The Challenge: Improve Network Security and Availability Without Compromising Performance or Agility
Manufacturers know all too well the pains of relying heavily on global VPNs. They might be more cost-effective than MPLS, but performance is very unpredictable, and setting up numerous VPN connections, is too time consuming. And none of that touches on the problem of providing local security.
These were precisely the challenges facing Global Food Supplier. The company, which asked to be anonymous, develops and delivers healthy feed solutions for fish. It operates 31 manufacturing facilities and offices across Europe and the UK, in Central and South America, Tasmania, and now in China. Prior to coming to Cato, the company ran its own network, connecting locations primarily via a VPN between on-site firewall appliances. Some MPLS links were used to connect several sites.
As the company matured, it grew through acquisitions, and with that came the need to update its connectivity and security options. The impending expiration of many of the sites’ license-support for the firewalls drove the company to reassess its security approach. The existing firewalls lacked the capacity to meet the company’s needs and would have required massive upgrades. Otherwise, the company would have had to disable critical services, such as virus scanning and SSL traffic scanning. The company knew it needed to enable advanced security globally, but the cost to do so with firewall appliances was very high.
Availability was another critical concern. High availability was only set up in offices in a few countries, leaving the remaining locations exposed with single points of failure. What’s more, the company had little visibility into the network’s operations. If users had performance issues, or worse, the site experienced a network failure, the IT team lacked the insight to know what was going wrong. And as more applications began moving into the cloud, the company needed additional solutions for WAN optimization, and to reduce latency for applications such as SharePoint, team collaboration, email and M3 (ERP).
Cato’s SASE Platform Provides Significant Advantages
The company’s IT team made the pitch to executive management: standardize on Cato Networks’ global solution to benefit from several advantages. First, every site would be configured for high availability by installing redundant, cost-effective Cato Sockets, Cato’s edge SD-WAN appliances. Second, advanced security is fully converged into Cato’s SASE platform. The company’s network would be continuously monitored and scanned to detect suspicious traffic.
Global performance was also key. Cato includes WAN optimization in its global private backbone. By contrast, the existing VPN offered very poor performance in several countries, especially China, Costa Rica, Chile and Ecuador, due to its dependence on the public Internet. This made access to global systems like Office 365 and M3 almost useless.
Network visibility was another advantage offered by Cato. The company would now have deep insight into the performance of all last mile connections. Cato provides real-time and historical graphs for throughput, latency, jitter, and packet loss. The company would also have centralized management 24×7 support and monitoring.
Finally, there were the cost savings of going with Cato. With Cato’s global private backbone, the company would be able to eliminate all MPLS circuits. And with Cato running security in the cloud, the company would avoid hardware upgrades of its legacy firewalls.
How Going with Cato Led to Consistent Performance and Security Worldwide
The company wanted a single global solution that could connect and secure all offices and production facilities in a consistent manner. Also, the company lacked internal expertise to support this network, so an external technology partner was needed to make configuration changes and keep the network running.
“We had some discussions about going with a global MPLS solution, but we knew we would always end up somehow with more than one supplier and multiple points of contact because of all the countries we are in.”
“We had some discussions about going with a global MPLS solution,” says the IT manager, “but we ruled out that option because even though we would theoretically get one supplier, we knew we would always end up somehow with more than one supplier and multiple points of contact because of all the countries we are in.”
Cato also allowed the company to eliminate all the branch firewalls and VPN connections. Cato Cloud is an affordable MPLS alternative, connecting all branches, trusted business partners, and physical and cloud data centers with an SLA-backed, affordable global backbone. The company’s remote locations connect to the company’s systems via redundant Cato Sockets; remote users connect through the Cato client. With all WAN and Internet traffic consolidated in the cloud, Cato applies a set of security services to protect all traffic at all times. Firewall and other security rules are now centralized in Cato Cloud, so they are easy to manage and automatically updated by Cato.
“It’s good to get the automated client and security updates from Cato,” says the IT manager. “We didn’t have updates from our firewall vendor—ever. Now we have everything updated centrally by Cato. This ensures we always have the latest features enabled to protect our network.”
“Once we began our pilot with Cato, we saw that it is much, much easier for us to get high-level support from Cato than we could ever get with our legacy firewall provider”
Support also stood out for him. “One of the best parts of our relationship with Cato is the level of support we receive,” he says. “Once we began our pilot with Cato, we saw that it is much, much easier for us to get high-level support from Cato than we could ever get with our legacy firewall provider, even after 15 years with them. They just didn’t care about us, but Cato is very attentive to our needs. We can talk directly to the people who will get our business needs implemented.”
Future Looks Brighter with Cato’s Advanced Analytics
Looking toward the future, the company’s IT team plans to set up advanced segmentation of its network and to set priorities for its various applications. “We are looking at how much bandwidth is used by different applications and will use policies to prioritize what’s most important to us,” he says. “With all the insight and visibility we get from Cato, we’re confident we can optimize our bandwidth usage to get even more benefits from our network.”