collect as much information as possible so the race engineers can optimize the car software and, more specifically, its energy consumption. "Calculations need to be done in a very short time frame, and a stable network is essential to that goal," says Kurz. "Calculations need to be done in a very short time frame, and a stable network is essential to that goal," Finally, there’s the networking challenge. Race regulations restrict Formula E teams to 50 Mbps Internet connections. Across that narrow connection, the IT department supporting TAG Heuer Porsche Formula E Team had to run application sessions carrying telemetry data during testing, file synchronization between the local NetApp server and the cloud, video sessions for remote race engineers to see what's happening at the track, and voice for communications. Quality of service policies are essential for ensuring applications get the necessary throughput, which is made all the more critical given the Internet connection. The high packet loss and unpredictable public Internet routing limit the connection's throughput. (For example, at 200 milliseconds of latency and 1% packet loss, theoretical TCP throughput would drop to about half a megabit.) "If you're on the other side of the world, well, you can imagine the user experience. It was terrible when we ran over the Internet," says Wokusch. "File synchronization between servers and racetrack alone could occupy the local bandwidth.” Cato Answers the TAG Heuer Porsche Formula E Team Security Challenge To meet those challenges, the IT department behind the TAG Heuer Porsche Formula E Team turned to Cato. At each race event, the team deploys a Cato Socket, Cato's edge SD-WAN device. The half-u Socket is so small it can sit on a shelf. With the Socket and cloud resources, IT travels light. "This season was the first time that we traveled without a server rack,” says Kurz. “Everything we needed is built into our [garage] walling. It's super slim." During season 9, the team ran Cato in hybrid mode, connecting their local equipment to a Cato Socket and a dedicated connection for an IPsec tunnel. After seeing the reliability of Cato, the TAG Heuer Porsche Formula E Team has gone 100 percent Cato. “It's looking good. We are more than happy," says Wokusch. All traffic from the TAG Heuer Porsche Formula E Team is sent through the Cato Socket to the Cato PoP, where networking and security policies are applied, and the traffic is forwarded either across the Cato backbone to the Cato PoP closest to the traffic's destination or onto the Internet. Every Cato PoP runs the Cato Single Pass Cloud Engine (SPACE), the core security engine of Cato, converges multiple network security functions for flow control and segmentation (NGFW), threat prevention (SWG, IPS, NGAM, DNS Security, RBI), application and data protection (CASB, DLP, ZTNA), and threat detection and incident response (XDR and EPP) into a cloud-native software stack. Cato has autonomous systems and processes sustaining the evolution of service capabilities, resiliency, optimal performance, scalability, global reach, and security posture, requiring no additional customer IT involvement. The Cato SASE Cloud built-in multi-segment optimization dramatically improves the throughput of the last-mile connection. "Our applications perform better because our network is better with Cato. The average packet loss is now below 1 percent. With the Internet, 5 percent packet loss was normal," says Wokusch. With Cato’s application analytics, Wokusch could identify the most popular applications and start by optimizing them first. As a result, users are having a much better experience. "Complaints about the network decreased once we deployed Cato,” says Wokusch. "From an IT perspective, we saw the biggest change by far in file transfer, but applications in general are loading faster and are more responsive." "From an IT perspective, we saw the biggest change by far in file transfer, but applications in general are loading faster and are more responsive." Cato Answers the TAG Heuer Porsche Formula E Team Security Challenge Formula E drivers rely on a detailed dashboard of dials and digital readouts embedded in their steering wheels to drive their cars. "Cato is the steering wheel for our infrastructure," says Wokusch. "At a glance on the Cato management console, I can understand everything I need to know to drive my network and security infrastructure." To keep an eye on security threats this season, the team relies on Cato XDR. "The great thing about the Cato XDR dashboard is the visibility to trace events end-to-end," says Wokusch. "Cato already showed us two potential threats and blocked them, threats that would have been missed otherwise by the rest of our security measures. That was excellent." But what most impressed Wokusch was what Cato XDR didn't do. "I'm amazed about the lack of false positives. I haven't seen a single one.” "Cato accurately identified and classified typical Internet security scans as ‘low impact,’ he says. “We also had two events where somebody tried to download a legitimate application from a non-official mirror on the Internet, and, on one occasion, the application contained a bot. Cato immediately recognized it and flagged it for us.” Cato XDR makes security simple for IT pros to work with. "It's super easy to follow up. You don't need to be a security expert to follow the dashboard and stories, so that's cool. And when you need to deep dive into a topic, you can still do it because you have every event stored," he says. "It's super easy to follow up. You don't need to be a security expert to follow the dashboard and stories, so that's cool. And when you need to deep dive into a topic, you can still do it because you have every event stored," Cato Makes Restricting Access Policies Possible and Easy to Implement Intuitive and granular event filtering enables IT to improve security posture by creating precise ZTNA policies. "Now, we can easily generate access policies that open applications to users based on facts and not just on our instinct,” he says. A TAG Heuer Porsche Formula E Team user wanted to run a particular software package. "We looked up the application in the Cato Application Library and got an excellent summary of the compliance and security measures that needed to be taken,” he says. "We could see the application gave users two options for connecting the software client to the backend. One approach is SSL encrypted, which was fine, but a second option allowed the software client to establish an unencrypted connection. If the user makes a mistake and doesn't click the SSL checkbox, they could share credentials in the clear. For us, that would be absolutely a no-go." Wokusch defined a very granular firewall rule that only allowed encrypted transfers. “It was fast. It took us about 10 minutes to see the communications flow and then build the firewall rule,” he says. "With some of the other solutions we’ve seen, it would not have been so easy. We would have had to allow or block the whole service entirely.” Better security doesn't just reduce risk. It also changes the IT posture towards the enterprise. With Cato DLP, for example, Wokusch says IT can be more accommodating and flexible because of Cato's improved controls. "We can say to our users, "Okay, we do have our sanctioned online storage apps, and we prefer to use them, but if you want access to your online storage app, that's fine. I can let them access them and download files knowing that with Cato DLP, I can block any sensitive uploads." Empowering Local Teams Without Compromising Corporate Policies Empowering drivers to make decisions helps them be nimbler and win races. Empowering local IT teams to make their own decisions is no different. With Cato, the TAG Heuer Porsche Formula E Team IT department is more agile and addresses new challenges faster while adhering to Porsche IT policies. "If a router rule needed to be configured, we needed our counterpart in central IT to take that action. With Cato, we can add the firewall rule ourselves. We do more in less time without more people." Another example is remote access. "Previously, we would need to request an official Porsche remote access setup with a Porsche laptop, a PKI card, and the whole end-to-end toolchain. It could take months." Now, we can connect them with Cato and restrict their access to the two applications they need to use, and once they're done, easily remove them." Winning the Formula E Car and IT Race Many sectors may lack the allure of motorsport, but the lessons from Formula E remain. Everyone needs to improve security posture without increasing headcount. Everyone needs a reliable, predictable network for mission-critical data and cloud transformation. Supporting drivers hurtling around a track at heat-stopping speeds may not be every IT team’s call, but that doesn't take away from meeting the demands of executives and users in any business. "Sure, our business might be higher profile than some, but our IT challenges aren't all that different," says Wokusch. "If you're facing anything like we've seen, all I can say is give 'Cato a shot.' You won't regret it." "Sure, our business might be higher profile than some, but our IT challenges aren't all that different," Give 'Cato a shot.' You won't regret it." To see how you can take Cato for a test drive, click here.

