Customer Success Stories

“With Cato we have a good, solid sedan with the speed of a Porsche that got us exactly where we needed to go fast.”
icon

Rodney Masney ,

Chief Information Officer

Customer Success Stories

With Cato, we got the functionality of SD-WAN, a global backbone, and security service for our sites and mobile users, integrated together and at a fraction of the cost.
icon

Willem-Jan Herckenrath,

Manager ICT

Customer Success Stories

Since we moved to Cato, our bandwidth increased by approximately 30 times the speed we had before. We’ve stopped receiving complaints since deploying Cato.
icon

Steve Waibel,

Director of IT

Customer Success Stories

With Cato we have a very flexible supplier that understands our requirements and is there when we need help.
icon

Jan Jørgensen,

IT Project Leader, The Flügger Group

Customer Success Stories

The big difference between Cato and other solutions is the integration of network management and security.
icon

Yoshiaki Kushiyama,

Senior Manager, Information Systems, Juki

Customer Success Stories

I’m convinced Cato’s architecture is the future of the WAN. It’s great to be part of it.
icon

Daniel Sollberger,

Lead, Global Based IT Infrastructure

Customer Success Stories

“Cato allowed us the flexibility to incorporate our WAN, Internet and remote access solutions into one neat package that could be managed with a small team of people.”
icon

Joel Jacobson,

Global WAN Manager

Customer Success Stories

Cato’s management interface was so easy to use compared to those of the traditional SD-WAN players we looked at.
icon

Thomas Chejfec,

Group CIO, Haulotte

Customer Success Stories

I see Cato SASE as a tool for digital transformation promotion. Being able to work productively and securely anywhere gives a great boost to all our digital transformation initiatives.
icon

Hitoshi Kusunoki,

Information Planning Department

Customer Success Stories

“Cato’s biggest benefit from my point of view is that our network operators no longer need any specialized knowledge.”
icon

Takashi Nakajima,

Head of the Digital Transformation (DX) Promotion Division and Chief of Business Operations

Customer Success Stories

“When we chose it over a year ago nobody was talking about SASE. Now, everybody is moving towards SASE and you can see it discussed in all the IT media.”
icon

James Bonnaventure,

CTO, Fidal

Customer Success Stories

We have a very close relationship with Cato’s account management team. We get a sense that we are always on their mind, that they understand our business, and their solutions are aligned with our needs.
icon

Kevin Juma,

Technology Operations Manager

Customer Success Stories

"With the Cato SASE Cloud from Cato Networks, we were able to connect locations and employees securely, easily and quickly. We now have the IT solution in-house and can adapt the infrastructure to our needs at any time with the desired flexibility."
icon

Ralf Luchsinger,

Chief IT, Service and Provider Management, Bank Avera

Customer Success Stories

“Thanks to Cato, I can stand by my promises and feel comfortable we can deliver on the company’s business needs quickly, efficiently, and securely.”
icon

Jesper Hjørland ,

Service Manager for Network and Connectivity

Customer Success Stories

“I would recommend the Cato SASE solution to any healthcare organization that needs simple yet very secure connectivity among regional and local sites, remote users, and the cloud.”
icon

Alvin Lim,

Group Technology and Information Security Director

Customer Success Stories

“I know that my company is secure, that all my sites and users can connect with the same solution, and that every time I need something from Cato, they’ll listen carefully and come through. Thanks to Cato I can sleep at night.”
icon

Shira Baum,

CIO

Customer Success Stories

"We have improved the performance of every application on the network by rolling out Cato, We don’t hear about network slowness; we don’t hear complaints."
icon

Nick Hidalgo,

VP, Information Technology

Customer Success Stories

“There are not many times as a CIO that you can check the box in all these areas – faster, more secure, happy users, and a happy team – all for less cost and more business value. That’s the Cato SASE Cloud Platform.”
icon

Dustin Collins,

Global CIO

Customer Success Stories

The Cato team was interested in helping us succeed. After meeting their customer success manager and voicing our feedback on the product, Cato went out and changed the product. That’s what I call partnership.
icon

John Lim Ji Xiong,

Chief Digital Officer

O-I Taps Augmented Reality and Cato SASE Cloud to Realize “Impossible-to-Count” Savings
Alewijnse Transforms Global, Real-Time WAN with Cato Secure SD-WAN
Brake Masters Puts the Brakes on Outages Across 71 Sites with Cato
The Flügger Group Gains Network Flexibility and Security with Cato and Secher Security
JUKI Ramps Up COVID-19 Telework, Boosts Remote Cloud Performance with Cato
Komax Drives Innovation, Cloud Connectivity, and Mobile Collaboration with Cato
Vitesco Technologies Builds New Global Enterprise Network with Cato
Haulotte Halves Network Costs and Boosts Application Performance By Migrating from MPLS to Cato
Waseda University Enables Universal Secure Remote Learning and Digital Transformation with Cato
Topcon Achieves a Fast, Secure Global WAN with Cato
Fidal Boosts WAN Performance, Cuts Costs in Half by Switching from MPLS to Cato
CloudFactory Boosts Network Scalability, Agility, and Security with Cato
Cato SASE Cloud secures networking of Bank Avera locations and its mobile employees
Fiskars Group Boosts Business Agility and Security with Cato SASE
Fullerton Health Builds a Secure SASE Linking 550 Locations and the Cloud, Thanks to Cato
AFI Properties Cures ERP Woes Through Network Transformation with Cato SASE Cloud
How Redner’s Markets Transformed the Retail Experience by Transforming its Network with Cato
Chemical Manufacturer ESI Reduces the Time to Integrate Acquired Companies by 80% with Cato  
Gamuda Redefines IT Operations with the Cato SASE Cloud Platform 

Customer success stories

Forvis Mazars Transforms Network with Cato and Accelerates Customer Innovation 

Financial Services

Forvis Mazars Transforms Network with Cato and Accelerates Customer Transformations
Forvis Mazars Transforms Network with Cato and Accelerates Customer Innovation  Frank Keessen, CIO of the Forvis Mazars Group, transformed the company’s traditional network infrastructure with firewalls, MPLS connections, and data centers into a secure plug-and-play network delivered 'as a Service' by Cato Networks and its partner, IPknowledge.   By doing so, Keessen can now focus on his main task: advancing digital solutions and innovation for Forvis Mazars' clients together with his IT team while safeguarding the continuity of all digital aspects of the Forvis Mazars business. He can also have a good night's sleep with his network running on Cato SASE Cloud while IPknowledge monitors and supports him 24/7.  Forvis Mazars delivers audit, tax, and advisory services across the globe to prepare its clients for the challenges of tomorrow.  As its clients' most trusted advisors,  Forvis Mazars takes good care of their data and ensures they handle it in a reliable and secure manner.  “We used to work with different vendors and solutions to build global connectivity. It proved to be complex to manage our network because each vendor has its own policies and procedures and uses different technologies,” says Keessen. “This makes it difficult to manage global security and to solve issues. To handle this, we had to acquire know-how and technology for each vendor to manage it. Doing this ourselves takes time, attention, and resources and is prone to errors. When an issue arises, the time it takes to pinpoint and solve the problem can be extensive, with an immediate effect on the customer experience and thus the business.”   Moreover, the world of network security has changed a lot. “With more people using the cloud and working from anywhere, we face new security challenges. For example, there is a growing number of user devices we have to connect and protect,” he says  Security is not just about the IT department anymore; it requires a much more integrated approach that has to be addressed company wide.  “So, we need to get ready and make sure we can keep our data safe in the future,” he says.   Forvis Mazars turned to its trusted partner, IPknowledge. The IPknowledge team introduced its Secure Network as a Service concept based on the Cato SASE Cloud Platform.  The team created a test environment by isolating part of the Forvis Mazars’ network. A parallel connection was established to facilitate communication with the Cato SASE Cloud Platform powering Secure Network as a Service.  “The solution from Cato Networks turned out to be easy to use while offering all the functionalities we need,” says Robert Reijerkerk, technical engineer at Forvis Mazars. “In the past, setting up an MPLS connection, for example, was very complex and required extensive network knowledge. Moreover, connecting routers to each other was time-consuming. SASE SD-WAN has simplified this to installing a standard Socket that establishes a secure connection with Azure.”   Read this case study to learn more about Forvis Mazars’ experience and lessons learned while deploying Cato and working with IPknowledge. 
Read customer story Search
Gamuda Redefines IT Operations with the Cato SASE Cloud Platform 

Construction

Gamuda Redefines IT Operations with the Cato SASE Cloud Platform 
Gamuda Redefines IT Operations with the Cato SASE Cloud Platform  Underneath Kuala Lumpur runs one of the greatest tunnels in the world. Spanning 6.02 miles (9.7 kilometers), the Stormwater Management and Road Tunnel (SMART) is the world’s first dual-purpose tunnel, serving as a storm drainage and road structure. Kuala Lumpur is often affected by heavy torrential rainfall. To prevent major flooding, especially within flood-prone areas in the city center, the country built SMART, which can be flooded to divert stormwater and turned back to function as a double-decking motorway within a few hours. The engineering brains behind this marvel? Malaysia-based Gamuda Berhad (Gamuda).  An award-winning engineering, property, and infrastructure company, Gamuda’s projects extend far beyond Malaysia’s borders, from the Sydney Metro West-Western Tunnelling Package in Australia, marine engineering projects in Taiwan, and the development of the prestigious 75 London Wall in the UK. “Construction is known to be one of the oldest industries in the world, but it is set for huge growth,” says John Lim Ji Xiong, the Chief Digital Officer at Gamuda.   Lim heads up an innovation team whose primary function is to ensure that Gamuda can continue to build capabilities to sustain its growth. IT is part of that effort. “You’re starting to see a lot more investment in infrastructure worldwide,” says Lim. “As populations grow in urban centers, we need better transport and utility infrastructure. With climate change being a big priority, renewable energies in construction are also a huge sector.”  To those ends, Lim led a SASE vendor evaluation and, ultimately, a digital transformation project that saw the adoption of the Cato SASE Cloud Platform. "As a decision maker, I have peace of mind sleeping at night knowing that we are well protected through our partnership with Cato,” says Lim. “One thing that struck me about the Cato team was their interest in helping us succeed. After meeting their customer success manager and voicing our feedback on the product, Cato went out and changed the product. That’s what I call partnership.”  Tripling Size in Three Years: A Lofty Goal Undermined by Legacy Infrastructure  Several years ago, Gamuda was still a Malaysian-only company looking to triple its revenue and order book within three years and expand internationally. Strategic partnerships were a key part of that strategy, and Gamuda needed a way to integrate companies faster. Operationally, Lim knew the IT organization would have to evolve to support that growth for many reasons.   Gamuda had accumulated over 103 different point solutions, including firewall appliances for securing sites, MPLS for connecting them, VPN servers for remote users, and additional software and hardware for multifactor authentication. The sheer complexity of legacy infrastructure impacted the company’s security posture, IT operations, and user experience.  Users had to VPN into the network with one vendor’s technology and authenticate with multi-factor authentication from a different vendor. Connections weren’t fast enough as well. “It became a whole nightmare,” says Lim.  The usability problem extended to IT operations. IT had to administer each of the branch firewalls separately. “We’re talking 100 offices or more. It was a big job,” Lim says.   Maintaining the firewalls was so complex and time-consuming that corners were cut. It wasn’t long before ransomware got into the network. “Before I joined Gamuda, the team had backups so they could recover, but it meant scanning the environment and trying to make sure that every device was secure. Every laptop, without exception, needed to be returned to the office for scanning.  It was quite an undertaking,” Lim says.    Cato: A Single Platform Administered Through a Single Console   Lim wanted a platform that could simplify their process, be easy to understand, and not add more tools to an already complicated legacy IT framework. The platform also needed to be agile to accommodate the many teams working on construction and engineering sites in remote locations.   The company had already moved applications to the cloud when they learned about Cato. “It’s about simplifying and standardizing,” says Lim. “Cato provides us a single pane of glass and a single broker that everybody connects to, whether in the cloud, or in the field. We would have clear controls around who has access to what, regardless.”  The Cato SASE Cloud Platform optimally connects and secures all Gamuda’s network “edges,” including branch locations, the hybrid workforce, and physical and cloud data centers, sending traffic to the optimal Cato Point of Presence (PoP), which for Malaysia is in Kuala Lumpur, or one of the 90+ other Cato PoPs worldwide. All PoPs run the same cloud-native Cato’s Single Pass Cloud Engine (SPACE) architecture, share the same functionality, and are interconnected by Cato’s optimized, global private backbone.  Traffic received at the Cato SASE Cloud Platform is optimized, secured, and directed across the optimum path to its destination. Cato SSE 360, the security portion of Cato SPACE, converges network segmentation and zero-trust (FWaaS), threat prevention (SWG, IPS, NGAM, DNS Security, RBI), and application and data protection (CASB, DLP, ZTNA) into a single-pass architecture. Extended Detection and Response (XDR) provides incident management involving all of these capabilities; network management is provided through the Cato Management Application.   Gamuda provides locations with resilient and secure connectivity to the Cato SASE Cloud Platform using Cato Sockets, Cato’s edge SD-WAN device. Secure work from anywhere is provided with Cato’s scalable ZTNA clients. Gamuda also has the option for secure clientless access. Gamuda connects cloud resources via IPsec tunnels.   Gamuda Improves Security Posture, Uplevels IT Operations, and More  Lim and his team deployed the Cato SASE Cloud Platform, connecting and securing 77 sites and 2047 remote users while replacing the numerous networking and security appliances previously comprising the Gamuda infrastructure.   By moving to Cato, Lim realized significant cost savings by eliminating MPLS, branch firewall appliances and their support contracts, VPN servers, and MFA infrastructure. Gamuda also realized savings in less obvious ways, such as eliminating thin-client licensing costs (500,000 Malaysian Ringgits a year (about $115,000).   With a leaner, smarter infrastructure, IT operations shifted towards more strategic work. “Since we have deployed Cato, a lot of our people have started moving more from the day-to-day mindset of operations to strategically thinking about the threats that we face today and the mitigation measures we need to employ. And I think that's a profound shift,” says Lim.   Gamuda could now consider DLP and XDR, which previously would have been too difficult to deploy or to use. Overall, Lim significantly improved Gamuda’s security posture with Cato. “Cato has enabled us as a company to focus on threat hunting. In fact, it has even shown us areas where, in the past, we might not have known that it could have been an issue,” says Lim. “We are very confident that we have a much better security posture.”  Completing the IT work of acquisitions also took less time. “When we acquired DT Infrastructure from Downer Group in Australia, the transaction brought on about 1,200 more staff and tens of sites that we had to manage,” says Lim. “We aimed for a transition and cut off from the parenting company within 12 months. With Cato in place, we achieved that within nine months.”  Cato: A Partnership, Not Just a Technology  For Lim, the move to Cato has been an enormous growth opportunity. But just as important as the technology behind Cato has been the relationship with Cato.   “Partnering with Cato has been the right decision,” he says. “I think there's been a bond of trust that we have built between our companies, and that's very important to me as a decision-maker. Cato is interested in our success, which has enabled us to achieve stellar results.” 
Read customer story Search
Chemical Manufacturer ESI Reduces the Time to Integrate Acquired Companies by 80% with Cato  

Manufacturing

Chemical Manufacturer ESI Reduces the Time to Integrate Acquired Companies by 80% with Cato 
Chemical Manufacturer ESI Reduces the Time to Integrate Acquired Companies by 80% with Cato   Speak with IT leaders about the challenges facing mergers and acquisitions (M&As), and “beating the clock” is a common theme. When companies sign the papers to merge or be acquired, the clock is ticking for IT teams to integrate the two organizations.   “It’s about making one plus one equal three,” says Dustin Collins, Global CIO of Element Solutions Inc (ESI), a leading global specialty chemicals company that has completed many acquisitions. “With every new addition, the name of the game is synergies. The sooner these companies can be integrated into ESI’s processes, the sooner the investments can contribute to our bottom line.”  Collins was a seasoned IT veteran even before he came to ESI.  Versed in the financial and technical aspects of leading IT teams, Collins led diverse projects ranging from service desk consolidation to modernizing the user experience with Microsoft tools to a global SD-WAN deployment. But it was at ESI that he encountered the “M&A Challenge.”  The $2.33 billion specialty chemical manufacturer operates 130 locations and 5,000+ remote users in 100+ countries worldwide. It opportunistically makes a few small acquisitions yearly and occasionally acquires a much larger entity. Integrating business operations and getting all entities operating together as quickly as possible is a key goal for the IT team.  Having completed dozens of M&As, Collins and ESI’s Global CISO, James Schnoebelen, found how to reduce the time it took to realize value from an acquisition by 80% and more while improving security and the user experience. The secret? A combination of technology and great vendor partnership.   Changing Technology Infrastructure Was Essential  ESI’s technology infrastructure is “the backbone of the company,” says Collins. Without it, production plants can’t operate, engineers can’t collaborate, and sales teams can’t generate revenue. Until recently, the 100+ ESI sites had SD-WAN appliances connected by local ISPs. Firewalls at each location secured the network perimeter, and remote access was provided to users through a remote access VPN.  The configuration was complex. The SD-WAN network was a drag on fully integrating new companies into the ESI family of businesses. It took months to increase network capacity and unify a newly acquired entity with the rest of ESI.   Complexity also impacted the remote experience.  “Using the old VPN was confusing because it was inconsistent in terms of being on the road versus in the office. People had problems even just connecting,” says Collins.  “There were blind spots in the network,” says Schnoebelen. “We were concerned that we might miss something on our network, whether related to a cyber scenario or egress of Internet traffic.”  ESI sought a less complicated networking solution and stronger security capabilities. More importantly, the company needed the means to accelerate its business results.  SASE Simplicity Changes IT Operations, Staffing, and the User Experience  After evaluating the market, Collins and Schnoebelen settled on Cato, replacing the old SD-WAN appliances and remote VPN infrastructure with the Cato SASE Cloud Platform. Cato is the only SASE solution built from the ground up on a global, resilient, scalable, open, and modular SASE architecture. By converging SD-WAN, a purpose-built global cloud network, and an embedded cloud-native security stack, Cato connects and secures the complete enterprise–sites, remote users, and cloud resources.  With smarter, simpler infrastructure, Collins found that ESI could shorten their M&A times dramatically. “It used to take us three or four months to bring a new office into our fold, now we can do that in just a few weeks,” says Collins.  Equally as important, though, was the impact on IT operations. “We are no longer focusing only on connecting devices or connecting sites. We can leverage the capacity that we’ve gained by putting our efforts into other value-added activities that deliver more results to the business,” Collins says. “Now we’re spending more time on strategic projects like business process automation and business continuity planning instead of worrying about what connects to what. We leave the IT grunt work to Cato.”  IT staffing and career progression at ESI have also radically changed for the better.  Cato is so smart that it’s simple for non-security or networking specialists to handle operations that previously required far more training. This has an enormous impact on hiring.  “Now, when we hire people, we don’t have to pay for hard-to-find specialization capabilities. We can hire generalists who bring more diverse value to the company,” according to Collins. “The result is amazing. Not only does our business benefit from value-added resourcing and capacity, but our IT employees are happier because they are working on more meaningful projects that deliver tangible business results, rather than the thankless job of just keeping the lights on.”  The simplicity and elegance of Cato also extend to resolving user complaints. “We’ve been able to remove some of the friction users have felt with IT for years,” explains Collins. “Our users complain less now because the network access is seamless.”  Deployment Ease Enables Improving ESI’s Security Posture   With SASE, Schnoebelen and Collins improved ESI’s security posture. The Cato platform makes high-quality, contextualized data available in one place for real-time protection and detection.  “We’ve been able to add layers of security for all users that would have been more challenging to deploy in the past—services such as advanced anti-malware, NGFW, SWG, and threat prevention (IPS),” says Schnoebelen. “It’s not that those technologies weren’t in place before. They were. But Cato simplifies how they are delivered, and that makes all the difference.”  Schnoebelen emphasizes that it’s not a matter of if one will be attacked, but when, and so he and his team have put and continue to improve the processes for addressing that situation in place. “The key is being able to detect a threat and respond quickly and efficiently,” he says. “This comes down to visibility to identify the problem as well as simplicity to resolve the issue without too much fanfare. Cato provides us with both.”  Cato: A New Kind of Business Partner   Converting to SASE has been transformational for ESI, but the collaboration with Cato has also transformed what it means for a vendor to be a partner.  “Cato’s responsiveness to our requests and needs are unmatched, from my perspective,” says Schnoebelen. “One example of that partnership was supporting our requirement to deploy Cato globally to more than 100 sites in four months—and they did it.”  “We started with Cato looking to shorten the time needed to complete the integration of acquisitions and improve our security. We found a true partner who helped us reimagine how IT can serve the business. We achieved our initial aims and much more,” said Collins.  “With Cato, we’ve been able to save money, all the while improving our security posture, enhancing our employees’ user experience, and transitioning our network and security staff to focusing on more value-added projects,” says Collins. “There are not many times as a CIO that you can check the box in all these areas – faster, more secure, happy users, and a happy team – all for less cost and more business value. That’s the Cato SASE Cloud Platform.” 
Read customer story Search
O-I Taps Augmented Reality and Cato SASE Cloud to Realize “Impossible-to-Count” Savings

Manufacturing

O-I Taps Augmented Reality and Cato SASE Cloud to Realize “Impossible-to-Count” Savings
O-I Taps Augmented Reality and Cato SASE Cloud to Realize “Impossible-to-Count” Savings O-I Needed a Quick Digital Transformation For many organizations, digital transformation can be a painful experience that consumes lots of time and resources. If you’re a small IT department at a large enterprise, a single solution that can transform and simplify several functions at once can be a big transformation enabler. Such was the case with O-I, formerly Owens Illinois, one of the world’s leading glass bottle and jar manufacturers. In just a few months, O-I deployed the Cato SASE to 200 locations, boosting cloud and internal application performance, enabling work-at-home for its 24,000 employees, and beefing up security across 70 plants in 19 countries.   Before Cato, O-I’s carrier-based MPLS network was showing signs of age in a cloud-enabled, hybrid work environment. “We were a long-term traditional MPLS customer with the typical routers on the edge, network-based firewall appliances, and legacy VPN concentrators,” says CIO Rodney Masney. “As we reached the end of our agreements, we felt the time had come to rethink our approach to networking and security.”  O-I had been transitioning applications to the cloud, with a broad implementation of Microsoft 365 and plans for other SaaS and cloud services. “There simply wasn’t enough bandwidth for all we had to do, whether it was SharePoint access, Microsoft Teams video conferencing, or working with our other cloud and internal applications,” says Masney. “We needed a cost-effective way to increase bandwidth to our locations and to the cloud.”   Security had always been a top priority of Masney’s relatively small IT team and maintaining and refreshing multiple legacy firewall appliances took time and resources away from transformation initiatives.   Perhaps the final straw was the sudden explosion of the COVID-19 epidemic. “We had to send thousands of employees home where it was challenging for our legacy VPN to provide the bandwidth and utility executives and other staff needed every day to get their work done,” says Masney.   In summary, OI faced a lot of challenges all at once. “Swizzle all that together and you come to the sudden realization that you need to do something transformational,” says Masney.   O-I Crafts an RFP, Chooses Cato SASE O-I put out an RFP to find solutions for its various issues. “We sent RFPs to several suppliers, including our incumbent, and looked at a range of alternatives, from continuing with our current provider at lower cost to solutions that could provide a total transformation.   After some research, Masney’s team narrowed the choices down to two principal contenders, a major security solution provider and the Cato SASE. “I liked the other provider’s technology from a security perspective, and it worked well,” says Masney, “but it was a lot more complex and time consuming to deploy than the Cato SASE.”  After doing proofs of concept for both, Masney’s team felt strongly that Cato was the best solution for O-I in terms of technology, cost, ease of deployment, and support. Masney knew that with a team so committed to the Cato solution, he would get the best results.   Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast, global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last-mile links in physical locations. At the same time, Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.   Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss.   O-I’s deployment of the Cato solution to almost 200 locations and thousands of home users was quick and easy. “We’ve installed Cato to internal locations, the cloud, and home and hybrid work users at a much faster pace than we ever thought possible,” says Masney. “We don’t have to wait weeks or months for circuits to be upgraded or changed like we did with traditional MPLS. The Cato Sockets just show up at our plants, we connect them, and off we go.”  Cato Delivers Transformation with Cost Savings  The business benefits of the switch to Cato have been dramatic. “Cato has transformed our ability to connect to our network in a very different, meaningful way,” says Masney. “People working at home and the office get much better throughput for both internal and cloud application performance with much higher levels of security. The Cato solution has improved our ability to service our plants, including those in obscure locations, by collaborating using MS Team’s video and audio, which didn’t work very well before. MPLS circuits are expensive in some areas but with Cato we can get tens or hundreds of megabits at a very favorable cost.”   Hybrid work has also been a big success thanks to Cato. “The VPN client is a real treat,” says Masney. “It’s easy to deploy, works very well, and we haven’t seen any service issues. I’m really pleased with it.” Cato has since enabled O-I to move to a connected work policy that encourages employees to work at home but also provides the option to work at the office.   Since the Cato transition, O-I has started taking advantage of Microsoft HoloLens, an augmented reality application that allows engineers to troubleshoot plant manufacturing issues from afar. “If someone has a problem at a plant, an engineering expert at another location can just slip on a HoloLens headset, see for themselves exactly what’s happening, and give relevant, specific advice without having to hop on a plane. You can’t use HoloLens if your bandwidth is always getting tapped out. The savings we get with Cato and HoloLens are almost impossible to count.”   Masney estimates that with Cato alone he’s saving somewhere around 20 % in communications costs compared to the previous solution, even though he’s still running MPLS to some locations, while getting the security bonus Cato provides for both locations and home and mobile users.   He feels that the strong security services the Cato solution provides fit the purpose for his company. “It has improved our security posture immensely,” he says. “Cato is much simpler to deploy and quicker to value than other systems we evaluated,” says Masney.    He adds, “With Cato we have a good, solid sedan with the speed of a Porsche that got us exactly where we needed to go fast.”     
Read customer story Search
Vitesco Technologies Builds New Global Enterprise Network with Cato

Manufacturing

Vitesco Technologies Builds New Global Enterprise Network with Cato
Vitesco Technologies Builds New Global Enterprise Network with Cato Business Division Spinoff Requires New Strategy With new companies comes the opportunity to do things right. Offices can tap the newest of designs and technologies. Users can be equipped with the newest phones and laptops. And IT can tap the newest in networking and security technologies. Such was the opportunity facing Vitesco Technologies. An international leader in intelligent and electrified drive systems for sustainable mobility, Vitesco had been spun out of Continental AG,  the German automotive parts manufacturing company, into a separate company. Previously, Vitesco’s locations had been connected via MPLS, but once the carve-out was announced, Joel Jacobson, Global WAN Manager at Vitesco Technologies, realized he needed a new approach to the company’s network and security architecture. “At the end of the day, we needed a way to support our 70 locations and 20,000 remote users with a solution that was simple, allowed us to co-manage because we like to maintain control, and with a dev ops approach within IT of whoever builds and runs it.” "Cato allowed us the flexibility to incorporate our WAN, Internet and remote access solutions into one neat package that could be managed with a small team of people.” So he turned to C3 Technology Advisors, to help narrow down the options. “It wasn’t very difficult from there to see that there was only one solution – Cato SASE Cloud. Cato allowed us the flexibility to incorporate our WAN, Internet and remote access solutions into one neat package that could be managed with a small team of people,” says Jacobson. Vitesco Technologies Sets Up New Sites in Minutes One of the first capabilities Cato provided Vitesco Technologies was a unified management interface that allowed setting up new sites with minimum effort. “What would have taken us days in the past to do with other solutions, we could now do in minutes. We no longer had to have a separate IDS/IPS, on-premises firewalls, or five different tools to report on each of those services. We could bring our cloud-based services directly into Cato’s backbone with our existing sites and treat them all the same.” Addressing Multiple Use Cases with Cato There were various critical use cases Jacobson needed to address, and Cato SASE Cloud proved to support them all. Supporting users and locations in China: One of the most critical topics Jacobson faced was the Great Wall of China. “We needed to get our Office 365 traffic out of China without breaking any laws. With Cato, we were able to steer our traffic in through a PoP in Tokyo and Office 365 works just as well in China as in any other location.” Supporting AWS connectivity at scale: An additional concern for Jacobson was AWS. “We have regional installations of cloud providers, and we needed to connect these sites into our network without complicated pairing or setup. It was also crucial for us to reach two gigs of throughput, and we were very happy with the results.” Supporting access to special applications: Jacobson needed to ensure that specific applications (such as HR, legal or engineering tools) were always up. “Like many global companies we had to secure traffic from various applications behind a single IP. With Cato’s dedicated IP support, we could steer specific websites and eliminate complicated routing or proxy settings.” Supporting threat prevention across all traffic: Finally threat prevention was needed everywhere. “With Cato SASE Cloud, threat prevention is built into our services so that even our smallest locations are protected from threats.” Gradual Deployment of Cato SASE Cloud One of the biggest advantages for Jacobson was the ability to roll out gradually at a pace that fit the company’s needs. “We knew we would need to start slowly and pick up speed during the middle and end of the migration as we worked out any issues with them.” “By the time we got to our tenth site, our window dropped to two hours, and we rarely needed more than one hour to cut a site over from the old service to the new, and the actual outage time was usually no more than 15 minutes.” With Cato, Jacobson found location migration to be quick and painless. After establishing the company’s datacenters and peering points, the process of migrating sites began. “By the time we got to our tenth site, our window dropped to two hours, and we rarely needed more than one hour to cut a site over from the old service to the new, and the actual outage time was usually no more than 15 minutes.” As for the migration process, Jacobson and his team didn’t have to cut any corners. They worked with their sites prior to the migration to set up Cato sockets in parallel to their existing WAN service. During the outage, they would switch from the old WAN equipment to the new equipment, test the applications, fail over Internet, and any other services that the site deemed critical. “Security was extended at each site on the WAN, no matter the size. And we know that our Internet traffic is properly secured. Extending our WAN to AWS and Azure was easy with the Cato’s virtual sockets and where virtual sockets aren’t ideal, we used IP SEC connections without having to buy or maintain additional firewalls or Internet lines.” Vitesco Technologies Gained: High Availability, Self-Maintenance, Deep Analytics, Policy Consistency Cato SASE Cloud enables very large enterprises to accelerate and transform their global network and security infrastructure. “This is why we moved from our internally managed SD-WAN, remote access service and cloud-based Internet provider to Cato’s SASE platform.” “This is why we moved from our internally managed SD-WAN, remote access service and cloud-based Internet provider to Cato’s SASE platform.” With Cato, Vitesco Technologies achieved high availability across the board, removing the need for a regional hub or expensive co-location facility for WAN or Internet services. Analytics and security events are centralized in one place to make analysis easier. “If we run into any questions, Cato is there to help us. It's easy to know what policies we have applied, and we know they’re consistent across our locations. Our security team is pleased to know that Cato maintains the platform and as we need to add capacity, it's a simple phone call or email to get it resolved.”
Read customer story Search
Forvis Tackles Digital Transformation and M&A Network and Security Challenges with Cato SASE Cloud

Financial Services

Forvis Tackles Digital Transformation and M&A Network and Security Challenges with Cato SASE Cloud
Forvis Tackles Digital Transformation and M&A Network and Security Challenges with Cato SASE Cloud Forvis Sought a Single Network and Security Solution for Digital Transformation and M&A Digital Transformation can be painful but tackling digital transformation and mergers and acquisitions (M&A) at the same time is a particularly daunting challenge. Just ask John Bowles. Bowles was the Chief Information and Digital Officer at Dixon Hughes Goodman LLP (DHG) when in June 2020 the accounting firm merged with BKD, another leading accounting firm, to form Forvis. Today Bowles is the CIO of Forvis, which ranks eighth on Inside Public Accounting’s 2022 list of top 100 U.S. accounting firms. As with many mergers, DHG and BKD had their own infrastructure, which led to an operational challenge. “We had to integrate two very different networks with different staff models,” says Bowles. Ultimately, the team decided to standardize on Cato. “The Cato network run by DHG required very little labor to manage and maintain. We really liked Cato for that reason. The network on the other side required a few more people to manage and maintain.” Bowles and his team began migrating the BKD sites onto Cato. This wasn’t the first time they faced a site migration with Cato. Prior to the merger, Bowles led DHG’s transition from MPLS to Cato. MPLS had been the network solution enabling DHG’s thin client architecture, which connected its staff to centralized datacenter services. “MPLS served us pretty well, but it was expensive, complex, inflexible, and took forever to provision to new locations,” says Bowles. Internet access was provided locally at each site. “We tried backhauling Internet traffic, but it was too complex and too much of a bottleneck to make everyone happy,” he says. Bowles Considers SD-WAN Solutions, Chooses Cato Aside from the drawbacks of MPLS, it was the challenge of balancing digital transformation with mergers and acquisitions that first led to the decision to deploy a Cato SASE. “Even before the BKD merger, we were growing fast, bolting on other new companies at the same time as the technology landscape around us was transforming dramatically,” says Bowles. One strategy for addressing both challenges was to increase the adoption of cloud and managed services. However, doing so created network and security issues that made MPLS look increasingly obsolete. Bowles and his DHG team started investigating SD-WAN as a more agile, cloud friendly alternative to MPLS. “It was a natural progression,” he says. “We didn't know anything about SASE at the time and approached Cato Networks first as an SD-WAN solution.” They evaluated the SD-WAN market with an eye on operational efficiency. “Nobody wanted a small army of network engineers maintaining a very complex environment. We wanted a simple solution that would allow us to be responsive and agile and could scale without us having to redesign or refactor our network,” he says. Other factors in their buying process were network performance and security. “We sought a solution that performed consistently well regardless of country or location, and we were keen to minimize our risk and improve our compliance management.” And Bowles needed a solution that would support the growth and transformation of the firm while maintaining consistent standards and a common network and security infrastructure across it all. “I would say jokingly that it was like driving the car down the highway and changing the tires at the same time,” says Bowles. All of which led him to Cato. “When you take all those factors into consideration, you eliminate a lot of the other hardware and mixed hardware/cloud approaches.” SASE: The Right Solution for Transformation and M&A Bowles decided to deploy Cato SASE Cloud, which would “allow us to scale and be more agile,” he says. Completely cloud-based, Cato SASE Cloud would give Bowles the agility he needed to tackle M&A and transformation challenges simultaneously. Cato optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast, global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last-mile links in physical locations. At the same time, Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. Bowles deployed Cato SASE Cloud to locations gradually in high-availability arrays so if a location lost one circuit it wouldn’t lose the service. When it came to integrating BKD, he started with their smaller offices. “Cato installation is easy, and we can provide our virtual service model more effectively if we’re all on the same network.” He’s also deploying remote access to all 5,400 staff across the merger and expects to finish everything by the middle of summer 2023, working around tax season, when any unnecessary change is frowned upon. Robust Security and Agility for a Growing, Changing Enterprise Cato’s security services have been particularly suited to the firm’s needs. “As we grow, our attack surface grows as well,” says Bowles, “and we must protect ourselves from the growing sophistication of attacks.” With Cato SSE 360, there’s no need to worry about keeping up with security updates, upgrades, and appliance refreshes to scale and tackle the latest threats. He can rely on SSE 360 to handle all that and provide the same robust security to locations, remote users, and cloud access. Cato SSE 360 also helps Forvis address its regulatory issues. “In addition to the highly regulated accounting industry, we practice in a lot of industries that have their own strict compliance standards,” says Bowles. “They want us to produce SOC 2 and other reports, so we need to know we have the systems, platforms, and controls in place to do so. We also work with a lot more third-party workers in North America and other continents who affect our security posture.” In all, with its ease of deployment, agility, fast networking, robust security, and consistent set of standards, Cato SASE Cloud has provided Forvis with the ideal solution to address its dual transformation and M&A challenges.
Read customer story Search
Häfele Recovers from Ransomware Thanks to Cato SASE Cloud 

Manufacturing

Häfele Recovers from Ransomware Thanks to Cato SASE Cloud
Häfele Recovers from Ransomware Thanks to Cato SASE Cloud  In the wake of a severe ransomware attack in February 2023, Häfele, a global leader in the furniture fittings, architectural hardware, and lighting industry, faced a daunting challenge. The attack encrypted all Windows-based server and client systems, bringing the company's IT-based processes worldwide to a complete halt. The Häfele team had to find a way to restore their global network within 30 days while fixing the underlying security problems that might have led to the attack in the first place. Their answer? Cato SASE Cloud. "When your network is down from a cyberattack, every minute counts, and you can't afford to bring back a partially secured network. You have one shot to do it right and fast," says Daniel Feinler, CISO at Häfele. "The deployment speed with Cato SASE Cloud was a game changer. By working with Cato Networks, we brought up the entire network with full security in less than a month. It was so fast that a competing SASE vendor didn't believe us. Cato made it possible." The Challenge Accepted: Build A Global Network in One Month Feinler vividly recalls the crisis: "The attackers gained access to our network and encrypted all Windows-based systems. All IT-based processes worldwide were paralyzed." The company had to shut down its computer systems and disconnect them from the internet. The only good news? The backup was not compromised, enabling the team to restore their systems rather than pay the ransom. The team had been evaluating SASE vendors at the time of the ransomware attack. When the decision was made to rebuild their network, Feinler and his team thought it was an opportune time to "kill two birds with one stone" and move to SASE. The caveat: The entire global network rebuild had to be done within one month. It was an audacious goal that would typically be project-planned for 12 months or more. Encouraged by the positive results of the initial proof of concept, the team turned to Cato Networks. Cato worked closely with Häfele to get its network running and restore the Häfele IT systems. Over the next four weeks, Cato Sockets were delivered and deployed in an astounding 180+ sites across 50+ countries in Europe, Middle East/Africa, the Americas, and Asia-Pacific regions. The small form factor of the Cato Socket, Cato’s edge SD-WAN device, helped speed the deployment. The Socket is so small it can fit inside a backpack, solving shipping issues. In one case, a Cato sales engineer personally drove to a Cato depot and picked up a few Cato Sockets in Switzerland, for installation in the Häfele location in Germany.  Worldwide, the Häfele team configured a global, unified security policy to help prevent another attack, and 8,000 employees regained secure access to the internet and enterprise resources, including 4,000 mobile users who now use Cato Client for ZTNA. "The deployment speed with Cato SASE Cloud was a game changer, enabling us to bring up our entire network with full security in less than a month." The Cato SASE Cloud rollout was so fast that it even surprised Häfele. "I did not think we could shut down, rebuild, and transition our IT systems in less than 30 days," said Mike Bretz, Global Team Lead of Network at Häfele. "Cato defied the odds and performed admirably during a challenging time and under immense pressure. Implementation and Recovery: Cato Deployment Speed and Security Were Essential The speed at which Feinler and his team could connect sites and users was a critical factor in deciding to move with Cato, but it wasn't the only factor. "Our network team was very enthusiastic about the Cato solution," says Feinler. “Especially the easy administration and the fact that everything worked as promised at the proof of concept was convincing. From the hardware, which was quickly shipped, to all the worldwide locations, and to connecting boxes by a non-IT colleague. From a management point of view, I liked the fact that it is a one-stop solution for different security areas that we previously had with different suppliers." Cato provided Häfele with a converged, multilayer security stack for all traffic from all directions at all network edges. The Cato Single Pass Cloud Engine (SPACE), the core security engine of Cato, converges multiple network security functions for flow control and segmentation (NGFW), threat prevention (SWG, IPS, NGAM, DNS Security, RBI), application and data protection (CASB, DLP, ZTNA), and threat detection and incident response (XDR and EPP) into a cloud-native software stack. Cato has autonomous systems and processes sustaining the evolution of service capabilities, resiliency, optimal performance, scalability, global reach, and security posture, requiring no additional customer IT involvement. The Häfele team could protect all network-based vectors worldwide against future breaches and easily maintain an optimal security posture in the future. As for advice to other CISOs, Feinler had this to offer, "You need to invest in cyber defense both in hardware and software (SASE, XDR, SIEM, SOC) and also in your employees. Training for admins and security awareness training for your employees is important. Ensure you have a secure, air-gapped backup and regularly evaluate the restore. If not already done, implement network segmentation and separate IT from OT. Establish MFA for all logins." "Ultimately, you need to strike a good balance between security and usability. Cato gave us that. I would say that we can sleep much more relaxed. I think with Cato, we get the best protection currently. Coupled with the other changes we have introduced; we are in a good current state. The important thing now is to maintain this level and always be one step ahead of the attackers," says Feinler. Not Just the Right SASE Platform, the Right SASE Partner Häfele's experience with the Cato SASE Cloud is a compelling testament to the power of rapid, effective response in the face of cyber threats. It is also the story of the organization that stands behind the Cato SASE Cloud. Pulling together to deliver a global network in one month reflected enormous coordination between the Häfele and Cato teams, from Socket ordering, shipping, and deployment to management configuration and more. The case demonstrates how the right partnership requires excellent service and a service-oriented organization. As Bretz said, "Cato did exactly what they said they would do. This is how you earn customer trust."
Read customer story Search
JUKI Ramps Up COVID-19 Telework, Boosts Remote Cloud Performance with Cato

Manufacturing

JUKI Ramps Up COVID-19 Telework, Boosts Remote Cloud Performance
JUKI Ramps Up COVID-19 Telework, Boosts Remote Cloud Performance with Cato The Challenge: One Network, One Security Solution With users now working from home, enterprises have another reason to be frustrated with global MPLS. Not only are global MPLS services costly, but they’re also unsuitable for connecting the cloud resources consumed by the legions of remote and mobile users. The global Internet is of little help; it’s far too unpredictable. And having sites in China only limits the number of connectivity options. What then can an IT leader do to eliminate the high cost of MPLS while still meeting the needs for predictable, global secure connectivity that will meet the necessary regulations? “To get the best performance we needed to connect all our locations to a single network with uniform security, including locations that hadn’t been connected previously.” This was precisely the challenge facing Yoshiaki Kushiyama, Senior Manager of Information Systems for JUKI Ltd. The global manufacturer of precision equipment and needles for industrial and household sewing machines needed to deliver affordable, global access to Microsoft Office 365. “We had a plan to deploy Office 365 to the entire organization,” he says. “To get the best performance we needed to connect all our locations to a single network with uniform security, including locations that hadn’t been connected previously.” Cost and regulatory compliance were of big concerns. “We sought a solution that would cost as little as possible to deploy and maintain and we needed to comply with stringent VPN regulations in China,” says Kushiyama. Achieving these goals, especially uniform security, was a challenge. “We didn’t have a clear understanding of what security equipment was installed at each location and who controlled what nor the bandwidth and connectivity available at each,” says Kushiyama. “We were also concerned about cloud security since we were deploying Office 365. We had to ensure that the Microsoft applications would be accessible from the company network only.” Kushiyama had also heard that Office 365 deployment could increase bandwidth requirements up to five or ten times. “We wanted centralized network and security visibility, with the ability to upgrade bandwidth quickly if needed.” JUKI Seeks SD-WAN Solution, Chooses Cato Kushiyama knew that SD-WAN was a technology worth exploring when it came to deploying Office 365. “I had heard that SD-WAN, with its flexible deployment and management, was the right technology to get the best performance out of Office 365,” says Kushiyama, “so I started looking for SD-WAN solutions from vendors familiar with Office 365.” Kushiyama contacted an SD-WAN vendor recommended by a colleague and got an introduction to that product. Two months later, Kushiyama was introduced to Cato. “Listening to the company reps, I found Cato’s solution immediately appealing, so I compared both solutions carefully,” says Kushiyama. He was a little wary because at the time, Cato hadn’t been deployed by many Japan-based organizations. “When comparing all the capabilities, however, Cato’s had an overwhelming advantage and met all our requirements, so I was eager to deploy it and promoted it to senior management,” says Kushiyama. “They too were worried about the lack of a track record in Japan, but eventually they approved the Cato solution.” “Cato offered an environment where remote work could be done immediately and successfully using Office 365, letting employees do the same work that they did in the office,” says Kushiyama. “It also let us collaborate face-to-face easily with Microsoft Teams. This gave Cato a great reputation with senior management.” COVID-19 hit in the middle of the evaluation process and Cato’s fast, easy home and mobile VPN deployment helped to tip the scale in the company’s favor. “Cato offered an environment where remote work could be done immediately and successfully using Office 365, letting employees do the same work that they did in the office,” says Kushiyama. “It also let us collaborate face-to-face easily with Microsoft Teams. This gave Cato a great reputation with senior management.” Kushiyama was also impressed that with Cato, the same consistent level of security could be maintained for both the corporate WAN and the Internet. The use of the Internet for WAN connectivity rather than a dedicated line would enable JUKI to keep its network costs down. Cato Delivers Easy Deployment, Fast Performance, Low Cost Deployment of Cato across all JUKI’s global locations was fast and easy, requiring the installation of a simple Cato socket at each. “I went around with another person to each location to deploy the solution,” says Kushiyama. Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next generation firewall, and IPS. Connecting a location to Cato is just a matter of installing the simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 60 globally dispersed points of presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. JUKI’s 2742 mobile users run across the same backbone, benefiting from the same optimization and security features. Cato’s mobile VPN capabilities were the most immediate benefit of the solution for JUKI, allowing employees to work at home with the same performance, and security they had at the office. “Before Cato, the head office had no system for remote working at all,” says Kushiyama. “COVID-19 forced us to find one. With Cato all we needed to do was increase our VPN license and have each group company that was sending staff home install the clients. The move to remote work was so quick and smooth.” “The big difference between Cato and other solutions is the integration of network management and security” Fast connectivity among all the company’s locations was also a major benefit, together with the ability to monitor network connectivity and security from a single console. “The big difference between Cato and other solutions is the integration of network management and security,” says Kushiyama. “It’s great to be able to grasp and respond to both network status and security at the same time on a single screen.” Kushiyama also liked that he could increase network bandwidth easily as Office 365 use grew. “The more we use Office 365 the more bandwidth we need,” he says. “With Cato we just ask for more bandwidth and get it almost immediately. There’s no equipment or infrastructure to upgrade.” [caption id="attachment_12921" align="aligncenter" width="947"] The Juki global network — 2742 mobile device and 37 sites all connected by Cato’s global private backbone.[/caption] Kushiyama and his team have also improved Juki’s security by reducing dwell time and the number of malware infections. “The malware detection rate at the head office has dropped dramatically,” he says. “If there is an infection at a location, it’s visible at the head office so we can alert them and deal with it quickly.” As for cost savings, Kushiyama estimates that cost Cato provided a return on investment (ROI) that was five to ten times higher that of MPLS. In all, JUKI’s switch to Cato has been a great success. Says Kushiyama, “The combination of Cato and Office 365 made all the difference in JUKI’s ability to handle the COVID 19 pandemic and communicate across all company locations and employee homes as if we’re all in the same office.”  
Read customer story Search
Fullerton Health Builds a Secure SASE Linking 550 Locations and the Cloud, Thanks to Cato

Healthcare

Fullerton Health Builds a Secure SASE Linking 550 Locations and the Cloud, Thanks to Cato
Fullerton Health Builds a Secure SASE Linking 550 Locations and the Cloud, Thanks to Cato The Challenge: How to Cope Efficiently with Rapid Data Growth and Increasing Security Risks Secure communications are essential for any organization, particularly for a large, regulated healthcare provider holding sensitive health data for thousands of patients. Such was the case for Fullerton Health. The vertically integrated provider of accessible, affordable healthcare maintains a network of more than 550 healthcare facilities across nine Asia Pacific countries. Thanks to rapid growth and acquisitions, connectivity and security among facilities and Fullerton Health’s Singapore headquarters was a complex affair. “Before Cato, there was no integrated network to link regional offices and local sites, says Alvin Lim, Group Technology and Information Security Director at Fullerton Health, Singapore. “Local sites were managed independently; security was provided by individual firewalls. We were looking to enhance security by improving monitoring of our networks.” Like many healthcare organizations, Fullerton Health grappled with exponential electronic data growth due to rapid digitization. Rising security risks and threat actors were becoming increasingly lethal, not to mention sophisticated. “Our huge data growth was leading to traffic monitoring and bandwidth management challenges,” says Lim. “We take the trust our patients have in our ability to protect their medical records and personal data very seriously. We are always mindful of possible data breaches and constantly look for ways to protect our data. Fullerton Health Considers Network Alternatives, Chooses Cato Lim decided it was time to look for a single integrated secure network solution for all its locations and needs. “We looked at several alternatives, including VPNs over the public Internet, which were not ideal, and leased lines, which are expensive, slow, and offer little security.” “We also looked at SD-WAN, which would have required backhauling data to data centers,” says Lim. In the end, Lim decided a Cato SASE was the answer. It would inspect and secure data at multiple points of presence and was particularly suited to remote work, a growing component of Fullerton’s business. Lim liked that Cato had good coverage in the Asia Pacific Cato SASE Cloud optimally connects all enterprise network resources into a secure global, cloud-native service, including branch locations, the hybrid workforce, and physical and cloud data centers. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast, global private backbone. Cato Sockets, Cato’s edge SD-WAN devices, extend the Cato SASE Cloud to locate, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, Cato Client and Clientless access enables secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. Immediately Lim was impressed with his Cato contacts. “They were wonderful people, very easy to work with,” says Lim, “and had a lot of technical knowledge and experience. We felt we could communicate very freely with them.” Cato’s pricing was also very competitive, and Lim liked that security was tightly integrated with the solution. Deployment of the Cato SASE to all of Fullerton’s sites was easy, even during a global pandemic. “Remote sites with no IT staff had no problems connecting the Cato Socket to their local circuits, and we could activate each site through a central portal. It really was plug-and-play for us.” Fullerton Health connected all its locations over a single year, 2022, even as the Covid-19 pandemic raged. Cato Delivers Bang for the Buck The benefits of the Cato SASE have been dramatic. “Cato gave Fullerton Health a way to connect all those disparate entities and locations, including remote users and the cloud, into a single common, fast, secure transport channel,” says Lim. “It lowered the cost of our investment in telecommunications links by 30 percent compared to alternatives and gave us fast, dedicated connectivity to our cloud providers. And it simplified security and secure remote access, which both happen at its numerous points of presence, rather than individual connections to a central firewall.” Lim is impressed with Cato’s support and continual ideas for improving his organization’s network. “Cato support is very responsive, and Cato is always adding value in their product offerings,” he says. “I would recommend the Cato SASE solution to any healthcare organization that needs simple yet very secure connectivity among regional and local sites, remote users, and the cloud.”
Read customer story Search
The Flügger Group Gains Network Flexibility and Security with Cato and Secher Security

