Optimized and Secure Remote Access

Enterprises are seeing a growing need for employees to work remotely. In particular, during times of crisis the ability to work securely and productively from home is a critical pillar of business continuity planning.

Cato SDP enables remote users, through a client or clientless browser access, to access all business applications, via secure and optimized connection. The Cato Cloud, a global cloud-native service, can scale to accommodate any number of users without deploying dedicated VPN infrastructure. The users connect to the nearest Cato PoP, and their traffic is optimally routed across the Cato global private backbone to on-premises or cloud applications. Cato’s Security as a Service stack protects remote users against threats and enforces application access control.

Cato integrates with Active Directory as the center of Identity and Access Management. Quickly setting up directory synchronization and selecting desired user groups, or all groups, automatically enables these users for remote access. Applications access control policies are configured via the Cato management application.

Cato is integrated with identity providers to provide strong authentication and a single-sign-on (SSO) experience. Setting up existing authentication services, like Office365 or AzureAD, as the remote access SSO will make your users securely authenticate through interfaces they are already familiar with. And, Enabling multi-factor authentication at your identity provider will automatically enforce it to your remote access user’s authentication, further strengthening your remote access security.

Cato provides the flexibility to choose how remote and mobile users securely connect to resources and applications. Cato Client is a lightweight application available for Windows, macOS, iOS, Android and Linux. It is set up in minutes and automatically connects the remote user to the Cato Cloud. Clientless access allows optimized and secure access to select applications through a browser. Users simply navigate to an Application Portal, which is globally available from all of Cato’s 60+ PoPs, authenticate with the configured SSO, and are instantly presented with their approved applications.

Remote access traffic is continuously inspected by Cato’s security stack ensuring enterprise-grade protection is available down to a single user. Cato’s access controls (NGFW, SWG), threat prevention (IPS, NGAM) and threat detection (MDR) capabilities are enforced globally, ensuring your remote users benefit from the same protection as office users.

Cato extends global network optimization capabilities down to a remote user’s laptop, smartphone, or tablet. Once connected using a Cato Client or clientless browser access, a remote user’s network traffic is optimally routed over Cato’s global private backbone to on-premises or cloud applications. The use of Cato’s backbone eliminates the performance challenges of legacy VPN access that relies on the unpredictable Internet and its packet loss, latency and jitter. Furthermore, built-in WAN optimization maximizes throughput for bandwidth intensive applications like collaboration and file sharing.

Cato takes away the capacity constraints of traditional VPN appliances. Cato’s cloud-native architecture, elastic capacity, global footprint, and self-healing capabilities are designed to continuously support any number of remote users connected at any time. Delivered from Cato’s 60+ PoPs worldwide, secure remote access is made available near your remote users wherever they are. There is no need to backhaul remote users to a central VPN concentrator with limited bandwidth and high latency.

Remote users’ management and analytics are available from the Cato Management Application. Defining access permissions and monitoring the activity of remote users from the same platform increases your visibility and control and improves the overall security posture.

When a business continuity plan needs to be activated, your entire workforce can instantly switch to work remotely. Cato is built to continuously secure and optimize all your users’ traffic, regardless of where they are located and how they connect to Cato. This makes your enterprise application access BCP-ready by design.