Inspiro Boosts VoIP Reliability and Cloud Application Access with Cato SASE Cloud Inspiro Call Centers Struggled with Poor VoIP Performance and Slow Application Access Few functions depend on low latency more than voice and video and few businesses depend on clear voice and fast application access more than customer call centers. Rey Picar, Vice President of IT Service Delivery for Inspiro, a leading customer experience outsourcing firm, knows that only too well. “Voice and data traffic performance are critical to our operations with clients worldwide,” says Picar. Before Cato, Inspiro’s call centers relied entirely on local ISPs and the Internet for voice interactions with customers and access to client customer service applications. Unfortunately, with its unpredictable performance and latency, the Internet couldn’t deliver, which had a direct impact on revenues. “Our staff was often challenged by one-way, garbled, and dropped calls,” says Picar. Even when voice calls went smoothly, accessing client customer service applications was often slow, hampering the ability of call center staff to address customer issues promptly and slashing the number of customer calls agents could handle each day. “Our agents are expected to meet certain volume requirements for our SLA’s,” says Picar. “If they don’t, we suffer financial penalties that affect our revenue directly.” Not to mention dissatisfied clients and their customers. Aside from call quality issues, Inspiro was in the process of moving more applications to the cloud, which meant even more reliance on WAN performance and latency. Picar knew that he had to come up with a faster, more reliable network solution than the public Internet, so he started looking for a replacement. “Our three priorities were low latency, reliability, and cost efficiency,” says Picar. Inspiro Investigates WAN Alternatives, Chooses Cato That’s what led him to Cato. Picar and Ray Segaya, Vice President for IT Service Management, were intrigued by the Cato SASE Cloud approach to SD-WAN and security. The Cato SASE Cloud could provide fast performance and low latency at a cost that was affordable. But there were other pluses as well. “It was clear that the Cato SASE Cloud would improve scalability and speed of deployment,” says Segaya, “and it would help us meet our goal of minimizing the data center’s carbon footprint.” The Cato SASE Cloud platform optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud data centers, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 80+ PoP locations and its fast, global private backbone. The Cato Socket, Cato’s edge SD-WAN device, extends the Cato SASE Cloud to sites, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, the Cato Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Remote Browser Isolation (RBI), Zero Trust Network Access (ZTNA/SDP), and Firewall as a Service (FWaaS) with Advanced Threat Prevention (IPS, Next Generation Anti-malware). It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. Picar and Segaya ran a proof of concept (POC) with the Cato solution and were impressed by the results. Voice quality was much improved, as reflected in the Mean Opinion Scores (MOS) recorded by the team. MOS is a metric used to measure VoIP or digital audio quality, where 1 is the lowest quality and 5 is the highest quality possible. “After deploying Cato, our MOS ranged from 4 to 5,” says Picar. There were other performance gains as well. “Our data transfer rates increased by 30 times,” says Picar, “and our agents saw significant improvement in the speed at which they could access client applications, improving their ability to resolve customer issues quickly.” Deployment of the Cato solution went smoothly, thanks to its ease of use and the skills of the teams from Cato and solution provider KDDI. “Deployment was a great experience for us--very professionally executed by Cato and KDDI from proof of concept to implementation,” says Picar. “Cato’s personnel are very knowledgeable about their product and very patient explaining its benefits and their project plans. They responded to all our questions quickly and accurately.” Serving More Customers Boosts the Bottom Line The results of the deployment matched the POC experience, with high MOS and no complaints from customers or staff. “With Cato there’s been a big improvement in VoIP performance and application access. We have yet to receive any complaints about voice quality issues from our users or operations group.” Cato’s management tools have greatly enhanced Inspiro’s ability to monitor the network as well. In terms of ROI, Picar estimates that Cato is saving Inspiro 20 to 30 percent in telecommunications costs compared to its previous solutions. “What’s more, thanks to better connections and application access, we can meet our service level commitments, which enhance the company’s revenues directly.” No more SLA fines. Cato’s support has been excellent, according to Picar. “Cato competes very well with other vendors in terms of its technical skill set, 24-by-7 support, and, most of all, the continuous improvement of the Cato solution by its research and development group.” Now that its network issues have been solved by Cato, Inspiro aims to implement Cato’s security services as well. “We’re looking to replace our on-premises security technology with the Cato SASE,” he says.

Help at Home Centralizes and Boosts Security, Eliminates Network Outages with Cato SASE Cloud Help At Home Needed a Simpler and More Reliable Network to Serve its Clients Few industries have undergone a faster, more dramatic digital transformation than healthcare. Today about every aspect of patient care depends on timely access to fast, secure systems and networks for the information and collaboration critical to achieving optimum results. Chris Lockery, Chief Information Security Officer and Head of IT Infrastructure for Help at Home, the nation’s largest provider of personal home care services, knows this reality extremely well. Based in Chicago, Help at Home delivers home care for more than 70,000 elderly and disabled clients in 12 states via 63,000 caregivers and 3,000 knowledge workers. “Many of our clients rely on our caregivers just to have a normal day,” says Lockery. “If they can’t call into the office or their caregivers can’t access our networks and systems to schedule appointments, it means a client can’t even get out of bed, take a shower, or have a home-cooked meal. All those day-to-day things most of us take for granted are critical for our clients’ wellbeing.” Until Lockery deployed Cato, the complexity and unreliability of Help at Home’s network made delivering that personal care difficult. “Before Cato, we had more than 40 different telecom carriers across 150 branch offices in 12 states with legacy, on-premises technology that took lots of IT time to support and maintain,” said Lockery. Having to deal with all that billing complexity and maintain all that disjointed, often poorly integrated, legacy equipment often led to outages, which made it challenging for Help at Home to take care of its caregivers and their clients. Lockery said, “In one year, Help at Home had an average of 40 outages per month affecting the phone systems, Internet, or both. Those outages had an impact on both client services and employee morale.” Help At Home’s CISO Evaluates SASE Solutions, Chooses Cato Lockery knew he had to overhaul Help at Home’s infrastructure to deliver a standardized, simplified network that was more secure, reliable, and easy to maintain. “In evaluating alternative network solutions our top three priorities were making sure that our network was always on and available to service clients; that it was secure to protect our clients’ most sensitive information; and that it delivered a good customer support experience,” says Lockery. Immediately Lockery turned to SASE and SD-WAN solutions. Unfortunately, with the notable exception of Cato SASE Cloud, most of the solutions Lockery investigated were anything but simple. “Many of the other vendors claimed to have an all-in-one SASE and SD-WAN solution, but in reality, they strung together multiple different products that had been acquired and not fully integrated. Only Cato delivered a true all-in-one network and security solution.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud data centers, into a secure global, cloud-native service. Connecting a location to Cato is a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 80+ Points of Presence (PoPs) and its fast, global private backbone. The Cato Socket, Cato’s edge SD-WAN device, extends the Cato SASE Cloud to locations, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, Cato Client and Clientless access enables secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security service edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), Remote Browser Isolation (RBI), Zero Trust Network Access (ZTNA/SDP), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. 150 Offices Upgraded in 6 Months Lockery worked with Cato and technology solutions provider Windstream Enterprise to deploy and manage Cato SASE Cloud across all of Help at Home’s branch offices and cloud AWS and Azure datacenter links. His ambitious goals included not just replacing his complex infrastructure with a single SASE but rebuilding the entire network, including cabling, switches, and access points. “With Windstream and Cato’s partnership we were able to deliver that all-in-one solution in all 150 offices in less than six months,” says Lockery. Lockery credits Cato’s support for his smooth, rapid deployment. “One thing I really liked about the support from Cato and Windstream was our direct access to their leadership teams and sponsorship from their CEOs and heads of engineering,” says Lockery. “This allowed them to really tailor the solution to meet our needs and cause minimal disruption to our branch offices during installation.” Cato also invited Lockery to join its customer advisory board. “They show a keen interest in our input and feedback to help them provide a better product,” said Lockery. Unmatched Reliability and Robust Security to Serve Clients Better Almost immediately Lockery noticed the simplicity and robust security and reliability the Cato solution delivered. “It quickly brought our network security and availability up to speed with a firewall, data loss protection, network intrusion prevention, and a cloud access security broker,” says Lockery. “And Cato centralized it all so we could deploy new cybersecurity capabilities and consistent policies across our more than 150 branch offices.” Lockery no longer has to manage all those different legacy on-premises firewalls, switches, and access points. “We now have 24-by-7 monitoring on all our network and security infrastructure, so we are notified immediately of any issues and can respond rapidly.” Perhaps best of all, however, the Cato solution has eliminated outages. “Thanks to Cato, our network is always on and available. You just can’t put a price on that benefit when it comes to serving clients.” Prior to the Cato solution, Lockery was fielding a lot of complaints and “noise” from the branch offices. “The best thing an IT person can hear from the field is quiet,” says Lockery, “and quiet is what we’ve achieved with the Cato SASE solution.” Lockery urges other organizations to consider the Cato solution. “Cato offers flexibility and a level of partnership that I haven’t seen with other vendors,” says Lockery. “Cato SASE gave us an all-in-one network availability and security operations center that removed the unnecessary cost and positioned our network better for next-generation capabilities and rapid growth.” 