Retail

The Flugger Group Gains Network Flexibility and Security with Cato SASE Cloud
The Flügger Group Gains Network Flexibility and Security with Cato and Secher Security The Challenge: Simplicity and Flexibility In an era of digital transformation, manufacturers need fast, secure WAN connections with datacenter applications, retailers, suppliers, partners, and the cloud. Retailers in turn need fast connectivity with manufacturers and their own datacenter and cloud applications. As both a Danish paint and related products manufacturer and retailer, the Flügger Group needed all of those things. With five manufacturing plants and more than 200 of its own retail locations and 200 franchise stores in Scandinavia, Eastern Europe and China, the Flügger Group was in the midst of a major expansion and digital transformation. Prior to Cato, Flügger relied on MPLS WAN connections and multiple security point solutions to provide secure WAN connectivity. “Our MPLS solution was secure, but it was a very closed, inflexible environment that we couldn’t make changes to without a lot of time and effort” “Our MPLS solution was secure, but it was a very closed, inflexible environment that we couldn’t make changes to without a lot of time and effort,” says Jan Jørgensen, IT Project Leader. “We had to do a lot of workarounds.” Flügger was opening, closing, and moving a lot of stores and it took much too long to get them up and running with MPLS. “It got quite difficult to meet our deadlines,” says Rune Skovsgaard, Head of IT. "We needed an environment that was both more open than MPLS and as secure, and, of course, financially attractive.” Flügger was also modernizing its manufacturing plants. “We were inviting more suppliers and partners directly into our network, including those who would help support and maintain plant IT,” says Skovsgaard. “They had to get into a very closed network to do their work. We needed an environment that was both more open than MPLS and as secure, and, of course, financially attractive.” With all its point solutions, security was also inflexible and time-consuming. “We couldn’t work with our firewalls, honestly,” says Jørgensen. “If we had to make any changes or give an external provider access, it was impossible. It took a lot of work and time even to just open and close the firewall for a specific partner. Sometimes we just left it open.” Flügger Turns to IT Consultant, Adopts Cato Looking to simplify networking and security and make it all easy to manage, Flügger turned to Secher Security, a Danish IT security consultant firm, for help. “They had all sorts of different vendor solutions and partners involved in a lot of different IT projects,” says Kristian Secher, Secher Security CEO. “They were losing money on all those different consultancy services. Immediately we saw that we could simplify their environment with the Cato solution. The Flügger Group took to the Cato solution almost right away. “Things moved quickly and easily because the Flügger team was very interested in the solution and eager to help get the job done and make it a success,” says Secher. Cato connects all global enterprise network resources — including branch locations, physical and cloud datacenters, and mobile users — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, and IPS. Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 70 globally dispersed points of presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Flexible Network, Flexible Partner Aside from being impressed with the Cato solution, Skovsgaard found his Cato partners very flexible and easy to work with. “When we select a new supplier we look both at the technical solutions and whether it will be a good working environment,” says Skovsgaard. “With Cato we have a very flexible supplier that understands our requirements and is there when we need help.” “With Cato we have a very flexible supplier that understands our requirements and is there when we need help.” Many of Flügger’s stores are very small and Skovsgaard appreciated that Cato was willing to accommodate such small network environments. “Cato understood our business and adjusted its own business model and contracts so they would work for us,” says Skovsgaard. “Cato give us both the security and flexibility we need,” says Jørgensen. “We can bring new partners into the network easily and securely.” After 12 months with all Flügger stores now up and running on Cato, the Cato solution has paid for itself compared to MPLS, and is now saving the company money. But there are more important benefits, according to Flügger. “Cato give us both the security and flexibility we need,” says Jørgensen. “We can bring new partners into the network easily and securely.” “It’s also quick and easy to move, open, and close stores compared to how it was with our previous MPLS network, even when they’re in other countries” “It’s also quick and easy to move, open, and close stores compared to how it was with our previous MPLS network, even when they’re in other countries,” says Skovsgaard. “And we have a single reliable supplier for network security instead of having to deal with a lot of different security vendors.” Jørgensen likes that Cato is an Internet solution. “With MPLS you’re bound to a certain Internet provider,” says Jørgensen. “Since Cato uses the Internet, it’s less expensive to maintain and we can shop around for a provider, which saves money.” Jørgensen also likes Cato’s easy management. “We have much more control of the network and can monitor and make changes remotely,” says Jørgensen. “Before Cato, if a retail store dropped a connection, there wasn’t much we could do. With Cato we can see that the line is working fine and find exactly where the errors are in the system. We can make quick security changes remotely and easily to adapt to new threats. Jørgensen recommends the Cato solution to others. “It’s been a great experience, a business critical infrastructure asset that’s stable with a great team that I can trust. And we have a solution we can grow with our business.”
Read customer story Search
Guardian Credit Union Improves Network Control & Security with Cato

Credit Union

Guardian Credit Union Improves Network Control & Security
Guardian Credit Union Improves Network Control & Security with Cato Cloud applications demand greater network visibility, without compromising security or increasing complexity Guardian Credit Union is a regional business that faced big network challenges. The credit union needed better visibility and application control, without compromising security or making the network so complicated it would require a team of wizards to operate. Like many companies, Guardian had relied on a mix of point-to-point, layer-2 connections to connect sites. The MPLS and Metro Ethernet network was configured in a hub-and-spoke, backhauling requests to Guardian’s central datacenter to access applications, data, and from there through a secured Internet portal. In short, it was the kind of complex configuration typica of legacy enterprise networks. “I have experience in complex environments so it's not hard for me to get it and support it, but I have other things to do too and so does our team,” says Scott Rosen, vice president of technology for Guardian. “I have experience in complex environments so it's not hard for me to get it and support it, but I have other things to do too and so does our team” Managing a complex network requires lots of training, which Rosen wanted to avoid as a requirement for Guardian’s IT operations team. “It takes a ton of time and expertise. You don’t just go out and take a couple of courses in how the network works in a complex environment,” says Rosen. “So for us, moving to SD-WAN wasn’t necessarily about reducing costs, even though that was something that happened, but it was more about visibility of the network. We wanted to reduce the complexity of the network but maintain its protection and resilience.” One reason improving visibility was particularly important for Rosen and his team was because of the struggles voice and cloud applications had across private networks like Guardian’s. The company was increasingly looking to adopt video conferencing, Microsoft 365, and other applications so providing quality of service (QoS) at the edge was very important. SD-WAN Requires Security to Replacing MPLS SD-WAN provided a way to simplify the network but that meant adopting Internet everywhere. The inherent risks were obvious. “Now that we're getting away from private connections, we risk exposing ourselves by providing Internet connections now at all locations. So that was something to weigh. How could we mitigate that risk? “ It meant that security had to be part of his SD-WAN assessment. The notion that traffic across the WAN can be trusted, a common belief in legacy network design, had to be upturned. “If you trust the traffic between a branch and a datacenter, you’re increasing your risk. If there’s a piece of malware in the branch, which thankfully we never had, the malware could propagate across the network. You must inspect the traffic.” And that inspection must be based in the network. “You can use endpoint control in the computers but that doesn't fix IoT or devices that might have different operating systems than the ones you control. You really need to have inspection and control in the network.” Rosen Considers SD-WAN Solutions but Finds Security, Management Lacking Rosen investigated conventional SD-WAN solutions, but none of those alternatives prioritized security. “We led with ‘security first’ in our assessment, but conventional SD-WAN solutions sold security as an add-on or required a separate security solution.” “We led with ‘security first’ in our assessment, but conventional SD-WAN solutions sold security as an add-on or required a separate security solution." Also, conventional SD-WAN solutions required going through a telecom provider or ISP, who would manage the solution for Guardian. The credit union was already dissatisfied with telco support and did not want to give telcos more responsibility. “It’s hard enough to get them to fix the services they were already providing,” Rosen says. “You already experience problems and now they want to sell you a complete turnkey management solution where they manage your entire network.” [caption id="attachment_8224" align="aligncenter" width="1237"] Cato’s SASE architecture allowed Guardian to prioritize traffic to ensure VoIP and other applications received the necessary bandwidth[/caption] Rosen Turns to Cato’s SASE Platform for SD-WAN – And More Cato provided Guardian with the enhanced security, application control, and operational simplicity the credit union required. Cato allowed Guardian to achieve needed security without layering on firewalls and other security service, which would have increased network complexity. “Security wasn’t just part of Cato’s technical solution. It’s in Cato’s roots. Your CEO and founder came from that world,” says Rosen. Cato also proved easy to understand, improving the productivity of the Guardian IT team. The IT team could troubleshoot problems quickly without requiring a great deal of networking expertise. “Anybody on our team now can go in and understand where traffic is flowing and how it’s working,” Rosen says. “Security wasn’t just part of Cato’s technical solution. It’s in Cato’s roots. Their CEO and founder came from that world." And the transition to Cato prepared Guardian for the Covid-19 pandemic. “Who knew that the steps we took months and months ago to improve our network would prepare use for Covid-19,” says Rosen. “But moving to Cato was instrumental in us being able to be elastic and more dynamic in helping us respond to not just the shift to remote workers. Not only could Cato support our remote workers, but we didn’t need to bring cloud and Internet traffic back to our datacenter and consuming our resources. We could keep that traffic where it belonged in the cloud. “ [caption id="attachment_10685" align="aligncenter" width="1291"] With Cato, Guardian gained network visibility into its complete network and security infrastructure.[/caption] Cato Support Proves to be ‘Nimble’ and Responsive Overall, Rosen is extremely impressed by Cato’s commitment to customer service. Rosen notes that one night he called Cato after 9 pm and Cato offered to do a remote support session despite the lateness of the hour. Guardian was at that time doing a proof-of-concept (PoC) with Cato — though Cato didn’t know that until later — and Cato’s above-and-beyond commitment to support helped Guardian decide to give Cato its business. Cato has also proven responsive to enhancement suggestions. “Cato is nimble. When I need something fixed or have a product enhancement, Cato listens,” says Rosen. “Cato is nimble. When I need something fixed or have a product enhancement, Cato listens." And Guardian and Cato both share a common corporate culture, of putting the customer first. “Honestly, I’d love to tell you it was all about the product, but your people, too, are a differentiator.”  
Read customer story Search
Kyocera Senco Improves Availability, Continuity, and Manageability with Cato SASE Solution

Manufacturing

Kyocera Senco Improves Availability, Continuity, and Manageability with Cato SASE Solution
Kyocera Senco Improves Availability, Continuity, and Manageability with Cato SASE Solution Continuity and availability have long been key attributes of enterprise WANs. But as companies turn to SD-WAN, achieving around the clock uptime and network availability is not always a given. Just ask Kyocera Senco. The Dutch-based specialist in fastening solutions had deployed its own SD-WAN solution.  “The performance was good, but we could not always guarantee the needed continuity. Downtime has a big impact on our business and after one time our systems were offline for half a day, we started looking for another solution,” says Peter Fluitsma, Managing Director of Kyocera Senco  The company turned to Cato and Videns IT Services, a leading network-independent service provider of managed SD-WAN solutions, for help. Cato’s revolutionary global secure access service edge (SASE) service converges SD-WAN and network security capabilities into a global, cloud-native platform.   Click here to read more about the Kyocera deployment and key lessons learned while deploying Cato.
Read customer story Search
Fiskars Group Boosts Business Agility and Security with Cato SASE

Consumer Goods

Fiskars Group Boosts Business Agility and Security with Cato SASE
Fiskars Group Boosts Business Agility and Security with Cato SASE Fiskars Group Needed a Network Overhaul Moving at the speed of 21st century business requires a fast, agile, secure WAN that is easy to deploy and manage. Unfortunately, before the Fiskars Group adopted Cato SASE, its WAN had none of those qualities. “Our network was an old-fashioned mess,” says Jesper Hjørland, Service Manager for Network and Connectivity at the Fiskars Group. “We had both MPLS and Internet connections with multiple security solutions from different providers in different locations.  We often had three or four different devices on each site. Deployment and management of all those solutions was very challenging and time consuming.” The time it took just to open a new location was far too slow for the company’s business needs. “Our leadership felt it was critical to be fast and agile to meet the rapidly changing needs of our customers,” says Hjørland. “Before Cato, that simply was not possible,”. Once Fiskars Group had to move a warehouse in Sydney to another location. “It took us four months just to get a new MPLS connection, delaying the move and worrying our management quite a bit,” says Hjørland. After that stressful move, Hjørland knew it was time to find a better, more simple, flexible WAN solution. “We knew we needed the same WAN and security solution in every location, whether it was a small shop or a large factory,” says Hjørland. Fiskars Group Evaluates SD-WAN and SASE, Chooses Cato Hjørland’s needs naturally took him in the direction of SD-WAN and SASE. “We looked at a lot of SD-WAN and SASE solutions, but Cato’s was the only one that allowed us to use the same solution everywhere,” says Hjørland. “It was also the simplest to deploy and manage and much more flexible than the other SD-WAN solutions we evaluated.” Cato’s management interface looked so simple at first that many of Fiskars Group’s network staff thought it wasn’t capable. “They were really nervous,” says Hjørland. “‘It’s too simple,’ they said. ‘It probably can’t do much.’ It turned out we could do much, much more with the Cato interface than ever before, including things that a lot of network people don’t even understand completely. Yet the interface is so easy even the less experienced network staff can work with it.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast, global private backbone. The Cato Socket, Cato’s edge SD-WAN device, extends the Cato SASE Cloud to locations, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, the Cato Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. Aside from the management interface and Cato’s security features, Hjørland liked Cato support. “Cato’s people were always helpful, going over and above to ease our implementation,” says Hjørland. “They had great suggestions to help us use the solution to its full potential for our business and gladly answered all our questions, no matter how stupid, to ensure we understood exactly what we needed to do.” Fiskars Group Gets the Speed and Agility it Needs Deployment of the Cato solution to the Fiskars Groups locations has been very quick and easy. “We changed our supplier in the middle of the implementation and, though they had never heard of nor had any experience with Cato, they were able to do their first deployment in under two hours with minimal Cato support.” Cato SASE has sped up the deployment of moves and new locations dramatically. “We roll out new shops very quickly now,” says Hjørland. “We can just send them a Cato box and explain to store personnel with no network experience how to plug it in and get the service up and running.” Aside from fast deployment, Hjørland likes that every location large and small has the same robust layer of security. “That consistency was something we sorely lacked in the past.” However, agility and simplicity are the main business benefits. “With Cato we’re removing three to four different devices on a site and replacing them with a simple Cato box.” Fiskars Group has started using the Cato mobile VPN in Europe and will soon roll it out in Asia as well. As for cost, Hjørland finds Cato to be very competitive. “The Cato solution has saved us money compared to our previous WAN infrastructure, and that’s not even counting all the additional time and money we spent on consulting services before just to keep everything up and running. There’s definitely a huge cost savings there.” Hjørland most appreciates that Cato has made his job easier. “Thanks to Cato, I can stand by my promises and feel comfortable we can deliver on the company’s business needs quickly, efficiently, and securely.”
Read customer story Search
Topcon Achieves a Fast, Secure Global WAN with Cato

Healthcare

Find out How Topcon Achieved Fast Global WAN Performance and Security with Cato.
Topcon Achieves a Fast, Secure Global WAN with Cato The Challenge: A Single, Fast Global WAN Proved Challenging with MPLS Global enterprises often struggle to provide consistent WAN performance and security across all their locations. MPLS is very expensive or unavailable in some remote regions and VPN alternatives can be slow and unreliable. Topcon Corp knew this problem only too well.Topcon is based in Tokyo, Japan with offices spread across the Americas, Middle East, Africa, Asia Pacific, and China. With expertise in advanced technology and global business development, the company provides global solutions to meet societal challenges in healthcare, agriculture, and infrastructure. Some of these include technologies that automate the operation of agricultural equipment and harness digital sensors to manage the growth of agricultural crops. “Seventy-seven percent of our sales come from overseas and nearly 80% of our employees are not Japanese,” says Takashi Nakajima, Head of the Digital Transformation (DX) Promotion Division and Chief of Business Operations. Topcon was struggling to provide fast, secure connectivity to its offices in China. Most of its other locations took advantage of fast MPLS connections, but China’s offices had slower connections that were often problematic. “We started seeing the limitations of MPLS for worldwide deployment and started looking for a next generation network we could deploy everywhere,” says Nakajima. “We needed a simple, fast, secure solution for regions in Asia where MPLS hadn’t yet been established.” Topcon Searches for a Global WAN Solution, Chooses Cato GlobalDots, a global cloud solutions provider, introduced Nakajima to the Cato solution and he was immediately impressed. “I had already been working with a local SD-WAN deployment in my previous job, so I was familiar with the technology. I liked that the Cato SASE could give us the fast connectivity in China and other parts of Asia that we needed while also keeping our communications secure and allowing us to monitor everything properly.”Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS.Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance, which links automatically to the nearest of Cato’s more than 75 globally dispersed Points of Presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and five nine’s uptime; it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features, improving remote access performance.Nakajima was sold on Cato, but convincing internal management was another story. “We had a lot of conversations in which I had to explain Cato and SD-WAN to management and field staff and assure them that I couldn’t find anything else with all the built-in security and monitoring that Cato had,” says Nakajima. “I made those features the big selling points and got it though the internal approval process.” Fast, Secure WAN and Remote Access Worldwide Implementing the Cato solution was quick and smooth, thanks to Cato’s simple socket appliances and help from GlobalDots. “They did most of the work,” says Nakajima. “As long as there was an Internet connection in our Asian offices, GlobalDots could handle just about everything else remotely. We also replaced our remote access service with Cato’s for about 600 employees, starting with smart phones. It took a little education to get them started but it was pretty smooth.” Staff PC’s will come next.Performance in China and other regions without MPLS has been fast, but its Cato’s simplicity that has really impressed Nakajima.“Cato’s biggest benefit from my point of view is that the network operators no longer need any specialized knowledge,” says Nakajima. “We have a small network staff, and they have to look after the internal network, the Asian network, and our domestic WAN. Now they don’t have to deal with all those version upgrades, security patches, outages, and support issues. Aside from the time and resources saved, there are no more of the human configuration errors we used to have.”Nakajima is also impressed with how easy and quick bandwidth upgrades are with Cato. “We’ve been moving to cloud services such as AWS and Azure, and in the initial design phase we can invest in the minimum bandwidth we need. Then we can quickly ramp up the bandwidth with Cato when we need it.” Topcon had a WAN connection in the U.S. that was impacted by wildfires, requiring a quick replacement, which came easily with Cato SASE. “Normally we would have had to run another MPLS line, which would have taken a long time, but with Cato we were able to recover immediately with nothing more than a contract change,” says Nakajima. “It’s so great for our business when we can do these kinds of things so fast.”Nakajima also saw the true value of Cato’s remote access service when Covid hit. “Basically, nothing happened,” said Nakajima. “Cato’s remote access was already deployed for our workers so there wasn’t much to do. And since nothing happened, management was amazed when they started reading about all the problems other companies were having giving their employees the capability to work from home.”Overall, the Cato SASE solution has been a big success for Topcon. “We were able to provide a fast connection and secure environment for our employees, even when Covid hit and they had to work from home, “says Nakajima.“ The Wi-Fi networks users had at home were not very secure after all, but it didn’t matter with Cato’s security services. Management has been happy with how quickly we can set up Cato at new locations and how well work-from-home went during Covid.”As for the future, Nakajima plans to use Cato to create a business continuity/disaster recovery plan that will fail over from AWS to Azure or vice versa. “I’m trying to create a structure where if one cloud service goes down the network won’t be cut off,” says Nakajima. “I would recommend Cato most of all for its flexibility,” says Nakajima. “It’s so easy. Jut try it out and see if it works for you. We started with our overseas WAN, expanded to remote access and now we’re moving on to other locations. We really haven’t had any major issues.” Background With expertise in advanced technology and global business development, Topcon Corp provides global solutions to meet societal challenges in healthcare, agriculture, and infrastructure. Solutions include agricultural equipment automation and agricultural crop management using digital sensors. Topcon is based in Tokyo, Japan with offices in the Americas, Middle East, Africa, and Asia Pacific. Before Cato, Topcon relied on MPLS connections where they were available and VPN connections where they were not, with firewall appliances at each location and a VPN service for remote access.
Read customer story Search
PlayPower Taps Cato to Streamline its Global Network, Boost Business Agility, and Improve Security

Manufacturing

Learn now a leading manufacturer replaced its MPLS- and VPN-based network with Cato, while improving security with the Cato MDR service.
PlayPower Taps Cato to Streamline its Global Network, Boost Business Agility, and Improve Security The Challenge: M&A Complexity Organizations growing via mergers and acquisitions (M&A) often end up with a complex mix of service provider and point solutions that create significant IT operational and performance challenges. Rationalizing diverse infrastructure not only simplifies the network, it makes the business more agile and responsive. PlayPower, a leading manufacturer of premier commercial recreational equipment, is a case in point. Through a series of mergers and acquisitions, PlayPower found itself with a mix of MPLS services and Internet-based VPNs connecting its 15 sites. The complexity and diversity of the network created a host of operational challenges that Alfred Sobrinho, Vice President of Information Technology at PlayPower, knew could only be eliminated through network simplification. With so many different types of services and equipment, running the PlayPower’s complex network was incredibly time consuming. “Like most mid-sized companies, we don’t have a huge staff of CCIEs,” says Sobrinho. “We needed a network that was easier to administer and run.” Several of PlayPower’s locations lay outside of its MPLS provider’s network, leading to delays and service issues. “In some rural locations, it could take a long time to get a new site on board with MPLS,” says Sobrinho. “There might only be one or two telcos to choose from.” Once sites were connected, the backbone often proved unstable, causing problems for users trying to connect to applications and share resources. “Even IT staff had difficulty connecting to other locations,” says Sobrinho. “The thought of someone in Pennsylvania providing helpdesk services to users in California was basically out of the question, as it meant crossing two or three networks.” Maintaining the company’s security infrastructure also proved challenging. As with many companies, PlayPower had an on-premises SIEM system that needed continuous monitoring and updates. “We didn’t have the resources to have someone sit there all day, monitor security events and rule out false positives,” says Sobrinho. “It made sense to give that function to someone who does this for a living,” he says. Sobrinho decided he had to create a single unified network that made all services and assets available to everyone. “We wanted to locate services where they were needed, without any bandwidth or other network constraints,” he says, “and we wanted to provide services across all of our different brands and business units with a single IT team.” PlayPower Evaluates the SD-WAN Market, Selects Cato Sobrinho began looking into SD-WAN, reaching out for help to Ralph Lewis, CEO at Cumulus Telecom and trusted advisor on infrastructure issues to PlayPower. “We looked at ease of use and price/performance ratios. It was particularly important that the proposed SD-WAN solution work in-line with our current firewalls,” says Sobrinho. “A forklift upgrade was out of the question.” Together, Lewis and Sobrinho vetted all of the major SD-WAN providers, “but Cato looked really good,” says Sobrinho. Cato connects all enterprise network resources—including branch locations, the mobile workforce, and physical and cloud datacenters—into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic. “I was going to schedule our next vendor interview,” says Lewis, “when the team said ‘Stop scheduling! You just showed us what we’re looking for." After evaluating Cato, PlayPower implemented a proof of concept (POC) in an office it was looking to move to a different location. The results were so positive that they chose to replace their firewall appliances with Cato Security as a Service. “By the time the POC was over, we were no longer considering our own firewalls,” says Sobrinho. “We were ready to return the router for the new location because they were going to use the Cato Socket to do the routing,” says Lewis. As PlayPower rolled Cato out to the other sites, Sobrinho decommissioned MPLS services. Benefits with Cato The move to Cato provided PlayPower with both tangible and intangible benefits. With Cato, PlayPower could replace a hodgepodge of MPLS services and Internet-based VPNs with a single network supporting the entire organization. The IT team could now deliver services everywhere, supporting all the company’s divisions and business units. Cato’s simplicity and cloud architecture yielded significant operational savings. Management and support were mostly handled by Cato, rather than PlayPower’s IT staff. "If you need specialists, such as CCNEs, you need more IT people and a bigger network team to support the same kind of networking capabilities you get with Cato,” says Sobrinho. Cato’s flexibility let PlayPower reduce its network costs. “With Cato, we can use any available last mile provider or service,” says Sobrinho, “which means we can negotiate rates and make providers compete to keep our costs down,” he says. "The Cato Sockets are truly plug and play, so we don’t have to do all that routing and deep network configuration we used to do." Cato gave PlayPower a built-in onramp to the cloud. "Cato's agentless cloud capabilities make integrating leading cloud providers and hosting centers so easy,” says Sobrinho. “You have those connections already without having to configure dedicated IPsec tunnels to the provider.” So positive was the initial foray into SD-WAN that the team decided to expand the relationship. A few months later it became the second customer to go live with Cato Managed Threat Detection Response (MDR) service. With Cato MDR, Cato engineers monitor the network for key security events, alerting the customers only as needed. "Rather than having a bunch of warm bodies sifting through the traffic, Cato uses data mining to drill down to the few events that warrant human attention,” says Sobrinho. “I have an analytics and applications background, so that approach makes a lot of sense to me." “Cato’s SOC team reaches out to us with an alert and one of our IT members responds with the appropriate action,” says Sobrinho. “We’ve been very happy with that service.” A Fast Work-from-Home Ramp-up As with many organizations, the spread of Covid 19 forced PlayPower to shift employees to working from home on a large scale. "It meant more than doubling the number of remote workers,” says Sobrinho. Cato made it easy. “With Cato, we didn't have to worry about adding VPN servers,” says Sobrinho. “All it took was a single phone call. Within a day, the extra VPN capabilities were deployed. No need to monkey around with switches, concentrators and cabling.” Cato’s flexible cloud architecture was a great benefit when companies had to adapt to Covid and vacate their physical offices. “PlayPower was able to take the entire workforce across all its sites and business units remote in a day or two with no loss of productivity,” says Sobrinho. “It was remarkable that we did not have to frantically add VPN concentrators or network infrastructure like our peers and competitors who were on legacy networks and took weeks and months to transition to a remote work-from-anywhere business.” Most importantly, the user experience was excellent. “With Cato, our users don't even know they’re connected to a network backbone -- and they shouldn’t have to. They just know they can access all their applications and services seamlessly, says Sobrinho.” The support experience has also been positive. “We’re very happy with the service levels we've been getting Cato,” he says. “We don’t have to tie up IT people to handle a maintenance outage or a hardware or software upgrade to enhance uptime. We spend a lot less time on network administration." Perhaps that greatest benefit: PlayPower can make business decisions without worrying about network limitations. Says Sobrinho, "With Cato, we can tap the right location to provide the right service based on business need, not some artificial network constraint such as bandwidth."
Read customer story Search
Oil and gas company implements SASE to energize IT resiliency, connection speed and network security

Manufacturing

Oil and gas company implements SASE to energize IT resiliency, connection speed and network security
Oil and gas company implements SASE to energize IT resiliency, connection speed and network security Ranger Energy Services had a legacy VPN with high latency, as it required routing through another vendor’s data center. The IT team received a huge number of tickets related to network issues. Ranger Energy Services started by replacing its legacy VPN with the Cato SASE Cloud Platform and the Cato Client offered by Windstream Enterprise Software. With Cato, a single zero-trust policy guides user access regardless if the user is inside or outside the office. The Cato Client provides remote users with Zero Trust Network Access (ZTNA). The ability to provide a high-quality ZTNA solution was a key factor in Ranger Energy Services' transition to SASE from Windstream Enterprise. The ZTNA clients significantly improved Ranger’s remote users and work-from-home employees' performance. ZTNA traffic was routed to the closest regional SASE point of presence (PoP), which meant a much lower latency and a significant reduction in trouble tickets. Ranger’s IT staff members were impressed with the support teams at Windstream Enterprise throughout the deployment of ZTNA and SASE. “Ever since bringing on Cato and Windstream Enterprise, we’ve had a marked improvement in our networks,” says Matthew Bennett, senior IT manager at Ranger Energy Services....Click here to read the complete story of the Cato-Windstream Enterprise deployment.
Read customer story Search
How Redner’s Markets Transformed the Retail Experience by Transforming its Network with Cato

Retail

How Redner’s Markets Transformed the Retail Experience by Transforming its Network with Cato
How Redner’s Markets Transformed the Retail Experience by Transforming its Network with Cato Grocers may not be the first industry that comes to mind when one thinks of digital transformation challenges. But between the use of smart shelves, just on time delivery, online ordering and more grocers and retailers in general have relied on digital transformation to stay competitive. The same was true for Redner’s Markets. The Pennsylvania-based grocer relied on technology extensively to keep competitive, but it was technology that was posing a problem for employee-owned, family-run grocery chain. The staff was unable to place clear voice calls across the company’s network. Customer-facing loyalty applications weren’t working. Some of the grocer’s pharmacies couldn’t fax in their orders. Employees complained and customers were kept waiting. All of which was interfering with the company’s business. “We just want to provide quality food to our communities and provide a great and reliable place to work,” said Nick Hidalgo, VP of Information Technology at Redner’s Markets. Redner’s problem was that its network wasn’t keeping up with growth.  The business has grown from its founding with two stores in 1970 to 64 U.S. warehouse markets and convenience stores today. In addition to employee- and customer-facing problems, Redner’s faced difficulties getting its several network systems to work together. The network operations team needed multiple skill sets for multiple providers’ technologies. Delivering policy consistency over various vendor platforms throughout the company was a significant challenge. Disaster recovery was impacted as data replication between sites lagged an hour or two behind real-time. Employees faced complications with two-factor authentication. Hidalgo and his team found that the network problems were largely caused by their security architecture. For the company’s previous firewall to gain sufficient insight, all the company’s traffic had to be first backhauled across the internet to Redner’s Markets’ datacenter. The additional latency imposed by that backhaul was disrupting Redner’s applications and processes. The Platform Offers a Better Way Hidalgo began looking for a solution, defining his requirements and speaking with his incumbent vendors.  Quickly he realized that trying to solve each point problem would lead to integration challenges, longer time to value, and still fail to deliver the visibility into the network that he wanted.   “We turned to our partner Avail, a team of technology procurement and management advisors. They recommended considering a SASE platform and suggested we try Cato,” Hidalgo said, “We took the interview and 45 minutes later were blown away by the solution and ready to sign a PoC.” We took the interview and 45 minutes later were blown away by the solution and ready to sign a PoC.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Cato connects locations with its simple Cato Socket appliance that automatically links to one of Cato’s ~90 Points of Presence (PoP) locations, all interconnected by Cato’s fast, global private backbone. Remote users automatically connect to the nearest PoP using Cato Client and Clientless access, and Cloud resources connect using IPsec tunnels, vSockets, or for large capacity connections, Cato Cloud Interconnect. The Cato Single Pass Cloud Engine (SPACE) software runs in all PoPs, converging multiple network security functions for flow control and segmentation (NGFW), threat prevention (SWG, IPS, NGAM, DNS Security, RBI), application and data protection (CASB, DLP, ZTNA), and threat detection and incident response (XDR and EPP) into a cloud-native software stack. Cato has autonomous systems and processes sustaining the evolution of service capabilities, resiliency, optimal performance, scalability, global reach, and security posture, requiring no additional customer IT involvement.  The Cato platform vastly simplified the Redner’s network, enabling Redner’s to remove the head-end firewall at the corporate data center and disaster recovery site, as well as aggregators that were feeding those firewalls. “Transitioning to Cato allowed us to establish direct traffic paths from the branches, leading to a remarkable 10x performance boost and vastly improved visibility,” Hidalgo said. Redner was able to replace SD-WAN solutions from another vendor. Reducing the number of systems supported eliminated the need for Redner’s IT team to maintain skills on multiple systems. Cato’s policy management tools solved the struggle to maintain uniform policies across the network. “With Cato’s built-in management tools, we set policies, and they apply everywhere. Previously, we set bandwidth priorities and hoped they worked on our three different implementations,” Hidalgo said. He added, “The convergence of security and network in one solution—one pane of glass—was where we wanted to go. Cato provided us with that. Other solutions didn’t make sense.” From User Complaints to User Kudos With Cato SASE Cloud, faxing over the network became reliable and hassle-free. Difficulties with Redner’s customer-facing loyalty application have been resolved. Changes in IT infrastructure are generally not met with cheers from end users. But with Cato deployed, Hidalgo says he’s seen a qualitative difference from users. “We have gotten rave feedback. They see a performance change. They don’t need to know anything besides that. We just deliver what they need.” Cato smoothed over Redner’s multi-factor authentication difficulties. “We rolled Cato out, and within two seconds, someone can authenticate and access the network remotely. They’re just raving about the experience compared with what they had before.” The Cato platform helped resolve Cato’s data recovery concerns, replicating data in real time between sites. And the Cato platform delivered improved voice and video performance with packet loss correction techniques to improve last-mile quality. “We have improved the performance of every application on the network by rolling out Cato,” Hidalgo said. “We don’t hear about network slowness; we don’t hear complaints.” “We have improved the performance of every application on the network by rolling out Cato,” Additionally, Cato XDR made Redner’s team more efficient in remediating security incidents. “Cato XDR is a timesaver for us,” he says. “The XDR cards let us see all the data relating to an incident in one place, which is valuable. Seeing the flow of the attack through the network—the source of the attack, the actions taken, the timeframe, and more—on one page saves a lot of time. If a user has a network issue, I do not have to jump to various point product portals to determine where the application is being blocked.” (For additional information about Redner’s Markets’ experience with Cato XDR see this blog.) “Cato XDR is a timesaver for us,”
Read customer story Search
From Garage to Grid: How Cato Networks Connects and Secures the TAG Heuer Porsche Formula E Team

Automotive

From Garage to Grid: How Cato Networks Connects and Secures the TAG Heuer Porsche Formula E Team
From Garage to Grid: How Cato Networks Connects and Secures the TAG Heuer Porsche Formula E Team The IT leadership of TAG Heuer Porsche Formula E Team shares insights about the value of a platform, Cato XDR, Cato DLP, and more. "I'd definitely give Cato the pole position. I can honestly say Cato does a remarkable job making networking and security much, much better." -- Friedemann Kurz, head of IT for Porsche Motorsport. Moving at speeds up to 320 Km/h, sleek, aerodynamic Gen 3 Formula E racecars slice through city circuits, combustion engine roar replaced by the high-pitched whine of arguably the most advanced electric motors in the world. The vibrant, thrilling spectacle that is Formula E is taking center stage yet again as the industry hurdles into Season 10. Last season, Cato was selected to secure and connect the TAG Heuer Porsche Formula E Team with their cloud and on-premises applications and race engineers in Weissach, Germany. This season that relationship has only matured and includes even more Cato capabilities. With a season spent running Cato SASE Cloud, where would the IT team behind the TAG Heuer Porsche Formula E Team place Cato? "I'd definitely give Cato the pole position," says Michael Wokusch, senior IT product manager for Porsche Motorsport. "I can honestly say Cato does a remarkable job making networking and security much, much better." "Depending on your stack, mid-size enterprises easily have two full-time people doing only networking and network security. Or, you can run Cato and have one person handling the network and doing security on the side," he says. Formula-E: The Ultimate IT Challenge Behind the thrilling speeds and split-second race decisions of Formula E lies an enterprise security and networking stress test like no other. There’s the security challenge: An event as high-profile and technology centric as Formula E with a brand like Porsche Motorsport makes for an enticing cyber target. The attack doesn't need to penetrate defenses; disrupting communications with a denial of service (DOS) would be disastrous. But with only one IT person at a race event, TAG Heuer Porsche Formula E Team needed a security platform that was powerful, smart, and simple to operate. Then there’s the logistics challenge. Formula E races (16 events in season 10) happen globally, often in remote regions with limited infrastructure. Shipping lots of equipment isn't an option. "Every kilogram saved on freight saves on costs and reduces emissions," says Friedemann Kurz, Head of IT at Porsche Motorsport. "It's like a race car. The lighter the race car, the more agile it can be. So, too, with IT. The less equipment we ship, the more agile we can be." "It's like a race car. The lighter the race car, the more agile it can be. So, too, with IT. The less equipment we ship, the more agile we can be." Kurz and his team rely heavily on the cloud to reduce local footprint. “Less equipment means lower shipping costs, faster deployment time, and less emissions. Every kilogram we save in shipped equipment saves on carbon emissions," he says. The teams arrive at the location 2-3 days before the event. They only have a few hours to build the race garage and IT infrastructure before the cars arrive. "It's why it's so important to have streamlined IT infrastructure and operation. Onsite at the racetrack is just one person, and that person needs to monitor the deployment, pack it down, and do it all over again," says Kurz. If parts need to be changed, that also needs to happen within those initial hours. All to get the cars on the track to collect as much information as possible so the race engineers can optimize the car software and, more specifically, its energy consumption. "Calculations need to be done in a very short time frame, and a stable network is essential to that goal," says Kurz. "Calculations need to be done in a very short time frame, and a stable network is essential to that goal," Finally, there’s the networking challenge. Race regulations restrict Formula E teams to 50 Mbps Internet connections. Across that narrow connection, the IT department supporting TAG Heuer Porsche Formula E Team had to run application sessions carrying telemetry data during testing, file synchronization between the local NetApp server and the cloud, video sessions for remote race engineers to see what's happening at the track, and voice for communications. Quality of service policies are essential for ensuring applications get the necessary throughput, which is made all the more critical given the Internet connection. The high packet loss and unpredictable public Internet routing limit the connection's throughput. (For example, at 200 milliseconds of latency and 1% packet loss, theoretical TCP throughput would drop to about half a megabit.) "If you're on the other side of the world, well, you can imagine the user experience. It was terrible when we ran over the Internet," says Wokusch. "File synchronization between servers and racetrack alone could occupy the local bandwidth.” Cato Answers the TAG Heuer Porsche Formula E Team Security Challenge To meet those challenges, the IT department behind the TAG Heuer Porsche Formula E Team turned to Cato. At each race event, the team deploys a Cato Socket, Cato's edge SD-WAN device. The half-u Socket is so small it can sit on a shelf. With the Socket and cloud resources, IT travels light. "This season was the first time that we traveled without a server rack,” says Kurz. “Everything we needed is built into our [garage] walling. It's super slim." During season 9, the team ran Cato in hybrid mode, connecting their local equipment to a Cato Socket and a dedicated connection for an IPsec tunnel. After seeing the reliability of Cato, the TAG Heuer Porsche Formula E Team has gone 100 percent Cato. “It's looking good. We are more than happy," says Wokusch. All traffic from the TAG Heuer Porsche Formula E Team is sent through the Cato Socket to the Cato PoP, where networking and security policies are applied, and the traffic is forwarded either across the Cato backbone to the Cato PoP closest to the traffic's destination or onto the Internet. Every Cato PoP runs the Cato Single Pass Cloud Engine (SPACE), the core security engine of Cato, converges multiple network security functions for flow control and segmentation (NGFW), threat prevention (SWG, IPS, NGAM, DNS Security, RBI), application and data protection (CASB, DLP, ZTNA), and threat detection and incident response (XDR and EPP) into a cloud-native software stack. Cato has autonomous systems and processes sustaining the evolution of service capabilities, resiliency, optimal performance, scalability, global reach, and security posture, requiring no additional customer IT involvement. The Cato SASE Cloud built-in multi-segment optimization dramatically improves the throughput of the last-mile connection. "Our applications perform better because our network is better with Cato. The average packet loss is now below 1 percent. With the Internet, 5 percent packet loss was normal," says Wokusch. With Cato’s application analytics, Wokusch could identify the most popular applications and start by optimizing them first. As a result, users are having a much better experience. "Complaints about the network decreased once we deployed Cato,” says Wokusch. "From an IT perspective, we saw the biggest change by far in file transfer, but applications in general are loading faster and are more responsive." "From an IT perspective, we saw the biggest change by far in file transfer, but applications in general are loading faster and are more responsive." Cato Answers the TAG Heuer Porsche Formula E Team Security Challenge Formula E drivers rely on a detailed dashboard of dials and digital readouts embedded in their steering wheels to drive their cars. "Cato is the steering wheel for our infrastructure," says Wokusch. "At a glance on the Cato management console, I can understand everything I need to know to drive my network and security infrastructure." To keep an eye on security threats this season, the team relies on Cato XDR. "The great thing about the Cato XDR dashboard is the visibility to trace events end-to-end," says Wokusch. "Cato already showed us two potential threats and blocked them, threats that would have been missed otherwise by the rest of our security measures. That was excellent." But what most impressed Wokusch was what Cato XDR didn't do. "I'm amazed about the lack of false positives. I haven't seen a single one.” "Cato accurately identified and classified typical Internet security scans as ‘low impact,’ he says. “We also had two events where somebody tried to download a legitimate application from a non-official mirror on the Internet, and, on one occasion, the application contained a bot. Cato immediately recognized it and flagged it for us.” Cato XDR makes security simple for IT pros to work with. "It's super easy to follow up. You don't need to be a security expert to follow the dashboard and stories, so that's cool. And when you need to deep dive into a topic, you can still do it because you have every event stored," he says. "It's super easy to follow up. You don't need to be a security expert to follow the dashboard and stories, so that's cool. And when you need to deep dive into a topic, you can still do it because you have every event stored," Cato Makes Restricting Access Policies Possible and Easy to Implement Intuitive and granular event filtering enables IT to improve security posture by creating precise ZTNA policies. "Now, we can easily generate access policies that open applications to users based on facts and not just on our instinct,” he says. A TAG Heuer Porsche Formula E Team user wanted to run a particular software package. "We looked up the application in the Cato Application Library and got an excellent summary of the compliance and security measures that needed to be taken,” he says. "We could see the application gave users two options for connecting the software client to the backend. One approach is SSL encrypted, which was fine, but a second option allowed the software client to establish an unencrypted connection. If the user makes a mistake and doesn't click the SSL checkbox, they could share credentials in the clear. For us, that would be absolutely a no-go." Wokusch defined a very granular firewall rule that only allowed encrypted transfers. “It was fast. It took us about 10 minutes to see the communications flow and then build the firewall rule,” he says. "With some of the other solutions we’ve seen, it would not have been so easy. We would have had to allow or block the whole service entirely.” Better security doesn't just reduce risk. It also changes the IT posture towards the enterprise. With Cato DLP, for example, Wokusch says IT can be more accommodating and flexible because of Cato's improved controls. "We can say to our users, "Okay, we do have our sanctioned online storage apps, and we prefer to use them, but if you want access to your online storage app, that's fine. I can let them access them and download files knowing that with Cato DLP, I can block any sensitive uploads." Empowering Local Teams Without Compromising Corporate Policies Empowering drivers to make decisions helps them be nimbler and win races. Empowering local IT teams to make their own decisions is no different. With Cato, the TAG Heuer Porsche Formula E Team IT department is more agile and addresses new challenges faster while adhering to Porsche IT policies. "If a router rule needed to be configured, we needed our counterpart in central IT to take that action. With Cato, we can add the firewall rule ourselves. We do more in less time without more people." Another example is remote access. "Previously, we would need to request an official Porsche remote access setup with a Porsche laptop, a PKI card, and the whole end-to-end toolchain. It could take months." Now, we can connect them with Cato and restrict their access to the two applications they need to use, and once they're done, easily remove them." Winning the Formula E Car and IT Race Many sectors may lack the allure of motorsport, but the lessons from Formula E remain. Everyone needs to improve security posture without increasing headcount. Everyone needs a reliable, predictable network for mission-critical data and cloud transformation. Supporting drivers hurtling around a track at heat-stopping speeds may not be every IT team’s call, but that doesn't take away from meeting the demands of executives and users in any business. "Sure, our business might be higher profile than some, but our IT challenges aren't all that different," says Wokusch. "If you're facing anything like we've seen, all I can say is give 'Cato a shot.' You won't regret it." "Sure, our business might be higher profile than some, but our IT challenges aren't all that different," Give 'Cato a shot.' You won't regret it." To see how you can take Cato for a test drive, click here.
Read customer story Search
Inspiro Boosts VoIP Reliability and Cloud Application Access with Cato SASE Cloud

Technology

Inspiro Boosts VoIP Reliability and Cloud Application Access with Cato SASE Cloud
Inspiro Boosts VoIP Reliability and Cloud Application Access with Cato SASE Cloud Inspiro Call Centers Struggled with Poor VoIP Performance and Slow Application Access Few functions depend on low latency more than voice and video and few businesses depend on clear voice and fast application access more than customer call centers. Rey Picar, Vice President of IT Service Delivery for Inspiro, a leading customer experience outsourcing firm, knows that only too well. “Voice and data traffic performance are critical to our operations with clients worldwide,” says Picar. Before Cato, Inspiro’s call centers relied entirely on local ISPs and the Internet for voice interactions with customers and access to client customer service applications. Unfortunately, with its unpredictable performance and latency, the Internet couldn’t deliver, which had a direct impact on revenues. “Our staff was often challenged by one-way, garbled, and dropped calls,” says Picar. Even when voice calls went smoothly, accessing client customer service applications was often slow, hampering the ability of call center staff to address customer issues promptly and slashing the number of customer calls agents could handle each day. “Our agents are expected to meet certain volume requirements for our SLA’s,” says Picar. “If they don’t, we suffer financial penalties that affect our revenue directly.” Not to mention dissatisfied clients and their customers. Aside from call quality issues, Inspiro was in the process of moving more applications to the cloud, which meant even more reliance on WAN performance and latency. Picar knew that he had to come up with a faster, more reliable network solution than the public Internet, so he started looking for a replacement. “Our three priorities were low latency, reliability, and cost efficiency,” says Picar. Inspiro Investigates WAN Alternatives, Chooses Cato That’s what led him to Cato. Picar and Ray Segaya, Vice President for IT Service Management, were intrigued by the Cato SASE Cloud approach to SD-WAN and security. The Cato SASE Cloud could provide fast performance and low latency at a cost that was affordable. But there were other pluses as well. “It was clear that the Cato SASE Cloud would improve scalability and speed of deployment,” says Segaya, “and it would help us meet our goal of minimizing the data center’s carbon footprint.” The Cato SASE Cloud platform optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud data centers, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 80+ PoP locations and its fast, global private backbone. The Cato Socket, Cato’s edge SD-WAN device, extends the Cato SASE Cloud to sites, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, the Cato Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Remote Browser Isolation (RBI), Zero Trust Network Access (ZTNA/SDP), and Firewall as a Service (FWaaS) with Advanced Threat Prevention (IPS, Next Generation Anti-malware). It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. Picar and Segaya ran a proof of concept (POC) with the Cato solution and were impressed by the results. Voice quality was much improved, as reflected in the Mean Opinion Scores (MOS) recorded by the team. MOS is a metric used to measure VoIP or digital audio quality, where 1 is the lowest quality and 5 is the highest quality possible. “After deploying Cato, our MOS ranged from 4 to 5,” says Picar. There were other performance gains as well. “Our data transfer rates increased by 30 times,” says Picar, “and our agents saw significant improvement in the speed at which they could access client applications, improving their ability to resolve customer issues quickly.” Deployment of the Cato solution went smoothly, thanks to its ease of use and the skills of the teams from Cato and solution provider KDDI. “Deployment was a great experience for us--very professionally executed by Cato and KDDI from proof of concept to implementation,” says Picar. “Cato’s personnel are very knowledgeable about their product and very patient explaining its benefits and their project plans. They responded to all our questions quickly and accurately.” Serving More Customers Boosts the Bottom Line The results of the deployment matched the POC experience, with high MOS and no complaints from customers or staff. “With Cato there’s been a big improvement in VoIP performance and application access. We have yet to receive any complaints about voice quality issues from our users or operations group.” Cato’s management tools have greatly enhanced Inspiro’s ability to monitor the network as well. In terms of ROI, Picar estimates that Cato is saving Inspiro 20 to 30 percent in telecommunications costs compared to its previous solutions. “What’s more, thanks to better connections and application access, we can meet our service level commitments, which enhance the company’s revenues directly.” No more SLA fines. Cato’s support has been excellent, according to Picar. “Cato competes very well with other vendors in terms of its technical skill set, 24-by-7 support, and, most of all, the continuous improvement of the Cato solution by its research and development group.” Now that its network issues have been solved by Cato, Inspiro aims to implement Cato’s security services as well. “We’re looking to replace our on-premises security technology with the Cato SASE,” he says.
Read customer story Search
Help at Home Centralizes and Boosts Security, Eliminates Network Outages with Cato SASE Cloud