AFI Properties Cures ERP Woes Through Network Transformation with Cato SASE Cloud AFI Properties Needed to Speed Up ERP Access Making smart business decisions relies on good business intelligence and that often means an up-to-date ERP system. But keep ERP or any application current is challenging when users can’t gain easy access to the system. Just ask Shira Baum, CIO of Africa Israel (AFI) Properties. AFI Properties is a rapidly growing global real estate firm specializing in income-generating commercial and residential properties. Today, the firm has eight locations spread across in Israel, the Netherlands, and Eastern Europe. When Baum first joined the company, AFI users ran virtual desktops over the Internet to connect with an ERP server in Israel. The VDI solution gave AFI the security it needed but proved unresponsive, frustrating users. In fact, the experience proved so bad that users ended up with two laptops, one for connecting to the ERP server and the other for business productivity needs. “I had to work from home my first week and it took me more than 20 minutes to connect to the ERP system,” says Baum. “I went to the bathroom and came back and needed another 20 minutes to reconnect. I called the infrastructure manager and I said, ‘We can’t go on like this.’” Later Baum found out that most employees didn’t even bother connecting from home because it was too complicated and time-consuming. “They just left their laptops at the office.” To make things worse, each of AFI’s eight locations ran most of their own IT infrastructure. “Each had different networks, security solutions, and servers,” says Baum. Some sites had firewall appliances but configuring and enforcing security polices with them was complex and inconsistent across locations. “Most of our locations had very low security, perhaps some routers with a few rules in the firewall and that’s it,” says Baum. “Some didn’t even have that.” AFI Chooses Cato SASE to Transform the Hybrid Work Experience Baum set about transforming and modernizing AFI Properties’ IT infrastructure with a focus on faster application access. “My goal was to have everyone on the same platform with one desktop, one network, one way to connect to applications, including ERP, and one security methodology.” While security was obviously a major concern, Baum set out to upgrade the network first so employees could at least get their work done. Baum looked at several solutions for office connectivity but was immediately intrigued by the Cato SASE Cloud platform. Not only was Cato a quarter the cost of other solutions and cloud-based, but it would also solve all AFI Properties’ application, network, and security problems at once. “Cato came to me with a single SASE solution for remote access, fast networking, and powerful security for all our sites,” says Baum. “Having the firewall and VPN in the cloud was a great way to give everyone the same security no matter where they were working. I could manage it all from here. All I had to do was give each site a Cato Socket.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud data centers, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 80+ Points of Presence (PoPs) and its fast, global private backbone. The Cato Socket, Cato’s edge SD-WAN device, extends the Cato SASE Cloud to locations, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, Cato Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), Firewall as a Service (FWaaS), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), and Remote Browser Isolation (RBI) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. Easy Installation, Fast ERP Access With Cato, Baum simplified the connection and work environment for employees with proper networking. In the process, she gave them a more responsive, easier to user remote access experience. Today, AFI users can connect to any business application, whether in the data center or the cloud, the same fast way with the same laptop. Baum loves that she can monitor the entire network and security infrastructure on a single pane of glass, and never has to update any software or appliances herself. All of that is handled in the cloud by Cato. She only had to set a few firewall rules, which were easy to deploy globally and update. “I configure a rule, and instantly it’s effective at every site,” she says. Deploying Cato to all AFI Properties’ sites was as easy as promised. “I carried the first Cato Socket appliance to our Krakow server room in a suitcase,” says Baum. “I called Cato, and they told me to plug this in here and plug that in there, and that was it. In just a minute it was working.” When COVID-19 hit and working at home exploded, Baum was ready, thanks to Cato. “I called my Cato account manager and told him we needed everyone on the Cato VPN now and he said, ‘No worries,’” says Baum. “15 minutes later the VPN was on my account. I deployed the VPN and the next day everyone was working from home with their laptops.” Other companies she spoke to didn’t believe that she could get everyone on the Cato VPN so quickly. “It’s amazing how easily remote users can connect to the network and ERP application today compared with the old way,” says Baum. “They tell me how much fun it is just to click and be at the office, no matter where they are,” says Baum. What Baum appreciates the most is the peace of mind the Cato SASE Cloud solution gives her. “I know that my company is secure, that all my sites and users can connect quickly with the same solution, and that every time I need something from Cato, they’ll listen carefully and come through,” says Baum. “Thanks to Cato I can sleep at night.” Her advice for other companies considering Cato to connect multiple sites? “Go for it!”