Healthcare

Help At Home Needed a Simpler and More Reliable Network to Serve its Clients
Help at Home Centralizes and Boosts Security, Eliminates Network Outages with Cato SASE Cloud Help At Home Needed a Simpler and More Reliable Network to Serve its Clients Few industries have undergone a faster, more dramatic digital transformation than healthcare. Today about every aspect of patient care depends on timely access to fast, secure systems and networks for the information and collaboration critical to achieving optimum results. Chris Lockery, Chief Information Security Officer and Head of IT Infrastructure for Help at Home, the nation’s largest provider of personal home care services, knows this reality extremely well. Based in Chicago, Help at Home delivers home care for more than 70,000 elderly and disabled clients in 12 states via 63,000 caregivers and 3,000 knowledge workers. “Many of our clients rely on our caregivers just to have a normal day,” says Lockery. “If they can’t call into the office or their caregivers can’t access our networks and systems to schedule appointments, it means a client can’t even get out of bed, take a shower, or have a home-cooked meal. All those day-to-day things most of us take for granted are critical for our clients’ wellbeing.” Until Lockery deployed Cato, the complexity and unreliability of Help at Home’s network made delivering that personal care difficult. “Before Cato, we had more than 40 different telecom carriers across 150 branch offices in 12 states with legacy, on-premises technology that took lots of IT time to support and maintain,” said Lockery. Having to deal with all that billing complexity and maintain all that disjointed, often poorly integrated, legacy equipment often led to outages, which made it challenging for Help at Home to take care of its caregivers and their clients. Lockery said, “In one year, Help at Home had an average of 40 outages per month affecting the phone systems, Internet, or both. Those outages had an impact on both client services and employee morale.” Help At Home’s CISO Evaluates SASE Solutions, Chooses Cato Lockery knew he had to overhaul Help at Home’s infrastructure to deliver a standardized, simplified network that was more secure, reliable, and easy to maintain. “In evaluating alternative network solutions our top three priorities were making sure that our network was always on and available to service clients; that it was secure to protect our clients’ most sensitive information; and that it delivered a good customer support experience,” says Lockery. Immediately Lockery turned to SASE and SD-WAN solutions. Unfortunately, with the notable exception of Cato SASE Cloud, most of the solutions Lockery investigated were anything but simple. “Many of the other vendors claimed to have an all-in-one SASE and SD-WAN solution, but in reality, they strung together multiple different products that had been acquired and not fully integrated. Only Cato delivered a true all-in-one network and security solution.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud data centers, into a secure global, cloud-native service. Connecting a location to Cato is a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 80+ Points of Presence (PoPs) and its fast, global private backbone. The Cato Socket, Cato’s edge SD-WAN device, extends the Cato SASE Cloud to locations, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, Cato Client and Clientless access enables secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security service edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), Remote Browser Isolation (RBI), Zero Trust Network Access (ZTNA/SDP), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. 150 Offices Upgraded in 6 Months Lockery worked with Cato and technology solutions provider Windstream Enterprise to deploy and manage Cato SASE Cloud across all of Help at Home’s branch offices and cloud AWS and Azure datacenter links. His ambitious goals included not just replacing his complex infrastructure with a single SASE but rebuilding the entire network, including cabling, switches, and access points. “With Windstream and Cato’s partnership we were able to deliver that all-in-one solution in all 150 offices in less than six months,” says Lockery. Lockery credits Cato’s support for his smooth, rapid deployment. “One thing I really liked about the support from Cato and Windstream was our direct access to their leadership teams and sponsorship from their CEOs and heads of engineering,” says Lockery. “This allowed them to really tailor the solution to meet our needs and cause minimal disruption to our branch offices during installation.” Cato also invited Lockery to join its customer advisory board. “They show a keen interest in our input and feedback to help them provide a better product,” said Lockery. Unmatched Reliability and Robust Security to Serve Clients Better Almost immediately Lockery noticed the simplicity and robust security and reliability the Cato solution delivered. “It quickly brought our network security and availability up to speed with a firewall, data loss protection, network intrusion prevention, and a cloud access security broker,” says Lockery. “And Cato centralized it all so we could deploy new cybersecurity capabilities and consistent policies across our more than 150 branch offices.” Lockery no longer has to manage all those different legacy on-premises firewalls, switches, and access points. “We now have 24-by-7 monitoring on all our network and security infrastructure, so we are notified immediately of any issues and can respond rapidly.” Perhaps best of all, however, the Cato solution has eliminated outages. “Thanks to Cato, our network is always on and available. You just can’t put a price on that benefit when it comes to serving clients.” Prior to the Cato solution, Lockery was fielding a lot of complaints and “noise” from the branch offices. “The best thing an IT person can hear from the field is quiet,” says Lockery, “and quiet is what we’ve achieved with the Cato SASE solution.” Lockery urges other organizations to consider the Cato solution. “Cato offers flexibility and a level of partnership that I haven’t seen with other vendors,” says Lockery. “Cato SASE gave us an all-in-one network availability and security operations center that removed the unnecessary cost and positioned our network better for next-generation capabilities and rapid growth.” 
Read customer story Search
AFI Properties Cures ERP Woes Through Network Transformation with Cato SASE Cloud

Construction

AFI Properties Cures ERP Woes Through Network Transformation with Cato SASE Cloud
AFI Properties Cures ERP Woes Through Network Transformation with Cato SASE Cloud AFI Properties Needed to Speed Up ERP Access Making smart business decisions relies on good business intelligence and that often means an up-to-date ERP system. But keep ERP or any application current is challenging when users can’t gain easy access to the system. Just ask Shira Baum, CIO of Africa Israel (AFI) Properties. AFI Properties is a rapidly growing global real estate firm specializing in income-generating commercial and residential properties. Today, the firm has eight locations spread across in Israel, the Netherlands, and Eastern Europe. When Baum first joined the company, AFI users ran virtual desktops over the Internet to connect with an ERP server in Israel. The VDI solution gave AFI the security it needed but proved unresponsive, frustrating users. In fact, the experience proved so bad that users ended up with two laptops, one for connecting to the ERP server and the other for business productivity needs. “I had to work from home my first week and it took me more than 20 minutes to connect to the ERP system,” says Baum. “I went to the bathroom and came back and needed another 20 minutes to reconnect. I called the infrastructure manager and I said, ‘We can’t go on like this.’” Later Baum found out that most employees didn’t even bother connecting from home because it was too complicated and time-consuming. “They just left their laptops at the office.” To make things worse, each of AFI’s eight locations ran most of their own IT infrastructure. “Each had different networks, security solutions, and servers,” says Baum. Some sites had firewall appliances but configuring and enforcing security polices with them was complex and inconsistent across locations. “Most of our locations had very low security, perhaps some routers with a few rules in the firewall and that’s it,” says Baum. “Some didn’t even have that.” AFI Chooses Cato SASE to Transform the Hybrid Work Experience Baum set about transforming and modernizing AFI Properties’ IT infrastructure with a focus on faster application access. “My goal was to have everyone on the same platform with one desktop, one network, one way to connect to applications, including ERP, and one security methodology.” While security was obviously a major concern, Baum set out to upgrade the network first so employees could at least get their work done. Baum looked at several solutions for office connectivity but was immediately intrigued by the Cato SASE Cloud platform. Not only was Cato a quarter the cost of other solutions and cloud-based, but it would also solve all AFI Properties’ application, network, and security problems at once. “Cato came to me with a single SASE solution for remote access, fast networking, and powerful security for all our sites,” says Baum. “Having the firewall and VPN in the cloud was a great way to give everyone the same security no matter where they were working. I could manage it all from here. All I had to do was give each site a Cato Socket.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud data centers, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 80+ Points of Presence (PoPs) and its fast, global private backbone. The Cato Socket, Cato’s edge SD-WAN device, extends the Cato SASE Cloud to locations, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, Cato Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), Firewall as a Service (FWaaS), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), and Remote Browser Isolation (RBI) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. Easy Installation, Fast ERP Access With Cato, Baum simplified the connection and work environment for employees with proper networking. In the process, she gave them a more responsive, easier to user remote access experience. Today, AFI users can connect to any business application, whether in the data center or the cloud, the same fast way with the same laptop. Baum loves that she can monitor the entire network and security infrastructure on a single pane of glass, and never has to update any software or appliances herself. All of that is handled in the cloud by Cato. She only had to set a few firewall rules, which were easy to deploy globally and update. “I configure a rule, and instantly it’s effective at every site,” she says. Deploying Cato to all AFI Properties’ sites was as easy as promised. “I carried the first Cato Socket appliance to our Krakow server room in a suitcase,” says Baum. “I called Cato, and they told me to plug this in here and plug that in there, and that was it. In just a minute it was working.” When COVID-19 hit and working at home exploded, Baum was ready, thanks to Cato. “I called my Cato account manager and told him we needed everyone on the Cato VPN now and he said, ‘No worries,’” says Baum. “15 minutes later the VPN was on my account. I deployed the VPN and the next day everyone was working from home with their laptops.” Other companies she spoke to didn’t believe that she could get everyone on the Cato VPN so quickly. “It’s amazing how easily remote users can connect to the network and ERP application today compared with the old way,” says Baum. “They tell me how much fun it is just to click and be at the office, no matter where they are,” says Baum. What Baum appreciates the most is the peace of mind the Cato SASE Cloud solution gives her. “I know that my company is secure, that all my sites and users can connect quickly with the same solution, and that every time I need something from Cato, they’ll listen carefully and come through,” says Baum. “Thanks to Cato I can sleep at night.” Her advice for other companies considering Cato to connect multiple sites? “Go for it!”
Read customer story Search
Devro Boosts Network Visibility and Enhances the Hybrid Work Experience with Cato

Manufacturing

Devro Boosts Network Visibility and Enhances the Hybrid Work Experience with Cato
Devro Boosts Network Visibility and Enhances the Hybrid Work Experience with Cato Devro Investigates Firewall Replacements, Chooses Cato SASE Cloud It was clear that Devro needed to replace its aging firewall appliances, which is why it started working with its technology partner to investigate options, including those from firewall appliance vendors. It soon became evident, however, that there were business benefits to a single solution encompassing firewalls and other functions, such as a secure Web gateway and even SD-WAN connectivity. “Some of our manufacturing plants are in remote locations where connectivity wasn’t always great,” says Cappie. “That is what made Cato’s SASE, SD-WAN solution so appealing. Once we saw what Cato could do for us in terms of SD-WAN, remote access, and security, we started discussing those capabilities with competing vendors.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud data centers, into a secure global, cloud-native service. Connecting a location to Cato is a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast, global private backbone. The Cato Socket, Cato’s edge SD-WAN device, extends the Cato SASE Cloud to locations, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, Cato Client and Clientless access enables secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), Firewall as a Service (FWaaS), Secure Web Gateway (SWG), Data Loss Prevention (DLP), and Remote Browser Isolation (RBI). It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. It soon became apparent that Cato was the only solution that combined so many critical functions under a single SASE and management pane of glass. “Other solutions felt like a bunch of separate pieces bolted together and had too many add-ons and options,” says Cappie. “Cato’s single pane of glass made a big difference for us in simplification, standardization, and troubleshooting across all those functions and using role-based access to divide the management of areas, regions, or subsets of users amongst the team,” Cappie said. Getting support directly from Cato, rather than a third party was also appealing. With Cato’s single sign-on users would no longer have to log onto the VPN every day for remote access or the Web gateway client for Internet access, and IT would get 24/7 visibility across user and remote office systems. “Thanks to Cato we’ve been able to run vulnerability scans, security updates, and policies across all connected systems any time night or day,” said Cappie. Cappie also liked that deployment of the Cato SASE Cloud solution would be seamless and non-disruptive. “It was clear that the other solutions would have required more planned downtime,” says Cappie. “From a business perspective, Cato’s easy deployment was a big selling point.” At Last, Reliability and a Single Pane of Glass Deployment of the Cato solution was easy as promised and Cappie found Cato support responsive--not only for user and IT troubleshooting but adding new features. “There were a number of things we and other customers suggested that ended up in the platform within a matter of months,” says Cappie. “With the other vendors, it would more likely have taken years, if it ever happened.” And Cato was always there to suggest ways to use its solution more effectively. “We leaned heavily on Cato’s professional services team, which was really good at coming back and saying that we’d be better off doing something one way instead of another or trying this other option.” What Cappie likes best about the Cato solution is its ease of management. “The platform interface is well laid out,” says Cappie. “It is so easy to access lots of detailed information, or just the high-level stats if that is all you need. It is great to have that dashboard with the overview showing all your sites online and how many users are connected at any given time and the event screen is incredibly useful. Our old firewall interface seems so archaic in comparison.” And all of Cato’s functions are baked in, rather than bolted on as options. “In terms of being intuitive, Cato’s platform is undeniably the best possible solution,” Added Cappie.  Reliability and performance have been excellent with Cato and user feedback has been overwhelmingly positive. “Users love that once they do that initial sign-on, the VPN is always on and they can just do their work and forget about it,” Cappie said. “Cato’s user experience, easy management, and robust security have come together to make a significant difference for everyone at our company, even at the board level.” “The platform interface is well laid out,” says Brian Cappie. “It’s so easy to access lots of detailed, useful information, or just the high-level stats if that’s all you need.” “Some of our manufacturing plants are in remote locations where connectivity wasn’t always great,” says Brian Cappie. “That is what made Cato’s SASE, SD-WAN solution so appealing. Once we saw what Cato could do for us in terms of SD-WAN, remote access, and security, we started discussing those capabilities with competing vendors.” “Cato’s single pane of glass made a big difference for us in simplification, standardization, and troubleshooting across all those functions and using role-based access to divide the management of areas, regions, or subsets of users amongst the team,” Brian Cappie said.
Read customer story Search
Gordon Brothers Achieves Major Cloud Migration, WFH Transition and Centralizes Security with Cato SSE 360

Financial Services

Gordon Brothers Achieves Major Cloud Migration, WFH Transition and Centralizes Security with Cato SSE 360
Gordon Brothers Achieves Major Cloud Migration, WFH Transition and Centralizes Security with Cato SSE 360 Gordon Brothers Needed a Network Solution for Cloud Migration and Security The cloud offers organizations agility, flexibility, scalability, and the means to ramp up new services with incredible speed. Migration to the cloud doesn’t happen all at once, however, and can be challenging for global organizations with lots of dispersed locations and IT solutions. Add in a global pandemic and you’re looking at a possible recipe for major business disruption. Such was the case for Gordon Brothers, a global enterprise that partners with companies, advisors, investors, and lenders to fuel growth, facilitate strategic consolidation, and finance new opportunities. David Cherenson, Director of IT Operations, sought a way to migrate globally dispersed applications to Microsoft Azure. “In 2017 our apps and data were spread across our main Boston datacenter, the Midwest, London, and some other locations,” says Cherenson, “all of which were connected with point-to-point circuits or site-site VPNs.” Security came from a mix of dispersed appliances with different capabilities and sets of policies, and management divided between IT and service providers depending on location. “We work with a lot of finance companies, so we’re always asked about security,” says Cherenson. “At that time, I felt security was all over the map.” Gordon Brothers’ small IT staff rarely had the time or resources to monitor network traffic consistently for suspicious activity. Cherenson felt strongly that he needed to centralize security and get the monitoring piece in place. Gordon Brothers Starts its Cloud Migration Gordon Brothers started its cloud shift with Office 365 and Azure Active Directory and then decided on a major Azure migration. They interviewed several IT cloud migration partners and looked at the proposals, but Cherenson couldn’t shake the feeling that something big was missing. “Nobody talked very much about networking,” says Cherenson, “except maybe how to connect directly to an Azure datacenter. How were we going to move things without impacting our users if the users, data, and applications were spread out all over the place? It was clear to me that we needed a network that could connect to all of them throughout the whole migration process so we could move things around transparently.” Cherenson started looking for a network solution that could help make the migration seamless. “I did a lot of research, talked to a lot of people, and looked at some companies,” says Cherenson. That was when he found Cato. “Right away I thought Cato was what I was looking for because we could use it to connect all of our offices, and even our remote users, to one central cloud.” He also realized that the Cato solution would also solve his security issues. “With Cato Security Service Edge (SSE) 360 we could centralize our security policy globally, rather than having to deal with different policies and brands of firewall appliances in different locations,” says Cherenson. “Other contenders had security features, but I really felt that with Cato, security was the DNA on which everything else was built, and that’s what I needed to sleep at night.” Cato was also the only alternative that connected remote users to the same network and security architecture as offices and the cloud. Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last mile links in physical locations, while Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. Cherenson went to the CITO and told him why he thought they couldn’t go ahead with their cloud migration project until they figured out how everyone was going to connect to everything simultaneously. “I told him I thought we should tackle the networking piece first,” says Cherenson. “Fortunately, he said, ‘I think that’s a good idea.’” Cherenson did a proof of concept with Cato that went very well, and then moved to a pilot. “We started connecting our main offices and Boston datacenter just so we could try it out,” says Cherenson, “and we connected a small group of users with the Cato VPN client.” Cato Simplifies Security for Business Transformation Cherenson was excited about the security possibilities he saw with Cato during the pilot. “I realized very quickly that Cato SSE 360 took geography out of the equation. We could implement a global policy and use it to control all our network entry points and apply it to every single person on the network. We could also take advantage of Cato’s antimalware, IPS and all that other stuff and apply it not only to WAN traffic but to our Internet traffic as well.” Cato MDR, a part of SSE 360, would solve the monitoring issue. “Cato’s MDR service monitors the network for us and notifies us if they notice anything anomalous, malicious, or otherwise suspicious,” says Cherenson. “We didn’t get lots of those notifications at first, but certainly more than we get now, because we’ve used that information to keep tuning things over time.” With the pilot’s success, he decided it was time to connect anything to Cato that hadn’t been connected yet, including other offices, datacenters, and a pilot Azure environment they were testing. “Cato’s performance with Azure was really good,” says Cherenson, “so I felt we could have that conversation about doing a big migration.” Users didn’t notice any change during the Azure migration. “Let’s say we had a file share in our Boston datacenter. Over a weekend we could cut it over to Azure without having to change anything except DNS and the VPN client would route to the Azure datacenter in Virginia without anyone noticing anything.” Gordon Brothers Transitions to Work-At-Home in a Week March 2020 hit Gordon Brothers like a ton of bricks. “One day we were in the office and the next we weren’t,” says Cherenson, “but in a way we were lucky because I told my boss, ‘We have this pilot group on Cato and it’s working very well. I can get everyone on it pretty quickly.’ Fortunately, he agreed again and, so we did.” Most of the company was on Cato within a week. “We sent out emails to the staff with a few screenshots and the VPN client installers and tweaked as we went along.” Cherenson was concerned that he was putting all his remote access eggs in one basket, but he felt he had no other option. “Fortunately, it worked out really well,” says Cherenson. The Cato solution has paid for itself in cost savings and a quick ROI, but most importantly, it’s allowed Cherenson to eliminate some technical challenges and focus on strategic initiatives. “We’ve made a tremendous amount of overall progress in IT and business transformation in the past few years, and I think the implementation of Cato and SSE 360 were huge building blocks that enabled us to do that. We have a lot of things on our roadmap and now I don’t need to waste my time managing individual firewalls and circuits. “ Today, Cherenson has a quarterly call with the Cato MDR team who audit Gordon Brothers’ Cato configuration and make suggestions about how to tighten security. “I feel like we really have security under control now. And we keep making it better as Cato continues to come out with new features.”
Read customer story Search
James Walker Gains a Streamlined Network and Security Platform for Digital Transformation, Thanks to Cato 

Manufacturing

James Walker Gains a Streamlined Network and Security Platform for Digital Transformation, Thanks to Cato
James Walker Gains a Streamlined Network and Security Platform for Digital Transformation, Thanks to Cato  MPLS Was Not the Right Network Solution for Digital Transformation  MPLS is a good solution for branch offices accessing applications in a centralized corporate datacenter. In an era of digital transformation, work-at-home, and the cloud, however, MPLS has become much less practical and too expensive.   That was the predicament James Walker found itself in when it started planning its future digital transformation strategy. Based in Woking, UK, James Walker is one of the strategic business units under the James Walker Group. It specializes in the design and manufacture of high-performance sealing and joint integrity systems such as O rings and gaskets.   With 30 sites spread across the Americas, Europe, Africa, and Asia, James Walker initially relied on 20 MPLS and 10 IPsec connections for its office and factory connections. Its MPLS networks were distributed regionally in hub-and-spoke configurations, with different providers and breakout locations for Asia/Africa, Europe, and the Americas. In Europe there was an Internet breakout in the UK.   Twelve firewall appliances, also distributed regionally, handled IPsec VPN connections and security.   “The network was designed originally for the consumption of on-premises applications and services,” says Andrew Story, Senior Infrastructure Analyst. “When the world started changing and the cloud became more prevalent, we decided it was time to reevaluate our network and security strategy.”   For one thing, once cloud services were added it would no longer make sense for James Walker to backhaul data from two-thirds of the company’s locations through a central firewall in the UK. “In terms of performance and latency that certainly doesn’t make sense for an office in Hamburg accessing a cloud service based in Frankfurt,” says Story.   Joining together several MPLS hub-and-spoke networks and suppliers, plus 10 IPsec tunnels was complex and difficult to troubleshoot. “Our network was a beast,” says Story. “All it took was one thing to fail or not work correctly and we were sent down a troubleshooting rabbit hole to pinpoint where the issue was exactly. We would get calls at midnight that the Australian sites couldn’t talk to the ERP solution in our UK datacenter because one network wasn’t talking to the other.” In the meantime, Australia could not place orders or send out invoices.   With the diversity of the installed firewall appliance products, Story found himself managing eleven different rule sets. “If we had to make a change there was no way to do it globally. We had to make it individually on every single firewall,” says Story. He also had to keep each firewall up to date in terms of patches and firmware.   Finally, with all that diverse infrastructure, moving or opening new sites was time consuming. “We were moving one or two sites a year to new locations and the provision of MPLS services for each move was very difficult and took too long.”   James Walker Looks at SD-WAN, Chooses Cato SASE  Story started looking for network alternatives that were more suitable for his company’s cloud transition and digital transformation. He looked at SD-WAN solutions and SASE and quickly concluded that SASE was the way of the future. “We saw SASE as an evolution of SD-WAN such that typical SD-WAN solutions would not be around in a few years,” says Story. “It would all be SASE.”   Story had several requirements that ultimately led him to Cato. “We were looking for a solution that would bundle security with the network and have it all managed by someone else,” says Story, “and we wanted all the security done centrally with policies we could deploy easily. The goal was to make it as simple as humanly possible for us.”   Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last-mile links in physical locations. At the same time, Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.   Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss.   Story liked that Cato would give James Walker the benefit of a high-performing global network without having to pay for it on their own. “We could access the Cato backbone at the nearest point and all our traffic would swing around those 18 time zones on a private network just for us.”   Deployment Was Quick. Platform Ready for Digital Transformation  After an initial POC, deploying Cato to all 30 locations was quick and easy and performance was excellent. “The cost has been roughly the same as our previous setup, but we get much more for that money,” says Story. “We get all that security, including IPS, which we didn’t have before, all managed by someone else. We no longer have to maintain firewall appliances and network hardware. We have multifactor authentication via Azure for our remote users. And we don’t spend nearly as much time troubleshooting network performance issues or outages. Cato does that for us.”  Cato’s support is far superior to the support Story was used to with his MPLS providers. “It’s like night and day,” says Story. “Our experience with our MPLS providers was terrible. We’d constantly have to chase them. We were often telling their engineers what they needed to do when they were supposed to be managing the network. Working with Cato and our new ISP is a breeze in comparison.”   Story can now configure, change, and manage all firewall rules centrally. “We’ve gone from about 500 rules to under 100,” he says, “and we don’t have go to eleven places to change them.”   The addition of IPS has improved the company’s security posture immensely. “When Log4j hit last year. Cato blocked over 1500 attempts to scan our network in the first weekend.   Visibility with Cato is also far superior to the previous solutions. “Everything in networking and security is visible on a single pane of glass,” says Story. “We can optimize the network from end-to-end so our users can access applications from anywhere and no matter where they are in the world. They just join the Cato network and egress close to wherever that application is.”   Story is in the process of deploying Microsoft 365 and a new cloud ERP system and looks forward to the cloud performance he’ll get, thanks to Cato’s PoPs and global network.   Overall, Cato has given James Walker the network and security platform it needs to jumpstart and fulfill its digital transformation goals. “With Cato we were able to deliver a huge amount of change in the middle of a global pandemic,” says Story, “with very little downtime.”  
Read customer story Search
HIS Group Simplifies and Strengthens Global WAN Security and Connectivity with Cato

Retail

HIS Group Simplifies and Strengthens Global WAN Security and Connectivity with Cato
HIS Group Simplifies and Strengthens Global WAN Security and Connectivity with Cato *Video filmed prior to HIS logo change HIS Group Looks to Simplify Security  Global enterprises with lots of dispersed retail locations often struggle with network and security complexity. Such was the case with HIS Group, a diverse global enterprise that specializes in travel products and operates theme parks, hotels, and other businesses. HIS Group runs 233 retail outlets in 141 cities across 66 countries.   “Our network security architecture was different at our headquarters, overseas subsidiaries, and affiliates, says Mr. Takahashi, Infrastructure Team Leader for HIS’s IT Security Group. “We were concerned that we were not always fully aware of the security status of some of our subsidiaries and affiliates,” adds Mr. Ishitani, Security Team Leader for the IT Security Group.   Ishitani and Takahashi knew they had to find a way fast to get better global visibility and improve their overall security posture. “We needed to integrate all those disparate networks and centralize their security and management,” says Takahashi.   Security was provided primarily by diverse hardware appliances, which required complex management and periodic refreshes. “It took a lot of work to reevaluate equipment every three to five years,” says Takahashi. “We wanted a solution that would relieve us of all those hardware upgrades and manage all our networking and security together under a single architecture” says Takahashi.   “Our business was also diversifying,” says Ishitani, “and each new business had its own networking and security needs. Setting up new locations and responding to those needs was taking too much time.”    Cato Offers Network and Security Consolidation That was when a staff member at one of HIS Group’s overseas locations introduced Takahashi and Ishitani to Cato. “He recommended Cato very highly, so I contacted the company,” says Takahashi. Cato was a brand-new company at the time, which, under normal circumstances would be considered a risk for a large enterprise such as HIS Group, but Takahashi immediately liked what he heard. “I was struck by Cato’s spirit, how well they worked together and with us, and how quickly they responded to our concerns,” says Takahashi. “Immediately I felt a strong sense of trust in Cato’s technical expertise and support.   The Cato solution also had a very high level of functionality and met all of HIS Group’s requirements. “It would vastly simplify our operations because we’d no longer have to monitor and manage all that equipment installed at our locations,” says Ishitani. It didn’t hurt also that the Cato solution had some significant cost advantages compared with the current tangle of networks and security solutions.   Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 70+ Points of Presence (PoPs) and its fast global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last mile links in physical locations, while Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.   Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on premises and in the cloud, protecting users against threats and preventing sensitive data loss.   After a short time working with Cato, Takahashi and Ishitani were sold. “We both felt we could trust Cato’s high level of technological expertise and support and that Cato would be the best choice for HIS Group in the future,” says Takahashi. Convincing upper management took some effort, but “they approved the solution after we showed them that it fulfilled all our security requirements, including Zero Trust, and that updates would happen automatically,” says Ishitani.   Cato Centralizes WAN Security and Management, Boosts Visibility Installing Cato at HIS Groups various locations was quick and easy. “There were some challenges, such as dealing with the laws of various countries overseas,” says Takahashi, “but we were able to clear these without major problems,” says Takahashi. “Domestic expansion was very smooth.” Performance has been excellent, and Takahashi is impressed with Cato’s management console. “Cato has made it much easier for us to visualize all our network traffic, monitor performance, and make necessary changes,” says Takahashi. Three-to five-year hardware refreshes are a thing of the past. “Cato handles periodic feature upgrades, so our network and security solutions don’t become obsolete.” There have been a few instances of PoP failures, but the business impact was negligible, thanks to Cato’s PoP redundancy. And, thanks to Cato’s easy installation and fine-grained management, Takahashi and Ishitani can equip new and acquired locations with the exact network and security functionality they need almost instantly. “Cato has definitely turned out to be the best choice for HIS when it comes to speed and ease of implementation,” says Ishitani. As with most organizations, HIS had to send many of its workers home when Covid-19 hit. “We had already set up remote access for everyone through Cato, so it’s no exaggeration to say there was no impact at all,” says Takahashi. “I truly believe that without Cato our current remote work environment would have been unthinkable.” Overall, Cato has been a great choice. “We’ve developed a strong relationship of trust with Cato, and I’ve been very impressed with their quick response and follow-up when any issues come up,” says Takahahi. “I highly recommend Cato as the best solution for any organization that has a lot of office or retail locations and affiliates with a lot of demanding and complex network and security requirements.” “As the number of ways of working increases, the security risks to the network have increased dramatically,” says Ishitani. “Cato solves all of them in one tool.”
Read customer story Search
Cato SASE Cloud secures networking of Bank Avera locations and its mobile employees

Financial Services

Cato SASE Cloud secures networking of Bank Avera locations and its mobile employees
Cato SASE Cloud secures networking of Bank Avera locations and its mobile employees In the name Avera, the Italian words "avere" (to have) and "vera" (real) merge. The name means "to have the real thing". Thus, the bank is characterized by personalized advice, a holistic approach and individually tailored financial solutions. For Bank Avera, it is very important that the locations are well, stably and securely networked. Challenge Bank Avera had previously relied on outsourcing its IT infrastructure. It was an important part of the business strategy to take the reins back into its own hands and run IT services in-house. Important factors for this decision were flexibility, visibility and security across all networks and sites. The systems had to be unified and interconnected. Different variants were evaluated and tested for the networking. Since the system had to run on its own and no infrastructure had to be purchased, the ready-made solution SASE (Secure Access Service Edge) was chosen. The main requirements from Bank Avera's point of view were: Protect Bank Avera's mobile users from threats on all devices. Manage access to all corporate data according to the corporate policies uniformly on one platform Ensure short latency and acceleration of bandwidth at all bank locations Ensure secure Internet access for all Bank Avera branches and for home use Secure and accelerate general access to cloud services Solution Cato’s Secure Access Service Edge (SASE) solution was found to be a global, cloud-native platform that runs a converged software stack to provide an adaptable and secure network service. Cato SASE Cloud's security engines are delivered as part of the cloud service. No additional equipment had to be purchased or configured for Bank Avera's requirements. Cato provides Next Generation Firewall (NGFW), Secure Web Gateway (SWG) with URL filtering, anti-malware service and Intrusion Prevention System (IPS) services. Important aspects were the optimization and encryption of data traffic (WAN) between sites, which are integral parts of the network software stack. The Cato solution uses TCP proxies and quality of services algorithms to maximize the speed of file transfers. Cato Sockets, Cato’s edge SD-WAN device, leverages multiple Internet lines to provide reliable, high-performance access to the globally available Cato SASE Cloud. Traffic can also be routed to third-party devices via IP-sec tunnels. Result: The best solution for all Bank Avera locations. Cato’s solution has significantly contributed to the stability and security of the networked Bank Avera sites and relieves the burden on the systems. Services that were previously outsourced can now be automated in-house. Existing VPN connections were replaced with Cato. Overall, complexity was reduced, uptime increased and processes simplified. The simple integration of the solution made it possible to increase visibility. The IT department can take over the configuration of the arbitrarily scalable solution itself. New users, an increase in bandwidth and additional locations can be easily integrated. The bank integrated the new and better WAN solution within a very short time. In short, the IT management is very satisfied with Cato’s security solution and can guarantee their employees the stability and security of the systems. Success Story Published on 25th November 2021 on https://www.inseya.ch/de/kunden/bank-avera
Read customer story Search
CloudFactory Boosts Network Scalability, Agility, and Security with Cato

Technology

CloudFactory Boosts Network Scalability, Agility, and Security with Cato
CloudFactory Boosts Network Scalability, Agility, and Security with Cato Complex Infrastructure Made Meeting Customer SLA’s Difficult Scale and agility are issues for any growing organization. For a company aiming to grow to a million remote workers, those issues are compounded. Just ask CloudFactory.Based in Reading, UK, CloudFactory provides thousands of remote data analysts from developing markets to support its customer organizations’ AI development projects. CloudFactory calls these remote data analysts “cloud workers.”“We started as a small outfit in Nepal about 11 years ago and we’ve moved into 45 different countries with a workforce of over 650 core team members and more than 8,000 cloud workers,” says Kevin Juma, Technology Operations Manager at CloudFactory. “CloudFactory's focus is creating a million jobs. This essentially stems from the different projects and clients that we have and the different programs that we have with our cloud workers to train them and empower them to be better leaders through delivering work for our clients.”With offices on four continents and cloud workers all over the world, CloudFactory found network and security operations challenging at times. Before Cato, CloudFactory maintained individual operating environments at its office locations and its globally dispersed “delivery centers” in Kenya and Nepal, which, until Covid, hosted up to 1,000 contract workers each.“We had to maintain a lot of complex infrastructure, including routers, switches, and firewalls,” says Shayne Green, CloudFactory Head of Security Operations. “That meant configuring VLANs, maintaining MAC filtering lists and network and Web filtering rules, and building in as much redundancy as possible to give our workers the connectivity quality and security necessary to serve our clients.”Juma agrees. “It took a lot of man hours to implement and manage security protections, optimize our network for resiliency, and monitor it all. We often had to deal with ISP outages, equipment failure, and poor security policy implementation. At times these issues would cascade and make it difficult for us to achieve the level of scalability we needed to onboard more cloud workers and deliver meaningful, secure work to our clients.” Those issues also had an impact on the ability of CloudFactory to meet its SLA agreements.CloudFactory started looking for a way to deliver better security, network agility, and scalability for fast growth, while relieving the IT staff of as much of the infrastructure configuration and management load as possible. CloudFactory Turns to SASE, Chooses Cato “Our top priorities at the time were resiliency, operational efficiency, good quality of service, and the security our clients expected from us,” says Juma. Juma and Green started evaluating SD-WAN and SASE solutions. “We wanted to be asset light,” says Green, “and get away from supporting a lot of heavy infrastructure. We needed a dynamic solution that didn’t have to rely on fixed locations and single points of presence, that could scale by leveraging a global network we didn’t have to manage and deliver a high level of security.”Juma and Green were not impressed with the solutions offered by SD-WAN providers. “Most of them were appliance based and required a high level of administration,” says Green. That’s why they turned to SASE.“SASE would allow us to be hands free without any on-premises equipment and we wouldn’t need to invest our time setting up the solution,” says Juma. “We could entrust the vendor to manage our security, networking, and routing capabilities.”Juma and Green contacted Cato and the rest is history. “From day one, it was clear that Cato was passionate about our business, and keen on what we were trying to do,” says Green. “They aligned with our mission and believed they could really help us scale and get there. That was a key reason we decided to engage with them further.”Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast, global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last-mile links in physical locations. At the same time, Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss.A two-week Cato proof of concept with 10 cloud workers in each location and VPN connections to clients and workers was very successful. “There were clear performance gains and the metrics and event data we could collect through Cato were game changing for us,” says Green. “They gave us a level of visibility we never had before, allowing us to see what our workers were connecting to and what they were doing. We had much more peace of mind with Cato’s level of security and visibility.” Support was also excellent. “We had a few small issues early on that Cato resolved very quickly,” says Green.The workers were impressed as well. “We asked the workers using Cato which solution they would choose, Cato or our previous solutions, and 94% chose Cato,” says Green. Smooth Deployment, Unprecedented Agility and Visibility CloudFactory then moved to a full deployment across locations. “The deployment with Cato was seamless,” says Juma. ”Previously, we would spend weeks coming up with routing optimizations, getting up and running, and assuring users of the availability of what we built. Cato took all of that off our hands and now we have turnarounds of five or ten minutes based on Cato’s wide network of PoPs. “Agility and scalability are much improved. “With Cato we have a very dynamic, scalable network where we can onboard new workers in minutes” says Green, “and make sure they operate within the realms we specify. Our team can work from anywhere, managing and monitoring connectivity. If we lose access to a site, we no longer have to connect directly into an appliance. Without all that overhead we can now focus on other areas of the business.”Troubleshooting network issues is vastly simpler. “We used to have entire sleepless nights troubleshooting the network for our clients, with our cloud workers expected to deliver work by the hour,” says Juma. “Now with Cato we just fire a support ticket and Cato is on it. Within 30 minutes to an hour it’s resolved. And we can monitor every single step with Cato’s QOS metrics. We have goggles and eyes we never had before.” Thanks to Cato’s simplicity, Juma has been able to reduce his network team from eight people to five, and they can divert their energy to better things. Security is much better as well. “Cato has enabled us to provide a secure network with more granular security posture implementations,” says Juma. “We’re able to police our users much better than before.” Green agrees. “Cato gives us secure access with encryption, Web filtering, IPS, next-gen anti-malware, and visibility of what our workers are doing, so that our clients can be confident in the quality of the connection coming into them.”Juma and Green also noted the access they had to Cato. “We have a very close relationship with Cato’s account management team,” says Juma. We get a sense that we are always on their mind, that they understand our business, and their solutions are aligned with our needs. They really help us understand how we can maximize the use of Cato and they’re committed to helping us fulfill the Cloud Factory vision.”Ultimately, CloudFactory found in an architecture in Cato SASE Cloud for achieving its corporate goal. “Cato SASE Cloud gives us great scale, great high availability and resilience, and great visibility,” says Green. “And most importantly a platform to achieve a workforce of one million cloud workers, which would've been more challenging had we have managed the solution ourselves.”
Read customer story Search
Fidal Boosts WAN Performance, Cuts Costs in Half by Switching from MPLS to Cato

Financial Services

Fidal Boosts WAN Performance, Cuts Costs in Half by Switching from MPLS to Cato
Fidal Boosts WAN Performance, Cuts Costs in Half by Switching from MPLS to Cato Fidal Needed an MPLS Replacement Global organizations that rely on MPLS for WAN connectivity find it expensive, rigid, and poorly suited to today’s cloud-enabled, collaborate-anywhere business environment. Fidal, a century-old French law firm with 1,300 lawyers at 90 locations in France and one each in Belgium and Morocco, was no exception. Fidal runs applications both in its own datacenter and in Microsoft Azure.Fidal’s MPLS network was aging and expensive. “Today’s collaborative work technologies require much better performance than we were getting with MPLS,” says James Bonnaventure, Fidal CTO. “We were reaching link saturation, our users were dissatisfied, and security was a big challenge. We really needed to reevaluate our network and find a way to meet these challenges.”Bonnaventure set out to find a WAN solution that would meet the firm’s requirements for performance, security, flexibility, and cloud connectivity. “We wanted a solution that was easily managed centrally, with one or two partners at most,” says Bonnaventure.Initially Bonnaventure considered a mainstream SD-WAN solution but switched his focus to SASE to benefit from centralized management and security. “We consulted with a number of vendors but very few were talking about SASE at the time,” says Bonaventure. He consulted his IT solutions partner, Selceon, and they proposed a Cato solution.“Ultimately we chose to work with Cato because its solution gave us much better centralized management and a security overlay,” says Bonnaventure. Fidal Deploys 90 Sites in a Year with Cato Selceon already had a lot of experience with Cato. “We were the first provider in France to deploy Cato Networks for one of our customers, says Eric Tavidian, Selceon co-founder. “As soon as we saw Cato’s value in terms of network performance, optimization, cost, and speed of deployment, we chose to make it one of the strategic offerings in our portfolio. All the other solutions require managing a lot of boxes on sites, rather than Cato’s intelligent, centralized management via the cloud.”Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 70+ Points of Presence (PoPs) and its fast global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last mile links in physical locations, while Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on premises and in the cloud, protecting users against threats and preventing sensitive data loss.Deployment of Cato was fast and smooth. “We deployed Cato to 90 sites in less than a year, thanks to Selceon and Cato,” says Bonnaventure. “That’s quite an achievement considering we were on Covid-19 lockdown at the time. We basically redid our entire wide area network in a year.”Bonnaventure was impressed with Cato support. “Cato’s team was there for us throughout the entire migration and even developed a feature in Azure for our company that didn’t yet exist. Cato ported the entire network, even our phone network, which now runs through Cato. The next step will be replacing our remote access VPN with Cato.” Cato Pulls it All Together Bonnaventure is very pleased with the results. “Cato allows Fidal to have a homogenous network and security architecture across all its sites and even across our mobile users, who will benefit from all of Cato’s security layers when they get on the Cato VPN. It simplified our network by replacing MPLS with fiber, which cuts our communications costs in half, and will ultimately bring the entire network and network security under a single centralized management solution.”Bonnaventure is thrilled with Cato’s management console. “If there’s a network problem we can just go to the console and analyze the incident much more easily than we could before.” Bonnaventure also loves how quickly he can deploy new sites with Cato. “We can deploy a new site in a few weeks without having to reconfigure everything because the architecture is completely centralized. We just bring the links, deploy the boxes on site, and the new sites benefit immediately from the entire Cato network and security infrastructure.Overall, deploying Cato has benefited Fidal. “Cato’s solutions have enabled us to strengthen our security systems and give our mobile users the same level of security as the data center or Azure.” He considers Cato ahead of its time. “When we chose it over a year ago nobody was talking about SASE. Now, everybody is moving towards SASE and you can see it discussed in all the IT media.”
Read customer story Search
Waseda University Enables Universal Secure Remote Learning and Digital Transformation with Cato

Education Technology

Find out How Waseda University Tapped Cato to Enable Secure Remote Learning and Digital Transformation.
Waseda University Enables Universal Secure Remote Learning and Digital Transformation with Cato The Challenge: Universal Remote Learning When Covid-19 hit in 2020, many organizations had to put digital transformation projects on hold while they rushed to accommodate remote work. This often meant a quick network transformation and a dramatic change in security posture. Waseda University is a prime example. Located in Tokyo, Waseda University is one of Japan’s top private institutions of academic research and higher learning. “We were planning and implementing next-generation educational infrastructure with a number of digital transformation initiatives in research, education, and university administration. However, when Covid hit IT’s position suddenly changed,” says Hitoshi Kusunoki in Waseda’s Information Planning Department. “ As with most universities, classes at Waseda were conducted mostly in person using white boards. If there was a network interruption, it didn’t cause a significant classroom interruption. “Suddenly when classes were all online, the IT infrastructure became absolutely indispensable,” says Kusunoki. “It became clear that all our plans for next generation infrastructure would have to ensure that communication would never drop at all.” Waseda had VPN hardware for remote learning, but it was experiencing “VPN traffic jams” from the increased load according to Yokihiro Koizumi, also from Information Planning. Kusunoki realized he would need a large increase in network capacity to support online classes, which meant a major new network investment. “We had to optimize somewhere to get the performance we needed with the budget we could afford.” Waseda Chooses Cato, Sees Digital Transformation Potential Kusunoki was introduced to Cato by a friend and colleague from GlobalDots, a cloud solutions provider. “Initially I had the impression that Cato was just a VPN alternative for remote work and learning,” says Kusunoki. “As we looked at other Cato options, however, we came to the conclusion that Cato could replace our firewalls and other existing security solutions and go a long way towards optimizing future IT investment.” Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance, which links automatically to the nearest of Cato’s more than 70 globally dispersed Points of Presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime; it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features, improving remote access performance. Kusunoki started his Cato investment with home online learning. “This gave everyone the chance to use the system and see how user friendly it was,” says Kusunoki. “I think that was a very significant factor in our decision to move forward with more of Cato’s options. We could see that Cato could consolidate and replace our current equipment and be very effective in reducing our network and security costs.” Home learning deployment was smooth, thanks in part to Waseda’s partnership with GlobalDots. “They helped us do the Proof of Concept (POC) and then we were able to implement the system pretty quickly,” says Koizumi,” Upper management was able to use the system during the POC, which helped lead to their approval. Simplicity and Scalability at Low Cost Koizumi was impressed with how quickly the university could ramp up bandwidth using Cato. “If you’re using on-premises hardware, you often have to replace it to upgrade bandwidth, but with Cato there’s no hardware to replace,” says Koizumi. “Cato let me handle bandwidth upgrades almost instantly.” Quick bandwidth upgrades have been very helpful as the university has relied more and more on cloud services during the pandemic. Koizumi sees a future in which regular costly equipment upgrades may be history. Kusunoki was also impressed with how unintrusive Cato’s security services were. “The security solutions we had been using up until then sometimes had a negative impact on user convenience, but Cato’s security services let people work freely and securely wherever they were,” says Kusunoki. “Even people on site liked Cato.” Koizumi feels that Cato’ identity authentication and detailed monitoring capabilities have improved the university’s security posture immensely. “It’s really easy to visualize all the traffic and users on the network,” says Koizumi, “and keep an eye on what users are doing.” Kusunoki looks at Cato as more than a network and security solution, however. “It’s not something just to put in and get comfortable with,” says Kusunoki. “I see Cato SASE as a tool for digital transformation promotion. We can use it to reorganize our entire security portfolio, reduce costs, and bring out the best in our students, professors, and administrators. The ability to work productively and securely anywhere gives a great boost to all our digital transformation initiatives.” Kusunoki strongly urges other universities and organizations to look into the Cato solution. “Seeing is believing. It’s easy to give Cato a try. You can start with remote workers, but however you start, take a good look at it” Background Based in Tokyo, Waseda University is one of top institutions of academic research and higher learning. Prior to Cato, Waseda relied on VPN hardware to enable its approximately 3,000 students, professors, and administrators to work or learn remotely.
Read customer story Search
The Gnutti Carlo Group Centralizes WAN and Security, Boosts Digital Transformation with Cato

Automotive

The Gnutti Carlo Group Centralizes WAN and Security, Boosts Digital Transformation with Cato
The Gnutti Carlo Group Centralizes WAN and Security, Boosts Digital Transformation with Cato M&A Left a Complex Infrastructure Mergers and acquisitions (M&A) can bring a lot of complexity to an organization’s network and security infrastructure. For the Gnutti Carlo Group, a leading global auto component manufacturer with 16 plants in Europe, the Americas, and Asia, that complexity was becoming a barrier to its digital transformation goals and future acquisitions. “In 20 years, our annual revenue grew continuously to more than 700 million Euros, primarily thanks to M&A” says Omar Moser, Group Chief Information Officer for the Gnutti Carlo Group. “Since 2000, we have started with an intensive program of internationalization, performing various acquisitions of companies of our sector and even competitors, each with different network and security architectures and policy engines. It was getting challenging to keep policies aligned across the company and prevent back doors and other threats.” The Group ran several small datacenters across locations for local IT services and took advantage of Microsoft Office 365, Microsoft Azure, and hosted SAP cloud applications. “We had it all: private cloud, public cloud, and on-premises applications,” said Moser. It connected most plant locations via IPsec VPNs. For China, there was a shared MPLS connection between Frankfurt and Shanghai. The company was also going through a major digital transformation. “We’ve been investing heavily in smart manufacturing and artificial intelligence, which we intend to deploy to all our plants,” says Moser. At a certain point, Moser realized that the only way to serve the business effectively was to centralize security policy and interconnection control among all locations and between plants and suppliers. Starting in 2011, he created and started implementing a roadmap for IT infrastructure standardization and governance. “Adopting MPLS across the board was too expensive,” says Moser, “so to standardize, I had to wait for an SD-WAN solution.” The Gnutti Group Investigates SD-WAN and SASE, Chooses Cato Moser investigated a lot of SD-WAN and security solutions, including traditional appliance-based architectures, but wasn’t satisfied with what he saw. “The other solutions couldn’t give us a single package with integrated security, networking, and remote access,” says Moser. “Only Cato could do it all in a single SASE solution.” Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last-mile links in physical locations. At the same time, Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road. Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss. “I liked Cato’s large number of global PoPs, which would allow us to enter our SD-WAN through the closest door,” says Moser. He also liked that Cato didn’t lock the company in with a single intercontinental bandwidth provider and could select the best providers for its customers anytime. Moser used a tool his organization provides for choosing technology platforms to decide which solution would meet his company’s needs the best. “We used the tool to compare a few SASE solutions, evaluating features and functionality such as traffic control, monitoring, malware prevention, and intrusion prevention, as well as less technical criteria such as the company’s enthusiasm, growth path, positive relationship with us, and response time. We had a great relationship with Cato and very good response time.” Other pluses for Cato’s evaluation included Cato’s cloud architecture, forward-looking technology roadmap, single comprehensive network and security dashboard, and the Cato Socket. “I really liked having a very simple device to control the last mile,” says Moser. “If I have a new plant to connect tomorrow, it would be incredibly easy; I just plug in the Cato Socket.” Moser and Cato agreed to a three-month trial. Over those three months Moser and his team connected 10 plants, two service providers, Microsoft Azure cloud services, and 650 remote users to the Cato SASE Cloud, relying on Cato SSE 360 to secure Gnutti’s plants, Internet, cloud, and remote access connectivity. “Everything passed through Cato,” says Moser. Cato shipped Sockets to all the locations, activated connections, and trained Moser and his team on the Cato Management Console. “We spent 45 days defining policies and another 45 days activating and finetuning everything. Much to Moser’s surprise, the China installation was as easy as the others and performance was great. “We were skeptical about how well the China connection would work, but it was probably the simplest installation, and the performance was as good as MPLS or better with noticeably better latency,” says Moser. “Two months later, we closed our MPLS contract for China.” Cato Boosts WAN Performance, Security, Agility At first, replacing all the local appliance security policies with global policies was a little daunting, but the benefits were obvious. “During that time, we were able to identify a lot of new risks that we hadn’t known about before,” says Moser. “We found users doing things we didn’t like and optimized the blocking of some process flows.” In general, security was much improved. “We’ve seen a lot of benefit in controlling and optimizing firewall policies to increase our security,” says Moser. “We have much more control over users--who are connected when and for how long. We can monitor connections and traffic peaks, and the Cato IPS allows us to block risky services that were previously open and ensure users are respecting policies. "Standardizing firewall policies and knowing I can prevent intrusions and malware has allowed me to sleep much better.” At first, users pushed back a little on Cato’s remote access VPN capabilities because IT was able to apply controls and policies, such as preventing movie downloads, more effectively. Performance working at home was great, however, which made up for the controls. Cloud performance was also excellent. Cato also increased the Gnutti Group’s business agility for its digital transformation. “It is my job to be proactive and efficient. If we decide to open a new office, we can do it easily.” Cato support was helpful and responsive. “We have a solid relationship with Cato’s technical support staff. They are always well prepared.” CIO Would Do It All Again The icing on the cake is that Cato has helped the Gnutti Group conform with German Automobile Industry Association’s Trusted Information Security Assessment Exchange (TISAX) framework for auto manufacturing and supplier information security. “Cato supports TISAX, thanks to its interconnection control, anti-malware, and intrusion prevention,” says Moser. “Cato will be the first option for any security initiative we look to down the road.” Moser has been so pleased with Cato that his department and the company named Cato its 2021 Best Supplier in the Innovation category. The award recognizes the high value of the WAN connectivity and security the Cato SASE Cloud delivers in support of the Gnutti Carlo Group’s digital transformation initiative. “Thanks to the Cato platform, together with strategic services, the Gnutti Carlo Group has benefitted from a more structured, controlled, and secure ICT landscape across the entire company,” Moser said of the award. Overall, Moser feels he would do it all over again. Says Moser, “With Cato we have standardization, an innovative approach, and a single partner we can grow with as we transform digitally.”
Read customer story Search
BrandLoyalty Achieves Fast Performance and Network Maturity with Cato

Retail

BrandLoyalty Achieves Fast Performance and Network Maturity with Cato
BrandLoyalty Achieves Fast Performance and Network Maturity with Cato The Network Challenges of a Global Enterprise IT leaders know all too well the challenges of global MPLS solutions. The high costs of global MPLS circuits are well documented but less spoken about are the little things like the lack of network visibility and the integration challenges needed to keep the solution operational to say nothing of the problems with moving to the cloud. Such were the challenges facing BrandLoyalty. A provider of customer loyalty and incentive programs to food retailers worldwide, BrandLoyalty infrastructure connects offices across Europe. “We work with leading global brands & licenses such as Disney or Zwilling that demand a reliable, secure, well-managed infrastructure from their partners, says Ben de Laat, head of IT security at BrandLoyalty. “It’s very important for us to have not only high-quality offices, desks, chairs, awesome coffee, and great lunches, but high-quality Internet and well-managed end-user devices.” “We work with leading global brands & licenses such as Disney or Zwilling that demand a reliable, secure, well-managed infrastructure from their partners, says Ben de Laat, head of IT security at BrandLoyalty. “It’s very important for us to have not only high-quality offices, desks, chairs, awesome coffee, and great lunches, but high-quality Internet and well-managed end-user devices.” With limited IT resources, BrandLoyalty had be very careful about the technology choices it makes. The company was in the middle of a full migration to Microsoft Azure with a WAN infrastructure that was complex and not well suited for the cloud. “Our locations were connected by MPLS and two Internet lines with dynamic routing and failover at each site,” says Arne van Vuuren, Head of IT Operations. “We had WAN optimizers and firewall appliances at each location, with failover for each.” “Our locations were connected by MPLS and two Internet lines with dynamic routing and failover at each site,” The infrastructure was technically sophisticated but had frequent issues. “It was not a well-integrated solution,” says van Vuuren. “There was little visibility and too many end user nuisances. I was always pushing our suppliers to solve our constant network issues. We needed to come up with another solution using SD-WAN that was better integrated and more cloud friendly.” BrandLoyalty Finds a True SASE Solution with Cato Brand Loyalty created an RFP and evaluated four supposed SASE suppliers, one of which was Cato. While de Laat was impressed with Cato right away, van Vuuren was skeptical. “I didn’t believe the Cato solution could work as well as they were claiming,” says van Vuuren. “I thought they were a bunch of cowboys, honestly, and that the network would buckle under all the Zoom and Microsoft Teams we worked with.” Two RFP requirements were that the solution be well integrated and easily managed centrally. Three of the vendors couldn’t meet those requirements. “They offered customized solutions, even our own custom points of presence,” says van Vuuren. “We didn’t want something complex and tailor made for us. We wanted a solution like Office 365, a straightforward cloud service used by everyone that could scale quickly and easily as we grew, have continual service improvements, and gain new functionality without a lot of new cost. And we wanted a SASE solution, not one that required on-premises firewall appliances with all their updates.” Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance, which links automatically to the nearest of Cato’s more than 70 globally dispersed Points of Presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime; it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features, improving remote access performance. Paradoxically, both de Laat and van Vuuren decided on Cato during a phone call with another contender. “We had an epiphany,” says de Laat. De Laat asked the other vendor how they could accommodate BrandLoyalty if it decided to implement a CASB solution in two years. There was a lot of silence on the other end, and then the contender said they would have to do it in only one of our customized PoPs.” That was when it hit De Laat and van Vuuren that they were done with the customized route. They wanted something new and Cato was the only contender offering a new solution. “It was clear Cato was the most mature SASE solution out there,” says van Vuuren. “It was clear Cato was the most mature SASE solution out there,” says van Vuuren. Cato Delivers a Fast Transition, Performance, and Visibility The transition to Cato was fast and easy. “Officially it took four months, but it was really more like two- and-a-half,” says van Vuuren. Setting up the Cato Sockets was a breeze, and the performance was fast from day one. “It took an afternoon for our implementation partner, IPknowledge, to set up all the locations,” says van Vuuren. “I told some friends about the Cato rollout, and they didn’t believe me.” Aside from its top-notch performance, including for Zoom and Teams, configuring the Cato solution was also easy and visibility was dramatically better than with the company’s previous network. “We made a bunch of rules, implemented them, and it all worked right out of the box,” says de Laat. “Immediately we saw new things on our network such as users accessing servers that were supposed to have been decommissioned. Aside from the security functionality Cato offers, Cato’s visibility and control add a lot to your security posture. We have so much more in-depth knowledge our own network than we ever had before.” And Cato’s remote and home users get the same network performance and security as those in the office. “I always assume that the solution a vendor describes is much more beautiful than it is in reality, but with Cato the promises were all true,” says van Vuuren. “Cato’s solution has pushed BrandLoyalty forward with a mature, professional network, which we really needed. And we still have a Cato library of unused functionality to help make our network even more mature down the road.” “I always assume that the solution a vendor describes is much more beautiful than it is in reality, but with Cato the promises were all true,”
Read customer story Search
Moveero Replaces MPLS, Simplifies Networking and Security with Cato SASE Cloud

Manufacturing

Find out how moveero simplified and consolidated networking and security with Cato SASE
Moveero Replaces MPLS, Simplifies Networking and Security with Cato SASE Cloud The Challenge: Simplify Without Risk When it comes to secure global WANs, keeping things simple can be as important as performance and reliability–particularly for a small IT team. Simplification was the goal for Dr. Faisal Jaffri, Global IT Director for moveero, a manufacturer of off highway wheels and wheel systems used in agriculture, construction, and material handling. Shortly after Jaffri came on board, moveero separated from former parent company GKN PLC and divested its Chinese business, leaving seven global locations, including manufacturing plants in Denmark and the UK and product development and testing centers in Italy and USA. The company’s global network was indeed complex. “We had an MPLS cloud connecting all our sites, with Internet breakouts in the UK and USA and Internet over MPLS In Denmark, says Jaffri. “I was managing five different suppliers just in the UK, eight if you include all the other sites.” There were also firewalls and network optimizers at each site managed by the internal IT team, VPN’s for remote connectivity, and a Web filtering service from a major provider. “With eight suppliers and all that equipment it was never easy to address problems that came up,” says Jarffri. “Sure, we had MPLS SLAs, but they’re not all that useful when the firewall and network optimization service levels don’t match,” says Jaffri. “We had to do a lot of work to make sure all those service levels came together as one.” “Sure, we had MPLS SLAs, but they’re not all that useful when the firewall and network optimization service levels don’t match” Since the Chinese business had been divested, there was ample opportunity for simplification and upgrading. “Our MPLS contract had been active for more than five years without any change in price or technology, which meant we were using old technology with no benefit from downward market pressure on pricing,” says Jaffri. Jaffri was also looking to relieve the small IT staff of mundane day-to-day management activities so it could focus on projects that would enhance the business. “With all those suppliers, we used to spend two to four hours every month just reviewing performance of each one.” Moveero Finds Simplicity with Cato It was time to simplify, upgrade, and reduce costs. Jaffri started investigating SD-WAN and SASE and put out an RFP seeking the functionality and capability he already had but delivered through one supplier at lower cost. He spoke to several other vendors, but the Cato SASE Cloud was the only one that looked to him like a true cloud architecture. “With the other options we would still have optimization and firewall appliances on site and perhaps one or two services such as Web filtering in the cloud,” says Jaffri. “As far as I was concerned, they were just putting a wrapper around what we already had and managing it for us.” Jaffri also looked to the future with his team, which was unlikely to grow. “Did I really want all that equipment on site needing to be maintained and supported?” Inherited security practices from previous ownership at moveero were outdated. “Our firewalls had almost 800 rules to manage,” says Jaffri. “That’s two rules for every person with an email account. We really needed to rationalize that rule set, but I didn’t see that happening with the other providers. Only Cato would manage the firewalls for us and let us start with a clean slate.” “Our firewalls had almost 800 rules to manage,” says Jaffri. “That’s two rules for every person with an email account. We really needed to rationalize that rule set, but I didn’t see that happening with the other providers. Only Cato would manage the firewalls for us and let us start with a clean slate.” Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance, which links automatically to the nearest of Cato’s more than 65 globally dispersed Points of Presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime; it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features, improving remote access performance. Cato Simplifies, Delivers, and Cuts Costs Jaffri decided to run a proof of concept to ensure Cato could deliver on all his requirements. Installing Cato was straightforward. “We dropped a Cato appliance onto each site, connected up the last mile link into the cloud and didn’t have to worry about anything else. If we needed anything, which wasn’t very often, we would just raise a request with Cato and it would be done. “We ran MPLS parallel to Cato at first, but it wasn’t long before we switched totally to Cato and were able to remove all that equipment,” says Jaffri. “We’ve had Cato for three years and it’s worked very well with almost no required maintenance. I have no complaints about performance.” “We ran MPLS parallel to Cato at first, but it wasn’t long before we switched totally to Cato and were able to remove all that equipment” Aside from Cato’s performance and reliability, Jaffri likes Cato’s environmentally friendly architecture. “It’s just two lightweight appliances drawing power rather than all those power-hungry firewalls, network optimizers, and other devices,” says Jaffri. He also likes the platform’s self-service model. “We raise a request and usually don’t have to wait long for it to get dealt with,” he says. Thanks to Cato’s self -service, local teams can raise their own issues with Cato, rather than having to wait for the moveero central office to do so, as they did with MPLS. Cato has also allowed the IT team to focus on other issues. “Cato has allowed me to reduce headcount and move our team’s focus to some new thinking that will benefit the business in the long run,” says Jaffri. “Thanks in part to Cato, we can look forward to continuing to evolve the function and greater benefits down the road.”
Read customer story Search
Grant & Stone Taps SASE Platform to Connect Offices, Showrooms, and Mobile Users for Better Agility and Control

Construction

This building trade supplier boosted network reliability, security, and control with Cato SASE
Grant & Stone Taps SASE Platform to Connect Offices, Showrooms, and Mobile Users for Better Agility and Control The Challenge: Poor Agility, Erratic WAN Performance Suppliers to builders and other trades have had few choices for WAN connections among datacenter applications, warehouses, showrooms, and wholesalers. They could pay for expensive MPLS services, which could take months to deploy. Or, they could rely on more affordable but sometimes complex VPN connections, which are susceptible to the vagaries of the public Internet and so are not always consistent and reliable in terms of performance—until SASE came along. With headquarters in High Wycombe, northwest of London, and 26 showrooms, wholesale, and retail branches throughout the Thames Valley, Grant and Stone previously relied on an IPsec site-to-site VPN mesh with 4G backup maintained by P&C Communications, an enterprise provider of voice and network solutions. Core business systems were hosted in a private cloud. “Anything from a major Windows update to a massive file transfer could eat up our bandwidth and freeze the network.” As with many VPN solutions, performance could be erratic. “We had very little visibility into the network or any ability to implement traffic control,” says Dave Oliver, Grant & Stone IT Manager. “Anything from a major Windows update to a massive file transfer could eat up our bandwidth and freeze the network.” The complex mesh architecture also made onboarding new locations time-consuming. “We needed to add new branches quickly, within days or weeks, not months,” says Oliver. A capital investment firm hired to steer the company’s growth performed a cyber audit, which found several security issues and made a number of recommendations. “The audit recommendations would have required us to put more edge security systems in place, making management even more complex than it already was,” says Oliver. Remote access also relied on a single aging network VPN gateway, which was an obvious single point of failure and reaching the end of its life. “We needed a new redundant solution with seamless security and good performance to support our traveling staff when they met with customers on the road,” says Oliver. Grant & Stone Launches its WAN Transformation Oliver decided to work with P&C Solutions to transition to a more flexible WAN infrastructure that could onboard new sites faster in the case of acquisitions and expansion. He was also looking for WAN failover to 4G LTE to maintain the connection to the firm’s cloud-based merchant system, better network visibility and control, an easier way to fulfill audit recommendations, and a better way to manage remote access and onboard mobile and WFM workers. “Everyone needs fast 24 X 7 access to our systems for quotes and stock checking to continue selling products to our customers,’’ says Oliver. “Everyone needs fast 24 X 7 access to our systems for quotes and stock checking to continue selling products to our customers.’’ Oliver had heard about the advantages of SASE and sought a SASE solution that would fulfill all his requirements. Together with P&C, he looked at several different options, but few could meet the company’s connectivity, security, redundancy, remote access, and management requirements. Some required deploying security appliances, which Oliver wanted to avoid. Only Cato fulfilled all his requirements. Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance, which links automatically to the nearest of Cato’s more than 65 globally dispersed PoPs. At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime; it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features, improving remote access performance. Grant & Stone Taps Cato for Network Agility and Control “P&C felt strongly that the Cato SASE solution would provide all the necessary services in an efficient, simple, all-in-one package,” says Oliver. “We can gather information about circuit quality at each branch and get security alerts for quick remediation of attacks or malware infection. Best of all, we can see which applications and Web sites are using the most bandwidth and implement traffic management rules to prioritize business-critical traffic.” Oliver was impressed with the management and network visibility provided by the Cato management portal. “Every facet of the Cato solution can be monitored and logged,” says Oliver. “We can gather information about circuit quality at each branch and get security alerts for quick remediation of attacks or malware infection. Best of all, we can see which applications and Web sites are using the most bandwidth and implement traffic management rules to prioritize business-critical traffic.” Oliver also loved the single-pane-of-glass management approach Cato provided. “Both my team and the P&C Helpdesk can review the same Cato platform for management and monitoring of alerts and events,” says Oliver. Deployment went smoothly, with dual connectivity at each site--a primary Ethernet or broadband connection and automatic 4G failover to maintain connectivity. “We also rolled out Cato’s VPN clients, which connected everyone to the Cato core, and made sure the right Cato security was in place,” says Oliver. “All site-to-site and Internet breakout traffic passes through Cato’s cloud-based NGFW. We also have subscriptions for Cato’s anti-malware and IPS services to protect all traffic passing through the network. Security at the core of the infrastructure helps us meet our audit and business requirements and maintain standards without having to maintain and manage a lot of security appliances.” In addition to better management, reliability, and security, Oliver found the resilience of the branch connections using fiber broadband and 4G backup made it possible to retire several expensive Ethernet circuits at the end of their contract, leading to considerable cost savings. “Not only did Cato meet all our requirements, but it also turned out to be the most affordable of all the solutions.”
Read customer story Search
finitia Ensures Reliable Connectivity and Security with Cato SASE Cloud from Inseya

Technology

finitia Ensures Reliable Connectivity and Security with Cato SASE Cloud from Inseya
finitia Ensures Reliable Connectivity and Security with Cato SASE Cloud from Inseya Challenge Custom management and technology services provider finitia ag needed a scalable solution that would provide location-independent connectivity and security for all edges – sites, remote users and cloud resources – as well as improving network performance and enabling rapid connection of new branches and cloud services with minimal technical effort. In addition, the solution should provide centralized management that enables corporate policies to be enforced at all times across all edges and connected cloud services. The new solution should also enable architecture firms, finitia's customers, to work virtualized in a VMware environment via remote access without any loss of performance. Solution Swiss IT security specialist Inseya AG proposed an innovative approach to this challenge based on the SASE (Secure Access Service Edge) model that converges network connectivity and security into a cloud service and managed via a single console. At the heart of the new solution is the Cato SASE Cloud which connects and secures enterprise locations (the data center and branch office) and cloud resources (such as AWS, Azure, Microsoft Office 365 as well as other cloud services) and mobile users. To connect new sites, finitia only had to install a Cato Socket, Cato’s zero-touch SD-WAN device, at each respective branch office. The Sockets establish encrypted tunnels across an existing Internet connection to the nearest Cato point of presence (PoP); Cato has 65+ PoPs worldwide. Once connected and admitted by the IT manager, the device automatically integrates the site into the overall enterprise network. Sockets send all outbound site traffic to the PoP, where networking and security policies get applied and traffic is then sent to the Internet or across the Cato global private backbone to its destination. Result As a result of Inseya and the Cato SASE platform, finitia now has a stable connection for prioritized transmission of data such as image and voice. Thanks to intelligent routing of data traffic, critical data is protected from network failure. The entire networking and security infrastructure can be easily managed from a single console. Granular security and networking policies can be uniformly enforced on all edges. Maximum transparency and detailed reporting of all IT activities simplifies administration. New locations, including home offices of finitia employees and customers, can be opened up quickly and securely. Users can work securely on multiple devices regardless of location and without any loss of performance. The IT department has less configuration and support work. This minimizes the risk of errors and keeps operating costs low. When modernizing the IT infrastructure, additional security components such as WAN firewalls and virus scanners can be purchased on a modular basis as required.
Read customer story Search
Lion Adopts Cato to Achieve Fast, Secure Connectivity for Global Locations and Remote Users

Manufacturing

Lion Adopts Cato to boost WAN performance and security across 29 locations and 5,000 remote users
Lion Adopts Cato to Achieve Fast, Secure Connectivity for Global Locations and Remote Users Lion Seeks Network Transformation for Office and Remote Users Manufacturers face new challenges as network usage escalates and more employees work from home. How do they meet these challenges with minimum disruption, maximum performance, and airtight security? Lion Corporation, Japan’s top manufacturer of beauty care products--and one of its oldest--faced just such challenges. With 7,100 employees, 23 Japanese offices, and 11 global locations, Lion Corporation was looking at a future with an increasingly mobile remote workforce and more network usage in general. “It used to be just fine if we were all connected, but now it was becoming more important to be connected securely at all times.” “We saw that the work environment would change dramatically in the future and the use of the network would increase,” says Eiichi Kobasako, Lion Corporation’s Chief of Integrated Systems. “It used to be just fine if we were all connected, but now it was becoming more important to be connected securely at all times.” The Covid-19 pandemic accelerated remote work requirements dramatically as well. “It was clear many more people would be working remotely,” says Atzuyuki Shiina, Lion Corporation Information Security Specialist. “Obviously our old network would not support all these new remote users” Lion had been relying on VPN connections for both location and remote access connections. Security was provided separately by a combination of appliances and services. “Obviously our old network would not support all these new remote users,” says Shiina. Lion was looking to accommodate additional remote users securely and blend connectivity and security across the entire network. “We wanted to unify all the network components, such as security,” says Kobasako. They needed a solution that would accomplish those goals while providing good performance for all users. Perhaps most important for Kobayashi, however, was that the network transition would have to cause as little disruption as possible. “We’re in the manufacturing business with lots of offices, factories, laboratories, and heavy factory equipment. Drastic changes and big disruptions are not acceptable.” “We’re in the manufacturing business,” says Kobasako, “with lots of offices, factories, laboratories, and heavy factory equipment. Drastic changes and big disruptions are not acceptable.” Lion Chooses Cato SASE to Merge Networking and Security Kobasako had heard good things about Cato SASE and decided to give it a try with a proof of concept (POC) implementation. At the same time, the Covid-19 pandemic exploded, so Lion incorporated remote access into the POC as well. He was impressed with the Cato team. “We were worried at first because Cato was a new system and approach for us,” says Kobasako “but the Cato team cleared up all of our concerns.” Cato connects all global enterprise network resources — including branch locations, physical and cloud datacenters, and mobile and home users — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next generation firewall, and IPS. Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 65 globally dispersed points of presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built in WAN optimization to improve throughput dramatically. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. With Cato, mobile and home users get the same network performance and security as their office counterparts. Cato: Smooth Transition, Easy Management “The transition was very smooth. We decided that Cato would be the center of our network, which is the main component of our IT strategy moving forward.” The results of Lion’s POC with Cato were impressive. “It was clear Cato was a very good solution for us and that its management portal would help us cut management costs,” says Kobasako. “The transition was very smooth. We decided that Cato would be the center of our network, which is the main component of our IT strategy moving forward.” In a matter of weeks, Lion deployed Cato to 29 of its locations and to 5,000 users who moved to working at home during the Covid-19 pandemic. It has taken full advantage of Cato’s next generation anti-malware, IPS, and MDR to secure all its users. With Cato SASE, office and remote and home workers connect to the same high-speed backbone. Mobile and home users benefit from the same network optimizations and security inspections as office workers. Aside from excellent performance and Cato’s airtight security, Lion is impressed with Cato’s management portal, which centralizes network and security monitoring and management in a single console. “We really like that Cato is in the cloud so we can manage everything on the network from one place,” says Kobayashi. “That is a huge advantage for us.” “This year, the entire WAN and Internet connectivity will be running on Cato.” “We have many more security controls with Cato’s SD-WAN than we had before,” adds Shiina. “This year, the entire WAN and Internet connectivity will be running on Cato.”
Read customer story Search
Bugaboo Transforms its Network with Cato, Boosting Cloud and Datacenter Application Performance

Manufacturing

Bugaboo Transforms its Network with Cato, Boosting Cloud and Datacenter Application Performance
Bugaboo Transforms its Network with Cato, Boosting Cloud and Datacenter Application Performance The Challenge: Slash Network Complexity and Cost Global manufacturers need fast, secure WAN connections among datacenters, manufacturing plants, sales offices, and the cloud to provide a positive customer experience and compete successfully with fast-moving competitors. Many have relied on global MPLS networks, which are expensive--particularly in the Asia Pacific region--and not always reliable. And still others are relying increasingly on cloud applications, which are ill-suited for legacy networks based on MPLS. Such was the case with Bugaboo, a well-known innovative Dutch designer and manufacturer of baby strollers and parenting solutions. Bugaboo had a datacenter and main office in Amsterdam, a manufacturing plant in Xiamen China, and offices and retailers throughout the EU, North America, Australia, and Asia Pacific. When Rein Droog joined as Vice President, Global IT for Bugaboo in 2019, the company was suffering from WAN and infrastructure complexity. The network had emerged organically, requiring internal technology experts to keep humming. At the time, ERP and other applications were running in the Amsterdam datacenter, connected to global locations either via MPLS or, in the case of the smallest locations, Internet VPNs. “We had somewhere between 10 or 20 different contracts with local providers,” says Droog. “In Asia the MPLS is much more expensive than in Europe. What’s more, IT staff had to fly all over the world to bring up even small, 10-person offices." Not only was the WAN infrastructure complex, it was also expensive. “In Asia the MPLS is much more expensive than in Europe,” says Droog. What’s more, IT staff had to fly all over the world to bring up even small, 10-person offices, he says. Security was also varied and highly distributed among locations. “There had been little to no centralized monitoring or management, which complicated policy configuration and enforcement,” he says. “With all of that expensive MPLS, our China locations still had performance, latency, and downtime issues when connecting to applications in the Amsterdam datacenter. The whole setup was just not economical, and with all the expertise in a few IT staff, not sustainable.” With all this complexity and expense, WAN performance and stability were constant issues. “One month Japan was down, the next month Australia,” says Droog. “With all of that expensive MPLS, our China locations still had performance, latency, and downtime issues when connecting to applications in the Amsterdam datacenter. The whole setup was just not economical, and with all the expertise in a few IT staff, not sustainable.” Bugaboo also sought to kickstart a major digital transformation, which included a “Cloud Unless” policy that mandated moving applications to the cloud whenever it made business sense. MPLS was clearly not the strategic solution. With IPknowledge, Bugaboo Embarks on Total Network Transformation Droog started soliciting feedback from leadership, users, and IT to start building a digital transformation strategy. “All kinds of unfiltered feedback was collected, from the good to the bad,” says Droog. “From Virtual meetings not going smoothly, to latency issues or bad application performance. Some things were working, however, so my task was to find the root cause of the issues we were having and fix it.” Droog drafted a technology transformation roadmap with three major objectives: Fix the foundation, which included hosting and networking, site infrastructure, user and meeting services and security. Improve the application layer by rationalization and simplification. Improve the data reporting and advanced analytics capability by focusing on ownership, quality and tooling. “We looked at the network and site infrastructure as one of the first,” says Droog. To fix the foundation, Droog turned to longtime IT partner IPknowledge, a Dutch provider of Internet access and cloud-native connectivity and security to enterprises like Bugaboo. IPknowledge had already been working with Bugaboo to enhance the existing WAN infrastructure with WAN optimization solutions. In this case, Droog wanted IPknowledge to help him transform the network. “I wanted one reliable partner, not 20 different contracts, and I didn’t want our folks having to deal with 24 X 7 monitoring. The solution had to be simple and sustainable, and it had to just work.” “We had a lot of discussions on how to set up a flexible network that could deal with the number of users we had in our office locations,” says Droog. “I wanted one reliable partner, not 20 different contracts, and I didn’t want our folks having to deal with 24 X 7 monitoring. The solution had to be simple and sustainable, and it had to just work.” Droog wanted to be able to open--and close--offices quickly and easily if necessary, a key requirement of rapid company transformation. “We were changing quickly, and it was difficult to know what was coming in the next three months.” Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS. Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 65 globally dispersed PoPs. At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile and home users run across the same backbone, benefiting from the same optimization features and improving remote access performance. Droog tested several solutions, including Cato. Bugaboo had just switched to Office 365 and Cato worked the best with the service, particularly in China. “Our overall internal network performance also improved with Cato and the performance of our Amsterdam-based applications in China improved significantly.” Network Complexity to Simplicity with Cato and IPknowledge “Cato really is plug and play. It was clear that Cato’s flexibility actually made switching to Cato less risky than staying with the solution we already had.” Setting up the tests was remarkably easy. “That’s one of the things that drew me to the Cato solution,” says Droog. “Cato really is plug and play. It was clear that Cato’s flexibility actually made switching to Cato less risky than staying with the solution we already had.” Rolling out Cato to the other locations over a month was also quick and painless. “There was zero downtime during the rollout,” says Droog. “We just shipped the Cato Socket to each office and walked whoever was there, even a salesperson, through how to plug it in.” No IT travel required. When Covid-19 hit, Bugaboo sent everyone home to use its existing remote access solution but switched gradually to Cato between November 2020 and January 2021. Once remote access moved to Cato, performance for all those work-from-home users improved in Asia and North America as well. “We heard a lot of home users say, ‘Hey, this runs much faster!” says Droog. “With Cato the performance with the cloud was faster than connecting to the cloud directly,” And finally, cloud applications also ran faster under Cato. “With Cato the performance with the cloud was faster than connecting to the cloud directly,” says Droog.   As for security and management, Bugaboo has its own security monitoring tools and policies, but Cato provides the firewall, antimalware, and IPS capabilities in the cloud. IPknowledge also has its own management and monitoring tools to manage the Bugaboo Cato deployment but hooks into Cato’s management system using the Cato API. “Cato’s management portal takes care of a lot of mundane tasks that we had to handle ourselves before,” says Steven de Graaf, managing director of IPknowledge. “With Cato we can be proactive and spend time on architectural improvements instead of configuring and fixing firewall rules. Cato lets us compete with the big telcos and provide a better solution, which is why it has become our principal strategic partner.” “Monitoring and maintenance have improved a lot with Cato and IPknowledge,” says Droog. “And where there were hiccups every month with our previous infrastructure, Cato has been absolutely stable, fast, and available.”
Read customer story Search
Diamond Braces Uses Cato to Boost WAN Security, Performance, and Reliability

Healthcare

Diamond Braces Uses Cato to Boost WAN Security, Performance, and Reliability
Diamond Braces Uses Cato to Boost WAN Security, Performance, and Reliability The Challenge: Easy Deployment and Management; Fast, Reliable Connectivity Doctors’ and dentists’ offices have stringent security requirements, thanks to HIPAA and other regulations for protecting patient data. They work with large X-ray image files and many have been moving medical management applications to the cloud. For dentist office chains, such as Diamond Braces, fast, secure, reliable communications among locations and the cloud are an absolute requirement. The Diamond Braces network spans 32 orthodontist locations in New York State, New Jersey, and Connecticut, with headquarters in New York City. Before Cato, most Diamond Braces locations were connected via Internet VPNs, with fiber running only from its main office and call center. Each location ran a separate firewall gateway/VPN appliance, which led to increasing complexity as the number of locations grew. “It was all getting too difficult to manage and it was taking too much time to ensure it worked properly,” says Alexander Azikov, IT Manager at Diamond Braces. “We had people accessing malicious sites, often unintentionally via a typo or spam mail,” says Azikov. “We needed the capability to warn them or block those sites. I was also looking to add IPS capabilities and I needed an integrated solution that could do it all with a single-pane-of-glass.” For all their complexity, however, the firm’s firewalls couldn’t filter HTTPS traffic, so Diamond Braces was left without any content filtering capability, unless it added it separately, which would only increase complexity and cost. “We had people accessing malicious sites, often unintentionally via a typo or spam mail,” says Azikov. “We needed the capability to warn them or block those sites. I was also looking to add IPS capabilities and I needed an integrated solution that could do it all with a single-pane-of-glass.” Applications such as Office 365 and the firm’s patient management solution were mostly in the cloud, so fast, reliable cloud and office connectivity were vital. Large X-rays averaged 7MB each and the company made extensive use of cloud-based VoIP and videoconferencing, so hefty bandwidth and quality of service were also WAN requirements, as was backup connectivity in the event of service disruptions. With Diamond Braces adding an average of 10 locations a year, quick deployment and easy, centralized management were also key capabilities that IT was not getting from its VPN’s, fiber, and branch-based firewall appliances. “We really needed a scalable solution with unified security and management,” says Azikov. Diamond Braces Taps Cato for Simplicity and Security Azikov had heard how SASE merges WAN and security in a single cloud-native solution and was pretty sure it was what he was looking for. He considered several vendors, but the only one that filled all the SASE requirements was Cato. “One vendor had an excellent infrastructure, but very limited security, so we would have had to go to another vendor for content filtering, just like with our current solution,” says Azikov. “Another vendor relied to a large extent on its endpoint security appliances, so it wouldn’t relieve the complexity of our current appliance-based architecture.” Only Cato offered a completely integrated cloud-native SASE solution with a single management interface for WAN and security. It also had all of the required security functions--firewall, IPS, and content filtering. The only appliance to install was the Cato Socket, which was a cinch to configure and required no real management. Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next generation firewall, content filtering, and IPS. “We had a proof-of-concept stage, during which I was able to set up an office myself,” says Azikov. “I just had to ask some questions about the best way to do certain things. After the first, I could set up locations without even thinking about it.” Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 65 globally dispersed PoPs. At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features and improving remote access performance. “Once we had it all connected on a single Cato network, everything was so easy and reliable,” says Azikov. “We can get by on 25 Mbits/s, but 50 made working very comfortable, and Cato’s QOS made for very smooth video. For the central office, Azikov went for 75 Mbits/s. Installing the Cato solution was incredibly fast and easy. “We had a proof-of-concept stage, during which I was able to set up an office myself,” says Azikov. “I just had to ask some questions about the best way to do certain things. After the first, I could set up locations without even thinking about it.” It didn’t take long to set up all 33 locations with 50 Mbits/s Cato connectivity. “Once we had it all connected on a single Cato network, everything was so easy and reliable,” says Azikov. “We can get by on 25 Mbits/s, but 50 made working very comfortable, and Cato’s QOS made for very smooth video. For the central office, Azikov went for 75 Mbits/s. Cato Brings Security, Reliability, and Easy Management Azikov loves the simplicity and reliability of the Cato solution. “Cato’s centralized management saves tons of time,” says Azikov. “We troubleshoot issues so much faster. When you have everything in one place you can just switch back and forth and analyze different pieces of the puzzle. IT really ticks all the boxes for us.” “We troubleshoot issues so much faster. When you have everything in one place you can just switch back and forth and analyze different pieces of the puzzle. IT really ticks all the boxes for us.” With the original firewall solution, Azikov had to copy and paste text-based configuration information from one site appliance to another. Sometimes there were IP address mistakes, which led to hours of troubleshooting. “We don’t have to deal with all those IP issues. And when there’s a provider issue, I can see it on the Cato interface immediately before employees call me and tell them we’re using a backup connection and I’m already working with the provider to get things up again.” “With Cato it’s all just plug and play,” says Azikov. “We don’t have to deal with all those IP issues. And when there’s a provider issue, I can see it on the Cato interface immediately before employees call me and tell them we’re using a backup connection and I’m already working with the provider to get things up again.” With easy management, Azikov has more time to research new financial and project management tools to improve the business. “I love the analytics Cato provides to help me troubleshoot issues and tweak the system for optimal performance,” says Azikov. “Otherwise, I really wouldn’t know what to change to make things better. This helps especially with QoS on the slower broadband and LTE backup connections.” Azikov’s favorite Cato feature is Event Discovery. “I love the analytics Cato provides to help me troubleshoot issues and tweak the system for optimal performance,” says Azikov. “Otherwise, I really wouldn’t know what to change to make things better. This helps especially with QoS on the slower broadband and LTE backup connections.” [caption id="attachment_17974" align="aligncenter" width="1920"] With Cato’s Event Discovery capability, Diamond Braces can harness detailed analytics to troubleshoot network issues and tweak the network for optimal performance.[/caption] In all, Cato has made business much smoother for Diamond Braces and management of WAN and security much easier for Azikov. Perhaps the best thing: “We have a lot fewer complaints from end users,” says Azikov.
Read customer story Search
Haulotte Halves Network Costs and Boosts Application Performance By Migrating from MPLS to Cato

Manufacturing

Haulotte reduced costs and improved the performance of applications by migrating from MPLS to Cato
Haulotte Halves Network Costs and Boosts Application Performance By Migrating from MPLS to Cato The Challenge: Network Reliability at a Lower Cost than MPLS Global manufacturers face significant challenges in an age of digital transformation. Many have relied on MPLS to connect manufacturing plants, corporate and sales offices, and the datacenter. As mobile/home users and cloud applications have grown in importance, however, MPLS has shown itself to be both too expensive and not agile enough to remain a viable WAN solution. Such was the case with Haulotte, a global manufacturer of materials and people lifting equipment used in construction, warehouses, farms, managed forests, and similar sites. With six manufacturing plants and more than 30 offices across Western Europe, North America, South America, Africa, and Asia Pacific, Haulotte had faced three years of delays and cost overruns rolling out MPLS to all its locations. At the end of those three years MPLS accounted for a whopping 10 percent of the entire IT budget. Service was usually adequate but there were definite issues. “There were outages, complaints, and negative feedback from several internal teams about the service from our major international MPLS provider.” “During my first few months at Haulotte, the network was a daily headache,” says Thomas Chejfec, who joined Haulotte as Group CIO in 2019. “There were outages, complaints, and negative feedback from several internal teams about the service from our major international MPLS provider.” Haulotte was also migrating to Office 365 and MPLS was not a great fit for the cloud. Haulotte Considers Alternate MPLS and SD-WAN solutions, Chooses Cato With several MPLS contracts reaching end of life, Chejfec decided to look at both MPLS and SD-WAN alternatives. “It was clear that switching MPLS providers could save us 20% in budgetary costs but migrating to SD-WAN could save as much as 50%,” says Chejfec. Chejfec’s IT team investigated several SD-WAN providers, including traditional hardware vendors and more specialized service providers. In the end Cato was the clear winner. “It was clear that switching MPLS providers could save us 20% in budgetary costs but migrating to SD-WAN could save as much as 50%” “I went to Tel Aviv to meet with the Cato team, see how they work, and investigate the solution’s coverage,” says Chejfec. “I liked the company’s ‘Unicorn’ spirit, with its young, highly responsive employees at the forefront and Cato’s ultra-simple management software solution.” Cato connects all global enterprise network resources — including branch locations, physical and cloud datacenters, and mobile and home users — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next generation firewall, and IPS. Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 65 globally dispersed points of presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built in WAN optimization to improve throughput dramatically. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. “Cato’s management interface was so easy to use compared to those of the traditional SD-WAN players we looked at” Chejfec felt that Cato’s approach to networking and security was the most user centric of the solutions he considered. “Cato’s management interface was so easy to use compared to those of the traditional SD-WAN players we looked at,” says Chejfec. “That really made a difference for us. It allowed our small team of three, with two based in our Romanian datacenter, to view network traffic across all our sites in real time. We can even see which sites use YouTube and other apps the most and how many gigabytes are transferred.” “Cato let us take advantage of good access at half the price of MPLS.” Chejfec also liked that Cato had its own converged backbone with a high density of global Points of Presence. “And we loved the price, of course!” says Chejfec. “Cato let us take advantage of good access at half the price of MPLS.” He was also impressed with Cato’s security services, including the ability to shut down the entire network with a single phone call to prevent the spread of ransomware and other attacks. Fast Deployment, Fast Performance, Low Cost Chejfec started rolling out the Cato SD-WAN solution to individual sites, leaving deployment of Cato’s security services for the future. When Covid-19 hit, Cato came in very handy for mobile/home user access as well. “For the first lockdown we kept our previous VPN, but we didn’t have enough licenses for all our new home users and activating new licenses would add significant costs and long implementation times,” says Chejfec. “We decided to try the Cato VPN and were able to deploy it to 300 home-based staff in less than a day!” Deploying Cato to its sales offices was also simple. “We just dispatch the Cato Socket with a page of instructions to each location,” says Chejfec. “Our local contact installs it at the site and then we take over remotely to finish the job. It’s truly plug-and-play.” As for the manufacturing plants, IT sent the staff an email notifying them that the network would be unavailable between 7 pm and 10 pm in order to change providers. “At 10 pm the network was up and running and employees could resume work the next morning with no disruption.” “Usually a network migration project is a hot topic of conversation and affects everyone at every level but migrating to Cato was truly seamless.” The migration was delayed by the slow termination of MPLS contracts, but it has been a relatively trouble-free experience. “In my 10 years of experience in IT, this is the only major project that turned out to be a minor project,” says Chejfec. “Usually a network migration project is a hot topic of conversation and affects everyone at every level but migrating to Cato was truly seamless.” Not only was the switchover seamless, but there were notable performance and quality of service improvements with Cato compared to its previous MPLS solution. “We had just migrated to Office 365 and the quality and performance of Microsoft Teams was a definite improvement,” says Chejfec. “I believe this had a lot to do with the switch to Cato. For the network team, the management interface is a godsend,” Chejfec adds, “as Cato anticipates Internet link problems, they can intervene quickly before they affect users.” The next phase in Haulotte’s Cato migration will be to start deploying Cato’s security services globally and the entire Cato solution to a new factory currently being constructed in China, where Cato has several PoPs. Perhaps the best thing about the transition to Cato. “The network is no longer a topic of discussion with users,” says Chejfec. “We never hear about it anymore.”
Read customer story Search
TES Goes Lean Consolidating Global WAN and Security

Environmental Services

TES Goes Lean Consolidating Global WAN and Security
TES Goes Lean Consolidating Global WAN and Security The Challenge: A Single Network and Security Model   IT service providers need fast, secure connections between locations and customers to deliver digital services and keep the business running smoothly. Such was the case with TES, a Singapore-based IT lifecycle solutions provider specializing in IT equipment deployment, recycling, and disposal with data and brand protection. With nearly 40 sites in 20 countries and thousands of security conscious customers, TES’s security and communications challenges were great. “Once we got to a certain size, we realized we had to implement higher levels of control, security, and protection than we had had when we were smaller,” says Stuart Hebron, Group Chief Information Officer for TES. “Our customers are constantly checking our security model to ensure it’s aligned with their model and compliance requirements.” “We needed to become well connected, resilient, and able to function as a single global business, rather than a group of individual small businesses around the world.” Adding to TES’s challenges were a number of mergers and acquisitions that brought in new networks, people, systems and software. “With our lean IT workforce, we sought a quick and easy way to integrate those sites under a consistent security and operational model,” says Hebron. “We needed to become well connected, resilient, and able to function as a single global business, rather than a group of individual small businesses around the world.” TES Investigates SASE Solutions, Chooses Cato The company looked at several solutions for WAN and security, but Cato was the one that fulfilled all its requirements. “Cato provided us an option to address many things, including security, connectivity, and network resilience, without having to invest significantly in other expensive technologies,” says Hebron. “All the things that were important to us were there.” “Cato provided us an option to address many things, including security, connectivity, and network resilience, without having to invest significantly in other expensive technologies” Cato was also the best deal overall. “Everyone says when it comes to good, quick, and cost efficient, you can only have two, but Cato gave us all three.” Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next generation firewall, and IPS. “Everyone says when it comes to good, quick, and cost efficient, you can only have two, but Cato gave us all three.” Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 55 globally dispersed points of presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features and improving remote access performance. “With Cato, we could bring those new acquisitions in quickly without having to do deep dives into their security and network architectures.” “We liked that we could use standard, conventional Internet access points at all of our sites, which saved a lot of money for us,” says Hebron. “With Cato, we could bring those new acquisitions in quickly without having to do deep dives into their security and network architectures.” Deploying Cato to each of TES’s locations was easy as well. “Cato allowed us to roll out quickly but gradually,” says Hebron. “As COVID hit last year, we found we could literally ship a Cato socket to each location without anyone having to travel to the site, which made things much safer. Through the joys of mobile phone technology and cameras, we could then walk non-IT skilled employees through plugging the sockets into the network and then access and configure them from afar. The speed at which Cato delivered those devices and the ability to deploy them without an on-site specialist made such a huge difference, reinforcing security at a pace that exceeded our initial goals,” says Hebron. Initially Hebron wasn’t even sure TES could achieve its goals quickly with the lean team he had. TES Goes Lean and Mean with Cato Once it was deployed, Cato also made things easier with its single centralized management console for both networking and security. “We needed a solution that would let us monitor and manage our entire network with a small group of specialists,” says Hebron. “Cato delivered that.” Combined network and network security management has also delivered the consistency the company needed across locations as a single global firm. “We have much better capabilities across our environment,” says Hebron, “while at the same we can address regional security concerns. Cato lets us make rapid changes to our overall security model. It also gives us online reporting, visibility across the network at any time at a single glance, and actionable value out of what we see on screen. Instead of just responding all the time we can see things coming.” Support has been excellent as well, according to Hebron. “We’ve had nothing but good experiences. Cato has even helped us with other internal challenges outside of their environment.” Cato has allowed TES to keep its IT workforce lean. “We haven’t had to add any people since we deployed Cato,” says Hebron, “and we’re actually considering ways to do more with the people we have.” “We find that Cato helps us have better conversations with our clients,” says Hebron, “as it’s clear to them that we can achieve all their compliance goals. Audit processes are faster when they look at our internal security around data, brand, and IP protection.” Customer acquisition and retention have gotten easier. “We find that Cato helps us have better conversations with our clients,” says Hebron, “as it’s clear to them that we can achieve all their compliance goals. Audit processes are faster when they look at our internal security around data, brand, and IP protection.” Perhaps the best thing about deploying Cato: “Since deploying Cato in the past six months, I can tell you I sleep much better at night,” says Hebron. “The gray has started to slow,” he laughs, “and I feel as if I’m in a much better position with my role in the organization, which is to protect our customers and the business. It gives me more confidence when I’m with customers that we can actually do what we say.”
Read customer story Search
Hoyer Motors Taps Cato to Connect China Offices and Cato MDR for Better Malware Protection