Devro Boosts Network Visibility and Enhances the Hybrid Work Experience with Cato Devro Investigates Firewall Replacements, Chooses Cato SASE Cloud It was clear that Devro needed to replace its aging firewall appliances, which is why it started working with its technology partner to investigate options, including those from firewall appliance vendors. It soon became evident, however, that there were business benefits to a single solution encompassing firewalls and other functions, such as a secure Web gateway and even SD-WAN connectivity. “Some of our manufacturing plants are in remote locations where connectivity wasn’t always great,” says Cappie. “That is what made Cato’s SASE, SD-WAN solution so appealing. Once we saw what Cato could do for us in terms of SD-WAN, remote access, and security, we started discussing those capabilities with competing vendors.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud data centers, into a secure global, cloud-native service. Connecting a location to Cato is a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast, global private backbone. The Cato Socket, Cato’s edge SD-WAN device, extends the Cato SASE Cloud to locations, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, Cato Client and Clientless access enables secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), Firewall as a Service (FWaaS), Secure Web Gateway (SWG), Data Loss Prevention (DLP), and Remote Browser Isolation (RBI). It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. It soon became apparent that Cato was the only solution that combined so many critical functions under a single SASE and management pane of glass. “Other solutions felt like a bunch of separate pieces bolted together and had too many add-ons and options,” says Cappie. “Cato’s single pane of glass made a big difference for us in simplification, standardization, and troubleshooting across all those functions and using role-based access to divide the management of areas, regions, or subsets of users amongst the team,” Cappie said. Getting support directly from Cato, rather than a third party was also appealing. With Cato’s single sign-on users would no longer have to log onto the VPN every day for remote access or the Web gateway client for Internet access, and IT would get 24/7 visibility across user and remote office systems. “Thanks to Cato we’ve been able to run vulnerability scans, security updates, and policies across all connected systems any time night or day,” said Cappie. Cappie also liked that deployment of the Cato SASE Cloud solution would be seamless and non-disruptive. “It was clear that the other solutions would have required more planned downtime,” says Cappie. “From a business perspective, Cato’s easy deployment was a big selling point.” At Last, Reliability and a Single Pane of Glass Deployment of the Cato solution was easy as promised and Cappie found Cato support responsive--not only for user and IT troubleshooting but adding new features. “There were a number of things we and other customers suggested that ended up in the platform within a matter of months,” says Cappie. “With the other vendors, it would more likely have taken years, if it ever happened.” And Cato was always there to suggest ways to use its solution more effectively. “We leaned heavily on Cato’s professional services team, which was really good at coming back and saying that we’d be better off doing something one way instead of another or trying this other option.” What Cappie likes best about the Cato solution is its ease of management. “The platform interface is well laid out,” says Cappie. “It is so easy to access lots of detailed information, or just the high-level stats if that is all you need. It is great to have that dashboard with the overview showing all your sites online and how many users are connected at any given time and the event screen is incredibly useful. Our old firewall interface seems so archaic in comparison.” And all of Cato’s functions are baked in, rather than bolted on as options. “In terms of being intuitive, Cato’s platform is undeniably the best possible solution,” Added Cappie.  Reliability and performance have been excellent with Cato and user feedback has been overwhelmingly positive. “Users love that once they do that initial sign-on, the VPN is always on and they can just do their work and forget about it,” Cappie said. “Cato’s user experience, easy management, and robust security have come together to make a significant difference for everyone at our company, even at the board level.” “The platform interface is well laid out,” says Brian Cappie. “It’s so easy to access lots of detailed, useful information, or just the high-level stats if that’s all you need.” “Some of our manufacturing plants are in remote locations where connectivity wasn’t always great,” says Brian Cappie. “That is what made Cato’s SASE, SD-WAN solution so appealing. Once we saw what Cato could do for us in terms of SD-WAN, remote access, and security, we started discussing those capabilities with competing vendors.” “Cato’s single pane of glass made a big difference for us in simplification, standardization, and troubleshooting across all those functions and using role-based access to divide the management of areas, regions, or subsets of users amongst the team,” Brian Cappie said.

HIS Group Simplifies and Strengthens Global WAN Security and Connectivity with Cato *Video filmed prior to HIS logo change HIS Group Looks to Simplify Security  Global enterprises with lots of dispersed retail locations often struggle with network and security complexity. Such was the case with HIS Group, a diverse global enterprise that specializes in travel products and operates theme parks, hotels, and other businesses. HIS Group runs 233 retail outlets in 141 cities across 66 countries.   “Our network security architecture was different at our headquarters, overseas subsidiaries, and affiliates, says Mr. Takahashi, Infrastructure Team Leader for HIS’s IT Security Group. “We were concerned that we were not always fully aware of the security status of some of our subsidiaries and affiliates,” adds Mr. Ishitani, Security Team Leader for the IT Security Group.   Ishitani and Takahashi knew they had to find a way fast to get better global visibility and improve their overall security posture. “We needed to integrate all those disparate networks and centralize their security and management,” says Takahashi.   Security was provided primarily by diverse hardware appliances, which required complex management and periodic refreshes. “It took a lot of work to reevaluate equipment every three to five years,” says Takahashi. “We wanted a solution that would relieve us of all those hardware upgrades and manage all our networking and security together under a single architecture” says Takahashi.   “Our business was also diversifying,” says Ishitani, “and each new business had its own networking and security needs. Setting up new locations and responding to those needs was taking too much time.”    Cato Offers Network and Security Consolidation That was when a staff member at one of HIS Group’s overseas locations introduced Takahashi and Ishitani to Cato. “He recommended Cato very highly, so I contacted the company,” says Takahashi. Cato was a brand-new company at the time, which, under normal circumstances would be considered a risk for a large enterprise such as HIS Group, but Takahashi immediately liked what he heard. “I was struck by Cato’s spirit, how well they worked together and with us, and how quickly they responded to our concerns,” says Takahashi. “Immediately I felt a strong sense of trust in Cato’s technical expertise and support.   The Cato solution also had a very high level of functionality and met all of HIS Group’s requirements. “It would vastly simplify our operations because we’d no longer have to monitor and manage all that equipment installed at our locations,” says Ishitani. It didn’t hurt also that the Cato solution had some significant cost advantages compared with the current tangle of networks and security solutions.   Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 70+ Points of Presence (PoPs) and its fast global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last mile links in physical locations, while Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.   Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on premises and in the cloud, protecting users against threats and preventing sensitive data loss.   After a short time working with Cato, Takahashi and Ishitani were sold. “We both felt we could trust Cato’s high level of technological expertise and support and that Cato would be the best choice for HIS Group in the future,” says Takahashi. Convincing upper management took some effort, but “they approved the solution after we showed them that it fulfilled all our security requirements, including Zero Trust, and that updates would happen automatically,” says Ishitani.   Cato Centralizes WAN Security and Management, Boosts Visibility Installing Cato at HIS Groups various locations was quick and easy. “There were some challenges, such as dealing with the laws of various countries overseas,” says Takahashi, “but we were able to clear these without major problems,” says Takahashi. “Domestic expansion was very smooth.” Performance has been excellent, and Takahashi is impressed with Cato’s management console. “Cato has made it much easier for us to visualize all our network traffic, monitor performance, and make necessary changes,” says Takahashi. Three-to five-year hardware refreshes are a thing of the past. “Cato handles periodic feature upgrades, so our network and security solutions don’t become obsolete.” There have been a few instances of PoP failures, but the business impact was negligible, thanks to Cato’s PoP redundancy. And, thanks to Cato’s easy installation and fine-grained management, Takahashi and Ishitani can equip new and acquired locations with the exact network and security functionality they need almost instantly. “Cato has definitely turned out to be the best choice for HIS when it comes to speed and ease of implementation,” says Ishitani. As with most organizations, HIS had to send many of its workers home when Covid-19 hit. “We had already set up remote access for everyone through Cato, so it’s no exaggeration to say there was no impact at all,” says Takahashi. “I truly believe that without Cato our current remote work environment would have been unthinkable.” Overall, Cato has been a great choice. “We’ve developed a strong relationship of trust with Cato, and I’ve been very impressed with their quick response and follow-up when any issues come up,” says Takahahi. “I highly recommend Cato as the best solution for any organization that has a lot of office or retail locations and affiliates with a lot of demanding and complex network and security requirements.” “As the number of ways of working increases, the security risks to the network have increased dramatically,” says Ishitani. “Cato solves all of them in one tool.”