Manufacturing

The motor manufacturer improved security and control with Cato MDR
Hoyer Motors Taps Cato to Connect China Offices and Cato MDR for Better Malware Protection The Challenge: Keep Firewalls Current Without Sacrificing Control It's no secret that manufacturers everywhere need to protect themselves against malware. But as attacks come faster and attackers become more sophisticated, how do enterprises secure themselves without compromising their budget or relinquishing control? Hoyer Motors faced that same challenge. The near half-century-old Danish manufacturer of electric motors had relied on Internet-based VPN and branch firewall appliances to connect its locations across Europe, Korea, and China. The China office also had an MPLS connection. A third-party managed the company's branch firewall appliances. "It's really, really crucial that a firewall update be applied immediately. Otherwise, you risk being breached. But it could take our management provider 14 days to update our firewalls." And it was in those branch firewalls that the company faced so many challenges. "It's really, really crucial that a firewall update be applied immediately. Otherwise, you risk being breached," says Kenneth Middelboe Carlson, IT Senior Administrator at Hoyer. "But it could take our management provider 14 days to update our firewalls." "By using smaller hardware-based firewall appliance solutions, which were outsourced to another company, Hoyer had no control, no visibility, and no clue the firewalls were working or not working," explains Kristian Secher-Johnsen, CEO at Secher Security, a premium Cato partner and security advisor to Hoyer. Hoyer was also facing service interruptions at many offices. "The offices had difficulties in connecting," says Carlson. And then there was cloud migration. Since Hoyer had first deployed its global network, the cloud services had matured. As a result, Hoyer wanted to migrate to the cloud and wanted an infrastructure that would reflect that change. Hoyer Embarks on Its WAN Transformation Journey Hoyer began looking for another global networking solution. "In general, the core functions we were looking for were some cloud possibilities so that we could get the same benefits in Denmark, Europe, and China," says Carlson. "We wanted something that could be updated and managed easily, something that IT could do themselves." Hoyer was also looking for something easier to manage. "We wanted something that could be updated and managed easily, something that IT could do themselves. We like to do most of the things ourselves instead of paying consultant fees to other companies." And the company wanted SD-WAN to provide last-mile redundancy and high availability by leveraging multiple Internet connections. "In case someone digs up the fiber and cuts it in half, you can still use 4G. It's essential that you do not have a single point of failure because if your infrastructure fails, then our customers, our colleagues, can't do the work, and we lose money," he says. Hoyer Selects Secher Security with the Cato Global SASE Platform Hoyer began looking at various solutions when the team was contacted by Secher Security offering the Cato solution. "I believe we had our little sheet with five key notes and the Cato solution that Secher presented to us was actually down on all of them," says Carlson. "We have WAN optimization. We have SD-WAN. It's a SaaS solution, but it's global everywhere." Carlson was excited by the Secher-Cato proposal but skeptical. "Sometimes you know when a salesperson contacts you, it's like, of course, it can be better. But is it better?" asks Carlson. "4G connections in the outer areas of China where you normally cannot connect to anything just worked with Cato. It was really, really impressive to see." So, Hoyer requested a testing phase. First, they deployed Cato Sockets, Cato's edge SD-WAN devices, in their server room and equipped five users with the Cato Mobile Client. "The improvement, especially in China, was incredible. I have never seen anything like it," says Carlson. "4G connections in the outer areas of China where you normally cannot connect to anything just worked with Cato. It was really, really impressive to see." When Hoyer saw results like those, the outcome was clear. "We knew we needed to agree on a price and terms. But, compared to the MPLS that we already had, which is a pretty hefty price, it didn't really take much to do the change." Hoyer Taps Cato MDR for Improved Security Hoyer eventually equipped remaining mobile users with the Cato Mobile Client and locations with Cato Sockets. Branch firewalls were replaced with Cato's security-as-a-service, which Hoyer can fully manage. Additional insight was provided by Cato Managed Threat Detection and Response (MDR). With Cato, site and mobile users automatically send all traffic to the nearest Cato PoP. With each PoP, Cato's converged networking and security, cloud-native software stack inspects the traffic, applies the necessary security and networking policies before sending the traffic onto to Internet, or optimizing it and sending it across the Cato global private backbone. "Our connection is better than what we have ever had, especially in China. We have people in factories in northern China that have never been able to work on remote desktop to connect to our system, and now with Cato, they can do that, and that is really, really big." "Generally, we have had everything that Secher Security promised," Carlson says. "Our connection is better than what we have ever had, especially in China. We have people in factories in northern China that have never been able to work on remote desktop to connect to our system, and now with Cato, they can do that, and that is really, really big." With Cato, gone are his concerns around timely patching of firewalls. Instead, the Cato team keeps the Cato security stack, which includes a next-generation firewall (NGFW), Intrusion Prevention System (IPS), and Secure Web Gateway (SWG), always current. And by constantly hunting the network for the symptoms indicative of malware and network attacks, Cato MDR often identities threats missed by legacy, anti-malware systems. "Guest computers were brought into our office and connected to the Guest Internet, which is not connected to the company domain. Cato MDR notified us that they were infected with anti-malware even though they were running Windows 10 with active antivirus." "We were pleasantly surprised with Cato MDR," he says, "Guest computers were brought into our office and connected to the Guest Internet, which is not connected to the company domain. Cato MDR notified us that they were infected with anti-malware even though they were running Windows 10 with active antivirus." Cato MDR also flagged unknown devices on the network. In short, "MDR has changed how we look at security," says Carlson. "Right now, we're optimizing security, antivirus, pattern control, and everything more thoroughly than we have ever done before, basically because of MDR. Cato MDR has been more impactful than I ever thought imaginable." Cato: Restoring Control to IT   Hoyer might have gone out looking for a more consistent, more secure network, but in the end, Hoyer gained far more than just better technology. "I believe the biggest thing by moving to Cato compared to what we had before is that I feel that we are in control," says Carlson. "Yes, we've seen increased productivity. It's easier for people to connect globally because of Cato. But for IT, it's all about the management. The more you can manage yourself, the better."
Read customer story Search
Komax Drives Innovation, Cloud Connectivity, and Mobile Collaboration with Cato

Manufacturing

Komax Drives Innovation, Cloud Connectivity, and Mobile Collaboration with Cato
Komax Drives Innovation, Cloud Connectivity, and Mobile Collaboration with Cato The Challenge: Agile Cloud and Mobile Connections Innovative companies need innovative IT solutions to help them collaborate and bring new products to market fast. These include fast, agile connectivity to cloud services and a collaborative mobile workforce. Rigid legacy WAN solutions such as MPLS cannot offer the network flexibility and speed that are vital to innovative success. Komax, a world market leader and innovator in wire processing solutions¬—everything from wire strippers to complex harnesses for automobile electronic wiring systems—knew this all too well. “We are the market and innovation leader in our industry,” says Tobias Rölz, Executive Vice President, Market and Digital Services for Komax. When Komax started a major digital transformation three years ago, Rölz knew the company would have to transform IT. “We analyzed our systems and data and started moving into the cloud, introducing Office 365 for collaboration, Salesforce for CRM, and cloud-based SAP for ERP.” Komax had transitioned from MPLS to SD-WAN six years before that. Unfortunately, the appliance-based SD-WAN solution it deployed as an alternative proved too complex and rigid. “The SD-WAN appliances we had at 35 of our sites were a nightmare,” says Daniel Sollberger, Komax’s Lead, Global based IT Infrastructure, “including the first and second level support from the provider. We felt we needed to get away from all that complex hardware and move towards SASE (Secure Access Service Edge).” “Strategic fit was important,” says Rölz. “We wanted a solution from a company thinking one or two steps ahead of the others that would reduce the operational costs of our network. IT value should come from offering services that improve the quality and productivity of our company, not operating a server or network appliance.” Komax Investigates SASE, Chooses Cato Komax had heard about Cato through Gartner. “Cato Networks was one of the first vendors identified in Gartner’s SASE research,” says Sullberger. The team looked into Cato and liked what they found. “We were impressed by Cato’s thinking. They were really thinking one or two steps ahead of others,” says Rölz, “Cato was moving the network and security into the cloud, which completely fits our vision for more or less a serverless office in a few years from now.” Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next generation firewall, and IPS. Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 60 globally dispersed points of presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features and improving remote access performance. Rölz and Sollberger found moving away from installing and managing SD-WAN appliances very appealing. “We liked that all the interconnected PoPs in the Cato cloud meant we could stop depending on our local on-premises SD-WAN equipment,” says Sollberger. COVID-19 hit just as Komax started rolling out Cato to its 35 locations. “Cato reacted very quickly,” says Rölz. “With Cato, we could move people out from our offices to their home offices fast without a single interruption, ensuring the same security level, performance—the same feel—working from home as at the office,” says Rölz. “That rollout demonstrated the agility and flexibility Cato and its cloud connectivity and security would give us.” Komax also rolled out Cato to the 35 locations that formerly held all that complex SD-WAN equipment. “Even in locations where we had no IT at all, the general manager was able to install the Cato socket quickly and have the network up and running in minutes,” says Rölz. “Cato’s first and second level support is great at helping internal customers directly,” adds Sollberger. Agility, Performance, Security, Cost The result was reduced operational costs and improved agility, flexibility, performance, and security. “When you move into the cloud you need to be agile and flexible,” says Rölz. “Moving security and intelligence to the cloud gave us that agility and helped us reduce our operational costs significantly. Operations are handled by the Cato very smoothly.” Security was another benefit. As Komax moved its employees to their home offices, it saw a significant increase in attacks. “We can see that Cato has been reacting very strongly to protect our network,” says Rölz. Cato’s support has also been a relief. “Cato is able to support our issues in all our locations 24 hours a day,” says Sollberger, “This lets us focus on more important goals, such as helping our customers achieve better quality and operations.” Setting up new sites on Cato is quick and easy. “We can set up new sites and VPN users in minutes or hours,” says Rölz, “and Cato’s agility is helping us adjust the network, bandwidth, and traffic prioritization easily as we migrate step-by-step to the cloud. With Cato, we can even address traffic in the specific country where the cloud solution sits,” says Sollberger, “and it’s easy to increase capacity bandwidth in each site to scale. This helps us improve performance and response times and makes the cloud service much better to use.” Rölz feels that Cato is very in tune to Komax’s needs. “They really listen to us, consider our needs, and adapt to them. It’s a real partnership.” “I’m convinced Cato’s architecture is the future of the WAN,” says Sollberger. “It’s great to be part of it.”  
Read customer story Search
Accounting Firm Boosts WAN Reliability, and Security, Cuts Costs with Cato

Financial Services

Accounting Firm Boosts WAN Reliability, and Security, Cuts Costs with Cato
Accounting Firm Boosts WAN Reliability, and Security, Cuts Costs with Cato The Challenge: Reliable, Secure Office Connectivity Few organizations are as deadline driven as accounting firms, especially during tax season and around other tax milestones. They need fast, reliable networks connecting office locations with cloud applications, mobile staff, and each other to get their clients’ work done on time every time. At a time when most accounting applications have moved to the cloud, MPLS just doesn’t make it as a WAN solution anymore. It’s too rigid, expensive, cloud unfriendly, and in the case of a major North American accounting firm, unreliable. The firm had connected 34 of its offices via MPLS. Security at each location was provided by firewall/IPS appliances, but they were used mainly for direct Internet access (DIA). “MPLS went down enough times that users became accustomed to firing up their mobile VPN clients for communication even though they were inside the office,” says the firm’s Senior Network Engineer. “When an interruption happened close to April 15 it was really disruptive, and disruptions cost money.” “MPLS went down enough times that users became accustomed to firing up their mobile VPN client for communication even though they were inside the office,” As corporate accounting applications moved to the cloud, more and more of the firm’s traffic became cloud based. “We had to go over the Internet for the cloud traffic, so it was getting to where nobody really liked MPLS,” says the network engineer. “The only reason we kept it as long as we did was for contractual agreements and QOS for voice and video.” Until recently, the firm relied on on-premises VoIP from a well-known provider. However, when it moved to a major voice and videoconferencing cloud provider, MPLS looked even more obsolete. “At that point it became clear: Why use a slow, expensive, less reliable circuit when you could get faster, more reliable circuits a whole lot cheaper?” The network engineer had heard “rumblings” about SD-WAN but didn’t know much about it and assumed the technology needed time to mature. When voice and video moved to the cloud, he decided to take a good look. “My feeling was that there is no such thing as genuine QOS over the Internet. I was looking for a platform that would handle QOS as best as it could be handled.” Firm Looks at SD-WAN Alternatives, Falls in Love with Cato The firm went to its VARs and other partners for advice. One recommended another cloud SD-WAN provider and one recommended the Cato SASE platform. “He said, ‘Knowing your company like I do I think Cato would be a great match,’” says the network engineer. More people seemed to know about the other provider so he decided to try them first. “We wanted a solution that was simple, configurable, secure, and that offered some type of QOS,” says the network engineer. The firm set up units in the datacenter and two locations and ran file copy jobs to see how fast and consistent the performance would be. It also tried various ways to “break” the network to see how easy it would be to use the management software to find the source of the problem. It wasn’t pretty. “The other vendor’s software was too complex, with too many dials,” says the network engineer. “They also pointed us to either our existing security platform or another vendor for security. We didn’t like that.” Their partner security vendor’s interface was also complex. “Both were the types of GUIs you would have a lot of trouble with if you didn’t use them every single day.” The company decided to run Cato through the same tests. It set up Cato Sockets at the datacenter and the same locations as it had with the other vendor. Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next generation firewall, and IPS. Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 60 globally dispersed points of presence (PoPs). At the local PoP, Cato provides an on-ramp to its global backbone and security services. The backbone is an affordable MPLS alternative, not only privately managed for zero packet loss and five 9’s uptime but also equipped with WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features and improving remote access performance. “We got pretty far with the first Cato installation without any help, and the few questions I had were answered quickly,” says the network engineer. “When it came to the other two locations, we didn’t even have to call Cato. It was so easy compared to the other vendor solution, which required a lot of tweaking. That’s when we started to fall in love with Cato.” Compared to the other solution, the Cato file copy tests were much more reliable. “The consistency was amazing, almost like a flat line,” says the network engineer. “It really made Cato look good.” Cato’s management GUI was also much easier to use. “Cato didn’t have all the dials the other one and its security partner had, but it had all the controls that mattered,” says the network engineer. “And it was really simple, without all that distracting configuration to worry about.” He showed Cato to his risk and compliance team and they really liked Cato’s interface and capabilities too. “Setting up the network, firewall and other rules was really intuitive. And I love how I can go into the Cato portal, make some changes and watch them take effect in real time.” Compared to the other solution, the Cato file copy tests were more reliable. “The consistency was amazing, almost like a flat line,” says the network engineer.  The network engineer was especially impressed with Cato’s event discovery feature. “Whoever designed that should get a raise. That’s the detail we’re after,” he said. The firm also sent Cato some service tickets. In most cases Cato called back within five minutes It became clear that Cato would enable the firm to rid itself of both MPLS and its current related security infrastructure.   [caption id="attachment_13995" align="alignnone" width="1920"] With Event Discovery, customers can identify root cause in minutes by easily querying their routing, security, connectivity, and system event data.[/caption] Easy Rollout, Lots of Reliability and Savings The firm rolled out Cato to all the other locations that had had MPLS. “The deployment was so easy that in most cases the local receptionist was able to install the socket with a little help from a how-to with pictures we prepared in Microsoft Word,” says the network engineer. “We would get on the phone with them and just say, ‘do step one, now do step two, etc.’ In many cases it took five minutes.” “The deployment was so easy that in most cases the local receptionist was able to install the socket with a little help from a how-to with pictures we prepared in Microsoft Word. The firm installed a high availability configuration in the datacenter and didn’t have to consult Cato at all. An issue with a vSocket for Azure was fixed in time. “Every company and install will have a few problems, but Cato really took ownership of that one and kept us informed until it was resolved.” The firm is also looking at using Cato’s mobile VPN capabilities down the road. “We love that Cato would give us IPS at the PC level, all tied into the Cato portal,” says the network engineer. “We could manage our offices and end users from one location. Why give the money to our current provider?” Cato was also inexpensive compared to MPLS, particularly compared to upgrading and managing all the current routers and security appliances at the company’s locations. “We were going to have to upgrade all those appliances soon and now we don’t have to buy all that new hardware and licensing,” says the network engineer. Cato was also more reliable. “We’ve had six or eight of those appliances die on us and it seemed it was just a matter of time before the others died too,” says the network engineer. “Why bother keeping them when Cato could do all that for us?” It was great to be able to get rid of all that hardware. “Now that we didn’t have to do all that complex routing we could even buy switches at a lower license level, saving us $1,000 per local switch.” Cato was also more secure. “With MPLS we had almost no office-to-office security. An internal security audit concluded we needed to improve that and since everything now goes through the Cato cloud we have.” The network engineer also finds the way rules are configured in Cato inherently more secure than that of his previous appliances. “With Cato you start by denying all traffic and then you build exceptions. With our previous solution it was the opposite, so sometimes we allowed traffic we didn’t mean to allow.” In all the switch to Cato has been a great success. Says the network engineer, “It saved us money, it simplified our network, it made things faster and more reliable, and it gave us a lot of network insight.”
Read customer story Search
Low & Bonar Replace Global MPLS with Cato SASE Service from IPknowledge

Manufacturing

Low & Bonar Replace Global MPLS with Cato SASE Service from IPknowledge
Low & Bonar Replace Global MPLS with Cato SASE Service from IPknowledge From traditional WAN to global network in the Cloud Organizations are constantly on the move. But to be agile, having a flexible network infrastructure is crucial. This certainly applies to organizations such as Low & Bonar, who have international offices and do business all over the world. Mergers and acquisitions have completely changed the business environment within a few years and have created challenges in the areas of costs, management, and digital performance. International WAN Challenges Was it wise to continue the relationship with the telecom company, which was chosen in 2013? With this question, the preparation of a quotation request to several suppliers started in 2018. One thing was certain, namely that the world of international infrastructures had completely changed. It had to be done better, faster and above all cheaper. Due to acquisitions from the past, the L&B IT infrastructure contained a relatively large number of different systems and applications, which resulted in a high management burden. Low & Bonar uses, amongst other things, an Oracle (JD Edwards) ERP system that is hosted on centralized servers in Arnhem. The Intex ERP system is also used for specific business processes (weaving industry). SAP ERP is also used. Other important business applications are also hosted in the central data center in Arnhem. In addition, its own IT department was too dependent on the current supplier. “Creating new locations or change requests did not always go smoothly,” is how Paul Visscher, Head of Infrastructure and Security at Low & Bonar, puts it. The performance of the international network was also very different between the countries. For example, in China, the data first passes through a firewall controlled by the Chinese state. A dedicated bandwidth was needed here anyway, but later it turned out there was an even better alternative. Making choices for the right solution It soon became clear that this time it was not about simply renewing the MPLS network of the telecom provider. Partly due to the new possibilities of SD-WAN technology, there suddenly appeared to be many options. MPLS, Internet and even wireless (4G) connections in combination with various SD-WAN technologies. For Paul Visscher there was something else that was important, namely the ‘co-managed’ model offered by IPknowledge and Cato. As a result, the control and direction of the WAN came primarily by himself and, without management costs. “As a result, I literally have flexibility and scalability in control, which is better for us than a fully managed environment of a traditional CSP, Communication Service Provider or Telco,” he explains…. Read the complete case study to learn more about Low & Bonar’s experience and lessons learned while deploying Cato and working with IPknowledge. Available in Dutch here.
Read customer story Search
Global Food Supplier Uses Cato Cloud to Ensure Global Performance, Security and High Availability

Food

Global Food Supplier Uses Cato Cloud to Ensure Global Performance, Security and High Availability
Global Food Supplier Uses Cato Cloud to Ensure Global Performance, Security and High Availability The Challenge: Improve Network Security and Availability Without Compromising Performance or Agility Manufacturers know all too well the pains of relying heavily on global VPNs. They might be more cost-effective than MPLS, but performance is very unpredictable, and setting up numerous VPN connections, is too time consuming. And none of that touches on the problem of providing local security. These were precisely the challenges facing Global Food Supplier. The company, which asked to be anonymous, develops and delivers healthy feed solutions for fish. It operates 31 manufacturing facilities and offices across Europe and the UK, in Central and South America, Tasmania, and now in China. Prior to coming to Cato, the company ran its own network, connecting locations primarily via a VPN between on-site firewall appliances. Some MPLS links were used to connect several sites. As the company matured, it grew through acquisitions, and with that came the need to update its connectivity and security options. The impending expiration of many of the sites’ license-support for the firewalls drove the company to reassess its security approach. The existing firewalls lacked the capacity to meet the company’s needs and would have required massive upgrades. Otherwise, the company would have had to disable critical services, such as virus scanning and SSL traffic scanning. The company knew it needed to enable advanced security globally, but the cost to do so with firewall appliances was very high. Availability was another critical concern. High availability was only set up in offices in a few countries, leaving the remaining locations exposed with single points of failure. What’s more, the company had little visibility into the network’s operations. If users had performance issues, or worse, the site experienced a network failure, the IT team lacked the insight to know what was going wrong. And as more applications began moving into the cloud, the company needed additional solutions for WAN optimization, and to reduce latency for applications such as SharePoint, team collaboration, email and M3 (ERP). Cato’s SASE Platform Provides Significant Advantages The company’s IT team made the pitch to executive management: standardize on Cato Networks’ global solution to benefit from several advantages. First, every site would be configured for high availability by installing redundant, cost-effective Cato Sockets, Cato’s edge SD-WAN appliances. Second, advanced security is fully converged into Cato’s SASE platform. The company’s network would be continuously monitored and scanned to detect suspicious traffic. Global performance was also key. Cato includes WAN optimization in its global private backbone. By contrast, the existing VPN offered very poor performance in several countries, especially China, Costa Rica, Chile and Ecuador, due to its dependence on the public Internet. This made access to global systems like Office 365 and M3 almost useless. Network visibility was another advantage offered by Cato. The company would now have deep insight into the performance of all last mile connections. Cato provides real-time and historical graphs for throughput, latency, jitter, and packet loss. The company would also have centralized management 24x7 support and monitoring. Finally, there were the cost savings of going with Cato. With Cato’s global private backbone, the company would be able to eliminate all MPLS circuits. And with Cato running security in the cloud, the company would avoid hardware upgrades of its legacy firewalls. How Going with Cato Led to Consistent Performance and Security Worldwide The company wanted a single global solution that could connect and secure all offices and production facilities in a consistent manner. Also, the company lacked internal expertise to support this network, so an external technology partner was needed to make configuration changes and keep the network running. “We had some discussions about going with a global MPLS solution, but we knew we would always end up somehow with more than one supplier and multiple points of contact because of all the countries we are in.” “We had some discussions about going with a global MPLS solution,” says the IT manager, “but we ruled out that option because even though we would theoretically get one supplier, we knew we would always end up somehow with more than one supplier and multiple points of contact because of all the countries we are in.” Cato also allowed the company to eliminate all the branch firewalls and VPN connections. Cato Cloud is an affordable MPLS alternative, connecting all branches, trusted business partners, and physical and cloud data centers with an SLA-backed, affordable global backbone. The company’s remote locations connect to the company’s systems via redundant Cato Sockets; remote users connect through the Cato client. With all WAN and Internet traffic consolidated in the cloud, Cato applies a set of security services to protect all traffic at all times. Firewall and other security rules are now centralized in Cato Cloud, so they are easy to manage and automatically updated by Cato. “It’s good to get the automated client and security updates from Cato,” says the IT manager. “We didn’t have updates from our firewall vendor—ever. Now we have everything updated centrally by Cato. This ensures we always have the latest features enabled to protect our network.” “Once we began our pilot with Cato, we saw that it is much, much easier for us to get high-level support from Cato than we could ever get with our legacy firewall provider" Support also stood out for him. “One of the best parts of our relationship with Cato is the level of support we receive,” he says. “Once we began our pilot with Cato, we saw that it is much, much easier for us to get high-level support from Cato than we could ever get with our legacy firewall provider, even after 15 years with them. They just didn’t care about us, but Cato is very attentive to our needs. We can talk directly to the people who will get our business needs implemented.” [caption id="attachment_13088" align="aligncenter" width="1500"] With Cato, Global Food Supplier was able to connect even hard to reach sites, mobile users, and cloud resources with a single, global network, the Cato Cloud.[/caption] Future Looks Brighter with Cato’s Advanced Analytics Looking toward the future, the company’s IT team plans to set up advanced segmentation of its network and to set priorities for its various applications. “We are looking at how much bandwidth is used by different applications and will use policies to prioritize what’s most important to us,” he says. “With all the insight and visibility we get from Cato, we’re confident we can optimize our bandwidth usage to get even more benefits from our network.”
Read customer story Search
Global Sales and Distribution Firm Replaces Backbone Provider with Cato, Cuts WAN Costs in Half

Consumer Goods

Global Sales and Distribution Firm Replaces Backbone Provider with Cato, Cuts WAN Costs in Half
Global Sales and Distribution Firm Replaces Backbone Provider with Cato, Cuts WAN Costs in Half The Challenge: Fast, Reliable, Cost Efficient WAN Global sales and distribution firms need fast, reliable connections among locations to get business done and stay competitive. Such is the case with this leading sales and distribution company in the fast-moving consumer goods (FMCG) sector. “We had two MPLS links with failover at each business unit,” says the CIO, “but it seemed as if one line was always down for maintenance or some other issue.” The firm has a portfolio of local and global brands that it sells and distributes through office locations in the Caucasus, Southwest Pacific, Middle East, and Southern Africa. Before Cato, it connected offices via MPLS and then a legacy global backbone provider. Carrier MPLS was expensive and establishing new lines between branches took a long time. “We often had to wait more than three or four months for a new connection,” says the company’s CIO and VP of IT. Reliability was also less than perfect. “We had two MPLS links with failover at each business unit, but it seemed as if one line was always down for maintenance or some other issue.” Fed up with carrier MPLS, the company switched to the legacy, global backbone provider. “The performance and reliability improved, but bandwidth was only 2 Mbit/s and the service was still expensive,” says the CIO. At two days, deployment was considerably faster, but required some tech support and configuration of access control lists, policies, and BGP. CIO Investigates SD-WAN, Chooses Cato Always on the lookout for an easier, less expensive alternative, the CIO turned to his partner IT firm to investigate SD-WAN providers. Eventually, he decided to set up a Proof of Concept (POC) deployment with Cato in Georgia and New Zealand. “With our partner firm, we ran a lengthy POC because we wanted to check everything out, including the availability, SLA, support response time, end-to-end service, and, of course, the actual user experience,” says the CIO. “Our current solution had features such as data optimization and caching to optimize the user experience. We wanted to make sure Cato could provide equivalent capabilities.” Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next generation firewall and IPS. Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 55 globally dispersed points of presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features and improving remote access performance. “The huge increase in bandwidth with Cato will come in very handy when we adopt Office 365 and have to distribute Windows upgrades to all our systems,” The firm started with a 50 Mbit/s Cato link and was immediately pleased with the results. “Much to our surprise the user experience was the same or better than with our current provider,” says the CIO. The company relies to a great extent on SAP for its ERP application and SAP performance was fast and reliable. “The huge increase in bandwidth with Cato will come in very handy when we adopt Office 365 and have to distribute Windows upgrades to all our systems,” says the CIO. Happy with performance, the CIO considered other added value the company could get with Cato compared to its current provider and other market alternatives. “Unlike our former provider, Cato came with a management console that let us monitor and control WAN traffic and configure DNS and some aspects of routing,” says the CIO. “With the current provider we had to open up a support ticket and wait for them to make those changes.” The CIO also liked the analytics dashboard and his experience with Cato support was excellent. “Any issues that came up were resolved very quickly.” Sold on Cato, the CIO moved on to contract negotiation and found that a positive experience as well. “The Cato sales division was very flexible,” he says. Fast Deployment, Lots of Icing on the Cake The company replaced all its current WAN connections with Cato. Deployment at each location was surprisingly quick. “With our legacy global, backbone provider, we needed their help setting policies, setting up ACLs, and configuring BGP. It took a few days,” says the CIO. “With Cato, setup took only a few hours. All we had to do was plug the appliance into the router port and watch it connect automatically to the nearest Cato PoP.” "Amazingly, even with Cato’s bandwidth, performance, management, and monitoring, the company was able to slash connectivity costs by 60 percent. That alone is a huge win for us,” says the CIO. However, the CIO is also excited about taking advantage of Cato’s security and remote access capabilities down the road, saving even more money and managing it all under a single interface. “We’re looking at using Cato to replace our current firewall, VPN, and unified endpoint solution, which is very expensive right now” says the CIO. “Getting all those services in one package would save us a lot in costs and be much less complex in terms of management. We can only win.” The company plans to investigate all these possibilities when it gets into the next budget creation process. Cato’s fast cloud access and integration are other features that intrigue the CIO. “We’re looking at moving to a hybrid cloud IT architecture based on AWS, Salesforce, and Office 365 with Microsoft Azure as well, so that’s three different cloud solutions.” All in all, Cato has been a big win and there are more wins to come.
Read customer story Search
Baltimore Aircoil Replaces MPLS with Cato, Improving Voice Quality, Enabling Video Conferencing, and Increasing Agility

Manufacturing

Baltimore Aircoil Replaces MPLS with Cato, Improving Voice Quality, Enabling Video Conferencing, and Increasing Agility
Baltimore Aircoil Replaces MPLS with Cato, Improving Voice Quality, Enabling Video Conferencing, and Increasing Agility The MPLS Problem: Too Expensive and Too Short on Agility Manufacturers know all too well the challenges of global MPLS — the delays, the high bandwidth costs, the lack of insight. Alone, such attributes pose significant problems for any company. But add in the need to spin up new sites rapidly, and it's easy to see why a global manufacturer, like Baltimore Aircoil Company (BAC), would look for a better solution. A leading manufacturer of cooling systems, BAC’s cooling towers reduce the temperature in large manufacturing plants and provide the cooling effect of air conditioning used by businesses in office blocks worldwide. The company operated three MPLS networks, connecting 20 sites across Europe, North America, Russia, China, Australia, and South Africa. The three networks were interconnected in a datacenter in Brussels. As business transformation progressed within BAC and IT usage grew, the infrastructure team became increasingly frustrated by the lack of agility to respond to new demands. There was insufficient bandwidth to adequately handle the new rollout of VoIP and video in North America. "Traversing a 10 Mbps MPLS connection has too many checkpoints before getting out to the Internet," says infrastructure manager Keith Tripp. At busy times of the day, this has a severe effect on everyone's VoIP conversations – with no easy solution. "You can't just call your MPLS provider and say I want any extra 20 megs tomorrow,” he added. “You can't just call your MPLS provider and say I want any extra 20 megs tomorrow.” In Europe, BAC sales offices liked to relocate whenever they found a better location. The most significant delay to this process came from IT, which needed three or four months to relocate the MPLS circuits. "Hopefully, we would get at least one of the circuits on time," said Michael Devogelaere, BAC IT manager infrastructure, "but sometimes it was the backup circuit that arrived first, with the main circuit a few months later." However, a significant concern with its European provider occurred at the Paris site. Here, one of the provider’s subcontractors changed from copper to fiber, and the MPLS provider demanded a new multi-year contract from BAC. "We did not understand why we should sign a new contract when a subcontractor arbitrarily changed its technology," said Devogelaere. Then there were the security concerns. Although the MPLS included firewalls, BAC had no direct control over them – and the firewalls and firewall rules differed between the different MPLS providers. Luc Derveaux, BAC’s global manager of information protection, was concerned that he could not personally respond to the data warnings provided by the firewalls. “The only real security we had was on the VPNs,” he added. Troubleshooting was also complicated by having to juggle different interfaces when trying to solve a problem. “With separate MPLS and firewall architecture, all information was available in different locations,” says Michel Neuts, the network engineer who architected BAC’s new network. “It was difficult to correlate the information, which meant that we needed more time to diagnose problems.” Permeating all the problems that BAC faced with its MPLS networks was the lack of agility – the inability to respond at speed to new requirements. Large scale, rapid development of work-from-home was one example. But so was troubleshooting real-time problems. “If we had a problem like the quality of a global video conference it would have meant waiting as we opened tickets with each of our MPLS providers,” says Neuts. Searching for a Solution, Finding Cato BAC knew that its existing problems would only get worse over time. It started looking for alternatives. The easiest option would be a simple switch to using the Internet directly, but this was immediately rejected. “You need a solution that provides support,” explains Derveaux. “If you get an Internet problem between Australia and North America, who can you go to for help?” “You need a solution that provides support. If you get an Internet problem between Australia and North America, who can you go to for help?” The existing MPLS providers were asked about their SD-WAN offerings, but the BAC team found that the offerings were always dependent on at least one physical line – keeping the company tied to MPLS. Instead, the company investigated several alternative options. Some new offerings appeared promising but were considered untested and not market ready. Others required significant new investments in infrastructure. Then a network engineer who had been tasked with finding a new WAN solution suggested Cato Networks. Cato’s Solves BAC’s Network Problems After a brief PoC, BAC decided to go with Cato. With Cato, BAC reduced network costs by about 60% and significantly increased capacity. In Australia, for example, bandwidth more than doubled from 20 Mbps to 50 Mbps. The bandwidth improvements were even greater elsewhere. In Milford, California, it increased fivefold from 10 Mbps to 50 Mbps. "With Cato, BAC reduced network costs by 60% and increased capacity by as much as 5x" With Cato, BAC gained a single-pane-of-glass into the entire network. “I especially liked having all information available in one dashboard, one portal,“ says Neuts. “We now have much more information on how our network is behaving then we did before.” Derveaux’s concerns over security were also alleviated. “Going to Cato, we could see directly into the traffic and say, ‘There's a problem here, there's something wrong there,’” he said. He particularly liked Cato’s ability to drill down into networking and security events. “I checked it every day for several months,” says Derveaux. [caption id="attachment_12026" align="aligncenter" width="977"] With Cato’s Event Discovery screen, like this one, BAC is able to rapidly filter through all connectivity, routing, security, system and Socket management events across its global network. In this case, for example, a user filters security events (1) are filtered, looking for traffic to the URI /atomic.php, which is associated with Andromeda (2). The main view (3) displays the raw results.[/caption]   But it’s the increase in agility that stands out. With Cato, BAC could resolve global problems in real time. “When we first decided to stream a monthly webinar to our 300 or so remote employees, we chose to do it across as live event across our video conferencing platform. Now live events are a bit different than your typical video conference; they’re in one-direction where users can see the speaker not vice versa. Apparently, the provider changes up their protocols a bit as a result. “During the event users starting complaining about the very poor video quality. That’s unusual for this platform. So right then I opened the Cato portal and went into the real-time events page. I could see that the traffic was not being categorized as real-time video traffic but as web traffic, which meant that the QoS level wasn’t what it should be. I changed live events on this video conferencing platform to real-time video and, instantly, users across the globe saw a noticeable difference. There’s no way we could have done that as quickly with our MPLS network.” Another example came when BAC moved a server to a new location. “When we relocated a server from Germany, we found it was getting a bit slow because we hadn’t considered the SMB traffic – with Cato, we were able to just change the priority of that SMB traffic. We could have done this with the other providers, but we would need to ask them, possibly pay a fee, and wait for it. With Cato, we just did it,” says Devogelaere. “With Cato, we just did it.” Perhaps the most prominent example of the new agility came with the COVID-19 pandemic. “When we saw how bad it was in New York,” said Tripp, “we went to HR and said we need to do something. We gave our staff a Wi-Fi stick and headphones and told everybody they could work from home. From an IT perspective, it didn't matter whether people were at home or in the office. “Cato enabled us to keep the lights on during the pandemic.” “Because of the pandemic,” he continued, “I would say that the VPN part of Cato was probably one of the biggest benefits. Previously multiple VPNs would come into one MPLS circuit and suffer bandwidth issues. Before Cato, the engineering team was unable to send CAD drawings via a VPN. Cato SDP [Cato’s remote access solution] made it possible. Cato enabled us to keep the lights on during the pandemic.” What’s Next? BAC is particularly happy with Cato’s support services. “The speed at which Cato was adding new features was really surprising,” said Devogelaere. “We really felt that we were part of the development of the product.” Two future options have already been considered. The first is the ability to publish an application using the clientless option of Cato SDP. “We have a requirement for some external people to access to resources and our network, but we don't feel comfortable with having a computer that has a security policy that we don't know accessing our resources,” said Devogelaere. “If they can do that via jump hosts or something similar, that would be good from a security perspective for us.” [caption id="attachment_12027" align="aligncenter" width="1100"] With Cato, BAC replaced its global MPLS network, remote access, and security appliances with a single, converged solution.[/caption] Another future option that has been considered by BAC is Cato's Managed Threat Detection and Response (MDR) capability. With the customer already connected to Cato, Cato can deliver zero-footprint detection of persistent threats without requiring customers to install additional appliances. Cato MDR uses machine learning algorithms combined with human verification of detected anomalies, with the availability of Cato experts able to guide customers through any necessary remediation. BAC doesn’t need Cato MDR today, but for Devogelaere and the rest of the BAC team, being able to enable MDR and other Cato capabilities instantly was a “welcome change” from the delays and headaches of MPLS.
Read customer story Search
KRAMP streamlines networking and security with a managed Cato SASE solution by Videns

Wholesale/Distribution/Logistics

KRAMP streamlines networking and security with a managed Cato SASE solution
KRAMP streamlines networking and security with a managed Cato SASE solution by Videns From Legacy MPLS to SASE Kramp operates right across Europe, with offices in many countries from Russia to the United Kingdom and from the Nordics to Italy, as well as a purchasing office in China. Kramp has undergone strong growth in recent years, both organically and through a number of acquisitions. This resulted in a situation where the company had to maintain and manage multiple, different WAN and security solutions and technologies, which was highly inefficient in terms of cost and labor. For security purposes, Kramp used multiple on-premises solutions from Sophos and Cisco. Jos Nieuwenhuis, Enterprise Architect at Kramp: “In our WAN landscape, a number of branch offices were connected via outsourced MPLS connections and other branch offices via VPN connections in combination with internet connectivity which we managed in house. At some locations, we used internet connections that were sourced locally which made it even more difficult to communicate with the provider.” Key highlights from Jos: "The fact that connectivity and security are combined within one single solution will help us drive down cost and improve our internal customers’ experience.”   "Traffic optimization within the managed SASE network ensures that we need less bandwidth than before. This built-in efficiency allows us to minimize the costs of our WAN without sacrificing performance."   "Thanks to the consolidated solution, we were able to phase out various security point solutions and terminate service contracts we no longer needed." Read the full case study
Read customer story Search
Boyd CAT Doubles Network Performance, Boosts Agility with Cato

Manufacturing

Boyd CAT Doubles Network Performance, Boosts Agility with Cato
Boyd CAT Doubles Network Performance, Boosts Agility with Cato The Challenge: Slow Application Performance, Poor Visibility Retail dealerships face unique challenges in an era of digital transformation. To run their businesses today, they need fast, secure WAN connections from dispersed retail locations to applications in the corporate datacenter and the cloud and to manufacturing partners. Such was the case with Boyd CAT, a Caterpillar heavy equipment dealer. The company’s 20 retail locations were spread across Kentucky, Southern Indiana, West Virginia and Southeastern Ohio. All were connected to datacenters in Louisville, Kentucky and Belle, West Virginia using 10 Mbits/s MPLS connections. Its ERP application, Microsoft Dynamics AX, ran in the datacenter. Security was provided by datacenter firewall appliances, which also handled mobile VPN access, and a second firewall from the company’s MPLS carrier. With its expensive MPLS-based communications architecture, capacity was undersized and application performance often suffered, impacting customer service and other aspects of the business. “With MPLS, our branches were always complaining about slow performance”  “With 10 Mbits/s MPLS connections, our branches were always complaining about slow performance,” says Boyd CAT Communications Analyst, Matt Bays. All of those expensive MPLS connections also relied on local last mile connections, which could be erratic. “Dealers in Kentucky and West Virginia suffered frequent dropouts,” says Bays. “If there was an interruption, we’d often have to contact the MPLS carrier which would then have to get us to the local last-mile provider.” Sometimes resolving performance and dropout issues could take days. When connections dropped, retailers could not access the company’s Azure based Microsoft Dynamics AX ERP application. Even when the connection was up, ERP performance could be painfully slow. “All of our print servers are in Louisville, so if someone needed to print a customer invoice, the data would have to travel first to the MS Dynamics AX servers in the Louisville datacenter, and then all the way back to the retail branch,” says Bays. “At certain locations, the last mile provider might be running at only 3 or 6 Mbits/s, so it could take forever just to print a simple document.” To add to performance issues, there was no easy way to manage bandwidth allocation, so application performance would degrade even more when Windows operating system updates hogged the already slow connection. “On the second Tuesday of every month, our Windows update server would update all the laptops and desktops and everything else would slow down to a crawl,” says Bays. Boyd CAT also had to limit or prohibit use of streaming applications such as music services and YouTube to keep things running smoothly Visibility with carrier MPLS was limited, so it was difficult to troubleshoot performance issues. “We often couldn’t figure out if the problem was the application or the data circuit,” says Bays. Firewall management was also cumbersome. “To allow secure access to a new location from Caterpillar and our numerous other providers we’d have to go through our system admins who would have to get online and submit a request to the carrier,“ says Bays BOYD CAT Investigates SD-WAN, Chooses Cato Things changed when Boyd CAT’s head of IS attended a tech conference where he heard other attendees discussing their SD-WAN solutions. “After that conference, we were tasked with searching out SD-WAN providers and looking into the cost and implications of converting to SD-WAN,” says Bays. Boyd CAT considered Cato and two other SD-WAN providers in the telecom and network appliance spaces, according to Bays. “Immediately Cato seemed like the right fit. The cost was reasonable, the implementation seemed so easy and the visibility was so much better than with MPLS.” Representatives from Cato and Cato’s local Kentucky and West Virginia last mile providers came to Boyd CAT’s offices for a meeting. “That was where we go the final approval to go with Cato.” Cato connects all enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic. Connecting a retail location to Cato is just a matter of installing a simple Cato Socket appliance, which connects to the nearest of Cato’s more than 55 globally dispersed points of presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, but it also has built in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone benefiting from the same optimization features, improving remote access performance. Fast Deployment, Double the Bandwidth Deploying Cato’s Sockets to each location was incredibly easy. “We ran around to each site, plugged them in, and assigned the license,” says Bays, “The actual cutover from MPLS took seconds.” “The branches were just loving it,” says Bays, “They started fighting over who would transition to Cato next. We were able to discontinue all our MPLS connections.” Thanks to the low cost of the Cato solution, Boyd CAT was able to more than double branch bandwidth, moving to from 10 to 25 Mbits/s. Together with Cato’s optimization and global private backbone, the additional bandwidth led to a dramatic improvement in application performance. “The branches were just loving it,” says Bays, “They started fighting over who would transition to Cato next. We were able to discontinue all our MPLS connections.” “With Cato we can limit the bandwidth used by Windows Update and streaming applications, so they don’t slow things down, and see who is doing what on each circuit,” says Bays. “That really excited us." Aside from sheer bandwidth, other performance improvements came from Cato’s improved visibility and bandwidth management capabilities. “With Cato we can limit the bandwidth used by Windows Update and streaming applications, so they don’t slow things down, and see who is doing what on each circuit,” says Bays. “That really excited us. We also have dual data circuits.” The latter means no more of the dropouts suffered with the last mile MPLS providers. Now it’s no problem allowing users to take advantage of YouTube, which is important because Caterpillar does some of its training via YouTube videos. When there are rare performance issues, Cato’s visibility makes it easy to trace the cause. “We recently had an issue at our Evansville location. I just logged into the local Socket, did a speed test and traced the issue to the application,” says Bays. Boyd CAT’s Helpdesk can also log into Cato’s console to troubleshoot performance issues. A Smooth-Running Business Bays can configure and change network and firewall rules directly through the management console, rather than having to submit a request and wait. “It’s so easy to open up a connection for a partner or use Active Directory groups to determine who can access social media sites such as Twitter and Facebook,” says Bays. Boyd CAT is also using Cato’s anti-malware and IPS capabilities. “They’re working great,” says Bays. “Support is always excellent,” says Bays. “We just click on the support tab and send a ticket and they respond very quickly. We don’t have to call in, go through all those options and not hear back for a few days. We get a quick response and they often follow up to make sure everything is good, which is really nice.” Bays has started rolling out some Cato mobile VPN clients as well. “I love it. You just click a button to connect. When our licenses run out on our current VPN solution, we’ll look into switching all our end users to Cato VPN clients.” The result: Smoother, more secure business processes and enhanced productivity, thanks to Cato. Says Bays, “It’s just been huge for Boyd CAT to be able to get everyone in the business more bandwidth and faster, more consistent performance.”
Read customer story Search
Focus Services Crushes Call Center Latency, Boosts Security with Cato

Managed Services

Focus Services Crushes Call Center Latency, Boosts Security with Cato
Focus Services Crushes Call Center Latency, Boosts Security with Cato The Challenge: Call Center Latency Once upon a time, call centers relied on analog telephone lines to deliver the services their revenues depend on. Now that analog lines have been replaced with digital VoIP and call center Automatic Call Distribution (ACD) systems have largely moved to the cloud, fast, reliable WAN connections are critical to call center success. With more call center employees working from home--particularly since Covid-19--fast remote access is a growing requirement as well. Focus Services, a global outsourced call center provider with 10 call centers in North America, three in Central America, and one in the Philippines is no exception. Not only must its WAN connections be fast, stable, and reliable, they must also deliver low latency or else voice quality will degrade, according to Bill Wiser, Vice President of IT for Focus Services. “We were gaining a lot of international business, so better, more cost-effective global connectivity options were vital,” says Wiser. Before Cato, Focus Services relied on carrier MPLS to connect its North American call centers, but had to settle for Internet VPN’s internationally because MPLS options were just too expensive. “We were gaining a lot of international business, so better, more cost-effective global connectivity options were vital,” says Wiser. Latency and poor voice quality plagued its international long-haul VPN connections until Focus deployed an intelligent BGP routing solution. “The solution could monitor and prioritize traffic based on usage and switch providers and routes if latency became an issue,” says Wiser. “It was fairly effective, particularly in the Philippines, where traffic might take 12 to 15 hops to get to the U.S.” However, while latency improved, there were still issues and limitations. “We had to deal with a complex piece of hardware and handle a fair amount of administration, including updates,” says Wiser And while the intelligent routing solution could analyze traffic and switch providers when necessary, it still had to send traffic over the sometimes unreliable Internet. “There were still many times when we had to go in there and promote certain types of traffic manually to mitigate latency issues,” says Wiser, “and the solution didn’t handle inbound traffic nearly as well as outbound.” Focus Services Investigates SD-WAN, Chooses Cato Even though most of the issues lay abroad, Focus decided to begin its SD-WAN and Cato journey in North America initially, then spread the solution to Central America, with the Philippines rollout expected in 2021. “We looked at SD-WAN as a way to get rid of our expensive domestic MPLS circuits and use the savings to add some Internet redundancy with different providers,” says Wiser. “We could then use SD-WAN to offer rollover reliability of the network.” At first, Focus worked with a solution provided by one of its technology partners, but things didn’t go very well. “They were reselling one of the big mainstream SD-WAN solutions,” says Wiser, “but the vendor had little experience with it, so they were struggling. It didn’t seem like the right solution for our call center case anyway.” Wiser sought a more customizable solution, particularly when it came to resilience and one that had a good international presence so he could eventually roll out critical international locations into the solution without much effort. That was when another technology partner introduced Focus to Cato. “They thought Cato could provide all we were looking for, including some of the features of the existing intelligent routing solution we liked, together with all that SD-WAN automation and ease of management.” Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance, which connects to the nearest of Cato’s more than 55 globally dispersed points of presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features, improving remote access performance. Cato Delivers the Goods It didn’t take long for Wiser to settle on Cato. “We looked at some other solutions but only tested Cato because it was much more cost effective and easier to use than the others,” says Wiser. “The manageability of Cato was also pretty awesome. We love being able to pinpoint network issues and use the visual log to dive into them. We never had this visibility with our previous firewalls.” "Long -haul traffic from international locations to customers in the U.S. now gets MPLS-like performance. That has really helped our sales and deployment." Cato’s converged backbone was another deciding factor, particularly for its Central America locations. “The other solutions were still working off installed lines,” says Wiser. ”We liked that we could get on that WAN that Cato has already put a lot of time and money into and use it to drop out close to the endpoint. Long -haul traffic from international locations to customers in the U.S. now gets MPLS-like performance. That has really helped our sales and deployment.” “It’s pretty awesome to hit that Cato network and see that traffic prioritized all the way through to the cloud, rather than just close to our site.” The fast backbone connection most of the way to its ACD cloud service was a big plus. “QOS was always a struggle before Cato, says Wiser. “It’s pretty awesome to hit that Cato network and see that traffic prioritized all the way through to the cloud, rather than just close to our site.” “Now we can duplicate traffic across both providers rather than just failing over, which is huge when you’re dealing with voice traffic. Voice doesn’t degrade nearly as often as it did before.” Focus also liked using dual active/active ISP routes to the local Cato PoP. “Our intelligent routing solution was just a best route tool,” says Wiser. “Now we can duplicate traffic across both providers rather than just failing over, which is huge when you’re dealing with voice traffic. Voice doesn’t degrade nearly as often as it did before.” Cato Cures Covid-19 WFM Woes Focus didn’t incorporate Cato’s security services at first because it already had its own firewalls, Web filtering, and other security capabilities in place. That all changed when Covid-19 struck. “Like other companies, we had to move a lot of people home for work, including call center reps and our administrative staff. As we added hundreds of work-from-home users to our Cato account, we started ramping up its security services too. Now we’re using Cato’s internal traffic filtering and Web filtering to take over some of the things we were doing with our firewalls. It all happened so fast, thanks to Cato, and was a life saver.” Cato has now replaced Focus Services’ mainstream vendor firewall/VPN solutions, which were originally serving only about 30 admin and IT users. “They were pretty limited compared to what Cato offers.” Cato’s malware protection and IPS are big goals for the future. “Covid-19 slowed us down a bit, so that’s definitely down the road. Before Covid we had lots of great plans, but they were delayed.” All in all, Cato has been a boon to the company’s call center business. “We’re very happy with the product and look forward to expanding its use to the Philippines.
Read customer story Search
AmesburyTruth Boosts WAN Reliability, Agility, and Security with Cato SASE