Cato SASE Cloud secures networking of Bank Avera locations and its mobile employees In the name Avera, the Italian words "avere" (to have) and "vera" (real) merge. The name means "to have the real thing". Thus, the bank is characterized by personalized advice, a holistic approach and individually tailored financial solutions. For Bank Avera, it is very important that the locations are well, stably and securely networked. Challenge Bank Avera had previously relied on outsourcing its IT infrastructure. It was an important part of the business strategy to take the reins back into its own hands and run IT services in-house. Important factors for this decision were flexibility, visibility and security across all networks and sites. The systems had to be unified and interconnected. Different variants were evaluated and tested for the networking. Since the system had to run on its own and no infrastructure had to be purchased, the ready-made solution SASE (Secure Access Service Edge) was chosen. The main requirements from Bank Avera's point of view were: Protect Bank Avera's mobile users from threats on all devices. Manage access to all corporate data according to the corporate policies uniformly on one platform Ensure short latency and acceleration of bandwidth at all bank locations Ensure secure Internet access for all Bank Avera branches and for home use Secure and accelerate general access to cloud services Solution Cato’s Secure Access Service Edge (SASE) solution was found to be a global, cloud-native platform that runs a converged software stack to provide an adaptable and secure network service. Cato SASE Cloud's security engines are delivered as part of the cloud service. No additional equipment had to be purchased or configured for Bank Avera's requirements. Cato provides Next Generation Firewall (NGFW), Secure Web Gateway (SWG) with URL filtering, anti-malware service and Intrusion Prevention System (IPS) services. Important aspects were the optimization and encryption of data traffic (WAN) between sites, which are integral parts of the network software stack. The Cato solution uses TCP proxies and quality of services algorithms to maximize the speed of file transfers. Cato Sockets, Cato’s edge SD-WAN device, leverages multiple Internet lines to provide reliable, high-performance access to the globally available Cato SASE Cloud. Traffic can also be routed to third-party devices via IP-sec tunnels. Result: The best solution for all Bank Avera locations. Cato’s solution has significantly contributed to the stability and security of the networked Bank Avera sites and relieves the burden on the systems. Services that were previously outsourced can now be automated in-house. Existing VPN connections were replaced with Cato. Overall, complexity was reduced, uptime increased and processes simplified. The simple integration of the solution made it possible to increase visibility. The IT department can take over the configuration of the arbitrarily scalable solution itself. New users, an increase in bandwidth and additional locations can be easily integrated. The bank integrated the new and better WAN solution within a very short time. In short, the IT management is very satisfied with Cato’s security solution and can guarantee their employees the stability and security of the systems. Success Story Published on 25th November 2021 on https://www.inseya.ch/de/kunden/bank-avera

CloudFactory Boosts Network Scalability, Agility, and Security with Cato Complex Infrastructure Made Meeting Customer SLA’s Difficult Scale and agility are issues for any growing organization. For a company aiming to grow to a million remote workers, those issues are compounded. Just ask CloudFactory.Based in Reading, UK, CloudFactory provides thousands of remote data analysts from developing markets to support its customer organizations’ AI development projects. CloudFactory calls these remote data analysts “cloud workers.”“We started as a small outfit in Nepal about 11 years ago and we’ve moved into 45 different countries with a workforce of over 650 core team members and more than 8,000 cloud workers,” says Kevin Juma, Technology Operations Manager at CloudFactory. “CloudFactory's focus is creating a million jobs. This essentially stems from the different projects and clients that we have and the different programs that we have with our cloud workers to train them and empower them to be better leaders through delivering work for our clients.”With offices on four continents and cloud workers all over the world, CloudFactory found network and security operations challenging at times. Before Cato, CloudFactory maintained individual operating environments at its office locations and its globally dispersed “delivery centers” in Kenya and Nepal, which, until Covid, hosted up to 1,000 contract workers each.“We had to maintain a lot of complex infrastructure, including routers, switches, and firewalls,” says Shayne Green, CloudFactory Head of Security Operations. “That meant configuring VLANs, maintaining MAC filtering lists and network and Web filtering rules, and building in as much redundancy as possible to give our workers the connectivity quality and security necessary to serve our clients.”Juma agrees. “It took a lot of man hours to implement and manage security protections, optimize our network for resiliency, and monitor it all. We often had to deal with ISP outages, equipment failure, and poor security policy implementation. At times these issues would cascade and make it difficult for us to achieve the level of scalability we needed to onboard more cloud workers and deliver meaningful, secure work to our clients.” Those issues also had an impact on the ability of CloudFactory to meet its SLA agreements.CloudFactory started looking for a way to deliver better security, network agility, and scalability for fast growth, while relieving the IT staff of as much of the infrastructure configuration and management load as possible. CloudFactory Turns to SASE, Chooses Cato “Our top priorities at the time were resiliency, operational efficiency, good quality of service, and the security our clients expected from us,” says Juma. Juma and Green started evaluating SD-WAN and SASE solutions. “We wanted to be asset light,” says Green, “and get away from supporting a lot of heavy infrastructure. We needed a dynamic solution that didn’t have to rely on fixed locations and single points of presence, that could scale by leveraging a global network we didn’t have to manage and deliver a high level of security.”Juma and Green were not impressed with the solutions offered by SD-WAN providers. “Most of them were appliance based and required a high level of administration,” says Green. That’s why they turned to SASE.“SASE would allow us to be hands free without any on-premises equipment and we wouldn’t need to invest our time setting up the solution,” says Juma. “We could entrust the vendor to manage our security, networking, and routing capabilities.”Juma and Green contacted Cato and the rest is history. “From day one, it was clear that Cato was passionate about our business, and keen on what we were trying to do,” says Green. “They aligned with our mission and believed they could really help us scale and get there. That was a key reason we decided to engage with them further.”Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast, global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last-mile links in physical locations. At the same time, Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss.A two-week Cato proof of concept with 10 cloud workers in each location and VPN connections to clients and workers was very successful. “There were clear performance gains and the metrics and event data we could collect through Cato were game changing for us,” says Green. “They gave us a level of visibility we never had before, allowing us to see what our workers were connecting to and what they were doing. We had much more peace of mind with Cato’s level of security and visibility.” Support was also excellent. “We had a few small issues early on that Cato resolved very quickly,” says Green.The workers were impressed as well. “We asked the workers using Cato which solution they would choose, Cato or our previous solutions, and 94% chose Cato,” says Green. Smooth Deployment, Unprecedented Agility and Visibility CloudFactory then moved to a full deployment across locations. “The deployment with Cato was seamless,” says Juma. ”Previously, we would spend weeks coming up with routing optimizations, getting up and running, and assuring users of the availability of what we built. Cato took all of that off our hands and now we have turnarounds of five or ten minutes based on Cato’s wide network of PoPs. “Agility and scalability are much improved. “With Cato we have a very dynamic, scalable network where we can onboard new workers in minutes” says Green, “and make sure they operate within the realms we specify. Our team can work from anywhere, managing and monitoring connectivity. If we lose access to a site, we no longer have to connect directly into an appliance. Without all that overhead we can now focus on other areas of the business.”Troubleshooting network issues is vastly simpler. “We used to have entire sleepless nights troubleshooting the network for our clients, with our cloud workers expected to deliver work by the hour,” says Juma. “Now with Cato we just fire a support ticket and Cato is on it. Within 30 minutes to an hour it’s resolved. And we can monitor every single step with Cato’s QOS metrics. We have goggles and eyes we never had before.” Thanks to Cato’s simplicity, Juma has been able to reduce his network team from eight people to five, and they can divert their energy to better things. Security is much better as well. “Cato has enabled us to provide a secure network with more granular security posture implementations,” says Juma. “We’re able to police our users much better than before.” Green agrees. “Cato gives us secure access with encryption, Web filtering, IPS, next-gen anti-malware, and visibility of what our workers are doing, so that our clients can be confident in the quality of the connection coming into them.”Juma and Green also noted the access they had to Cato. “We have a very close relationship with Cato’s account management team,” says Juma. We get a sense that we are always on their mind, that they understand our business, and their solutions are aligned with our needs. They really help us understand how we can maximize the use of Cato and they’re committed to helping us fulfill the Cloud Factory vision.”Ultimately, CloudFactory found in an architecture in Cato SASE Cloud for achieving its corporate goal. “Cato SASE Cloud gives us great scale, great high availability and resilience, and great visibility,” says Green. “And most importantly a platform to achieve a workforce of one million cloud workers, which would've been more challenging had we have managed the solution ourselves.”

Fidal Boosts WAN Performance, Cuts Costs in Half by Switching from MPLS to Cato Fidal Needed an MPLS Replacement Global organizations that rely on MPLS for WAN connectivity find it expensive, rigid, and poorly suited to today’s cloud-enabled, collaborate-anywhere business environment. Fidal, a century-old French law firm with 1,300 lawyers at 90 locations in France and one each in Belgium and Morocco, was no exception. Fidal runs applications both in its own datacenter and in Microsoft Azure.Fidal’s MPLS network was aging and expensive. “Today’s collaborative work technologies require much better performance than we were getting with MPLS,” says James Bonnaventure, Fidal CTO. “We were reaching link saturation, our users were dissatisfied, and security was a big challenge. We really needed to reevaluate our network and find a way to meet these challenges.”Bonnaventure set out to find a WAN solution that would meet the firm’s requirements for performance, security, flexibility, and cloud connectivity. “We wanted a solution that was easily managed centrally, with one or two partners at most,” says Bonnaventure.Initially Bonnaventure considered a mainstream SD-WAN solution but switched his focus to SASE to benefit from centralized management and security. “We consulted with a number of vendors but very few were talking about SASE at the time,” says Bonaventure. He consulted his IT solutions partner, Selceon, and they proposed a Cato solution.“Ultimately we chose to work with Cato because its solution gave us much better centralized management and a security overlay,” says Bonnaventure. Fidal Deploys 90 Sites in a Year with Cato Selceon already had a lot of experience with Cato. “We were the first provider in France to deploy Cato Networks for one of our customers, says Eric Tavidian, Selceon co-founder. “As soon as we saw Cato’s value in terms of network performance, optimization, cost, and speed of deployment, we chose to make it one of the strategic offerings in our portfolio. All the other solutions require managing a lot of boxes on sites, rather than Cato’s intelligent, centralized management via the cloud.”Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 70+ Points of Presence (PoPs) and its fast global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last mile links in physical locations, while Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on premises and in the cloud, protecting users against threats and preventing sensitive data loss.Deployment of Cato was fast and smooth. “We deployed Cato to 90 sites in less than a year, thanks to Selceon and Cato,” says Bonnaventure. “That’s quite an achievement considering we were on Covid-19 lockdown at the time. We basically redid our entire wide area network in a year.”Bonnaventure was impressed with Cato support. “Cato’s team was there for us throughout the entire migration and even developed a feature in Azure for our company that didn’t yet exist. Cato ported the entire network, even our phone network, which now runs through Cato. The next step will be replacing our remote access VPN with Cato.” Cato Pulls it All Together Bonnaventure is very pleased with the results. “Cato allows Fidal to have a homogenous network and security architecture across all its sites and even across our mobile users, who will benefit from all of Cato’s security layers when they get on the Cato VPN. It simplified our network by replacing MPLS with fiber, which cuts our communications costs in half, and will ultimately bring the entire network and network security under a single centralized management solution.”Bonnaventure is thrilled with Cato’s management console. “If there’s a network problem we can just go to the console and analyze the incident much more easily than we could before.” Bonnaventure also loves how quickly he can deploy new sites with Cato. “We can deploy a new site in a few weeks without having to reconfigure everything because the architecture is completely centralized. We just bring the links, deploy the boxes on site, and the new sites benefit immediately from the entire Cato network and security infrastructure.Overall, deploying Cato has benefited Fidal. “Cato’s solutions have enabled us to strengthen our security systems and give our mobile users the same level of security as the data center or Azure.” He considers Cato ahead of its time. “When we chose it over a year ago nobody was talking about SASE. Now, everybody is moving towards SASE and you can see it discussed in all the IT media.”

Waseda University Enables Universal Secure Remote Learning and Digital Transformation with Cato The Challenge: Universal Remote Learning When Covid-19 hit in 2020, many organizations had to put digital transformation projects on hold while they rushed to accommodate remote work. This often meant a quick network transformation and a dramatic change in security posture.Waseda University is a prime example. Located in Tokyo, Waseda University is one of Japan’s top private institutions of academic research and higher learning.“We were planning and implementing next-generation educational infrastructure with a number of digital transformation initiatives in research, education, and university administration. However, when Covid hit IT’s position suddenly changed,” says Hitoshi Kusunoki in Waseda’s Information Planning Department. “As with most universities, classes at Waseda were conducted mostly in person using white boards. If there was a network interruption, it didn’t cause a significant classroom interruption. “Suddenly when classes were all online, the IT infrastructure became absolutely indispensable,” says Kusunoki. “It became clear that all our plans for next generation infrastructure would have to ensure that communication would never drop at all.”Waseda had VPN hardware for remote learning, but it was experiencing “VPN traffic jams” from the increased load according to Yokihiro Koizumi, also from Information Planning.Kusunoki realized he would need a large increase in network capacity to support online classes, which meant a major new network investment. “We had to optimize somewhere to get the performance we needed with the budget we could afford.” Waseda Chooses Cato, Sees Digital Transformation Potential Kusunoki was introduced to Cato by a friend and colleague from GlobalDots, a cloud solutions provider. “Initially I had the impression that Cato was just a VPN alternative for remote work and learning,” says Kusunoki. “As we looked at other Cato options, however, we came to the conclusion that Cato could replace our firewalls and other existing security solutions and go a long way towards optimizing future IT investment.” Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS.Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance, which links automatically to the nearest of Cato’s more than 70 globally dispersed Points of Presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime; it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features, improving remote access performance.Kusunoki started his Cato investment with home online learning. “This gave everyone the chance to use the system and see how user friendly it was,” says Kusunoki. “I think that was a very significant factor in our decision to move forward with more of Cato’s options. We could see that Cato could consolidate and replace our current equipment and be very effective in reducing our network and security costs.”Home learning deployment was smooth, thanks in part to Waseda’s partnership with GlobalDots. “They helped us do the Proof of Concept (POC) and then we were able to implement the system pretty quickly,” says Koizumi,” Upper management was able to use the system during the POC, which helped lead to their approval. Simplicity and Scalability at Low Cost Koizumi was impressed with how quickly the university could ramp up bandwidth using Cato. “If you’re using on-premises hardware, you often have to replace it to upgrade bandwidth, but with Cato there’s no hardware to replace,” says Koizumi. “Cato let me handle bandwidth upgrades almost instantly.” Quick bandwidth upgrades have been very helpful as the university has relied more and more on cloud services during the pandemic. Koizumi sees a future in which regular costly equipment upgrades may be history.Kusunoki was also impressed with how unintrusive Cato’s security services were. “The security solutions we had been using up until then sometimes had a negative impact on user convenience, but Cato’s security services let people work freely and securely wherever they were,” says Kusunoki. “Even people on site liked Cato.” Koizumi feels that Cato’ identity authentication and detailed monitoring capabilities have improved the university’s security posture immensely. “It’s really easy to visualize all the traffic and users on the network,” says Koizumi, “and keep an eye on what users are doing.”Kusunoki looks at Cato as more than a network and security solution, however. “It’s not something just to put in and get comfortable with,” says Kusunoki. “I see Cato SASE as a tool for digital transformation promotion. We can use it to reorganize our entire security portfolio, reduce costs, and bring out the best in our students, professors, and administrators. The ability to work productively and securely anywhere gives a great boost to all our digital transformation initiatives.”Kusunoki strongly urges other universities and organizations to look into the Cato solution. “Seeing is believing. It’s easy to give Cato a try. You can start with remote workers, but however you start, take a good look at it” Background Based in Tokyo, Waseda University is one of top institutions of academic research and higher learning. Prior to Cato, Waseda relied on VPN hardware to enable its approximately 3,000 students, professors, and administrators to work or learn remotely.