Manufacturing

AmesburyTruth Boosts WAN Reliability, Agility, and Security with Cato SASE
AmesburyTruth Boosts WAN Reliability, Agility, and Security with Cato SASE The Challenge: Fast SD-WAN Deployment, Reliability As legacy WAN solutions prove less and less practical in the age of mobility and the cloud, many organizations have turned to more flexible SD-WAN alternatives to connect office locations to the datacenter and cloud services over a variety of connection types. Securing all those locations requires equipping each site with enterprise-level security solutions. Unfortunately, many organizations have found fulfilling the promise of SD-WAN a challenge, particularly on their first try. Such was the case with AmesburyTruth, a leading global provider of window and door components. The company sought a flexible way to connect 12 of its locations to the datacenter, the cloud, and each other. AmesburyTruth approached a major telecommunications provider, which set it up with an SD-WAN and security solution. To say that the solution did not fulfill its promise would be an understatement, according to AmesburyTruth Chief Information Officer Pat Bayer. “Our legacy SD-WAN couldn’t meet our needs,” says Bayer. “We had every type of problem you can imagine. CPU utilization would go through the roof, appliances would crash, packets would be discarded all over the place. When we needed support, we had to go through the telecom provider, which didn’t know the product very well.” Only when a problem moved high enough in the support chain to the manufacturer, would it be addressed. “It was just a nightmare,” says Bayer. To keep SD-WAN appliances running, Bayer’s staff had to reboot all of them at least once a week. “We spent all of our time trying to implement the previous solution. We still hadn’t gotten there when we decided it was time to move on,” says Bayer. The business impact was considerable. . “We had people dropping calls and company-wide-meetings with long pauses of silence and people dropping off,” says Bayer, “Poor application performance hampered productivity and business agility. AmesburyTruth relied heavily on an ERP application that demanded a reliable, very-low-latency connection. All its branch and remote users depended on fast, reliable connections to datacenter ERP servers for real-time information critical to sales and other business functions. “Our SD-WAN solution just couldn’t deliver on that at all,” says Bayer. Security and management were also a disappointment. “Visibility was almost nonexistent,” says Bayer. “It was extremely difficult to tell if the firewall and other security functions were doing what they were supposed to do.” AmesburyTruth Ends Contract, Finds Cato’s SASE Platform Bayer and his team were through with the legacy SD-WAN solution. That’s when Bayer found Cato, thanks to a camera surveillance provider Bayer was looking to do business with. “We looked at all the SD-WAN and security solutions from major vendors,” says Bayer. “I asked my contact at the surveillance provider if in his travels he had heard of anything that other organizations liked. He said in his experience Cato was the only solution people didn’t have issues with. He was reluctant to talk about anyone else.” Since it had been burned in the past, AmesburyTruth set up proof of concept (POC) deployments for every single solution under consideration. “We really wanted see firsthand what really worked, not just what people said worked.” “None of the other solutions we looked at had the simplicity that Cato’s SASE platform offers,” says Bayer. “We found that really interesting and liked all traffic visualization and analytics Cato provided.” AmesburyTruth deployed Cato at three of its sites for the POC. With its previous SD-WAN solution it would take more than a day to get each site up and running. “Even then we’d come out of the day with an extremely long punch list of issues.” "It was unreal, how Cato just worked where every other system we tried took a lot of configuring and tinkering behind the scenes to get everything to flow right,” says Bayer. “Cato was just head and shoulders above everyone else.”   “Our first Cato site took 30 to 45 minutes to get up and running,” says Bayer. “After that one we were spinning up new sites in 15 to 20 minutes. It was unreal, how Cato just worked where every other system we tried took a lot of configuring and tinkering behind the scenes to get everything to flow right. Cato was just head and shoulders above everyone else.” Cato: It’s the Difference Between Night and Day Deploying Cato to the seven other sites took place over the holidays. “The hardest part was an MPLS network we deployed from our previous vendor for low-latency applications. But getting the MPLS network up, running and working with everything else, including Cato, was the biggest part of the transition.” Cato connects all enterprise network resources--including branch locations, mobile users, and physical and cloud datacenters--into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic. AmesburyTruth continued to connect internal locations with MPLS, but any external traffic, including cloud and mobile, ran over Cato’s global private backbone, which interconnects across multiple tier-1 network providers via more than 50 points of presence (PoPs). Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, so remote access performance is excellent. Since the transition, the new network has been running much more smoothly. “All the previous network performance and application issues are gone,” says Bayer. “No more dropped packets. No more meeting interruptions. No more rebooting. Cato has been rock-solid.” Visibility has improved dramatically. “With Cato we see in no uncertain terms that this traffic was blocked by that firewall rule,” says Bayer. “It’s like night and day. And now that so many people are working at home because of COVID-19, we’re really grateful to have that extra layer of security and visibility that Cato offers.” “We couldn’t be happier,” says Bayer. “Cato is one of those things we wish we had done a long time ago.”
Read customer story Search
RingCentral Moves Internal Network to Cato’s SASE Platform

Technology

RingCentral Moves Internal Network to Cato’s SASE Platform
RingCentral Moves Internal Network to Cato’s SASE Platform Organizations face new challenges as they become digital enterprises. IT must become agile to adapt to constantly changing business requirements. Yet operations must stay lean even as they deliver excellent user experiences everywhere. These challenges confound many IT organizations and are precisely the ones Carlo Curato and his team at RingCentral have addressed for several years. Cloud First, Cloud Native Reduces Time Spent on Mundane Management Tasks Named a Magic Quadrant leader by Gartner in the Unified Communications as a Service category, RingCentral is no stranger to digital transformation technologies such as mobility and the cloud. Curato considers both keys to RingCentral’s own continual transformation. “We’re a big proponent of cloud solutions and work from anywhere,” says Curato. “We’re our first and best customer and use our platform heavily.” RingCentral follows a cloud-first, work anywhere strategy for most other internal solutions as well. “We feel strongly that to stay agile, IT should focus on core capabilities and delivering to the customer and move non-core IT portfolio items to the cloud,” says Curato. “We feel strongly that to stay agile, IT should focus on core capabilities and delivering to the customer and move non-core IT portfolio items to the cloud.” — Carlo Curato, Director of IT Infrastructure, RingCentral For Curato, cloud doesn’t mean spinning up a bunch of virtual servers in a cloud infrastructure. It means a complete, cloud-native solution managed fully by the provider, not your IT department. “The idea is that all the bells and whistles are managed and supported 24/7 by the cloud service,” says Curato, so the enterprise doesn’t have to spend time and resources on mundane management tasks. “Functions like failover and patching take many hours off of IT time that could be spent on core competency functions that improve the business.” Cloud-native also means solutions that scale automatically to support demand and are managed and delivered on a global scale. “It gives us the ability to scale quickly to support the company as it grows or shrinks,” he says And cloud-native means easy integration. “Anything we can tap into with a REST API is huge,” says Curato. “You no longer need to be masters of CLI. Instead, your DevOps team can modify or support the business using API’s and services that integrate, orchestrate and automate functions easily.” RingCentral’s Purchase Criteria: SD-WAN and Cloud Native RingCentral applied its cloud native, integrated, work-from-anywhere strategy to its search for an SD-WAN solution. “We’re growing fast, building offices, expanding, moving floors, moving people from floor to floor, moving servers from one area to another,” says Curato. “We want simplicity of deployment so we can get things up and running fast. We don’t want to spend a lot of time configuring, reconfiguring, and managing an SD-WAN solution. And with current travel restrictions, we need to take configuration out of the hands of the location or person holding the device.” That means pre-provisioning in the cloud. “The provider should be able to deliver the solution pre-provisioned in such a way that anyone at a home office, branch office or headquarters can just plug it into the Internet service and watch it light up.” Automation applies to SD-WAN security functions as well. “When you start managing your own firewalls, you expose a management interface to the Internet, where it becomes vulnerable to scans, hackers, and DDOS attacks,” says Curato. “If there’s a vulnerability that can be exploited, you have lots of hackers out there looking to exploit it.” We wanted a solution that doesn’t expose the interface but just talks directly to the cloud for security and management.” Cato Delivers A True Cloud-Native SASE Platform It was those requirements that led Curato and RingCentral to Cato. “We told a partner of our wish list and he introduced us to Cato.” Curato liked the way the Cato edge devices were pre-provisioned just like a RingCentral desk phone. “With Cato, it takes longer to order your Internet circuit from the provider than to get the Cato Socket up and running for the first time,” says Curato. “With Cato, it takes longer to order your Internet circuit from the provider than to get the Cato Socket up and running.” — Carlo Curato, Director of IT Infrastructure, RingCentral Cato’s management was also a big plus. “I don’t want to be in the business of figuring out where to put my firewall management software,” says Curato. “What happens if you need more firewalls? You need to buy more licenses. It’s a scaling nightmare. Cato has a single pane of glass with centralized management, security and seamless scalability.” Centralized, integrated management also makes it easier for Curato to address WAN performance and other issues. “A central repository lets you resolve issues quickly, so you not only deploy faster, you solve problems faster too.” [caption id="attachment_11262" align="aligncenter" width="1920"] With Cato, RingCentral gained a single pane-of-glass, into its network, security, and access infrastructure.[/caption] Cato Enabled A Quick COVID-19 Ramp Up RingCentral’s cloud-native strategy and Cato’s integrated mobility and easy scalability were lifesavers as the COVID-19 crisis unfolded. “With a traditional VPN solution, we would have had to figure out how to scale an environment architected for only a small portion of the workforce working at home at any time. With Cato, everyone can work at home right away. I don’t have to think about bandwidth and IP ranges. They’re all there, managed by Cato.” “With Cato, everyone can work at home right away. I don’t have to think about bandwidth and IP ranges. They’re all there, managed by Cato.” — Carlo Curato, Director of IT Infrastructure, RingCentral Cato’s cloud-based security functions made it particularly easy for the development team, which has the most robust security requirements, to work from home. “Without Cato we probably would have had to send each team member a small firewall and configure and manage all of them. With Cato we just sent a preconfigured socket device with all the firewall rules pre-provisioned.” [caption id="attachment_11261" align="aligncenter" width="1920"] With Cato, users IT can drill down to gain deep insight into remote users, seeing configuration information, performance metrics, and more.[/caption] Cloud first, cloud-native, work from anywhere: Those are Curato’s mantra for a smooth digital transformation. And that’s how Cato helps RingCentral deliver on digital transformation.
Read customer story Search
ASM SMT Boosts WAN Performance and Agility, Cuts Costs with Cato

Manufacturing

ASM SMT Boosts WAN Performance and Agility, Cuts Costs with Cato
ASM SMT Boosts WAN Performance and Agility, Cuts Costs with Cato The Challenge: A Fast, Agile Global Network Global suppliers need fast, agile networks to keep business processes moving among manufacturing plants, warehouses, customers and partners. As a leading supplier of Surface Mount Technology solutions for computer chip and circuit board manufacturers, ASM SMT is no exception. With offices spread globally from the west coast of the USA to the east coast of China, their globally spread SMT segment, found achieving such a goal a tall order. Before Cato, ASM SMT’s offices connected over a global meshed VPN topology overlaid on top of MPLS. Local Internet breakouts added Web filtering and WAN optimization hardware. Mobile users connected to firewalls at core regional locations for remote access. “The solution worked okay, but it was very expensive and took a long time to provision,” says Ian Bleazard, ASM SMT IT Director of Infrastructure and Analytics. “We operate in China and Vietnam, where you can be looking at a 180-day lead time for connectivity. Six months can have a substantial negative business impact.” With a typical office consisting of the usual stack of edge security products, firewalls, Web filters, etc. new site deployment was also dependent on multiple security vendors delivering on time, which, of course, often led to further delays, according to Bleazard. In many cases, each appliance had to be managed separately, so the configuration was a tedious and sizeable task at scale. Any changes to the regional firewalls had an impact on remote user connectivity. “With shared memory and CPU resources among firewall and remote access functions, the regional firewall appliances were often unfit for increasing demand,” says Bleazard. ASM SMT Investigates SD-WAN, Chooses Cato ASM SMT sought a simpler solution that would deliver business agility, security, and good performance at a lower total cost of ownership. “SD-WAN was intriguing to us, so we set out to research the technology and some vendors,” says Mr. Bleazard. “Three vendors made our shortlist, but it soon became clear that there was only one all-encompassing winner.” The winner was Cato. “Other vendors either lacked middle-mile backbone solutions, required backhauling of traffic between locations or couldn’t provide built-in WAN optimization and security functionality,” says Mr. Bleazard. A trusted local vendor introduced ASM SMT to Cato. “Immediately we had a good feeling. Cato had a promising solution that could solve a lot of our issues and they presented it to us in a very honest, upfront manner.” ASM SMT put together a proof of concept (POC) project with Cato for three business locations. “The idea was to throw some of the major issues we encountered with MPLS at the POC scenario. For example, we wanted to see how Cato would address speed issues with centralized Product Lifecycle Management software, SMB file copy , and videoconferencing performance over the WAN. During the POC, Cato improved performance more than 100 percent vs. MPLS." “It’s rare that you hear from users when things are going well, but, amazingly, during the POC we had users from all over the business thanking us and telling us how much it was improving their daily business productivity,” says Bleazard, “The productivity of those on the POC significantly increased and more importantly it removed some of their daily frustrations.” Cato Delivers Agility and Performance at a Lower Cost than MPLS Convinced, ASM SMT proceeded with Cato deployment across the other locations. “Our MPLS contract had eight months left, so we could roll out Cato gradually,” says Mr. Bleazard. “Cato’s use of BGP made the rollout seamless, with dynamic routes published automatically as soon as a site came online. We were able to switch over with almost no outage, which is key, as any outage can cause issues with production and other key business functions.”. The savings and performance grew as MPLS contracts expired and ASM SMT transitioned to Cato. “Cato’s pricing structure allowed a higher bandwidth among sites vs. MPLS and its packet loss mitigation feature helped a lot with VoIP and video packets reaching their destination without a break in communication.” He was also very pleased with Cato support. “Cato usually answered our emails within 10 minutes, and we were able to get someone on the phone quickly when something was important,” says Bleazard. “The general feeling was that support was there when we needed it.” ASM SMT has since begun rollout of the Cato VPN client as a replacement for the internal VPN gateways, a process that accelerated as the Covid-19 pandemic sent workers home, first in China and then everywhere else. “Generally, you don’t transition technology during a crisis, but we felt we had to move a few hundred users--mostly the ones that use a lot of bandwidth--onto the Cato network for VPN and it worked out really well,” says Bleazard. “The VPN provides straight access to the Cato backbone and the services they need, rather than backhauling everything to the local office. They really like it and find it easy to use--and that’s rare. Having one console for everything makes the whole management process much simpler as well, and very much helped us stay on top of these unique circumstances.” Overall Bleazard is very pleased with the Cato experience and plans to expand remote access using Cato and deployment to future locations. He adds, “The past eight weeks is one of the few times I’ve ever received emails from users saying thank you.” With Cato, ASM got the security and network performance they needed, converged into the one seamless solution for all sites, cloud resources, and mobile uses.
Read customer story Search
Brake Masters Puts the Brakes on Outages Across 71 Sites with Cato

Retail

Brake Masters Puts the Brakes on Outages Across 71 Sites with Cato
Brake Masters Puts the Brakes on Outages Across 71 Sites with Cato Outages Keep Business in Second Gear Network connectivity is essential to any retail operation. Unreliable, slow network access can translate into lost revenue through credit card processing delays and lower customer satisfaction as guest Wi-Fi grinds to a halt. Just ask Steve Waibel. The director of IT for Brake Masters, a leading auto-repair chain spanning 71 sites across the United States, had been struggling with his legacy MPLS service. The MPLS network connected Brake Masters’ 71 stores with T1 lines, carrying Point of Scale (PoS) system for credit card processing and the guest Wi-Fi for customers to pass the time while waiting to get their cars repaired back to the Brake Masters datacenter in Tucson, Arizona. But Waibel found that the MPLS to be "just plain unreliable" and slow, he says. "We faced weekly outages in one store or another," he says. The network was also unable to deliver a decent guest Wi-Fi experience. The free Wi-Fi from Brake Masters was often limited to just 500 Kbits/s, far too slow for YouTube or to do much more than basic Web browsing. "We got quite a few complaints about that," Waibel says. And MPLS proved to be a drag on Brake Masters' schedule for opening new stores. When a new store was ready to open, they were often waiting on connectivity. "We had an ongoing issue with provisioning MPLS," Waibel says. Cato Gets Brake Masters Cruising Waibel knew he needed to fix his network and began researching SD-WAN vendors. "All totaled, we probably evaluated 10 to 12 SD-WAN vendors," he says. But alternative SD-WAN solutions proved to be too expensive and complicated, requiring Brake Masters to maintain firewall appliances at every location. They also relied on the public Internet, which Waibel thought were going to be too unreliable and unpredictable for Brake Masters. With Cato, Waibel found a solution that met his needs. Cato is the first implementation of Gartner's secure access service edge (SASE) architecture and converges security and networking into a global, cloud-native platform. Sites, mobile users, and cloud-resources – all connect to the nearest PoP of Cato's global private backbone, a geographically distributed, SLA-backed network of 50+ PoPs, interconnected by multiple tier-1 carriers. The backbone's cloud-native software provides global routing optimization, self-healing capabilities, WAN optimization for maximum end-to-end throughput, and full encryption. In the end, Waibel chose to deploy Cato across all 71 locations, configuring sites with a Cato Socket, Cato's SD-WAN device, and dual last-mile Internet connections, typically cable and fixed wireless. "Currently, we've connected 55 locations and moving forward with converting the rest," he says. Brake Masters Deploy Sites Quickly and Improves Performance Waibel says Cato meets all the needs for retail locations, including easy management, deployment, and getting notifications of potential network problems before they're a big deal. "All that makes it very easy to run your retail establishments," Waibel says. More specifically, opening new stores with Cato has been much faster and easier than with MPLS. "We order lines, and they're always in well before the store is done," Waibel says. "Since we moved to Cato, our bandwidth increased by approximately 30 times the speed we had before. Now, the customer's Wi-Fi experience is much better. We’ve stopped receiving complaints since deploying Cato" With Cato, he also vastly improved his customer Wi-Fi experience. "Since we moved to Cato, our bandwidth increased by approximately 30 times the speed we had before," Waibel says. "Now, the customer's Wi-Fi experience is much better. We’ve stopped receiving complaints since deploying Cato," Waibel says. The changes in the last mile infrastructure also meant better uptime. "None of our sites have lost complete connectivity since deploying Cato," he says, "Sure, there are disruptions in the last mile, but the Cato Socket just moves the traffic over the secondary connection. The users never know the difference," Waibel says. The portal makes it easy to set up a new site, manage a site, and manage firewall rules. "The management portal is well designed. It's my favorite feature, "he says, "All the information you need to manage the network is right there." A case in point is his security infrastructure. Instead of deploying branch security appliances, Waibel relies on Cato security services – NGFW, anti-malware, and Cato IPS. He administers his security rules centrally in the Cato management portal, automatically applying them to the stores everywhere – all without deploying additional security appliances. And when there are problems, Waibel has been able to resolve disruptions far faster with Cato. "We get a view of every single store, and we can tell if there's a problem at any store," Waibel says. "Every day, we know exactly what's going on, and we can address any issues that might be there." [caption id="attachment_10519" align="aligncenter" width="1118"] Brake Masters has been able to replace MPLS with Cato, connecting and securing all business locations[/caption] New Network. Great Experience. Instead of stores calling in with problems, Cato automatically notifies Waibel of connectivity issues. "Often, we're already on top of things when the store becomes aware of the issue," he says. "With Cato, we've become very proactive." "Compared to what we used for six years with MPLS, it's like night and day. And I would never go back." "I would recommend Cato to other companies considering moving to SD-WAN," says Waibel. "Opening new stores now goes smoothly, pricing is affordable, the cloud firewall and private backbone provide a great experience, and services are easy to set up," he says.
Read customer story Search
Geosyntec Connects 60+ Locations, Improves VoIP and Remote Access Punch with Cato Cloud

Engineering

Geosyntec Connects 60+ Locations, Improves VoIP and Remote Access Punch with Cato Cloud
Geosyntec Connects 60+ Locations, Improves VoIP and Remote Access Punch with Cato Cloud How to Deploy Skype for Business Without MPLS Collaboration is essential to most enterprises, but the voice and video collaboration are too sensitive to route over the Internet and scaling up an MPLS can be very costly. What can IT leaders do without increasing their networking costs? That was the challenge facing Edo Nakdimon, senior IT manager at Geosyntec Consultants The environmental consulting service had relied on MPLS service to connect 67 offices across North America with T1 (1.544 Mbits/s) connections. Geosyntec initially ran voice over MPLS using Cisco CallManager in its datacenter. Routers at the branch offices provided local breakout sending voice traffic across the MPLS circuit and the rest of the traffic across the Internet. “Enabling voice, video chatting and other collaboration services over a single T1 lines it’s like trying to push an elephant through a pinhole" “Enabling voice, video chatting and other collaboration services over a single T1 lines it’s like trying to push an elephant through a pinhole," says Nakdimon, “ For optimal experience, we knew we had to either scale up our existing solution or rearchitect our Wide Area Network environment. Without the proper network design traffic such as voice and video will suffer.” Collaboration, though, wasn't the only application that concerned him. The company's consultants rely on Geographic Information System (GIS) software and CAD for their work. The GIS project files were stored on servers in the respective Geosyntec offices. However, the consultants often had to open files in remote offices, pulling the large files across the DMVPN connections. "If there's any latency, if there's any lag, we're going to hear about it," says Nakdimon. He decided to migrate to Skype for Business and replace the MPLS service with a network architecture that could address all of his application needs. Cato Meets Geosyntec’s 'Ever Evolving' Needs Nakdimon initially investigated traditional SD-WAN offerings but was skeptical of vendor claims that they could maintain quality of service (QoS) across the Internet. "I don't care what any SD-WAN provider will tell me; I don't care what any network engineer will tell me. They can’t guarantee markings will pass over the public Internet across multiple internet service providers," he says. "Once traffic leaves the endpoint, it's beyond the vendor's control. This is just the way it works." Cato distinguished itself because its SD-WAN devices connect to Cato's global, private backbone. And with more than 50 points of presence (PoPs) across the globe, Cato as located near Geosyntec's strategic locations. These factors ensured Cato could provide the QoS Geosyntec requires. "I looked and saw that Cato's SD-WAN devices were connecting to its private network and thought that was 'perfect.' It's exactly what I wanted," he says. Nakdimon conducted a PoC, and "everything worked great," he says. There was no comparison between MPLS's T1 connection and the 25 Mbits/s connections he used with Cato. Since then, he's rolled out Cato across all of his North American locations, replacing MPLS with Cato's Secure Access Service Edge (SASE) platform. As an early Cato adopter, Geosyntec experienced some "growing pains," he said. He points to problems with firmware upgrades to the Cato Socket, Cato's SD-WAN device, as an example, which needed to be addressed. "I generally found Cato support to be quick and responsive," he says. "Once that was done, we have so far no complaints. If you have complaints, typically it was not on the network side. We've been very happy so far," Nakdimon says. "Day-by-day needs and requirements are changing, and at Geosyntec, we need to constantly research options to meet those ongoing changes and requirements. Cato provides us with a platform for delivering the networking and security capabilities that help our users increase their productivity while allowing our network engineers to concentrate on other projects by reducing the management time and overhead." Gradually Nakdimon has expanded beyond MPLS replacement, activating other Cato capabilities, such as Cato security services, to protect branch offices. "Networking is ever-evolving," says Nakdimon. "Day-by-day needs and requirements are changing, and at Geosyntec, we need to constantly research options to meet those ongoing changes and requirements. Cato provides us with a platform for delivering the networking and security capabilities that help our users increase their productivity while allowing our network engineers to concentrate on other projects by reducing the management time and overhead." Cato SDP Solves Global Geosyntec’s Remote Access Challenge Remote access has been another service Nakdimon activated for his users. Like many enterprises, Geosyntec faced the challenges of widespread remote access posed by the COVID-19 pandemic. And while Nakdimon had already planned to deploy Cato SDP (Software Defined Perimeter), Cato's remote access solution, before the pandemic. "Corona was just an added reason for me to roll it out," Nakdimon says. "We utilize a few different VPN technologies. With the COVID-19 pandemic on the rise, many of our users began to work remotely. Our VPN traffic spiked, in some cases, hitting the limits of our VPN servers" Nakdimon accelerated his Cato remote access adoption in part because of the scalability issues of his VPN servers. "We utilize a few different VPN technologies. With the COVID-19 pandemic on the rise, many of our users began to work remotely. Our VPN traffic spiked, in some cases, hitting the limits of our VPN servers," Nakdimon says. Not only was scaling VPN servers a problem, but so was performance. Users initially connected to a VPN server in a Geosyntec location but continued to send data through those offices even when accessing data in a different location, introducing latency and bottleneck issues. Instead, he deployed client-based Cato SDP, equipping remote users with more than 1200 users with Cato's Mobile Client. "Deployment was quick. In a matter of 30 minutes, we configured the Cato mobile solution with single-sign-on (SSO) based on our Azure AD," he says. "We found that we could reduce network overhead and eliminate bottlenecks for remote users. By connecting them directly to Cato, we eliminated unnecessary hops across the public Internet core." By running the Cato Mobile Client, users are automatically connected to the nearest Cato PoP, bringing them the full benefits of Cato's security services and network optimization. "Cato SDP extends the QoS and network policies in our SD-WAN, to our remote users," he says, "We found that we could reduce network overhead and eliminate bottlenecks for remote users. By connecting them directly to Cato, we eliminated unnecessary hops across the public Internet core." In addition, Nakdimon was able to deliver additional security to remote users. "The easily deployed [single sign-on] and web filtering integration provided us additional layers of security for our remote users," says Nakdimon. "The Cato remote access solution is simple to deploy, yet robust. It improved our employees' ability to securely and productively work remotely." [caption id="attachment_10357" align="aligncenter" width="1920"] With Cato, Geosyntec connected 67 sites and more than 1200 remote users (only 101 are currently shown) onto the same network all managed through the same console.[/caption] Geosyntec Looks Ahead with Cato Looking ahead, Nakdimon hopes to replace its branch firewalls and routers with Cato security services. Overall, Geosyntec credits Cato solutions with streamlining WAN connectivity, remote access, augmenting security, and providing a high degree of user satisfaction, Nakdimon says. "My team and I received many emails from employees saying this is the best experience they have had out of all the VPN clients," Nakdimon says. "They email me. They're thrilled. And if users are happy, management is happy."
Read customer story Search
Healthcare Provider Complete Care Gains Control Over Its Network and Costs with Cato

Healthcare

Healthcare Provider Complete Care Gains Control Over Its Network and Costs
Healthcare Provider Complete Care Gains Control Over Its Network and Costs with Cato The Challenge: Eliminate the Growing Pains of an Ad Hoc Network by Deploying a More Secure, More Reliable Network Like many companies, Complete Care Community Health Center (CCCHC) faced the complex mix of technologies often encountered when going through a merger and acquisition (M&A). The healthcare group devoted to serving Los Angeles had been adding clinics and services over the past decade. Those new facilities brought their own technologies leaving CCCHC with a hodge-podge of network technologies, firewalls, and voice systems. The clinics were connected by Internet-based VPN across a mix of DSL, T1, and fiber lines. Without a consistent network platform, availability was an issue. There were no SLAs with the multiple carriers and little redundancy built into the network. Bandwidth costs were also an issue. Some sites had dual circuits because they needed the bandwidth. One site had to connect to the network via LTE, and this service alone cost $2,000 a month. A less expensive DSL line was installed for backup but sat idle much of the time. Each new clinic also brought its own basic firewall, leading to a mix of legacy products and no standardization among them. This made it hard to configure and enforce consistent policies to ensure that patient data was secure and HIPAA compliance requirements would be met. It also meant that CCCHC lost network-wide visibility having to probe each firewall to piece together an overall understanding of the network. The network’s instability impacted company operations. Voice services at each clinic were provided through local key systems and telephone lines. As a result, forwarding calls to a centralized call center became difficult and unreliable. Better voice solutions certainly existed but CCCHC’s network meant the company couldn’t take advantage of them. Accessing the company’s NextGen Healthcare practice management software also became a problem. More than 150 employees across the clinics relied on this SaaS application, all accessed from across the VPN. But the setup and maintenance of the VPNs took too much time. “Having separate firewalls and separate VPN configurations was very cumbersome and messy,”   “Having separate firewalls and separate VPN configurations was very cumbersome and messy,” says Eric Norberg, CTO at CCCHC. “Cato streamlined all of this through their Private Network and their simple consolidated portal for management.” CCCHC also struggled with a lack of internal, skilled IT resources. Because of the disparate systems, the costs to support it all were skyrocketing, especially on the voice systems and Internet usage. The IT team had limited capacity to integrate the complex network and negotiate favorable telecom contracts. Koi Consulting Group Recommended Cato to Both Unify and Simplify Networking and Security CCCHC brought in the Koi Consulting Group, a technology strategy group to implement a managed infrastructure. Mark Manuel, Founder and Technology Architect at Koi Consulting, says that CCCHC was hindered by its make-shift network and the lack of visibility and governance of its systems. "Things were spiraling out of control and the systems just didn’t work together.” “The company was experiencing extreme growing pains with its IT systems,” says Manuel. “Their understanding of their network and the cost of operating it were the biggest factors. Things were spiraling out of control and the systems just didn’t work together.” Rebuilding the on-premise network would require replacing a lot of existing circuits and equipment, which would be cost prohibitive. Koi Consulting recommended redesigning the company’s network and delivery of critical IT services based on Cato’s cloud-based network. “We like Cato’s concept of all-in-one network and security, especially the next generation firewalls,” “We like Cato’s concept of all-in-one network and security, especially the next generation firewalls,” says Manuel. “It allows us to take a holistic approach to providing CCCHC everything they need right now, all managed through one portal. It just makes sense. Later, we can add additional services like managed threat detection and response, and advanced virus protection as needed.” Cato Brings Network Management, Costs Under Control Koi Consulting rolled out the Cato network at the healthcare clinics quickly. The only hiccup came when they had to wait for the local carrier to upgrade some of the communication lines. “We added second circuits for some of the sites, did some IP adds and designed a VLAN for the voice services,” says Norberg. “Overall, it’s been a very smooth deployment.” Now, instead of VPNs between the firewalls at all of the clinics, the clinics simply run a Cato Socket and send all traffic, including the traffic for the practice management SaaS application, across an encrypted tunnel to the nearest Cato point of presence (PoP) for security inspection and then forwarding along the optimum path to the destination. The security inspection is carried out by the Cato PoP software, which includes a suite of enterprise-grade security services including next-gen firewall/VPN, Secure Web Gateway, Advanced Threat Prevention, Cloud and Mobile Access Protection, and a Managed Threat Detection and Response (MDR) service. All are updated and maintained by Cato, giving CCCHS an always current security infrastructure – a fact that is especially important for the HIPAA-regulated, healthcare industry. “We had a file sharing application that was just killing our network because it was always on. Now we’ve set the application to use bandwidth when the network isn’t busy. That alone has made a huge difference.” And with one network connecting all offices, CCCHC has gained a single pane of glass for their network. The instant visibility was a “real eye-opener" that allowed CCCHC to shape the traffic and prioritize applications. “We had a file sharing application that was just killing our network because it was always on,” says Norberg, “Now we’ve set the application to use bandwidth when the network isn’t busy. That alone has made a huge difference.” The network improvements introduced by Cato has also meant CCCHC could improve its communication system. “With Cato providing the redundancy and security, we’ve been able to move to a completely hosted environment for voice,” says Norberg. “With Cato, we were able to offload the non-critical applications to the cheap DSL line and leave the LTE for the high priority applications. This bandwidth management dropped our cost from $2,000 to $300 a month, and we were able to control that ourselves.” The self-management aspect of the Cato network is important. “We can log in, make a couple of changes in the portal, and it’s done,” says Norberg. “Then we can test it and see it in real time. It’s just so easy.” Norberg cites the example of the clinic office that’s dependent on LTE for its communications. “With Cato, we were able to offload the non-critical applications to the cheap DSL line and leave the LTE for the high priority applications. This bandwidth management dropped our cost from $2,000 to $300 a month, and we were able to control that ourselves.” Other costs have come under control as well. By redesigning their network and going to an IP-based phone system, CCCHC has increased operational efficiency. The company is actually paying less for those services using Cato than they did before. Koi Finds Value in Delivering Cato as a Managed Service Koi Consulting will continue to manage the network for CCCHC. “Cato has made it easy for us to support CCCHC today as well as where they want to go,” says Manuel. “We have a lot of control over the network through the portal. We can layer on security and move forward quickly. It’s great for us as a managed services provider but at the same time it’s great for the customer because it’s something they want and need and now realize they can’t live without.” [caption id="attachment_10165" align="aligncenter" width="386"] CCCHC gets a snapshot of a site’s details directly from the Cato dashboard. Clicking on a site provides detailed link statistics, application metrics, and more.[/caption] Manuel adds that they could have chosen some other vendor to partner with, but Cato provides a strong network backbone and the connectors to everything the customer needs. “Cato provides so much control and ease of use in one solution. It gives a lot of visibility and governance over what they need to do and understand.” “Cato provides so much control and ease of use in one solution. It gives a lot of visibility and governance over what they need to do and understand.” As for Norberg, he’s excited to finally have a mature security strategy in place. “We are now a corporate entity with a security perimeter around the entire nine locations instead of a mom-and-pop clinic which we were before. Having the insight and control over all aspects of the network and security has changed the dynamic moving forward for good.”
Read customer story Search
Kemin Industries Replaces 60-Site Worldwide MPLS Network with the global managed SD-WAN services

Manufacturing

The ingredient manufacturer made the strategic decision to replace its 60-site MPLS network
Kemin Industries Replaces 60-Site Worldwide MPLS Network with the global managed SD-WAN services With the adoption of the cloud and frustrations with costs and headaches of the telco bundle, more and more global companies are turning to global secure access service edge (SASE) services as an alternative. Case in point is Kemin Industries. The ingredient manufacturer made the strategic decision to replace its 60-site MPLS network. “Before the expiration of our WAN contract in September 2018, we evaluated if we were still on the right track with MPLS in terms of price and technology,” says Nik Meeus, Worldwide IT Technical Manager at Kemin Industries. “Our provider had grown so big that the collaboration did not run as smooth as we would like in terms of administration, deployment, and support. Also, the cost of the lines was relatively high compared to the available bandwidth.” Another important factor was their fast-growing adoption of cloud solutions and applications such as Microsoft Office 365. “Most of our subsidiaries had only one single internet connection. This posed a risk in terms of application availability and continuity, so we wanted to have redundant connections to the cloud,” he says. The company turned to Videns IT Services, a leading network-independent service provider of managed SD-WAN solutions for help. The experts at Videns recommended Cato, the first SASE solution to converges SD-WAN and network security capabilities into a global, cloud-native platform. Read this case study to learn more about Kemin’s experience and lessons learned while deploying Cato and working with Videns
Read customer story Search
Leading EdTech Provider Replaces Global VPN and Optimizes Mobile Connectivity with Cato SD-WAN

Education Technology

EdTech Provider Replaces Global VPN and Optimizes Mobile Connectivity
Leading EdTech Provider Replaces Global VPN and Optimizes Mobile Connectivity with Cato SD-WAN Firewall Appliances Complicate Site-to-Site Connectivity Mergers and acquisitions have a way of creating havoc for IT professionals. Take, for example, the experience of one educational technology (EdTech) company. Over the span of two years, this company, who asked not to be named, had acquired roughly eight companies, each with different networking standards. “It was a disaster," says the IT manager. “We had seven or eight different sets of standards in anything and everything in networking, including different models of firewalls.” At first, he tried replacing those firewalls with “top-of-the-line SD-WAN equipment” from a major networking vendor that “probably cost us over $30,000 a year for three sites,” he says. But performance proved to be a problem with the appliance. “I had a gigabit connection to the Internet, yet my sites would not connect more than 100 Mbits/s." He put in a secondary system, a leading firewall appliance. When he saw performance exceed 100 Mbits/s, he moved all of his services to the firewall. But establishing site-to-site VPNs from each branch office to the central firewall in Fulsom proved to be a short-term solution. Managing seven separate branch firewalls, even from one vendor, involved multiple full-time jobs. The company’s distributed management system “didn’t do a particularly good job,” says the IT manager. Site deployment was also complicated. “It didn’t let us see everything on a single-pane-of-glass,” he says, “You couldn't just do one thing, click on a link and get your site connected to another site. You still have to modify multiple links from multiple locations to establish a VPN.” Defining policies was also complicated. “If you get into the firewall rules between the sites you’re destined to have problems. The rules were continuously conflicting because of our naming structure. Three network engineers might call the same site slightly different names (such as “Seattle HQ” instead of “Seattle ”). And when you log-in next time, you only see one named instance, not an IP address. Instead of telling the system ‘I would like an RDP connection’ in a relatively English way and ‘don’t allow file transfers ‘you had to dig deep into every site and every port and make them match.” Activating processor-intensive features on firewalls can also impact performance. “Every time we enabled monitoring on our firewall, performance went to a tenth of the Internet speed. In the headquarters, we had a 1 Gbit/s link, but when we enabled logging, we couldn’t even reach 100 Mbits/s." As for mobile user performance, the IT manager says he regularly had to field user complaints about poor performance. “All across the world — India, Africa, and Southern America — our main connectivity point has been to the headquarters in California. So users in India trying to access websites in India had their traffic cross the globe twice — first to the headquarters in California and then back to India,” he explains, “The same is true in New York. A user from New York browsing the New York State University site, for example, must first send traffic to California only to cross the Internet back to New York.” The so-called “trombone” effect became a significant cause of Internet performance complaints. And direct Internet access from each office wasn’t an option; the headquarters' IP had been whitelisted for access to multiple departments, explains the IT manager. Traffic sent directly from branch offices would have been blocked. The EdTech company ended up pushing all Internet traffic through the headquarters' firewall, creating a pricey chokepoint. “With 300 or 400 additional users than what our system is designed for, I had to choose between increasing bandwidth from 1 Gbits/s to 10 Gbits/s and doubling our price or supporting fewer users.” Cato: The Global SD-WAN Service That Connects Sites, Mobile Users, and the Cloud Frustrated by his experience with Internet-based VPNs, the IT manager began looking for an alternative solution. Extending his VPLS implementation globally wasn’t an option. “The international connections are really expensive. They ask for an arm-and-a-leg — $50,000 a month. And the speeds that we require aren’t available. You can get 5 Mbits/s connection for couple thousand dollars, but we need 100 to 200 Mbits/s.” He decided to revisit SD-WAN with an eye towards ease-of-use and performance. “We wanted a usable system out-of-the-box that didn’t require us to send for a week-long training,” he says, “I wanted my CFO to be able to manage and see what's going on in the network. And I didn't want to tell him how to browse through the screens to see what's going on.” The IT manager says he spoke with “every single possible SD-WAN provider” before coming to Cato. He particularly liked Cato’s global network. “That [the global network] was huge for us. We didn't want to connect from our site to another site directly across the Internet. The public Internet is, well, the public Internet.” He considered another global SD-WAN backbone provider but rejected them for several reasons. “Number one was the client VPN. They wanted to connect the clients to each office separately, similar to our firewall connections. The approach didn't make sense to us. I don't want to connect my East Coast users to East Coast and West Coast users to West Coast firewalls.” What’s more, the provider required the EdTech company to purchase its last mile service. “Their system didn't seem to be fully compatible with what we needed to do,” he says, “They wanted to sell me the last-mile carriers, and I already have multiple new connectivity contracts signed.” Cato Adoption Simplifies Deployment and Improves Performance The company decided to deploy Cato, and today has connected 13 sites and more than 1,100 mobile users to its Cato instance. Site installation has become much easier. The ability to use a wide a range of last mile services has also given the IT manager greater deployment flexibility. “Instead of buying super-duper fiber connections, now I'm able to buy a coax cable from one provider and fiber from another, combine them, and still achieve tremendous and reliable speed. If either of them goes down, I'm not losing anything other than, maybe, a slowdown in connectivity.” [caption id="attachment_9235" align="alignnone" width="602"] With Cato, the EdTech company gained deep insight on their application usage and bandwidth consumption.[/caption] Users are seeing better cloud and Internet performance now that they no longer need to backhaul Internet traffic to California. Cato mobile client automatically sends a user’s traffic to the nearest Cato PoP, where Internet traffic is sent directly onto the public Internet. Cato has more than 40 PoPs worldwide. The EdutTech company’s network experience is also more consistent with Cato than with its Internet-based VPN. “When we're connecting to India or Canada, we can see traffic has a more stable connection with Cato,” he says. [caption id="attachment_9236" align="alignnone" width="974"] The EdTech company used Cato to connect its sites and mobile users together and to the cloud.[/caption] Case in point, SSL/TLS interception. “With firewall appliances, you install certificates from your firewall and only then you realize that when your user goes to another site, you again need to install another SSL certificate at that appliance,” he says, “With Cato, we were able to install a single certificate globally so we can do SSL decryption and re-encryption.” Cato: So Simple It’s “The Apple” of SD-WANs But most of all, the IT manager liked Cato’s ease-of-use. “Cato is the Apple of SD-WANs. You give an iPad to a one-year-old and watch him browse through the apps. That's what I see with Cato. As soon as my network engineer logged-into the management system, he was a master in 10 minutes.”
Read customer story Search
New Wave Group Quintuples Capacity, Boosts Flexibility with the Cato Cloud

Manufacturing

New Wave Group Quintuples Capacity, Boosts Flexibility with the Cato Cloud
New Wave Group Quintuples Capacity, Boosts Flexibility with the Cato Cloud Prior to Cato, New Wave relied on MPLS to connect its European subsidiaries and one Far East location to its two corporate datacenters in Sweden and the Netherlands. Internet VPNs also connected locations to one another. For security, the company relied on centralized security appliances, so just about all traffic had to be backhauled through New Wave’s two datacenter locations. The Challenge: A Global Network with Capacity and Flexibility to Support Continuous Growth Like many organizations, New Wave struggled to afford global WAN connections with enough bandwidth to support its rapidly growing operations. “MPLS is really expensive,” says David Brouwers, New Wave Group IT Infrastructure Manager, “Even though we boosted MPLS bandwidth over time from 2 Mbps to 10 Mbps and even 50 Mbps, it always felt as if we couldn’t afford the bandwidth we really needed.” “MPLS is really expensive. It always felt as if we couldn’t afford the bandwidth we really needed.” Beginning in 1990, the company started launching and acquiring new brands across Europe at a rapid pace. The company expects to continue doing so in the coming years. With such fast growth, network flexibility and quick ramp-up of new WAN connections became critical – a problem for MPLS. “With MPLS, it took up to six months to connect a new office or warehouse location,” said Brouwers. “That was simply unacceptable for a growing business like ours.” “With MPLS, it took up to six months to connect a new office or warehouse location. That was simply unacceptable for a growing business like ours.” Reliability was another thorny issue. “Even with a large telco and lots of backup lines, we found that our MPLS went down too often,” says Brouwers. “We tried switching MPLS providers, but the improvement was minimal.” And with MPLS’s limited bandwidth, applications underperformed with staff complaints running five or ten per week under MPLS, says Brouwers. Last mile provider options offered by the telcos were limited, and even though they were supposedly managing their providers, New Wave found performance and reliability lacking. “When there was an outage it could take up to two days to get up and running again,” says Brouwers. “Even with a large telco and lots of backup lines, we found that our MPLS went down too often. When there was an outage it could take up to two days to get up and running again”. New Wave’s centralized security architecture was also problematic, as it required backhauling all the traffic through the security solutions at its two datacenters, with the inevitable performance hit. New Wave Group Takes the Cato Plunge: Upping Bandwidth and Dropping Complaints New Wave considered SD-WAN alternatives to MPLS, including the Cato Cloud. “We talked with Cato for more than a year, but MPLS was the given with the long track record,” says Brouwers. After months of discussion and proof of concept with Cato, New Wave made the decision to go for it and started adding locations one by one to the Cato Cloud. “The difference was dramatic almost immediately,” says Brouwers. New Wave allotted the same budget to Cato that it had been targeting to MPLS and other external lines. The result? Tons more bandwidth. “We found we could multiply the bandwidth of each site by five or more with Cato without increasing cost,” says Brouwers, “10 Mbps went to 50, 20 went to 100.” The productivity impact was dramatic. “Staff complaints about business system performance have plummeted to two or three total in the past six months with the Cato Cloud. That’s more than 90% fewer service tickets and a lot fewer frustrated users,” says Brouwers. “We still have performance issues with our business systems but network performance has been ruled out as a factor.” Performance has been consistently good even as average file sizes have grown. “We’re working with much larger image files today, particularly in our textile firms,” says Brouwers. “In the past, if someone uploaded a huge catalog, network performance lagged, and everyone’s productivity was affected. Not anymore.” Connecting new locations now takes days or hours instead of months. Still, Brouwers recommends careful planning around the last mile. Local tail lead times can still negatively impact the deliveries. “The business is moving very fast. Now with Cato we can match that speed on the network side,” says Brouwers. "The business is moving very fast. Now with Cato we can match that speed on the network side" Reliability issues have also been reduced, especially along the last mile. “We’ve been considering last-mile management for a while, but we haven’t moved on it because, truthfully, with Cato we’ve had so few outages.” And with Cato, if New Wave doesn’t like a last-mile provider it can just switch, which wasn’t possible with MPLS. “We also have more backup solutions in place, so the impact of an outage with one provider is not nearly as great as it once was,” says Brouwers. Cato: The Future for New Wave Networking and Security While New Wave still takes advantage of the security solutions at its two datacenters, Cato has enabled it to begin to move away from security appliances, shifting anti-malware and IPS to Cato Cloud for several subsidiaries and branch offices -- resulting in performance and security improvement. [caption id="attachment_8853" align="alignnone" width="785"] New Wave Group network spans more than 50 locations across the globe all interconnected by Cato Cloud[/caption] New Wave plans to continue connecting new locations to the Cato Cloud and is considering adding Cato Managed Threat Detection and Response (MDR) to its security arsenal. Says Brouwers, “With Cato we increased bandwidth, improved support, and gained the flexibility to grow and experiment. The Cato Cloud just fits our business a lot better than MPLS.”
Read customer story Search
Aquila Connects 60+ Locations Across Australia with Cato’s Global Managed SD-WAN

Retail

Aquila Connects 60+ Locations Across Australia with Cato’s Global Managed SD-WAN
Aquila Connects 60+ Locations Across Australia with Cato’s Global Managed SD-WAN Internet VPN Becomes too Complex and Limited for Growing Company Like many retailers, Aquila needed to connect its many stores; an Internet-based VPN sounded like the right approach. It was available everywhere and didn’t pin the company to a carrier. And it was affordable, which made it well suited for connecting small retail outlets, some with only a single computer. But as the premium quality footwear manufacturer grew, Internet-based VPNs limitations became all too apparent. With 60 retail locations, warehouses, a headquarters, and applications running in Azure, Aquila’s VPN became incredibly complex. “With each new store, we had to manually establish VPN connections with every other location. At first, it wasn’t that big a deal, but with more sites, we ended up spending hours establishing the VPN. It just didn’t scale,” says Mike Zidaj, the IT Manager at Aquila. And since stores had to be manually connected, uptime was often compromised. If the local staff didn’t properly connect the VPN then IT had to manually log in every Sunday to force a connection to enable inventory logging at the site. “At any one time, approximately 30 percent of our offices were showing offline at the headquarters,” he says. “With each new store, we had to manually establish VPN connections with every other location. At first it wasn’t that big a deal, but with more sites, we ended up spending hours establishing the VPN. It just didn’t scale" What’s more with encrypted traffic (HTTPS) only growing, Zidaj was increasingly losing visibility into company’s Internet usage. The firewalls lacked the horsepower to decrypt the traffic. “We attempted to do URL filtering with our aging, end-point control software but it was hard to manage, lacked centralized reporting, and not all that effective. Users could easily get around it,” says Zidaj. As a result, security was at risk and visibility was limited. “We couldn’t tell if employees were watching YouTube or working. There was simply no easy way of enforcing security policies on Web traffic,” says Zidaj Zidaj Rejects MPLS and Turns to Cyber Risk and Cato For Help Zidaj began looking around for a solution not only for his connectivity and security challenges. He considered deploying an MPLS service: “A lot of retailers were using MPLS and local firewalls,” he says, “But the approach was too costly and would have locked us into the telco,” he says. Zidaj heard about Cato and turned to CyberRisk, a Cato partner, for assistance. “As a thought leader and trusted advisor in enterprise networking and security, we are excited to partner with Cato Networks in the ANZ region and see the value Cato delivers to our customers,” says Leong Wang, Director of CyberRisk. “Cato Networks is a leader in next-generation networks with integrated security services and is a huge differentiate from the aging global telco model.” Zidaj decided to take the plunge. He replaced his Internet-based VPN and end-point control software with Cato. Cato Cloud is the only managed SD-WAN service that connects and secures mobile users, the cloud, branch offices, and headquarters across Australia and the rest of the globe with the agility of the cloud. “As a thought leader and trusted advisor in enterprise networking and security, we are excited to partner with Cato Networks in the ANZ region and see the value Cato delivers to our customers” Zidaj leveraged Cato’s mobile security and optimization to connect small locations with just a Cato Mobile Client. Avoiding appliances at each retail location significantly simplified deployment. Without an appliance to install and maintain, deployment was quick and simple. What’s more, all too often retail locations set in malls can only gain Internet access through private IPs provided through the mall’s Internet provider. Unlike many SD-WAN solutions, the Cato Mobile Client, as well as Cato’s SD-WAN device, the Cato Socket, can operate behind a NAT. Zidaj equipped the computers at each retail store with Cato mobile clients. The mobile client sends all traffic across an encrypted tunnel automatically established to the nearest Cato point of presence (PoP). Cato Cloud currently covers all major Australian business centers from PoPs in Perth, Melbourne, and Sydney. His Azure instances were connected through Cato’s agentless integration into Cato Cloud. A few clicks on the Cato Management Console and an IPsec VPN connection was established from the Cato PoPs to Microsoft Azure. Cato collocates its PoPs in the same physical datacenters as the Internet Exchange Points (IXPs) of the leading cloud datacenter providers, such as AWS and Azure. “Deployment was good, and the setup was pretty simple and straightforward,” he says, “The Cato sales team, Cato Support, and CyberRisk helped a lot. It went well. We selected Cato, in part, because of its super quick and easy deployment.” When Zidaj is ready, he’ll also be able to connect larger locations with Cato Sockets. Cato Sockets connect load balance traffic across multiple circuits — MPLS or Internet (DSL, Cable, LTE and more) for maximum performance and uptime. Sockets correct for packet loss and dynamically route Internet and WAN traffic across the optimum last mile to the nearest Cato PoP. The PoP’s cloud-native software inspects all traffic, even SSL/TLS traffic, applying the necessary networking and security policies. Traffic is forwarded across Cato’s global network or onto the Internet. All Cato Sockets come with Affordable High Availability (HA) built-in for inexpensive redundancy. Deployment is Simple, Visibility and Control Improve Significantly Since deploying Cato, Zidaj has seen uptime improve significantly. “Our Cato dashboard now usually shows all locations connected and says users have noticed the more reliable access,” he says. Better network connectivity has directly impacted the business. “Now our inventory database stays current because with Cato our connectivity is so solid. If there’s a brownout or even a blackout on one line, Cato auto-connects by itself,” he says. “Now our inventory database stays current because with Cato our connectivity is so solid. If there’s a brownout or even a blackout on one line, Cato auto-connects by itself” And with Cato’s next-generation firewall (NGFW) inspecting all Internet and WAN traffic — encrypted and unencrypted — Zidaj is able to better secure his network. “The single pane management also gave us much improved control and visibility. Management is now able to see if shop staff are visiting Web sites that didn’t comply with our security policies — and take action.”
Read customer story Search
BioIVT Connects and Secures Global Network with Cato Cloud and the Cato Managed Threat Detection and Response (MDR) Service

Manufacturing

BioIVT Secures Global Network with Managed Threat Detection and Response (MDR) Service
BioIVT Connects and Secures Global Network with Cato Cloud and the Cato Managed Threat Detection and Response (MDR) Service The Challenges Facing BioIVT: Adding New Locations, SaaS Application Performance and a Security Blueprint Like many fast-growing companies,  BioIVT, a provider of biological products to life sciences and pharmaceutical companies, depends on its network being agile and secure. Mergers and acquisitions (M&A)  are part of the company’s DNA, but fast integration of new company networks is challenging when running appliances. Protecting the network from Internet-borne threats was also important.  The BioIVT network was a 14-site, Internet VPN. It was an “old Cisco network,” says Andrew Thomson, director of IT systems and services, with each site running Cisco routers, interconnected by VPN tunnels.  “With every new site, we needed to build tunnels to every other location. Configuring those tunnels took time. We budgeted 90 days or so to get new locations up and running,” he says Application performance was also a problem. The company’s New York-based ERP system and Office 365 instance were accessed by the other locations. Accessing both applications meant traversing the Internet, which became a problem particularly for users working from home or overseas.  And then there was the security issue. “We knew we’d have to look at our security strategy. Penetration testing with our Cisco routers was going to be a step. But updating our security architecture was going to require running around to different vendors, piecing together a solution, and going through all of the deployment and management pains,” he says. Agility and Speed: Key Requirements for BioIVT’s Networking Solution   Thomson began looking around at various networking solutions for connecting his locations. Agility and speed of deployment  were critical if he was to integrate new offices faster. “SD-WAN made the most sense from an ease of use perspective,” he says.  He considered an SD-WAN appliance and a telco-managed SD-WAN service.  SD-WAN appliances meant he had to operate over the unpredictable Internet and both involved deploying even more infrastructure. Neither would have addressed his security issues.  Then he ran into Cato. “Cato did a lot of what we were after  — which is saying a lot,” he says, “Customer service and support was fantastic. Everyone was great to work with and rollout was very easy.” Instead of taking 90 days to configure tunnels and integrate each location, Thomson now is able to bring up new locations in as little as 30 days. “With Cato we just ship a configured device to the site. Personnel plug it in and we’re ready to go. There are no subnetting issues; no building individual tunnels. The Cato Socket connects to the Cato network itself. The whole operation is a lot less administrative and involves a lot less technique than the Cisco series routers.”  And with his locations connecting across the Cato Cloud Network not the public Internet core, performance has improved. Sage ERP has become more responsive; Active Directory synching works more effectively. As for Office 365, “It’s been fantastic,” he says, “really good speed benefit.” Thomson has been able to deploy voice and Unified Communications as a Service (UCaaS) from 8x8 across his Cato instance. “The voice quality over Cato has been awesome,” he says.  BioIVT Protects Sites With Cato MDR Today, BioIVT has all locations on Cato. But it’s not just networking provided by Cato that’s helped BioIVT; it’s also the security services. “When we found out that Cato not only delivered a global network but also offered built-in security services and now MDR, we were extremely excited. It was a huge help,” he says. Thomson secures Internet connectivity and site-to-site connections with Cato firewall, protects mobile users running the Cato mobile client with Cato’s secure web gateway (SWG) capabilities, and uses Cato IPS for preventing network-based threats. More recently, he’s activated Cato Managed Threat Detection and Response (MDR) to hunt for threats on his network.  “When we found out that Cato not only delivered a global network but also offered built-in security services and now MDR, we were extremely excited. It was a huge help” Cato MDR is a fully managed service that offloads the detection of compromised endpoints onto Cato’s security operations center (SOC) team.  The service uses machine learning algorithms to look for anomalies across the billions of flows in Cato’s data warehouse and correlates them with threat intelligence sources and complex heuristics. This process produces a small number of suspicious events that Cato security researchers analyze, only alerting BioIVT on actual threats. BioIVT is relieved from handling the flood of false-positives that suck precious IT resources.  “Cato MDR has already discovered several pieces of malware missed by our antivirus system,” says Thomson, “We removed them more quickly because of Cato. Now I need to know why the antivirus system missed them.” Remediation Without the Fuss  As part of Cato MDR, customers are notified immediately of verified live threats. Cato’s SOC advises on the risk’s threat level, recommended remediation, and follows up until the threat is eliminated “We’ve integrated Cato’s ticketing system with our own,” says Thomson, “so once the SOC discovers a threat the right IT resources are allocated.”  Cato also allows companies to automatically block C&C domains and IP addresses. Best of all? Cato MDR is built into BioIVT’s network. “Before Cato, we didn’t look at MDR. We just hadn’t gotten around to it because of the complexity. So having MDR built into the Cato platform has made all the difference in the world.” [caption id="attachment_7795" align="alignnone" width="939"] Cato MDR includes a monthly audit report of all incidents.[/caption]
Read customer story Search
Picanol Group Weaves Better Network Connections, Reduces Costs with Cato SD-WAN

Manufacturing

Picanol Group Weaves Better Network Connections, Reduces Costs with Cato SD-WAN
Picanol Group Weaves Better Network Connections, Reduces Costs with Cato SD-WAN Picanol Group Was Looking for New Technologies to Address Networking Needs   With operations spread across the globe, Picanol Group experienced varying levels of network performance and reliability. With the MPLS contracts expiring, the company had the perfect opportunity to see if newer technologies could better support its current operations and future plans for cloud computing. Like many other enterprises, Picanol Group had a hub-and-spoke network connecting its global locations, with the hub being in Belgium. The company’s major sites in Belgium, China and Romania had MPLS circuits, and all other smaller branches used Internet-based VPNs to access the company network. Internet access for these smaller sites used a local breakout through a firewall. The firewalls also established point-to-point connections for the sites. The company set up a failover configuration using the Internet and the MPLS connections. If an MPLS circuit were to fail for some reason, the site could cut over to the broadband circuit and use VPN to stay connected to the network. Failover was critical to support Picanol’s business critical ERP and CRM applications in the event of an MPLS outage. Cost was one aspect of our interest in alternatives, but mostly we wanted to know if there were new technologies available to address our networking needs The WAN configuration was working for Picanol Group, but when the time came to renew the MPLS contracts, they opted to look at networking alternatives. “Cost was one aspect of our interest in alternatives, but mostly we wanted to know if there were new technologies available to address our networking needs,” says Bart Lagast, Senior Systems Engineer responsible for network, security and messaging. Lagast had been reading about SD-WAN and thought it could help solve some problems for Picanol and prepare the company for future needs. The cost of the three MPLS connections was already rather high and adding more circuits to improve performance in the local sites would be cost-prohibitive. In addition, the performance of the IP VPN in a China branch was troublesome, with the Chinese national firewall causing a lot of delay and packet loss. Connectivity in Indonesia was problematic as well. Regional differences with the telcos resulted in connectivity issues at various local sites. A POC with Cato Proved that Picanol Group Could Improve Performance While Lowering Costs Lagast selected two SD-WAN solutions for a proof of concept (POC) trial. “We investigated which SD-WAN vendors were the best for us in terms of the solution they provide, and we came up with two—one of which was Cato, of course.” One of the most important selection criteria was that the SD-WAN have a point-of-presence in the locations where Picanol is active, especially China and India. “The geographical spread of the POPs was critical for us,” says Lagast. Lagast did an estimate of the cost of the two SD-WAN solutions to cover all of Picanol’s sites and the pricing differential was quite stark. Cato’s solution was up to half the cost of the other vendor’s solution. “It was quite a substantial difference for essentially the same service,” says Lagast. The implementation was swift and we had very good support to set up the POC Picanol Group began a POC with Cato, doing a deployment in the three main sites with a VPN to the Cato POPs from Picanol firewalls. Using the existing firewalls made the POC process easy. Lagast says the engagement with Cato, from a technical and sales perspective, was a very good experience. “The implementation was swift and we had very good support to set up the POC.” The tests showed that despite costing so much less, Cato latency compared to MPLS and in fact was slightly better with a 10% to 20% reduction in delay in China and Romania. The additional bandwidth available with Internet connections meant that Picanol Group could worry less about maxing out a circuit’s capacity. Declaring the Cato POC a success, Lagast canceled his planned POC with the other SD-WAN vendor. He didn’t see the need since Cato’s solution worked well and the cost was so much less than the other solution. What Picanol Group likes most about Cato “I like the flexibility, for sure,” says Lagast. Cato offers so many different services, such as connecting local clients to the network and creating a connection among local sites. Lagast really appreciates the ease of making different connections through Cato’s network. He also finds the helpdesk and troubleshooting capabilities via the Cato console very helpful. “When there’s an overarching problem, the support we get from the helpdesk and the Cato engineers is very good. I would put Cato in the top 10% of experiences I have had with helpdesks.” Looking Towards the Future: Security, Mobility, and the Cloud The sites participating in the POC became phase 1 of the actual deployment with Cato appliances. Phase 2 will be ad hoc connectivity of Picanol’s other locations as they need the network’s functionality. To date, Picanol Group has focused on its connectivity needs and hasn’t yet explored all the security features the Cato Cloud provides. Lagast noticed that Cato sent an occasional security alert via the console - for example when someone accessed a suspicious website from the Cato network - but security through Cato features hasn’t been a priority yet.  Moreover, at this stage, Picanol Group opted to keep the local firewalls, since they are under contract for several more years. “I see the potential to remove those firewalls if we move our small sites to the Cato network in the future,” says Lagast. Picanol Group also needed a more flexible network to support its planned implementation of Microsoft Office 365 and other cloud applications.  To those ends, Picanol tested the Cato mobile VPN offering. “We don’t need it yet,” says Lagast, “but I see possibilities for it once we experience the need for better connectivity from the endpoint after we migrated to Office 365 We need better connectivity from the endpoint.”
Read customer story Search
ADB SAFEGATE Improves China Connectivity and SAP HANA Access with Videns and Cato Cloud

Manufacturing

ADB SAFEGATE Improves China Connectivity and SAP S/4HANA Access
ADB SAFEGATE Improves China Connectivity and SAP HANA Access with Videns and Cato Cloud WAN Transformation Challenged by SAP S/4 HANA Integration and China Connectivity Challenges Mergers and acquisitions always present IT challenges. Networks must be interconnected, server and software permissions updated. But M&As are even more challenging when applications are simultaneously being migrated to the cloud. How do you pull all of that off without increasing budget? Ask Lars Norling. We were striving to do more for the same, building a state-of-the-art communications platform but with the same bag of money that we used before. Several years ago, the director of IT operations at ADB SAFEGATE, a provider of airport efficiency and productivity solutions, found himself not only merging the networks of ADB and SAFEGATE but also looking to give his increasingly mobile workforce access to ERP and other key business applications in process of being migrated to the cloud. “We were striving to do more for the same, building a state-of-the-art communications platform but with the same bag of money that we used before,” says Norling. Neither ADB’s nor SAFEGATE’s corporate networks would serve the combined needs of the new organization. One WAN was too expensive, in part due to being outsourced to a telco. The other WAN was locally based making it extremely hard to maintain. “They had limited possibilities for any type of quality of service and/or high availability,” he says. Noring knew that MPLS could not meet his needs. “Our analysis clearly showed that the shift in the IT landscape, namely extended mobility and the move towards providing core services as cloud services, led us to look outside of the box, beyond traditional WAN architectures,” he says. But existing contracts prevented them from moving forward with their WAN transformation until 2018 ADB SAFEGATE’s SD-WAN Criteria Emphasizes Flexibility, Performance, and Strong Customer Support With contracts expiring, Norling began looking for a flexible SD-WAN that could meet global requirements. Half of ADB SAFEGATE’s users were seated at four main offices in Austria, Belgium, Sweden, and Columbus, Ohio. The other 50% were scattered around the globe. As such, “We needed local cost-effective Internet connections that we could upgrade individually,” says Norling. China connectivity was also important. “China has been a challenge for us as its been for everyone else. We have extremely expensive connections with limited bandwidth and functionality. Users grew frustrated, and, ultimately, led to unsanctioned localized solutions with separate public Internet connections and shadow networks,” he says. And whatever organization he chose to handle his SD-WAN, strong customer support was critical. “We need to work with reliable partners where we are customers and not just a customer number,” says Norling. ADB SAFEGATE Turns to Videns and Cato Norling considered and dismissed managed SD-WAN services from local telcos. “My feeling is that the telcos and their ISPs still have a journey themselves to understand what it means to be a solution provider and not just a product supplier,” he says. “We fear that we could get the same poorly managed services as we have seen before. I also think that they’re still, to some extent at least, ticket takers and not actually problem solvers. What we see nowadays is that everyone looking at SD-WAN looks at security. The two go together. Cato addresses both dimensions in one seamless solution. He turned to Videns for help. Videns had been providing ADB SAFEGATE networking services. “We were extremely pleased with Videns so they had a jump start in the discussion about our future needs,” he says. Videns selected Cato for the project. “Cato offers one, integrated solution with a global backbone including, security, and mobility. What we see nowadays is that everyone looking at SD-WAN looks at security. The two go together. Cato addresses both dimensions in one seamless solution,” says Joost van der Struijk, managing director for sales and marketing at Videns IT Services. Cato connects all enterprise resources — locations, cloud resources, and mobile users — to a common, optimized global backbone, which today is built from more than 45 PoPs across the globe. With all traffic on the Cato backbone, Cato applies a common security policy to protect all resources. Next-generation firewall (NGFW), secure web gateway (SWG), URL filtering, malware prevention — all are built into the Cato service. Cato MDR, a managed threat detection and response (MDR) service, offloads the resource-intensive and skill-dependent process of detecting compromised endpoints onto the Cato SOC. With POPs in Beijing, Dubai, and Melbourne Cato mapped well with ADB SAFEGATE’s requirements. “And the possibility to include everyone within the solution, including all of our travelling colleagues and all of our small offices using the Cato mobile client, has been extremely important to us,” says Norling. ADB SAFEGATE Tests and Deploys Cato After the summer of 2018, Norling signed a contract with Videns and Cato for the conditional rollout starting in November. The organization was consolidating ERP systems so ensuring SAP S4/HANA could be provided as a cloud service by connecting the SAP datacenter in Frankfurt as a site was very important. “During the conditional rollout, we, of course, also put a focus on stability, performance, and traceability. Since we are a small IT organization we also needed a solution that is easy to deploy so that we can do prepared plug-and-play installations on all small sites.” Our China colleagues have been amazed by the performance so far and, yeah, as I said, we haven't really done anything else for them yet other than connecting the Cato Socket to the public Internet line. As for connecting his China sites, he was very pleased with Cato’s approach. “We just connected Cato Socket to the existing public Internet line and it worked,” he says, “I was at one of our Chinese facilities and ran our client-based Swedish ERP system from China without any major latency. So that was a success itself.” The next step in China for Norling will remove expensive legacy lines and connect the Cato Socket to a new public fiber connection. “Our China colleagues have been amazed by the performance so far and, yeah, as I said, we haven't really done anything else for them yet other than connecting the Cato Socket to the public Internet line.” His goal was to deploy all 26 sites within two months. “A goal which we met,” says Norling. “A few small offices around the world only have a limited number of users and we will only utilize the mobile client for them.” Preparing the Network to Meet Today’s and Tomorrow’s Requirements Today, ADB SAFEGATE is in the final stages of its deployment. There’s still some work to be done in enabling mobile client for all users and adjusting some QoS rules. Those are minor issues, though, for him. The big issue? Norling has positioned his network to ADB SAFEGATE’s future networking requirements. “With Videns and Cato, we are building the foundation on which all of our global IT services from now on will be delivered upon,” he says.
Read customer story Search
Arlington Orthopedics Replaces Carrier-Managed SD-WAN Service

Healthcare

Arlington Orthopedics Replaces Carrier-Managed SD-WAN Service
Arlington Orthopedics Replaces Carrier-Managed SD-WAN Service Challenge: How to Run Lean and Still Deliver Agile, Effective Security and Networking It’s an all too familiar problem: IT is called to support more users and deliver more services without increasing budget. With MPLS and firewall appliances that might have seemed like mission impossible. The sheer complexity of the traditional network infrastructure almost requires IT to maintain networking and security specialists on staff, not to mention an extensive investment in infrastructure, limiting cost reductions and constraining efficiencies. But new technologies, such as SD-WAN as a service (SDWaaS) and firewall as a service (FWaaS), are enabling IT to operate far leaner than ever. Just ask Arlington Orthopedics where the network nearly doubled in size without having to expand its IT team. “It was obvious to me that I had to focus my resources,” says George McNeill, director of I.T. for Arlington. “I needed my infrastructure to be as lean as possible. This way we could invest in business analysts or other customer-facing roles and technologies not internal IT roles, such as networking and security specialists.” But the Arlington network was anything but lean. Arlington spent $10,000 per month for the 100 Mbits/s MPLS service and connections were still “choking out,” he says. MPLS’s infamous deployment times also meant he needed a 90-day window for deploying new offices — far too long for the firm. The existing firewall appliances were also sucking up resources he didn’t have. “Firewalls are complicated by default, but they’re even more complicated when set up by someone else who’s no longer with the company and with his or her own ideology and thought,” he says. Troubleshooting the performance problem that was “choking” his network wasn’t easy. The company’s office and regional networks were flat, layer-two subnets. Firewall appliances at each location were connected by meshed, point-to-point, virtual private networks (VPNs). Servers located in Arlington were accessed by the branch locations. George knew that some locations had performance problems, but diagnosing them was very difficult. “We could see the traffic, but figuring out the source of the problem was impossible,” he says. And with IT resources spent keeping “the lights on,” other projects had to be pushed to the side. Disaster recovery (DR) was one such example. “I could have set up a DR site using a site-to-site VPN,” he says, “But then I would have to put a whole lot of work into the effort and still have a single point of failure.” Cato’s “Easy Experience” Simplifies SD-WAN Adoption George had heard about the cost savings of SD-WAN from a local provider. During his research, he stumbled on to Cato and how Cato Cloud, Cato’s SD-WAN as a service, combines SD-WAN with FWaaS. He decided to trial Cato Cloud. “I expected the company to take a month to get me equipment when two days later, I received two Cato Sockets (Cato’s zero-touch, SD-WAN appliances), preconfigured for installation.” Within 10 minutes the Cato Sockets were installed and the Cato solution was working. “We had the whole shebang for a month. A fully functional, free trial for a month, to verify that it works. Apparently, that’s not very common with SD-WAN,” he says. For his due diligence, George went back to the initial provider. Instead of Cato’s converged secure SD-WAN as a service, the provider offered a managed service integrating third-party, SD-WAN appliances and firewall appliances. The result was a complex, heavy, and cumbersome environment. It was the classic difference between traditional, appliance-centric, managed services and the elastic, software-driven cloud all of which led to serious adoption and configuration problems for George. “The provider wanted me to buy without a trial. What person in his right mind would use a service without a trial?” he says. “I was on a call with 10 of their people, and they said, ‘Okay we’re going to replace your firewall.’ I said ‘WHAT? No, you’re not!’ Replacing the firewall or placing the SD-WAN appliance in front of the firewall would have meant reconfiguring his entire site-to-site VPN just for a trial.” “When I told them that they needed to place the appliance alongside the firewall. Their response was ‘that’s complicated.’ One dude from Cato figured out the problem in five minutes you mean your entire team couldn’t get it to work?” he says. “After a month, the reseller still hadn’t given us the trial.” Arlington Deploys Cato in Minutes In the end, George went back to Cato. “Yes, Cato met my technical requirements, but the reason why I returned and am staying with Cato is that it made buying SD-WAN so simple.” Rather than ripping-and-replacing the firewall, Cato allowed George to extend the life of his firewall and transition off as needed. External traffic could be sent to a Cato Socket sitting alongside the existing firewall. The traffic is secured by the Cato Security Service built into Cato Cloud Network. Cato Security Services include next-generation firewall (NGFW), secure web gateway (SWG), and IPS. As firewalls would reach their end-of-life or the limits of their capacity, traffic can be moved over to Cato. They can also be configured to “burst” to Cato Cloud. Any implementation has its share of challenges and McNeil’s Cato deployment was no different. “We had a problem accessing Cato’s Dallas PoP [point of presence] at one point,” he says, “Yes, things were a bit slower, but our users didn’t notice it so much. The Sockets automatically migrated everyone to Cato’s Chicago PoP. But here’s the thing — we didn’t have to do anything. Our firewall rules remained the same, there was no reconfiguration, and Sockets automatically re-connected to the Dallas PoP when Cato resolved the problem.” Better Management, Better Control with Cato With Cato, George has improved agility, increased visibility, and control, and expanded his level of service to the business all without scaling up his IT team. Deploying new sites takes far less time. “With Cato, I am setting up an office before they have electricity to every socket,” he says. McNeil can also diagnose problems more efficiently. By sending all traffic to the Cato PoP, McNeil gains a single-pane-of-glass into his network. He’s been able to use that tool to improve governance and IT’s interaction with the business. “We found that Netflix was being streamed across the network during company hours. With our firewall, we would have only been able to block Netflix, and that was my knee-jerk reaction, but then whoever was watching Netflix would switch to another network. “With Cato, I was able to identify the user watching Netflix and on which device — his cell phone. This way I was able to send him an email to hold off on movie time during company time. And if he keeps doing it without permission? I’m going to turn off Netflix for just that phone during work hours,” he says. And he’s been able to address his disaster recovery issues. “Cato has made a separate disaster recovery site possible for us,” he says. Instead of configuring individual site-to-site VPNs for each location to a DR facility, now the DR facility sits like any other office on the same Cato Cloud-based WAN. “The Cato Sockets allow me a huge level of high availability,” he says. Looking Ahead with Cato Means Keeping Lean and Effective George has largely eliminated MPLS and the firewall appliances, transitioning most offices to Cato Cloud. He plans to migrate his last office to Cato once he’s finished his MPLS contract. [caption id="attachment_7249" align="alignnone" width="1000"] With Cato, Arlington gained deep visibility into their traffic.[/caption] Eliminating MPLS will free up budget for other IT projects, such as increasing front-line support, but one thing George won’t need to hire is deep engineering expertise. “If we didn’t have Cato, I would have to expand headcount with a networking expert. Now I can put my resources elsewhere,” he says. The bottom line? “Cato enables me to be more diligent. Questions I could not have answered because of a lack of time like ‘What are people doing on my network?’ I’m now able to answer.”
Read customer story Search
Managed IT Provider Eliminates Appliance Sprawl, Improves Security Capabilities

Managed Services

Managed IT Provider Eliminates Appliance Sprawl, Improves Security Capabilities
Managed IT Provider Eliminates Appliance Sprawl, Improves Security Capabilities The Journey to Cloud-based Security Services Why were you looking to change your security architecture? We initially went out to market because of SSL inspection. Our firewall appliances did not have the necessary capacity. The capability was available with additional licensing, but not the capacity. What approaches did WWIT consider? We evaluated and did a lot research on many vendors and then tested a smaller pool of them. The second choice was a leading Secure Web Gateway (SWG) provider. The company really provided a web filtering solution with Data Loss Prevention (DLP) and other features built-in. The offering didn’t have full firewall capabilities so we couldn’t replace the customer’s firewall appliance, which would have led to higher costs and more management overhead. Why did you choose Cato? The flexibility we got with Cato Cloud, and particularly with the SSL inspection, meant we didn’t need to upgrade any hardware on-premise to inspect all necessary traffic to keep customers safe. Looking at Cato’s overall platform, I think there’s a more complete vision than other vendors who are primarily web gateways. The tipping point was Cato’s easy deployment and the ability to roll out rapidly to customers. The Benefits of Cato’s Firewall as a Service A converged security service aligned well with WWIT’s need? That’s right. A lot of the competitors we reviewed were simply web filters with a lot of services built on top of that. None of them were true cloud FWaaS with additional security services. I think even though Cato is a startup and a much newer company than some of the others we evaluated, the Cato leadership has a vision and approach to make the Cato Cloud a platform rather than just a single service offering. It’s a distinction I like. I also liked the team behind Cato. The executives’ track records in previous companies, and the work they did in building innovative solutions is a plus. Sounds pretty compelling. Is there any reason why someone may opt not to deploy the Cato platform and remain with an appliance? Playing the devil’s advocate here, you’re relying on Cato to handle all of your traffic and security services. You must ensure anyone doing that has a robust platform, the uptime to meet your needs, and those sorts of things. From a purchasing standpoint, it’s the sort of thing that would have to be vetted by any organization. I looked at the Cato Cloud architecture and was very impressed by the degree of redundancy built into the network. How does Cato help with the biggest security threats concerning your customers? Our customers are particularly concerned with web-based threats, more specifically a lot of the newer variants of ransomware and crypto-types of malware. Those are really rampant. They may come in as an email, but they’re just a link to a web-based threat. Cato gave us the ability to actively scan traffic and stop those attacks. This is particularly valuable for small offices that lack the resources to purchase a robust network security stack. With Cato, we could provide them affordable protection with the same kinds of policies and robustness that might have only been available in high-end appliances. How are customers using Cato today? Most of them are multi-offices and we use Cato to unify the policies and protection across them. For a lot of customers, it’s just to add extra layers of security. You can deploy Cato with Cato Sockets (Cato’s hardware endpoints) or you can send your traffic through the existing firewalls. In some cases, we’re leaving existing firewalls in place because they’re new. Cato adds an additional layer of filtering and the capacity to do SSL inspection, which is one of the more important things with Web-based traffic. It’s not just distributed offices that describe customers, it’s also the need for extra security and eventually to replace their firewall as it ages and is no longer needed. The Business Impact of the Cato Partnership With which kind business problem did you find Cato especially helpful? Acquisition, in particular, is a good example. We have customers who need offices brought online and connected in a very quick and efficient manner without a lot of upfront costs. Cato really fits that need to a “T”. One customer of ours has acquired many smaller shops in their industry. Rather than having to build the technology infrastructure stack at each new location, the customer utilizes Cato for connectivity and security in a very simple manner. [caption id="attachment_7256" align="alignnone" width="1309"] With Cato, partners can manage all of their customers from one view.[/caption] Can you describe your relationship with Cato so far from a partner perspective? To us, Cato seemed to be both very channel-focused and very flexible. I think that’s an important distinction. A lot of vendors are not easy to work with and not flexible at all in what they offer partners. Cato’s open to getting ideas from us, and are capable of incorporating them into their platform very quickly.  
Read customer story Search
Security Software Company Maximizes Global R&D Productivity With Cato Cloud

Technology

Security Software Company Maximizes Global R&D Productivity With Cato Cloud
Security Software Company Maximizes Global R&D Productivity With Cato Cloud Mission Impossible: Open an Office in Days Without Compromising Network Performance The company was looking to expand its workforce by hiring developers in Europe. The challenge? They needed a new facility – and gave the IT team five weeks to open the location. At first, the technical approach appeared straightforward — connect the location into the company’s Internet VPN. Firewall appliances at other company locations already established IPsec tunnels into the headquarters. Contractors and remote users accessed Jira, as well as the company’s Docker containers, by running mobile VPN clients on their devices and connecting to an assigned firewall. From there, they traversed the VPN to headquarters and onto their destination.  The approach seemed obvious. But there was no onsite IT personnel in the European branch office, and an IT person is exactly what would have been needed to configure and deploy the local firewall. The developers were going to work in a shared office space, like WeWork or NextSpace. While the shared office provided Internet access, NATing was being used. Without a dedicated, public IP, a local firewall would need its configuration “tweaked” just to establish a VPN to other firewalls. And for every location added to the VPN, the IT manager found deployment to take exponentially longer. He and his team needed to configure tunnels from the new location to every other company location. It was an arduous process requiring them to establish the tunnels to each site, design specific firewall rules for each tunnel, and factor in user issues, such as whether or not to allow remote access. “It was about 1.5 hours of work per tunnel per site. We could spend a few days just configuring the VPN for a new location,” he says. The performance was a major challenge. “The most painful thing was the connectivity between branch sites,” he adds. Backhauling traffic through a datacenter in a different region meant users were unable to access remote application and services. The additional hop created “slowness” in the user experience and led to timeouts. The IT team was also unsure of the availability of his Internet path. “The European branch office required 100 percent uptime,” he says, “With the Internet, you can’t promise that. Your traffic still goes through several unknown ISPs. You can’t ensure that every hop is not a single point of failure.” Another approach was needed. MPLS sounded like the logical choice. It would address his performance concerns. But getting an MPLS line installed in time was going to be a problem. “Just taking delivery of a 20 Mbits/s MPLS circuit would require about a month-and-half in total and three weeks after signing the purchase order,” he comments. Far too long for his five-week window. Cato Cloud: Fast Deployment and Faster Applications The IT manager looked around for alternative solutions when a friend suggested he investigate Cato Cloud, Cato’s cloud-based and secure global SD-WAN. Cato Cloud would use his existing Internet line to connect locations, mobile users and, when he’s ready, cloud resources into an affordable, SLA-backed alternative to MPLS. Once in the Cato Cloud, all traffic is protected by a converged suite of advanced security services that includes next-generation firewall (NGFW), secure web gateway (SWG), URL filtering, and advanced threat protection. For a company where the Internet and mobile connectivity already played such a key role in its networking strategy, Cato Cloud sounded very attractive. By relying on Internet last mile, deployments would be much faster than MPLS. And since Cato uses zero-touch provisioning, the company could avoid the time spent individually crafting each VPN configuration. IT initially installed a Cato Socket, Cato’s SD-WAN appliance at the remote European office, and at the headquarters behind the existing firewall. With users connecting directly to Cato, he did not need to add a firewall at his new location. During the next phase, he rolled out Cato to all offices. Mobile users were equipped with the Cato Client to connect directly to Cato Cloud. Performance Improves, Costs Fall with Cato Cloud With Cato, IT did far more than just deploy a new location. It improved the users’ application experience, made the team more efficient, and reduced costs. “Cato certainly met my expectations,” he says. Cato Cloud incorporates a range of network optimization that significantly reduces data transfer times. “Cato’s optimizations make all the difference. As one Atlanta user remarked to me ‘This is unbelievable. I work with our main server in the datacenter and I feel like it is right here in the office.’” IT agility has also improved significantly in many ways. Deploying new offices is no longer a matter of days or even hours. “Onboarding is very fast,” he says, “From the time you put in the Socket, minutes are needed to deploy a location.” New account configuration is particularly easy. “The LDAP integration really helps. We just imported hundreds of users right into Cato. No need to type in configuration profiles,” he adds. Ongoing management has also become simpler and more efficient with Cato. He monitors his branch sites from one screen using the Cato Management Application. “Managing the solution is very intuitive,” he says, “I gave the Cato Management Application to one of the IT engineers and she quickly adapted to the platform." As such, operations have streamlined. “We saved ourselves 15 engineering hours a month just getting things done like changing firewall rules, enabling users, and other similar tasks spent managing our branch infrastructure,” he says, “With Cato, we can now allocate that time elsewhere.” Cost avoidance was also realized in several areas. Cato saved the company from having to purchase an MPLS connection at $4,800 per month. The company also avoided paying for firewall licenses. “We planned on spending $600 per branch firewall and another $400 per year for our licenses," he says, “but many firewalls had to be upgraded because they couldn’t handle activating the IPS, the number of active security rules, or the amount of bandwidth. We would end up spending $1,600 per branch firewall and $950/year for the license and that doesn’t include the time or cost of upgrading to the new appliance.” Any deployment requires close cooperation with the service provider and on that, Cato gets high marks. “Cato support is unlike any other support that I’ve experienced. Our interaction is almost like working with an extension of our team,” he says. Security Robust Enough for the Experts Moving forward, he is looking at replacing the remaining firewall appliances with Cato Cloud. He also wants to enable Cato IPS and Cato’s advanced threat protection knowing that unlike an appliance, performance will not degrade with the new capabilities. [caption id="attachment_7231" align="alignnone" width="484"] With Cato, application experience improved and network management became very intuitive.[/caption] Overall, he doesn’t have regrets with the transition, but he does have an answer for those questioning his decision to go with Cato. “As you can imagine there were more than a few skeptics in the room when I pitched Cato. MPLS was the safe bet,” he says. “But when I went back to one of the VPs and said ‘Did you ever imagine that with the money we were going to spend on connectivity alone for the European branch, I could now connect our US support team and customer focus groups, and still provide remote access to all employees? He didn’t believe me until I showed him the bills.”  
Read customer story Search
Blender Breaks Free from the Box

Financial Services

Blender Breaks Free from the Box
Blender Breaks Free from the Box Challenges When Blender originally started out of their headquarters in Israel they had installed a firewall appliance from one of the top tier vendors. Chief Technical Officer (CTO) Boaz Aviv found it complex to manage, upgrade and patch. “Owning these boxes is expensive and they need constant management. Even if the time required to manage your firewall is just 10 hours a month, that’s still 10 hours you’ve lost,” explains Aviv. Blender depended on an IT integrator for installation and support of the firewall appliance. When they experienced a system failure over the weekend, their IT integrator was not available to support them. This resulted in long downtime and impacted their business. “We are a global operation and we keep it very lean and mean,” says Aviv. “In order to do this you need to minimize hassles that don’t directly relate to your business. So it’s very important to optimize resources, time and people needed to manage your network and security. That’s why I’ve always preferred the simplicity offered by cloud solutions like Cato.” When the time came to expand to their new offices in Italy and Lithuania, the team at Blender stopped to reevaluate how their office network security footprint would impact cost and capacity going forward. Without dedicating personnel to support remote appliances with upgrades and patches, Blender would be dependent on costly third-party assistance with unreliable coverage. Also, as a financial technology organization, Blender continuously seeks to upgrade into better security services, “Although we are a young company, we never compromise on security,” says Aviv. As a cloud-centric business that is subject to regulations and stores most of its data in SaaS applications and a IaaS datacenter, Blender specifically needs to secure data access. Solution When Aviv initially learned about Cato Networks and its cloud-based secure network, he saw it as a perfect fit for Blender. “The only metal I had in my office was our telephony machine and the firewall — and I wanted to get rid of both of them” explains Aviv. ”I felt that as much as we grow, the more these boxes would grow right along with us, as would the burden of managing and supporting them.” To deploy Cato, Blender simply replaced the incumbent firewall in the main office with a Cato Socket — a small, zero-touch, tunneling device to forward traffic from the office to the Cato Cloud. Connecting their branch offices was simple and required zero technical expertise. All locations were now using secure internet access via Cato. A full security stack, including Next-Gen Firewall, application control, and URL filtering inspects Blender’s traffic, which is fully encrypted between branches and the Cato Cloud. Managing network security centrally in the cloud enables a unified policy for all users, locations and applications. Prior to Cato, Aviv had planned to purchase more appliances to support the company’s disaster recovery (DR) sites. Installing Cato now allows him to avoid the significant expenses and IT resources it would take to manage additional appliances. Instead, his team is securely connecting the DR sites to the Cato Cloud and from there to the rest of the business. Blender employees access Office 365, Salesforce and Amazon AWS apps on-the-go using the Cato Client app on their mobile devices. The Cato Client establishes a secure tunnel to the Cato Cloud and all cloud traffic is protected by Cato. To prevent unauthorized access and protect against credential theft, Blender is using a unique Cato feature that allows them to configure their SaaS applications to accept traffic only from the Cato Cloud specific IP range. Since the Cato Client can only be used after a full device registration, hackers can’t target the cloud apps using unregistered devices. The Way Forward A year into production, Blender is meeting industry security audits while scaling capacity in step with its growing business and easily enabling users to access network resources using the cloud-based management application. Aviv has been impressed with the level of support he’s received throughout.  
Read customer story Search
Manufacturer Replaces MPLS with Cato Cloud, Improves Performance and Security

Manufacturing

Manufacturer Replaces MPLS with Cato Cloud, Improves Performance and Security
Manufacturer Replaces MPLS with Cato Cloud, Improves Performance and Security Delays and High Cost Leave IT Frustrated By the Carrier Experience As companies embrace the cloud, the classical hub-and-spoke configurations of MPLS often prove to be too rigid and ineffective. The automotive component manufacturer,  a metal forming specialist, was no exception. The number of computers at the metal specialist had nearly tripled in the three years leading up to its WAN transformation. The company was also moving to a cloud-based Plex ERP system, all of which made delivering predictable Internet access more challenging and more critical. Uptime proved to be far from perfect. Brownouts — fluctuations in latency and loss caused by congestion on the MPLS network —were all too common. “The corporate office had a 20 Mbits/s MPLS connection, and then we shared 30 Mbits/s between all sites. If someone at corporate was downloading a file at 20 Mbits/s that only left 10 Mbits/s for everyone else and the network started to choke,” he says, “Quality of service (QoS) was too rigid to be of help and not really working.” And though every location had redundant connections, continuous uptime proved challenging. MPLS routing proved to be a poor approach towards redundancy. “Automatic failover worked most of the time, but there were always problems,” says the IT manager. “It relied on pinging two or three guests, such as Google, the local interface, or one of the routes. If none failed, though, failover wouldn’t work even if our sites couldn’t access our datacenter.” The carrier proved unable to help. “The carrier’s technicians were not experts in the products. Most of the time, our staff was more knowledgeable than the representative assigned to the ticket,” he says. The carrier’s rigidity also complicated opening new locations. The carrier could only work with certain infrastructure providers. “The representative told me ‘I can’t get you fiber at that location’ and I was like ‘I already have fiber, what do you mean you can’t give it to me!’” The network problems led to other headaches. The company runs a “deny all” policy at its firewall with exceptions made by user groups for fixed users. “The carrier’s firewall had a hard time identifying users correctly when the laptop went from wired to the backup wireless connection,” he says, “Their solution was for us to spend $5,000 more for a client-based authentication product.” Overall, incorrectly identifying users was “the biggest failure” of the carrier approach, he says. The Team Evaluates SD-WAN Solutions The company knew leaving MPLS was critical and the team began assessing SD-WAN solutions. “We looked at a bunch of SD-WAN suppliers, but they kept passing us off onto their resellers,” says the IT manager, “We already had the experience of one reseller not understanding the technology. Trying the same approach again was the last thing we wanted to do.” He also didn’t want to go with a carrier-managed SD-WAN service. “One SD-WAN supplier sent us back to our carrier to purchase a carrier-managed SD-WAN service. It was insane,” he says, “I hate that carrier right now and am trying to fire them, and I should go back to them?” He had heard about Cato and was intrigued by Cato’s ‘easy’ experience. “I liked your vision and support model,” he says. Unlike carrier-managed SD-WAN, Cato Cloud is a cloud-based SD-WAN service fully developed by Cato. There are no third-party appliances to increase costs or complicate support; the technical expertise resides in Cato. The Cato Cloud converges security and networking, providing an affordable MPLS alternative, firewall as a service, remote access, and CASB functionality. And by being based on software-defined perimeter (SDP) principles, Cato Cloud allows fine-grained network access, protects corporate assets from network-based attacks. “Cato seemed to have everything together,” he says. Manufacturer Adopts Cato Cloud, Eliminates Performance Problems Ultimately, the company ran a Proof of Concept (POC) between locations and settled on the Cato platform. He added Cato’s easy-to-deploy, SD-WAN appliances, Cato Sockets to each site. Rather than backhauling Internet traffic, the IT manager provided sites with direct Internet access protected by Cato Security Services, which include NGFW, IPS, and anti-malware inspection. The Cato Sockets establish secure tunnels to the closest Cato PoP, which inspects and forwards traffic either to company locations across the Cato Cloud or out to the public Internet. Cato’s affordable price allowed the company to increase bandwidth at locations. The IT manager provided sites with 6 to 20 times more bandwidth for the same cost as the MPLS. “Before we had 30 Mbits/s out to the Internet (with a hub firewall). Now with Cato our Internet bandwidth per site went to 740 Mbits/s.” As a result, performance improved significantly. “With Cato, our response time to our ERP system flattened out. Normally, we needed 20 to 30 milliseconds to reach the ERP system due to congestion across MPLS, and then as much as 500 millisecond for a response. After switching to Cato, response time averaged 30 milliseconds or less.” [caption id="attachment_7182" align="alignnone" width="1197"] The manufacturer saw latency decline and become more consistent with Cato Cloud.[/caption] Availability has also improved. Unlike MPLS, Cato measures the full path to the cloud for accurate, predictable failover. “Cato has true failover in the product," he says. “Now if one ISP goes down we automatically switch over to the other one.” Cato Cloud Improves Supply Chain, Third-Party Access The combination of Cato’s flexibility and converged security services gave the company some unexpected benefits, such as allowing third-party access to his network. With Cato Cloud, the company’s partners and suppliers connect to the same SD-WAN through an IPsec tunnel. Access is restricted to only the necessary resources as Cato Cloud adheres to SDP (Software Defined Perimeter) principals which call for authenticating users before showing them available network resources. With just a few minutes at the management console, the IT team can configure network-wide policies for fine-grained access. It’s “really awesome,” he says. “Now, I can let our telephony vendor VPN into our network without compromising our security. They can only connect to the voice network  and nothing more," he says. Cato Security Service also eliminated the problem of identifying users when switching from wired to wireless. “VPN connections can easily be restricted to only sites or hosts that they need to connect to which has increased our security capabilities,” he says. Cato ‘Easy’ Experience Makes the Difference Most of all, the IT manager liked how Cato handled support. “With Cato, it was the support people that really made us go, ‘You know they’ll fix it.’ The people are smart and intelligent and know what’s going on instead of just taking a ticket.” It’s the combination of networking and security convergence with personal support that makes for Cato’s “easy” experience. And it’s that combination that made the difference for the company. “You can have the best product in the world, but if you can’t get customer service then you’ve got nothing,” he says. ”Our problem was the carrier resold firewalls with issues and only one or two people in the entire company seemed to have answers.”
Read customer story Search
Universal Mental Health Services Eliminates Branch Firewalls

Healthcare

Universal Mental Health Services Eliminates Branch Firewalls
Universal Mental Health Services Eliminates Branch Firewalls Challenges UMHS network was originally designed to have all 12 branches connected via MPLS and backhauling to a primary datacenter with one central firewall. However, after the process began, UMHS realized that MPLS was too expensive to deploy in all locations. Additionally, some locations were outside of the MPLS provider’s service area. This then forced the organization to connect 5 branches via SonicWALL Firewalls with site-to-site VPN’s. This resulted in a mesh of two network architectures that were more complex to run and manage. Running this environment proved to be challenging, especially due to the burdens of updating the hardware and maintaining firewall software. It was labor intensive and updates didn’t always go smoothly. “Specifically I remember updating the firmware on some devices that caused us to lose connectivity. This created a disruption in our record keeping as our branches send key reports directly to our headquarters. Employees generally scan records using copiers, and those records are then stored directly into the appropriate folder at corporate. Additionally, because we deal with sensitive issues like abuse and drug use, employees need free access to internet resources. Policy management was difficult because SonicWALL does not offer agile options to balance the blocking of banned websites while still providing access to necessary information.” Solution UMHS came across Cato opportunistically. “I was at an industry event, and there was a quite a bit of excitement around Cato’s booth and its services. I decided to visit the booth to see what the buzz was all about.” After a thorough review of the services, UMHS selected Cato to replace all of its SonicWall Firewalls. The first step was to establish an IPSEC tunnel to Cato from the datacenter firewall. Then, each branch location had a Cato Socket replace the SonicWalls firewalls. Now connected to the Cato network, UMHS has eliminated connectivity issues, saved money and simplified its policy management. Cato protects all connected locations and seamlessly scales to secure all traffic, without the need for unplanned hardware upgrades and resource-intensive software patches. It also coexists with the MPLS-based network. As a healthcare organization, security and agility are two of the biggest drivers when it comes to providing good customer service. With Cato, UMHS is now armed with the ability to clearly see all network traffic and application usage, create policies and enforce them across all branches, and identify security gaps and policy violations. Cato has given the organization a completely new perspective on how easy network security can be. Future Plans UMHS is so satisfied with the decision to switch its firewalls to Cato that it plans to migrate all locations using MPLS as soon as their contracts expire. A cost analysis done by the organization shows that this change will save thousands of dollars by having all of its 13 locations connected to the Cato Cloud.
Read customer story Search
Humphreys Replaces MPLS, SD-WAN Appliances, and Mobile VPN with Cato Cloud