The Gnutti Carlo Group Centralizes WAN and Security, Boosts Digital Transformation with Cato M&A Left a Complex Infrastructure Mergers and acquisitions (M&A) can bring a lot of complexity to an organization’s network and security infrastructure. For the Gnutti Carlo Group, a leading global auto component manufacturer with 16 plants in Europe, the Americas, and Asia, that complexity was becoming a barrier to its digital transformation goals and future acquisitions. “In 20 years, our annual revenue grew continuously to more than 700 million Euros, primarily thanks to M&A” says Omar Moser, Group Chief Information Officer for the Gnutti Carlo Group. “Since 2000, we have started with an intensive program of internationalization, performing various acquisitions of companies of our sector and even competitors, each with different network and security architectures and policy engines. It was getting challenging to keep policies aligned across the company and prevent back doors and other threats.” The Group ran several small datacenters across locations for local IT services and took advantage of Microsoft Office 365, Microsoft Azure, and hosted SAP cloud applications. “We had it all: private cloud, public cloud, and on-premises applications,” said Moser. It connected most plant locations via IPsec VPNs. For China, there was a shared MPLS connection between Frankfurt and Shanghai. The company was also going through a major digital transformation. “We’ve been investing heavily in smart manufacturing and artificial intelligence, which we intend to deploy to all our plants,” says Moser. At a certain point, Moser realized that the only way to serve the business effectively was to centralize security policy and interconnection control among all locations and between plants and suppliers. Starting in 2011, he created and started implementing a roadmap for IT infrastructure standardization and governance. “Adopting MPLS across the board was too expensive,” says Moser, “so to standardize, I had to wait for an SD-WAN solution.” The Gnutti Group Investigates SD-WAN and SASE, Chooses Cato Moser investigated a lot of SD-WAN and security solutions, including traditional appliance-based architectures, but wasn’t satisfied with what he saw. “The other solutions couldn’t give us a single package with integrated security, networking, and remote access,” says Moser. “Only Cato could do it all in a single SASE solution.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last-mile links in physical locations. At the same time, Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. “I liked Cato’s large number of global PoPs, which would allow us to enter our SD-WAN through the closest door,” says Moser. He also liked that Cato didn’t lock the company in with a single intercontinental bandwidth provider and could select the best providers for its customers anytime. Moser used a tool his organization provides for choosing technology platforms to decide which solution would meet his company’s needs the best. “We used the tool to compare a few SASE solutions, evaluating features and functionality such as traffic control, monitoring, malware prevention, and intrusion prevention, as well as less technical criteria such as the company’s enthusiasm, growth path, positive relationship with us, and response time. We had a great relationship with Cato and very good response time.” Other pluses for Cato’s evaluation included Cato’s cloud architecture, forward-looking technology roadmap, single comprehensive network and security dashboard, and the Cato Socket. “I really liked having a very simple device to control the last mile,” says Moser. “If I have a new plant to connect tomorrow, it would be incredibly easy; I just plug in the Cato Socket.” Moser and Cato agreed to a three-month trial. Over those three months Moser and his team connected 10 plants, two service providers, Microsoft Azure cloud services, and 650 remote users to the Cato SASE Cloud, relying on Cato SSE 360 to secure Gnutti’s plants, Internet, cloud, and remote access connectivity. “Everything passed through Cato,” says Moser. Cato shipped Sockets to all the locations, activated connections, and trained Moser and his team on the Cato Management Console. “We spent 45 days defining policies and another 45 days activating and finetuning everything. Much to Moser’s surprise, the China installation was as easy as the others and performance was great. “We were skeptical about how well the China connection would work, but it was probably the simplest installation, and the performance was as good as MPLS or better with noticeably better latency,” says Moser. “Two months later, we closed our MPLS contract for China.” Cato Boosts WAN Performance, Security, Agility At first, replacing all the local appliance security policies with global policies was a little daunting, but the benefits were obvious. “During that time, we were able to identify a lot of new risks that we hadn’t known about before,” says Moser. “We found users doing things we didn’t like and optimized the blocking of some process flows.” In general, security was much improved. “We’ve seen a lot of benefit in controlling and optimizing firewall policies to increase our security,” says Moser. “We have much more control over users--who are connected when and for how long. We can monitor connections and traffic peaks, and the Cato IPS allows us to block risky services that were previously open and ensure users are respecting policies. "Standardizing firewall policies and knowing I can prevent intrusions and malware has allowed me to sleep much better.” At first, users pushed back a little on Cato’s remote access VPN capabilities because IT was able to apply controls and policies, such as preventing movie downloads, more effectively. Performance working at home was great, however, which made up for the controls. Cloud performance was also excellent. Cato also increased the Gnutti Group’s business agility for its digital transformation. “It is my job to be proactive and efficient. If we decide to open a new office, we can do it easily.” Cato support was helpful and responsive. “We have a solid relationship with Cato’s technical support staff. They are always well prepared.” CIO Would Do It All Again The icing on the cake is that Cato has helped the Gnutti Group conform with German Automobile Industry Association’s Trusted Information Security Assessment Exchange (TISAX) framework for auto manufacturing and supplier information security. “Cato supports TISAX, thanks to its interconnection control, anti-malware, and intrusion prevention,” says Moser. “Cato will be the first option for any security initiative we look to down the road.” Moser has been so pleased with Cato that his department and the company named Cato its 2021 Best Supplier in the Innovation category. The award recognizes the high value of the WAN connectivity and security the Cato SASE Cloud delivers in support of the Gnutti Carlo Group’s digital transformation initiative. “Thanks to the Cato platform, together with strategic services, the Gnutti Carlo Group has benefitted from a more structured, controlled, and secure ICT landscape across the entire company,” Moser said of the award. Overall, Moser feels he would do it all over again. Says Moser, “With Cato we have standardization, an innovative approach, and a single partner we can grow with as we transform digitally.”