Construction

Humphreys Replaces MPLS, SD-WAN Appliances, and Mobile VPN with Cato Cloud
Humphreys Replaces MPLS, SD-WAN Appliances, and Mobile VPN with Cato Cloud MPLS Problems Complicate Networking For years, MPLS services were the defacto standard for connecting company locations. And so, like many enterprises, Humphreys duly built its U.S. network on MPLS. The MPLS service gave Humphreys the predictable transport necessary for running business-class voice service, but it also brought plenty of headaches. “The problem with MPLS is that it’s expensive, slow, and takes forever to get anything done,” says Paul Burns, IT Director at Humphreys. Connecting new locations took far too long, with circuit delivery requiring several months. “Ninety days doesn’t fly anymore when a site is just two or three people in a garage and DSL can be delivered in a day or two,” Burns points out. What’s more, MPLS wasn’t agile enough to accommodate Humphreys’ growth. “Many of our offices start with a few people, but then they outgrow the space. Every time we moved, our carrier wanted a three-year contract and 90 days to get the circuit up and running.” Even simple network changes, like adding static routes to a router, necessitated submitting change tickets to the MPLS provider. To make matters worse, the carrier team responsible for those changes was based in Europe. “Not only did the carrier require 24 hours, but often the process involved waking me in the middle of the night,” Burns says. MPLS inflexibility hurt more than the business; it hurt Burns’ reputation. “I once sat in an executive meeting and learned that we were moving an office,” he recalls. “I explained to the other executives (again) that the move would take at least 90 days. They just looked at me like I was crazy.” When Humphreys opened an office in Uruguay, Burns wanted to connect it to his MPLS service. His provider offered only a 1.5 Mbits/s MPLS connection for $1,500 a month, about the same price as his 50 Mbits/s MPLS connection in Dallas. “It was a take-it-or-leave-it kind of deal — so we left it.” SD-WAN Edge Appliances Not Much Better Burns began investigating SD-WAN with Internet connectivity as a way of connecting his Uruguay office, maintaining MPLS for his voice service. He gradually deployed SD-WAN appliances in Uruguay and four other locations, swapping MPLS inflexibility for SD-WAN complexity. “The configuration pages of the SD-WAN appliance were insane. I’ve never seen anything so complicated. There were pages upon pages of settings with so many options,” says Burns. “Even the sales engineer got confused and accidentally enabled traffic shaping, limiting our 200 Mbits/s Internet line to 20 Mbits/s.” The appliance-based architecture also proved difficult to get fully working. The SD-WAN appliances had to establish tunnels with one another, but that didn’t always happen. “Sometimes Dallas could connect to two sites, but they couldn’t connect to each other. The vendor’s answer: update our firmware and reboot. But that didn’t work.” [caption id="attachment_7138" align="alignnone" width="1332"] Network Diagram Before Cato Deployment[/caption] Ultimately, Burns abandoned the SD-WAN appliance architecture. “It was just the maintenance of it. We would get an e-mail every time there was some SD-WAN-related error. You expect e-mails at 4 am with a telco when it’s doing network maintenance and things go down. I don’t expect thousands of early morning e-mails from an SD-WAN appliance.” Cato: Converging SD-WAN, Security, and Mobility Simplify Networking Burns decided to try Cato Cloud, Cato’s SD-WAN as a service. “We drop-shipped devices out to New Orleans, and I flew out to install the stuff. Took less than a day, and performance was great.” Eventually, he deployed Cato in every location but Garland and Orlando, which were still under MPLS contract. Cato was particularly helpful in connecting locations outside the U.S. “Cato gave us freedom. Now we can use a socket, a VPN tunnel, or the mobile client, depending on location and user requirements.” “My biggest concern with connecting Vietnam to our previous SD-WAN was shipping the appliance. There was the matter of clearing customs and installation. We’d be dealing with a communist country, and I wasn’t familiar with its culture. Instead, users can now just download and run Cato’s mobile client.” As for the Uruguay office, Burns could use a firewall-initiated IPsec tunnel. “We set up Uruguay in 10 minutes because we just built a VPN tunnel through the existing firewall,” he says. [caption id="attachment_7139" align="alignnone" width="645"] Network Diagram After Cato Deployment[/caption] Burns expects to migrate all local firewalls to Cato. “Our public-facing ‘stuff’ has been relocated to the datacenter. The only inbound traffic comes from people ‘RDPing’ into their computers through Dallas. Now, when we see that, we just fix them up with the Cato VPN.” Convergence Brings Business Value Cato’s converging of networking, security, and mobility onto a managed backbone simplified Humphreys’ network and helped the business. Bandwidth costs will reduce as Burns phases out MPLS at the remaining locations. He can eliminate MPLS because of Cato Cloud quality and predictability. Cato Cloud’s latency and loss levels were more than sufficient for business-grade voice, he reports. Humphreys was also free to tap the best talent without connectivity concerns. “Our Newport Beach branch wanted to hire a guy in Scottsdale, but we had no office there,” says Burns. “With Cato, we just connected him with Cato’s mobile client. Without Cato, the guy basically wouldn’t work for us, or his functionality would be 25 percent of what it is now.” [caption id="attachment_7140" align="alignnone" width="1688"] Humphreys Moves Voice on to Cato Cloud[/caption] Burns loved Cato’s security features as well. “We hadn’t even subscribed to Cato’s security services, but we were alerted to potential malware on our users’ machines,” he notes. “That’s something that none of our other network providers can offer.” [caption id="attachment_7142" align="alignnone" width="590"] Cato Cloud is predictable enough to accommodate Humphreys voice (RTP) traffic[/caption] Burns’ bottom line on Cato? “We set out to address our MPLS problem, and along the way we got an affordable MPLS alternative, security solution and mobile VPN solution.”    
Read customer story Search
FDMG Cuts Costs, Revolutionizes Mobile Experience by Replacing MPLS and Mobile VPN

Media

FDMG Cuts Costs, Revolutionizes Mobile Experience by Replacing MPLS and Mobile VPN
FDMG Cuts Costs, Revolutionizes Mobile Experience by Replacing MPLS and Mobile VPN Separating WAN from Remote Access No Longer Makes Sense for FDMG For years, enterprises connected locations via wide area networks (WANs), and remote users via concentrators and other remote access technologies. Keeping networking and remote access separate might have made sense when offices were the rule, and mobility was the exception, but in today’s mobile world, such distinctions only complicate mundane IT tasks. Just ask Jerry Cyrus. As the technical team leader and information security officer at FDMG, Cyrus knew all too well the complexities and costs of separate remote access and networking solutions. FDMG had many journalists working in the field as well as physical locations. Separate security policies were required for fixed and mobile users; user provisioning was also cumbersome. And then there were the cost and scaling limitations of MPLS and, for that matter, remote access concentrators. MPLS bandwidth is notoriously expensive, particularly for multimedia companies such as FDMG, where stories involve video and other large data formats. As for remote access, Cyrus was generally pleased with the concentrator’s functioning but tired of the concurrent-user problem. “We would have 50 concurrent users, and once you wanted to add that 51st, you were stuck,” he says. Cyrus could have upgraded the concentrator, but that would have impacted the business. “We’d have had to take down the concentrator for about two hours, which wouldn’t have sat well with journalists filing breaking stories from the field,” he says. “Two hours is a lifetime for them. In the past, many drove to one of our offices just to work — not a very good way to experience IT.” Instead, Cyrus realized that solving both WAN and remote access problems would reduce costs and a whole lot more. “By consolidating security management, we could give users a better mobile experience and simplify firewall and security system operations.” FDMG Evaluates Cato Cloud Cyrus considered replacing MPLS with an Internet-based, site-to-site VPN. That would have lowered his bandwidth costs, but it would also have been a “big head-breaker,” he says. “In some cases, we’d have to upgrade concentrator hardware; in others, we’d have to set up new firewalls, configure the necessary tunnels, and deal with a lot more headaches.” Cyrus had heard how Cato Cloud converges security services, SD-WAN, and mobile access onto an affordable MPLS alternative. With Cato Cloud, he could connect and secure his entire enterprise — offices, mobile users, and cloud resources — with one seamless network. “After doing some research, I knew Cato Cloud would fit right in,” he says. But Cyrus had to deal with internal concerns about working with a new company. “At first, people were a bit scared of moving forward with Cato Cloud,” he says. “They were familiar with vendors, such as Palo Alto and Cisco. Cato was new to them. After several conversations with Cato and showing the product, people became much more comfortable.” Cato’s ability to be rolled out incrementally also helped Cyrus address those concerns. He started small, proving viability by adding a Cato Socket, Cato’s zero-touch SD-WAN appliance, in the Amsterdam hub and connecting a few users with Cato’s mobile VPN client. Both Socket and the mobile client automatically connect to the closest Cato point of presence (PoP), where the Cato software secures, optimizes, and dynamically directs traffic to the Internet or the optimum path across the Cato Cloud network. Having validated datacenter access, Cyrus connected an internal AWS site to check Cato Cloud’s connectivity. Once successful, he began converting production sites to Cato. Branch offices with more than ten users received a Cato Socket; freelancers and other external users were equipped with Cato’s mobile client. FDMG Converges Security, Mobile Access, and MPLS with Cato Cloud With Cato, site installation has been fast and easy. “Cato gives me ‘no-hassle setup.’ I connect the Socket, and we’re online and secured,” he says. “I don’t have to configure firewalls, establish dozens of security rules, or anything.” Moving sites has also become trivial. “I’m going to be moving one office to another floor, and the only thing I need to ask is if there’s an Internet connection. If so, we’ll be up and running instantly.” The newfound agility has not gone unnoticed. “Somebody asked me how long it would take to move the team to a new office. When I told him about ten minutes, he was shocked.” As for performance, Cyrus says users haven’t missed a beat. “Cato Cloud’s latency, packet loss, and uptime have been basically the same as MPLS — but, of course, much less expensive and more flexible,” he says. “If I want to scale up, it’s easy with Cato. With MPLS, I would need to make all sorts of arrangements.” That’s not to say there have been no hiccups. “Any new technique encounters some configuration issues, and Cato was no different. Early on in the deployment, Cato upgraded one of our Sockets without our knowing. They resolved the problem quickly, and since then I haven’t had an issue.” In fact, Cato support has been one of the biggest eye-openers for Cyrus. “Cato is not your typical provider,” he says. “The product is flexible, and support is good. If we have modifications and questions, Cato support is always eager to listen and either adjust or recommend a solution to the problem.” Cato Improves Mobile User Experience and More Cost savings might have initially driven FDMG’s WAN transformation, but it’s the operational benefits of increased usability and agility that became particularly compelling. “In the early days, users had to open a browser and navigate to our portal, log in, and only then launch an application to get a VPN connection up and running as if they were in the office,” Cyrus says. “There were so many steps, which not only frustrated users but meant more helpdesk calls for support.” With Cato, Cyrus sets the policies determining the applications and resources available to users and user groups. Mobile users join the Cato network directly, not a separate remote access solution, making network access much cleaner. “Now users just push the slider on their mobile device, and they’re authenticated right into the network. Visibility and ease of security operations have also improved. “Not only do we have greater insight into who’s logging into which application across our network, but our security toolset has become much easier to use,” says Cyrus. “We decide which users can connect to which resource without having to configure different firewall rules.” FDMG’s Bottom Line: It’s More than Just the Bottom Line FDMG’s initial goal was to reduce WAN costs, and Cato certainly did that. “We’re spending about 10 percent less with Cato than with MPLS,” says Cyrus. “Our savings are even greater if we factor in the licensing, installation, and management costs associated with the VPN concentrator.” But more than just costs, Cyrus has gained value. “With Cato Cloud, I increased bandwidth, replaced two things with one solution, improved user experience, maintained performance and uptime, and made IT more agile. That’s what I call a huge win.”  
Read customer story Search
Fisher & Company Slashes MPLS Costs, Improves WAN Performance with Cato’s Cloud-Based SD-WAN

Manufacturing

Fisher & Company Slashes MPLS Costs, Improves WAN Performance with Cato’s Cloud-Based SD-WAN
Fisher & Company Slashes MPLS Costs, Improves WAN Performance with Cato’s Cloud-Based SD-WAN The Challenges with Legacy MPLS Like many companies, Fisher & Company relied on MPLS for its global network. And like many companies, Fisher was tired of the high costs, limited bandwidth, and complexities of MPLS services. The company spent $27,000 a month for a managed, secure MPLS service. The company’s 10 Mbits/s connection from the US to Mexico alone cost $7,000 per month. And three Riverbed WAN optimizers meant a one-time outlay of nearly $60,000 with an annual renewal of $7,000. With stacks of appliances, including firewalls, WAN optimizers, and routers, comes complexity and a breeding ground for problems. “Our MPLS provider proposed this very intricate architecture that looked like it was from a CCNA test,” says Kevin McDaid, systems manager at Fisher & Company. “The sites ended up with dual routers running HSRP (the Hot Standby Router Protocol) to load balance traffic between them. But when the protocol failed, so did the location.” Survivability was a challenge in other ways as well. Backhauling traffic across the MPLS network created a single point of failure. “When the provider’s MPLS router failed, we lost our headquarters and the entire company stopped working,” he says. “I was woken up in the middle of the night on several instances because a fiber cut or power outage had taken down a site, or to get the provider to fix a minor firewall problem.” Finally, managing the MPLS and security infrastructure was painful. McDaid and his team had to jump between “tons” of management interfaces, he says. They could monitor firewalls and the network, but the provider had to make any changes. “Something as simple as enabling access to a website through our firewall meant having to call support. It was very frustrating.” Cato Cloud: As Good as MPLS at a Fifth of the Price Fisher began looking at SD-WAN as an alternative. “We trialed a managed SD-WAN service, but the provider was difficult to work with,” says McDaid. “The management console was very complicated and you needed training just to run the reporting. They wanted us to submit requests for configuration changes; it was like our MPLS provider all over again.” Instead, Fisher turned to Cato. Cato’s SD-WAN service integrates advanced security with an affordable global, SLA-backed backbone — the Cato Cloud. With Cato, McDaid could retain control over his network and security infrastructure yet gain the agility and scaling benefits of a cloud service. Cato Improves User Experience and Simplifies Network Management Despite paying so much less for Cato, Fisher maintained and even improved its application delivery. Call quality has not changed since moving voice from MPLS to the Cato Cloud. Applications have become more responsive. “Users definitely feel it in their user experience. Things, like screen refreshes of our ERP system, seem to be a lot quicker with Cato,” he says. [caption id="attachment_7116" align="alignnone" width="479"] Management became easier with Cato one portal into the WAN.[/caption] The improvement was enabled by the additional bandwidth and the Cato Cloud’s network characteristics. “The loss and latency of the Cato Cloud are comparable to our MPLS service,” he says. Management has also become much easier. The Cato Management Application gives McDaid full control over his network and security infrastructure. And instead of jumping between many consoles, McDaid can manage everything from one interface. [caption id="attachment_7115" align="alignnone" width="596"] With Cato, Fisher radically simplified it’s network, connecting its mobile users, eight locations, and Azure instance to the Cato Cloud.[/caption] Resiliency improved with Cato. Internet- and cloud-bound traffic are no longer backhauled to Fisher’s headquarters in Michigan, which created the single point of failure in Fisher’s old network design. Dual active lines connect every location to Cato’s fault-tolerant architecture. Internet- and cloud-bound traffic are sent directly onto the Internet; enterprise WAN traffic is sent across Cato’s optimized backbone to the appropriate location.
Read customer story Search
W&W-AFCO Steel Improves Citrix and Simplifies Security with Cato Cloud

Manufacturing

W&W-AFCO Steel Improves Citrix and Simplifies Security with Cato Cloud
W&W-AFCO Steel Improves Citrix and Simplifies Security with Cato Cloud Performance and Complexity Problems Complicate Internet-based VPNs Internet-based VPNs might be an inexpensive alternative to MPLS, but that doesn’t make them a good MPLS replacement. Unpredictable performance and complexity are some of their challenges, just ask W&W-AFCO Steel. The structural steel fabricator had connected its US locations, India office, and ad hoc project teams with an Internet VPN. But as W&W-AFCO Steel grew, the Internet-based VPN become increasingly ineffective. “In some cases, our mobile users found that network services, such as a simple network scan to file, didn’t work, and in other cases, like with network printing and virtualization, services simply weren’t available,” says Todd Park, Vice President of Information Technology at W&W-AFCO Steel. The problem? Internet latency was often too high for the virtual desktop infrastructure (VDI), such as Citrix XenDesktop. “By the time our users hit an internal network service, they were experiencing on average, 150 milliseconds of delay,” he says. According to Park, VDI starts to have user experience issues at that point. And users weren’t the only ones suffering. “Our help desk was constantly fielding calls from dissatisfied end users,” he says. Operations were also complicated by locations with different firewall configurations. Park and his team tried the firewall provider’s management software, “but it never seemed to work for us,” he says. The firewalls also lacked certain key edge features. Without prioritization, web browsing could interfere with the performance of business applications, for example. Internet failover was supported but very complicated to configure, he says. W&W-AFCO Steel Replaces VPNs and Firewalls with Cato Cloud Park tried MPLS, but costs were too high and a poor fit for connecting small, dynamic project teams. Instead, he turned to SD-WAN. He started with investigating SD-WAN appliances but found the costs to also be too high. “The maintenance on the SD-WAN appliances alone was about the cost of Cato Cloud — and that doesn’t include the capital expense of purchasing the SD-WAN appliance.” The other problem? None of the SD-WAN appliance-based solutions included integrated security services or mobile access. W&W-AFCO Steel would have to continue using separate tools for connecting and securing users and locations. With more tools, comes greater complexity and less visibility. That’s when Park turned to Cato. Cato Cloud connects and secures offices, mobile users, and cloud resources into one seamless global network. Cato replaces the need for MPLS, mobile VPN, and the stacks of security appliances and tools. [caption id="attachment_7100" align="alignnone" width="1108"] The Cato Management Application provides a bird’s-eye view of a company’s network[/caption] Cato provided W&W-AFCO Steel with a more agile infrastructure. “Cato firewall is much easier to manage than a traditional firewall and the mobile client was much easier to deploy and configure than our existing approach,” he says. Failover configuration was also “not as painful” as with his firewall. “We didn’t have to worry about configuring IP addresses, VPN connections or anything. It just worked,” he says. Network performance is also much improved. Latency averages “50 to 70 milliseconds,” he says, That’s as much as a 75 percent improvement. And with Cato, Park can block web browsing, downloads or any other application from interfering with site performance. As Cato Cloud provides detailed metrics about users and locations, Park can better hold his network vendors accountable. “It really helps you go past layer-1 support and get to layer-2 support,” he says. [caption id="attachment_7102" align="alignnone" width="1108"] With detailed analytics from the Cato Management Application, IT gains full visibility into network activities[/caption] “We had one location in California where our cable modem was more down than up. The provider wouldn’t take responsibility for the problem. But with Cato, I was able to show them the graphs of dropped packets. Hard to argue with that.” Support hasn’t been an issue with Cato. “They’re a pretty responsive bunch and are very upfront as to what they can and cannot do,” he says, “It’s a relief, actually. So often that’s not been the case when I’ve dealt with a vendor. I understand any deployment has technology issues, but I don’t want to be misled about capabilities.” Better Agility is the Bottom Line Looking ahead, Park expects to eliminate MPLS completely once the contract expires and move his remaining locations to Cato Cloud. Has there been a hard dollar cost saving? “I believe so,” he says, but that misses the point. “The real value came in the improvements our users and we, in IT, experienced with Cato,” he says.
Read customer story Search
Alewijnse Transforms Global, Real-Time WAN with Cato Secure SD-WAN

Manufacturing

Alewijnse Transforms Global, Real-Time WAN with Cato Secure SD-WAN
Alewijnse Transforms Global, Real-Time WAN with Cato Secure SD-WAN MPLS: Expensive and Incompatible with Alewijnse’s Business For decades, Alewijnse relied on MPLS as a principal part of its wide area network (WAN). The company’s Amsterdam datacenter, nine sites in the Netherlands, and a branch office in Romania were connected by a fully meshed, MPLS network. Its predictability made MPLS essential for delivering the company’s high-definition video system, and remote desktops using Citrix and the Remote Desktop Protocol (RDP). Three other locations, the largest in Vietnam, established virtual private network (VPN) tunnels across direct Internet access (DIA) connections to the Amsterdam datacenter. Increasingly, though, MPLS was not addressing Alewijnse’s business requirements. Users complained about poor Internet and cloud performance – and for good reason. Applications were starved for bandwidth, as they were backhauled across 10 Mbits/s MPLS connections to the Internet breakout in Alewijnse’s datacenter. Internet traffic was driving up MPLS costs. Cloud applications and Internet usage accounted for about 50 percent of MPLS bandwidth to the datacenter, says Willem-Jan Herckenrath, manager of ICT at Alewijnse. IT agility was also constrained by MPLS. “Our business demands that we can set up project locations in a short period of time,” says Herckenrath, “With MPLS, I often had to wait three months to get a connection, if the technology was even available in that region.” At the same time he was rethinking his network, Herckenrath had to reevaluate the company’s security architecture. He needed a better way to secure his remote offices. Firewall appliances bring additional operational costs around deployment, management, and upgrades. He also needed a better approach to protect mobile users against ransomware and zero-day attacks. “Users were local administrators on their laptops and so they were not always fully protected when they entered the office,” he says, “We wanted to introduce a way so that they would always connect securely.” Converging Networking and Security Reduces Complexity and Costs Herckenrath wanted a simpler WAN design that made more effective use of the Internet without compromising on MPLS’ “quick performance” required by his loss-sensitive applications. The architecture would also have to address company’s security requirements and mobility concerns. Connecting locations through an Internet-based VPN was one approach, but that would still mean installing, configuring, and managing VPN routers at every location. SD-WAN showed promise, but traditional SD-WAN solutions do not connect mobile users or cloud resources. They also lack advanced security services and a global backbone. Herckenrath and his team looked at bundling SD-WAN solutions with a secure web gateway (SWG) service and another provider’s backbone. But they rejected the idea. “The feature comparison looked good on paper, but they were more difficult to implement and much more expensive than Cato Cloud,” says Herckenrath. Cato Cloud is a secure, global SD-WAN service, connecting locations, cloud resources, and mobile users. Advanced security services are built into Cato Cloud and include a next generation firewall (NGFW), SWG, IPS, and advanced threat protection. “With Cato, we got the functionality of SD-WAN, a global backbone, and security service for our sites and mobile users, integrated together and at a fraction of the cost,” he says. Cato Cloud: MPLS-like Performance without MPLS-like Price Alewijnse began a phased deployment of Cato Cloud. In the first phase, Herckenrath and his team connected the offices in the Netherlands, Romania, and Vietnam into Cato using high-quality, Internet last mile. In the next phase, Herckenrath connected the rest of his offices to the Internet and Cato Cloud. Cato’s ability to use any available last mile service in the WAN gave Herckenrath additional agility. Established locations can still be connected via MPLS, but now Herckenrath and his team were no longer dependent on MPLS services. As long as users can connect to the Internet, they can access Cato Cloud. And where physical Internet connectivity is not available, he can use 4G. It means his project teams at building locations, for example, can quickly get up and working. Yet despite moving off of MPLS, Herckenrath has not sacrificed performance. “Our users haven’t noticed a difference,” he says, “Latency and packet loss are low. Even the users outside of Europe have the same or better user experience with our HD video conferencing and our CAD system (which runs over Citrix).” [caption id="attachment_6743" align="alignnone" width="781"] With Cato Cloud, Alewijnse consolidated its datacenter, locations, cloud resources and soon, mobile users, onto a single, secured WAN.[/caption] Eliminating MPLS means he’s been able to reduce his bandwidth spend each month by “about 25 percent,” says Herckenrath, for as much as 10-times more bandwidth in some locations. Additional bandwidth has helped his Internet performance, but so has eliminating Internet backhaul. With Cato, Alewijnse Internet traffic goes directly to Cato Cloud, where it’s inspected and secured, and from there to the public Internet. “Users are much happier now with our Internet services,” he says. Any new deployment faces its challenges and when they happen, quickly getting hold of a quality support team is critical. “We had our challenges, but what I hear from my guys is that they WhatsApp with Cato’s support guys. They don’t always have to first go, log a complaint, and open a ticket. I really like that approach,” he says. Alewijnse Extends WAN Transformation to Mobile Users and Eliminates Security Appliances To achieve the full value of the converged solution, Alewijnse will gradually deploy Cato Clients to secure employees’ laptops and mobile devices. Also on the roadmap is to eliminate the firewall appliances in the branch offices. Together, Herckenrath has a long migration path for transforming his network, but with Cato Cloud he thinks he has the right platform. “We like Cato’s all-in-one approach and the competitive pricing gave us very good value for money.” [caption id="attachment_6744" align="alignnone" width="417"] With Cato, Alewijnse understands how its network is used by all users and locations[/caption]
Read customer story Search
Pet Lovers Deploys 100-site SD-WAN, Eliminates Firewalls with Cato Cloud

Retail

Pet Lovers Deploys 100-site SD-WAN, Eliminates Firewalls with Cato Cloud
Pet Lovers Deploys 100-site SD-WAN, Eliminates Firewalls with Cato Cloud Challenge: How to Connect and Secure 100+ Stores Easily and Affordably Like many retailers, Pet Lovers needed an effective way to secure its stores and franchises. The spread of massive ransomware outbreaks, such as NotPetya, concerned David Whye Tye Ng, the CEO and executive director at Pet Lovers. Pet Lovers had already connected and secured traffic between stores with an Internet-based, virtual private network (VPN). Routers at every store directed point-of-sale (POS) traffic across the IPsec VPN to firewalls in the company’s Singapore datacenter housing its POS servers. But other than the datacenter and four stores, none of the locations had firewalls to protect them against malware and other attacks. Protection was particularly important as employees accessed the Internet directly. Adding firewall or unified threat management (UTM) appliances at each site would have been cost prohibitive and taken far too long to deploy. For those sites equipped with firewall appliances, managing them was “tedious and slow,” says Ng. All security policy changes had to be implemented by the local service provider running the firewalls. He considered connecting the sites via an MPLS service. But following a “meticulous” assessment of the costs and offerings of the managed service, he says that neither MPLS nor deploying security appliances could meet his needs for low-cost, rapid deployment, and ongoing management. “We did not want to be held hostage to the costs of MPLS and wanted a security solution that would be scalable and simple,” David Whye Tye N. Cato Cloud Simplifies Security and Networking at Scale Ng had heard about Cato Cloud and it’s built-in Firewall as a Service (FWaaS). He decided to take a closer look. Cato’s FWaaS includes a next-generation firewall (NGFW) as well as other security services, such as secure web gateway (SWG), Advanced Threat Prevention, and network forensics. All security and networking services are integrated together, enabling Ng to define rich policies tapping security and networking information from across Cato Cloud. With Cato Cloud, Ng could simplify his implementation. Pet Lovers would be able to aggregate traffic from all stores, its datacenter, and, if necessary in the future, mobile users and cloud infrastructure into a common SD-WAN in the cloud. And since Cato Cloud includes FWaaS, Ng would be able to secure everything connected to Cato Cloud, avoiding the costs of deploying and managing new and existing firewall appliances. [caption id="attachment_6666" align="alignnone" width="500"] Pet Lovers gained visibility into all of its traffic with Cato Cloud[/caption] Delivering security from the cloud also appealed to him. Ng had seen first-hand the limitations of UTM appliances. Their feature lists look great on paper. But increased traffic loads or enabling compute-intensive features can force unexpected appliance upgrades. With the cloud’s near limitless resources, he did not anticipate such problems with Cato Cloud. The cloud also brought another advantage — simplicity. As a result of maintaining the SD-WAN and security functionality in the cloud, deployment of Cato Cloud edge is trivial. That’s crucial when you’re talking about rolling out 100+ international locations. Rapid Deployment, Complete Visibility After some initial testing, Ng decided to roll out Cato. The deployment began with a handful of stores, but then was expanded to the rest of the network. Deployment has exceeded his expectations. “We were able to deploy two to three stores per day!” he says. Converging his entire security and networking infrastructure has made management easier: “Hooking up all my stores in eight countries and being able to precisely and clearly manage them from a single dashboard was a major win for going with Cato,” David Whye Tye N. Unlike a managed service, Cato Cloud allows him to configure and change security as necessary. “Before security management was tedious and slow. Now, we can implement policies immediately by ourselves,” he says. Part of that has to do with simplicity and sophistication of security interface “I liked the complete visibility of our security on the fantastic dashboard,” he says, “A security dashboard must be clear and easy to manage. Cato got this one right.” [caption id="attachment_6663" align="alignnone" width="399"] With Cato Cloud, Pet Lovers connects and secures all stores and franchises in one network[/caption] As a result, security has improved. “Before we were vulnerable and web access was wide open. Now we have tight control,” he says. Every project faces deployment challenges. But the Cato team “has been very responsive,” he says “and they work well with my team. People were another key success factor in choosing Cato.” Cato: Good Enough to Recommend to a Friend Looking forward, he’s anticipating connecting the rest of his locations to Cato Cloud. Many of those locations are franchises, which can normally be problematic for retail IT teams as they lack control over the franchisee’s infrastructure. “It’s not an issue with Cato Cloud,” he says. “We control all of the security and networking policy infrastructure. They only need an Internet connection and deploy the Cato appliance, which we’ve proven to be ridiculously easy.” David Whye Tye N Overall, he says his experience has been “awesome” working with Cato. “It’s been a fast and painless implementation with a friendly and responsive service team. I would recommend Cato to a friend and that’s a big deal for me to say.”
Read customer story Search
Pharmaceutical Leader Replaces MPLS with Cato Cloud, Cutting Costs While Quadrupling Capacity

Pharmaceuticals

Pharmaceutical Leader Replaces MPLS with Cato Cloud, Cutting Costs While Quadrupling Capacity
Pharmaceutical Leader Replaces MPLS with Cato Cloud, Cutting Costs While Quadrupling Capacity Global MPLS Limits Centrient As with many enterprises, the IT team at Centrient Pharmaceuticals grew tired of the limitations of MPLS. Performance across the company’s 10-site, global network was for the most part “solid,” says Matthieu Cijsouw Global IT Manager at Centrient. But as the applications’ capacity requirements grew, increasingly the MPLS service was becoming congested. “Users noticed that MPLS was slow. It took a long time for them to open documents,” he says. The high cost of MPLS bandwidth made upgrading global bandwidth unrealistic. “MPLS was about 4x more than Cato for a quarter of the bandwidth,” he says. And bandwidth wasn’t the only problem. Agility was also limiting Centrient. It typically took him three to four months to move a location, a bit faster in Europe. “One time, we needed to move a sales office, and the MPLS connection was simply not ready in time. It led to operational issues and difficult workarounds,” he says, “Needless to say that was not appreciated by the business.” Centrient Evaluates SD-WAN Alternatives As his MPLS contract came up for renewal, Cijsouw started looking into SD-WAN. A technology partner recommended a combination of SD-WAN appliances, firewalls, and secure web gateways (SWG). But Cijsouw thought the solution would be too complex and was troubled by the dependence on the Internet middle-mile. “Internet performance from many regions, particularly China mainland, fluctuates significantly during the day,” he says. “We wanted a middle-mile solution.” Global SD-WAN service providers, such as Cato, replace MPLS (and the Internet middle-mile) with an affordable MPLS alternative. The Cato Cloud Network is a global, geographically distributed, SLA-backed network of PoPs, interconnected by multiple tier-1 IP backbones. Cato dynamically selects the optimum IP backbone for every packet giving Cato Cloud better performance and uptime than any one of the underlying networks. But while Cato Cloud provides global connectivity at Internet-like prices that’s not the case for every global SD-WAN service provider. “The other provider’s service would have meant spending around 2x more than with the Cato solution and still not get any of the security services Cato offers.” After meeting with the Cato team, he decided to run a proof of concept (PoC). Cato Sockets, Cato’s zero-touch, SD-WAN appliances, were installed in three locations alongside the existing MPLS circuits. Firewall rules steered traffic from specific hosts onto the Cato Cloud. “We did load balancing, failover tests, and load tests and Cato passed them all,” he says. During the next phase, he put a production load on Cato Cloud to see if there would be any hiccups. Not only weren’t there any problems, but users noticed that applications were even more responsive, he says. Like many enterprises, there was initially some concern about moving the global backbone to a startup. “For a pharmaceutical company, it’s not very normal,” says Cijsouw. He convinced management of the Cato Cloud’s value and showed how he could minimize risk. “We migrated to Cato in stages, gaining confidence along the way,” he says, “Even with a full deployment, I can bring up a global, site-to-site VPN in two hours should something happen, but I don’t see that as a concern. Not only does Cato Cloud perform well, but the support Cato offers is insanely great. I never experienced such a fast response.” Centrient Switches from MPLS to Cato Cloud In the end, he decided to move all MPLS locations to Cato Cloud. “It only took us about a month,” Cijsouw says, “The actual cutover was done in 30 minutes.” Most locations had been equipped with 6 Mbits/s MPLS connections. He replaced those with two, and in some cases, three local Internet connections for an aggregate capacity of 20 Mbits/s per site, burstable to 40 Mbits/s. Datacenter capacity is even higher, up to 50 Mbits/s, burstable to 100 Mbits/s — enough for current usage. With Cato Cloud, Centrient gained deep visibility into network performance. The additional connections were dual-homed for maximum availability. To ensure complete redundancy in the physical layers (including wiring and ducting), Cijsouw followed best practices and connected sites to the Internet with separate technologies — typically glass fiber and radio connections. Not only has he reduced his costs, but with more capacity, his applications continue to perform as well, if not better, than with MPLS. “The voice quality of Skype for Business over Cato Cloud has been the same as with MPLS but, of course, at a fraction of the cost”, he says. “In fact, if we measure it, the packet loss and latency figures appear to be even better.” His connections into China also work equally or “even better” than with MPLS, he says. And with Cato Cloud, he gained greater visibility into his network. The reporting is very “accessible” with detailed statistics online usage, he says. A More Agile Future With Cato Cloud As Cijsouw looks ahead, Cato Cloud will afford him flexibility — and negotiating strength — in other areas of his network. His firewall appliances, for example, are coming up for renewal in a year. Besides providing site security, they also serve as his mobile access solution.  With Cato Security Services and Cato’s mobile client bundled with Cato Cloud, he could replace both and save on licensing and operational costs. “Today, we outsource firewall maintenance for about 25 percent of our networking budget,” he says, “With Cato that wouldn’t be necessary.” Overall, how would he summarize his Cato experience? “It’s been really excellent,” he says. “Product delivery, support have all been there. With Cato Cloud, not only did I receive a more agile infrastructure, but I also received an agile partner who can keep up with my needs.  We operate faster because of Cato.”
Read customer story Search
Salcomp Replaces Global MPLS, Firewalls, and WAN Optimizers With Cato Cloud

Manufacturing

Salcomp Replaces Global MPLS, Firewalls, and WAN Optimizers With Cato Cloud
Salcomp Replaces Global MPLS, Firewalls, and WAN Optimizers With Cato Cloud Salcomp Finds Global MPLS Too Unreliable and Rigid When you’re a primary manufacturer to major mobile phone companies, uptime and security are critical. A small hiccup in your production line could be disastrous for your customers — and your business. All of which might sound like a good reason for sticking with expensive managed MPLS services until you consider that you’re also being evaluated on budget management. Such was the challenge for Ville Sarja. The seasoned CIO was responsible for the aging IT architecture at Salcomp, a global manufacturer of adapters for electronic devices, originally part of Nokia and now a primary supplier to Samsung and other leading mobile phone companies. “The IT template hadn’t changed in nearly 20 years since Nokia spun out Salcomp”, says Sarja. During those two decades, though, Salcomp’s business had changed significantly. The headquarters and the datacenter were still in Finland, but most manufacturing occurred in Brazil and the Asia Pacific. Offices had given way to more mobile users, particularly in China. The cloud had become far more popular, something Sarja was looking to leverage, and video conferencing had become the norm. Optimizing Network Spend a Must for Salcomp None of which sat well for Salcomp’s networking architecture. The company’s global MPLS network, which connected manufacturing plants in China, India, and Brazil with the datacenter and headquarters in Finland, consumed a “significant portion” of Salcomp’s IT budget, says Sarja. MPLS: Not Suited for the Future Global MPLS bandwidth was limited, which would prove problematic as traffic requirements grew. To address the situation, Salcomp deployed WAN optimizers at each end of his MPLS connections, but the WAN optimizers were challenging to configure, he says. MPLS is also poorly suited for taking advantage of cloud services, which Sarja knew Salcomp wanted to leverage. “We wanted to be more cloud compliant, which was not compatible with the infrastructure in place,” he says. Global MPLS’s Last-Mile Availability Problems And for all of its touted uptime and availability, MPLS’s dirty secret remains the last-mile connectivity problems that arise on global connections. Unable to control last miles outside of their regional networks, MPLS providers must rely on local third-party partners —  often with mixed results. For just that reason, Salcomp equipped locations with backup connections — local Internet access and firewall clusters running antimalware and IPS. “In Brazil, we had a problem with an MPLS circuit, and the office was out of service for six months. Luckily we had Internet redundancy, so we were able to direct traffic to the Internet and bandwidth and connectivity were good enough. Our MPLS provider was unable to resolve the problem,” he says. MPLS’s Long Installation Times The last straw was MPLS’s rigidity around new site installation. Says Sarja “In terms of deploying new sites, which was something we’re doing more in the past year, MPLS takes up to six months to have a circuit in place. That’s not very critical because it’s a site to be established and we can plan but regardless the inflexibility was there,” he says. Performance Testing Shows Cato Blows Away MPLS Two years previously, Sarja had begun studying SD-WAN. Two years later, he returned to that effort, determined to find an MPLS alternative. “We thought an appliance-based SD-WAN solution was the most promising approach, but the SD-WAN reseller was unable to get our POC started. There were cooperation issues with the SD-WAN vendor, and we were caught in the middle of everything,” he says. That’s when he learned about Cato. “I liked the fact that the Cato service used Cato’s own technology,” Sarja says, “It makes your life easier when you’re working with the vendor. The knowledge is there, and logistical problems are resolved beforehand, making onboarding much easier.” Sarja and his team decided to run a POC, testing Cato Cloud from Salcomp’s Finland datacenter and locations across China, Taiwan, and India. They deployed a Cato Socket at each location with policies in the local firewall steering the pertinent traffic to Cato. Three types of tests were run: Sharepoint file transfers and file sharing. Salcomp wanted Cato performance to be at least as good as the current 10 Mbits/s, MPLS connection or other SD-WAN providers over the Internet (also operating at about ~10 Mbps). SAP user experience. Salcomp didn’t want any degradation in SAP experience as measured by running reports and in the time taken to execute transactions. Office 365 performance. Uploading and downloading of files from Sharepoint Online in the Hong Kong region across Cato was to be compared against the regular Internet and other Internet-based SD-WAN solutions. What Sarja found impressed him. Data throughput on Sharepoint file transfer testing from Taiwan to Finland with Cato was 30x better than MPLS with a WAN optimizer; file sharing improved by more than 40x. Within China, Sarja found downloading a 116 MB Excel file across the site’s 20 Mbits/s connection to Cato Cloud on average took 83 seconds. Across MPLS? Download times were 20x longer. Latency also dropped by 13% when tested from China to Finland across Cato. And not only was performance as good if not better than MPLS, but Cato deployment was much quicker. He could use any Internet line to connect locations to Cato Cloud, eliminating the six-month deployment times required for MPLS. Salcomp Replaces MPLS with Cato Cloud Sarja decided to move forward with a phased migration of Salcomp’s production line onto Cato. Initially, the team connected the datacenter in Helsinki to Cato. Afterward, they migrated the Indian and Brazilian locations. During the final phase, Sarja moved over the China locations of Shenzhen and  Guigang, as well as the Taiwan location in Taipei. Across all locations, he replaced the routers, firewall appliances, and WAN optimizers with redundant Cato Sockets configured in high-availability mode. “With just one architecture, not three, we can make changes in a few minutes that required weeks with our MPLS provider,” he says.  Without local firewalls, Sarja relied on Cato Security Services to protect against network-based threats. Cato Security Services is a fully managed suite of enterprise-grade and agile network security services built into Cato network that includes Next-gen Firewall (NGFW), Secure Web Gateway (SWG), Advanced Threat Prevention, Cloud and Mobile Access Protection and Network Forensics. Testing done by a leading mobile phone manufacturer vetted Cato’s security, allowing Sarja to extend an IPsec tunnel from his Cato network to the mobile phone provider’s premises. Since the deployment, Sarja was able to show far better budget management. He’s playing less per megabit for bandwidth and eliminating all of those appliances at each location has saved him a bundle. “We’ve reduced our networking opex by 50 percent and more since moving from MPLS to Cato,” he says. Salcomp IT: Ready for Today and Positioned for Tomorrow With the transition to Cato, Sarja is better positioned to address new IT challenges facing his organizations. He’s planning a Microsoft Office 365 deployment and expects to connect his Office 365 instance to Cato. Cato dramatically improves cloud performance, routing traffic along the optimum path across the Cato backbone to the Cato PoP nearest to the customer’s cloud instance.  Cato PoPs collocate in the same physical datacenters as the IXPs of Microsoft, AWS, and other leading cloud providers, making it a short hop across the datacenter’s local network into the cloud provider. It’s like having premium, direct cloud connections from 40+ locations across the globe — for free. Cato’s range of built-in optimizations also benefit unified communications. “Video quality with Microsoft Lync from China has been very good,” he says.  Sarja is also looking at equipping mobile users with Cato’s mobile client to connect to Cato Cloud, once their existing VPN licenses expire. Overall, Sarja says he’s received the best feedback any CIO could want from his users — nothing. “Users just aren’t complaining any longer,” he says. And that’s a very good thing.
Read customer story Search
Standard Insurance Uses Cato for Cloud Migration and Digital Transformation

Financial Services

Standard Insurance Uses Cato for Cloud Migration and Digital Transformation
Standard Insurance Uses Cato for Cloud Migration and Digital Transformation Many enterprises are undergoing a digital transformation — reinventing the way they do business to become more innovative and more responsive to customer needs. This often entails migrating applications to the cloud and increasing business agility by simplifying the IT infrastructure. Both were undoubtedly goals for Standard Insurance whose digital transformation initiative became so successful that ICMG, a leading full-service enterprise and IT architecture firm, awarded the company winner of “Best Architecture for IT Infrastructure” in 2018. Standard Insurance, a nationwide provider of insurance and financial products in the Philippines had initiated a multiyear digital transformation project in 2016. The company was shifting to online selling and needed to evolve its aging backend software infrastructure. The system served the entire process of the insurance business, from application and proposal to policy issuance, administration, and claims—in other words, the lifecycle of the company. The new, custom-developed platform, though, still ran in the company datacenter. A system failure would represent an existential threat to the company; moving the insurance software to AWS became a priority. Insurance agents and employees across sixty branches VPNed into the Makati headquarters to access the company’s insurance application. Those sites were secured by branch firewall appliances connected by telco-provided VPN services. But the lack of telco coverage meant that Alf Dela Cruz, First Vice President, Head of IT Infrastructure and Cybersecurity at Standard Insurance, and his team had to manage multiple provider relationships to deliver comprehensive branch connectivity. It was a headache. Security was also a concern. The local firewall appliances needed to be upgraded, which was a constant expense, and were insufficient to protect the organization. After two ransomware incidents, the CEO demanded a dramatically improved security posture. The complexity of the firewall appliances also complicated site deployments. “With a hardware firewall, we had to copy information to every site and make sure it stays updated, and whatever changes we make at the head office need to filter out to every branch,” says Dela Cruz. In a Head-to-Head Evaluation, Cato Reduces Security Costs By Half The IT team intended to replace the firewall appliances with on-premise next-generation hardware appliances, but while awaiting delivery of the new hardware, Dela Cruz heard about Cato. “When we learned about the Cato solution, we liked the idea of simple and centralized management. We wouldn’t have to worry about the time-consuming process of patch management of on-premise firewalls,” he says. Cato connects all enterprise resources — locations, cloud resources, and mobile users — to a common, optimized global backbone, which today is built from more than 42 PoPs across the globe. With all traffic on the Cato backbone, Cato applies a common security policy to protect all resources. Next-generation firewall (NGFW), secure web gateway (SWG), URL filtering, malware prevention — all are built into the Cato service. Cato MDR, a managed threat detection and response (MDR) service, offloads the resource-intensive and skill-dependent process of detecting compromised endpoints onto the Cato SOC. Standard Insurance put its hardware acquisition on hold to evaluate Cato head-to-head. “We would easily spend double in terms of what we spend for Cato,” he says. “The cost of the total solution Cato is providing us – including the centralized management, cloud-based monitoring, and reports – matches the cost of the firewall appliances alone. Then we would still need to add in the cost of appliance management and the advanced protection and other components of the firewalls.” Cato Simplifies Network and Security Infrastructure If Cato intrigued the Standard Insurance team with its low cost, Cato won the day with its AWS connectivity. Cato’s points of presence (PoPs) are co-located in the same physical datacenters as the IXPs of Amazon AWS, Microsoft Azure, and other cloud datacenter services, providing fast access to cloud resources across cloud providers and global regions. “Once we migrated our critical applications into the AWS cloud, we took Cato even more seriously because of their compatibility with the cloud network. This allows our branches to easily connect to the AWS cloud via the Cato network,” says Dela Cruz. Implementing Cato also allowed Standard Insurance to shorten deployment times. Dela Cruz and his team could eliminate all branch firewalls and Internet-based VPNs, and instead, send a Cato Socket, Cato’s small SD-WAN device to each branch for a non-technical person can simply plug it in. Once the Socket connects to the Internet, the Cato network recognizes it, joining the Socket into the SD-WAN. The Socket inherits the global security policies Dela Cruz and his team have configured for the network. “We can set up a branch in minutes with Cato,” says Dela Cruz. [caption id="attachment_6558" align="alignnone" width="297"] With Cato, Standard Insurance connected all users, sites, and cloud resources into a single backbone.[/caption] Enforcing one set of security rules in the cloud for all users and resources makes secure much easier to manage and update. Policies can also be customized to meet the needs of individual locations, users and more from the Cato management console. “The Cato management console is very easy to comprehend,” says Dela Cruz. As for the users, Standard Insurance employees enjoy a better user experience. Previously, IPVPN bandwidth was limited to 1 Mbits/s. “With Cato we increased Internet bandwidth by 10x, significantly improving performance without increasing costs,” says Dela Cruz. Standard Insurance Looks Towards the Future with Cato Standard Insurance will continue with its broader transformation efforts. Initiatives planned include implementing single sign-on (SSO) for all of its applications and numerous application changes. As for the infrastructure, Standard Insurance is looking to roll out more mobile clients to bring more dealers and agents onto the network. “We are recommending Cato to our business partners,” says Dela Cruz. “We love that the solution is cloud-based, easy to manage, and less expensive than other options.”
Read customer story Search
CIAL Dun & Bradstreet Improves Networking and Security in Latin American with Cato

Financial Services

CIAL Dun & Bradstreet Improves Networking and Security in Latin American with Cato
CIAL Dun & Bradstreet Improves Networking and Security in Latin American with Cato The Challenge: Improve the Networking Infrastructure for Latin American Offices CIAL Dun & Bradstreet faced an all too familiar networking problem: integrating disparate operations. “When the acquisition closed, we were aware that some of the offices were in need of an upgrade of networking infrastructure,” says Yoni Cohen, Chief Technology Officer for CIAL Dun & Bradstreet. “In some places, the internet wasn’t fast enough, and this was a real impediment to business.” Centro de Información América Latin (CIAL) Dun & Bradstreet was launched when CB Alliance became the WWN Partner of Dun & Bradstreet International in Latin America’. CIAL Dun & Bradstreet is the premier provider of commercial trade credit and supplier risk management data and solutions across Latin America. Offices are based in Argentina, Brazil, Mexico, Peru, and South Florida, with additional personnel in countries throughout the region. CIAL was charged with creating a new network to unify this new company, and link it to its existing offices, including teams in Zagreb, Israel, and New York. “We wanted everything to be on one unified but secure network,” says Cohen. SD-WAN Reduced Network Access Costs, Increased Cross-Site Access to Applications Cohen began looking at an SD-WAN approach for several reasons. “I wanted a flexible, virtual network because I knew we would be adding offices and making other changes in the near future,” he says. “We weren’t locked into long-term contracts for the MPLS circuits, and this gave us the ability to lower our costs by installing broadband circuits in their place.” The cost of bandwidth – either MPLS or broadband – is considerably higher in Latin America than in other places. Anything CIAL could do to reduce costs would be helpful. “Having one major datacenter in the middle of Latin America didn’t seem like a particularly good approach. That’s why we started thinking about SD-WAN.” CIAL Alliance Tests Cato Soon after Cohen began his research on SD-WAN solutions, he read an article about Cato Networks and reached out to learn more. He liked what he heard and signed CIAL on as a Cato Networks customer. “It was a successful rollout, We worked with a network engineer from Cato who was critical to our ability to build the connections we needed,” And while he’s been able to reduce costs, cost reductions have not been the only benefit with Cato: “We’re getting far more for the money. Connecting our locations and the cloud, having the TLS inspection, having the antivirus at the network level — there’s a lot of value,” CIAL Dun & Bradstreet ended up with connections to the Dun & Bradstreet global data supply chain via VPN tunnels to various enterprise datacenters, tunnels to instances in Amazon AWS, along with the individual sites. [caption id="attachment_6550" align="alignnone" width="747"] CIAL Dun & Bradstreet connected to the global data supply chain via VPN tunnels to various enterprise datacenters, tunnels to instances in Amazon AWS, along with the individual sites.[/caption] Cato’s ability to prioritize WAN and Internet traffic has been particularly helpful. “Because Internet connectivity is expensive in Latin America, it’s prohibitively expensive to give people very high Internet connections. When you have 80 to 100 people sharing a connection, you need to prioritize the traffic.” Cato also gives CIAL Dun & Bradstreet the ability to segment traffic to prevent the spread of malware. “We use the WAN rules to segment traffic much more carefully,” Cohen says. “We use a TLS inspection service to prevent any viruses from spreading across our network. We added security rules around the type of traffic and type of pass-through, so it would be much harder for any malware to get from site to site.” CIAL Dun & Bradstreet Looks Ahead with Cato Cohen is looking for ways to get more out of CIAL Dun & Bradstreet’s use of the Cato Cloud. “One thing I’m considering is to have the Cato Client on all our devices to force them to come through the Cato Cloud. This is probably my next move with Cato,” says Cohen. The Cato Client connects mobile users to the Cato Cloud and provides secure and optimized access to the enterprise SD-WAN. All of the resources accessible from the locations, whether they’re in physical datacenters or in the cloud and Internet, can be made accessible to mobile users. And by connecting directly to those resources through the closest Cato PoP, mobile users performance if far better than traditional mobile VPN solutions. This has allowed the team to expand in new regions rapidly and organically. “I love what Cato is doing. They take an area that is complicated and make it easy,” says Cohen. “What we have done with them so far has made a meaningful impact on our ability to have a smooth transition to a unified company network and allowed this to be one thing that we’re not worried about.”
Read customer story Search