BrandLoyalty Achieves Fast Performance and Network Maturity with Cato The Network Challenges of a Global Enterprise IT leaders know all too well the challenges of global MPLS solutions. The high costs of global MPLS circuits are well documented but less spoken about are the little things like the lack of network visibility and the integration challenges needed to keep the solution operational to say nothing of the problems with moving to the cloud. Such were the challenges facing BrandLoyalty. A provider of customer loyalty and incentive programs to food retailers worldwide, BrandLoyalty infrastructure connects offices across Europe. “We work with leading global brands & licenses such as Disney or Zwilling that demand a reliable, secure, well-managed infrastructure from their partners, says Ben de Laat, head of IT security at BrandLoyalty. “It’s very important for us to have not only high-quality offices, desks, chairs, awesome coffee, and great lunches, but high-quality Internet and well-managed end-user devices.” “We work with leading global brands & licenses such as Disney or Zwilling that demand a reliable, secure, well-managed infrastructure from their partners, says Ben de Laat, head of IT security at BrandLoyalty. “It’s very important for us to have not only high-quality offices, desks, chairs, awesome coffee, and great lunches, but high-quality Internet and well-managed end-user devices.” With limited IT resources, BrandLoyalty had be very careful about the technology choices it makes. The company was in the middle of a full migration to Microsoft Azure with a WAN infrastructure that was complex and not well suited for the cloud. “Our locations were connected by MPLS and two Internet lines with dynamic routing and failover at each site,” says Arne van Vuuren, Head of IT Operations. “We had WAN optimizers and firewall appliances at each location, with failover for each.” “Our locations were connected by MPLS and two Internet lines with dynamic routing and failover at each site,” The infrastructure was technically sophisticated but had frequent issues. “It was not a well-integrated solution,” says van Vuuren. “There was little visibility and too many end user nuisances. I was always pushing our suppliers to solve our constant network issues. We needed to come up with another solution using SD-WAN that was better integrated and more cloud friendly.” BrandLoyalty Finds a True SASE Solution with Cato Brand Loyalty created an RFP and evaluated four supposed SASE suppliers, one of which was Cato. While de Laat was impressed with Cato right away, van Vuuren was skeptical. “I didn’t believe the Cato solution could work as well as they were claiming,” says van Vuuren. “I thought they were a bunch of cowboys, honestly, and that the network would buckle under all the Zoom and Microsoft Teams we worked with.” Two RFP requirements were that the solution be well integrated and easily managed centrally. Three of the vendors couldn’t meet those requirements. “They offered customized solutions, even our own custom points of presence,” says van Vuuren. “We didn’t want something complex and tailor made for us. We wanted a solution like Office 365, a straightforward cloud service used by everyone that could scale quickly and easily as we grew, have continual service improvements, and gain new functionality without a lot of new cost. And we wanted a SASE solution, not one that required on-premises firewall appliances with all their updates.” Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance, which links automatically to the nearest of Cato’s more than 70 globally dispersed Points of Presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime; it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features, improving remote access performance. Paradoxically, both de Laat and van Vuuren decided on Cato during a phone call with another contender. “We had an epiphany,” says de Laat. De Laat asked the other vendor how they could accommodate BrandLoyalty if it decided to implement a CASB solution in two years. There was a lot of silence on the other end, and then the contender said they would have to do it in only one of our customized PoPs.” That was when it hit De Laat and van Vuuren that they were done with the customized route. They wanted something new and Cato was the only contender offering a new solution. “It was clear Cato was the most mature SASE solution out there,” says van Vuuren. “It was clear Cato was the most mature SASE solution out there,” says van Vuuren. Cato Delivers a Fast Transition, Performance, and Visibility The transition to Cato was fast and easy. “Officially it took four months, but it was really more like two- and-a-half,” says van Vuuren. Setting up the Cato Sockets was a breeze, and the performance was fast from day one. “It took an afternoon for our implementation partner, IPknowledge, to set up all the locations,” says van Vuuren. “I told some friends about the Cato rollout, and they didn’t believe me.” Aside from its top-notch performance, including for Zoom and Teams, configuring the Cato solution was also easy and visibility was dramatically better than with the company’s previous network. “We made a bunch of rules, implemented them, and it all worked right out of the box,” says de Laat. “Immediately we saw new things on our network such as users accessing servers that were supposed to have been decommissioned. Aside from the security functionality Cato offers, Cato’s visibility and control add a lot to your security posture. We have so much more in-depth knowledge our own network than we ever had before.” And Cato’s remote and home users get the same network performance and security as those in the office. “I always assume that the solution a vendor describes is much more beautiful than it is in reality, but with Cato the promises were all true,” says van Vuuren. “Cato’s solution has pushed BrandLoyalty forward with a mature, professional network, which we really needed. And we still have a Cato library of unused functionality to help make our network even more mature down the road.” “I always assume that the solution a vendor describes is much more beautiful than it is in reality, but with Cato the promises were all true,”

ASM SMT Boosts WAN Performance and Agility, Cuts Costs with Cato The Challenge: A Fast, Agile Global Network Global suppliers need fast, agile networks to keep business processes moving among manufacturing plants, warehouses, customers and partners. As a leading supplier of Surface Mount Technology solutions for computer chip and circuit board manufacturers, ASM SMT is no exception. With offices spread globally from the west coast of the USA to the east coast of China, their globally spread SMT segment, found achieving such a goal a tall order. Before Cato, ASM SMT’s offices connected over a global meshed VPN topology overlaid on top of MPLS. Local Internet breakouts added Web filtering and WAN optimization hardware. Mobile users connected to firewalls at core regional locations for remote access. “The solution worked okay, but it was very expensive and took a long time to provision,” says Ian Bleazard, ASM SMT IT Director of Infrastructure and Analytics. “We operate in China and Vietnam, where you can be looking at a 180-day lead time for connectivity. Six months can have a substantial negative business impact.” With a typical office consisting of the usual stack of edge security products, firewalls, Web filters, etc. new site deployment was also dependent on multiple security vendors delivering on time, which, of course, often led to further delays, according to Bleazard. In many cases, each appliance had to be managed separately, so the configuration was a tedious and sizeable task at scale. Any changes to the regional firewalls had an impact on remote user connectivity. “With shared memory and CPU resources among firewall and remote access functions, the regional firewall appliances were often unfit for increasing demand,” says Bleazard. ASM SMT Investigates SD-WAN, Chooses Cato ASM SMT sought a simpler solution that would deliver business agility, security, and good performance at a lower total cost of ownership. “SD-WAN was intriguing to us, so we set out to research the technology and some vendors,” says Mr. Bleazard. “Three vendors made our shortlist, but it soon became clear that there was only one all-encompassing winner.” The winner was Cato. “Other vendors either lacked middle-mile backbone solutions, required backhauling of traffic between locations or couldn’t provide built-in WAN optimization and security functionality,” says Mr. Bleazard. A trusted local vendor introduced ASM SMT to Cato. “Immediately we had a good feeling. Cato had a promising solution that could solve a lot of our issues and they presented it to us in a very honest, upfront manner.” ASM SMT put together a proof of concept (POC) project with Cato for three business locations. “The idea was to throw some of the major issues we encountered with MPLS at the POC scenario. For example, we wanted to see how Cato would address speed issues with centralized Product Lifecycle Management software, SMB file copy , and videoconferencing performance over the WAN. During the POC, Cato improved performance more than 100 percent vs. MPLS." “It’s rare that you hear from users when things are going well, but, amazingly, during the POC we had users from all over the business thanking us and telling us how much it was improving their daily business productivity,” says Bleazard, “The productivity of those on the POC significantly increased and more importantly it removed some of their daily frustrations.” Cato Delivers Agility and Performance at a Lower Cost than MPLS Convinced, ASM SMT proceeded with Cato deployment across the other locations. “Our MPLS contract had eight months left, so we could roll out Cato gradually,” says Mr. Bleazard. “Cato’s use of BGP made the rollout seamless, with dynamic routes published automatically as soon as a site came online. We were able to switch over with almost no outage, which is key, as any outage can cause issues with production and other key business functions.”. The savings and performance grew as MPLS contracts expired and ASM SMT transitioned to Cato. “Cato’s pricing structure allowed a higher bandwidth among sites vs. MPLS and its packet loss mitigation feature helped a lot with VoIP and video packets reaching their destination without a break in communication.” He was also very pleased with Cato support. “Cato usually answered our emails within 10 minutes, and we were able to get someone on the phone quickly when something was important,” says Bleazard. “The general feeling was that support was there when we needed it.” ASM SMT has since begun rollout of the Cato VPN client as a replacement for the internal VPN gateways, a process that accelerated as the Covid-19 pandemic sent workers home, first in China and then everywhere else. “Generally, you don’t transition technology during a crisis, but we felt we had to move a few hundred users--mostly the ones that use a lot of bandwidth--onto the Cato network for VPN and it worked out really well,” says Bleazard. “The VPN provides straight access to the Cato backbone and the services they need, rather than backhauling everything to the local office. They really like it and find it easy to use--and that’s rare. Having one console for everything makes the whole management process much simpler as well, and very much helped us stay on top of these unique circumstances.” Overall Bleazard is very pleased with the Cato experience and plans to expand remote access using Cato and deployment to future locations. He adds, “The past eight weeks is one of the few times I’ve ever received emails from users saying thank you.” With Cato, ASM got the security and network performance they needed, converged into the one seamless solution for all sites, cloud resources, and mobile uses.