Firewall-as-a-Service (FWaaS)

Firewall-as-a-Service (FWaaS) is a new and revolutionary way of delivering firewall and other network security capabilities as a cloud service. It eliminates the constraints and complexities of legacy physical and virtual firewalls, and make network security consistently available everywhere.

Firewall-as-a-Service Capabilities

Full Traffic Inspection Without Blind Spots

Cato inspects network traffic from all sources and to all destinations across the internet (north-south) and the WAN (east-west). This includes traffic over all ports and protocols, and is not limited to HTTP/S traffic only.
Cato helps enterprises retire both branch and datacenter firewall appliances and replaces them with Cato FWaaS. Firewall elimination is possible because Cato can deliver all legacy firewall capabilities in a network (and not proxy) architecture, from the cloud, with multi-gig throughput.
Using Cato FWaaS enterprises avoid configuration gaps, blind spots, and reduce the risk of data breaches

Scalable Firewall Ruleset Management

Cato FWaaS processes rules based on their order in the ruleset, stopping at first hit. To avoid flooding the ruleset with numerous rules, each rule can be set with specific exceptions. Cato allows admins to group rules into sections for better readability and efficient review by 3rd party auditors.
Cato offers a rich set of objects (user identity, organization unit, device, host, application, protocol, location, network, VLAN, and many more) that can be used in the rules, and the ability manage them in logical groups that can combine multiple object types.

Full Logging and Monitoring for Detailed Analysis and Reporting

All rules and actions in the Cato FWaaS can be set to record an event and store it on the Cato SASE Cloud Platform for an agreed upon retention period.
Email notifications can be configured to alert on selected event that repeat during a defined period and at a defined urgency.
Event monitoring and analysis is available through dedicated dashboards and through the event monitoring interface which provides easy-to-use searching and filtering.
An audit trail records all admin activities for tracking, monitoring and auditing.

Unlimited Processing and Inspection Capacity for Every Need

Cato FWaaS is a cloud service that benefits from a cloud-native software architecture. Features and capabilities are not limited by the underlying hardware, and autonomous and elastic scaling and self-healing ensures high performance and service resiliency.
Cato allow admins to enable all features, including TLS inspection, and use any type and number of objects, groups and rules without worrying about performance or availability.
Cato’s cloud-native software architecture eliminates concerns of increased latency due to CPU load, packet drops, or device failure. Similarly, risk of mid-term appliance replacement due to insufficient compute power is avoided.

Microsegmentation, Access control and Zero Trust for Risk Reduction

Microsegmentation can be easily configured to restrict access to sensitive resources. Policies can be set based on groups, networks, VLANs and individual objects such as hosts and users to govern granular access that meets business requirements. For zero trust, Cato allows admin to set identity-to-identity, identity-to-app, and app-to-app access policies that factor in not only the identity of a user, but also their geo location, method of connectivity, security posture and more.

DPI-based Application and User Awareness

Cato FWaaS includes built-in awareness to thousands of applications across all ports and protocols and the ability to define custom applications. A DPI engine identifies the application or service as early as the first packet and without having to decrypt the payload.
Cato allows policy configuration and enforcement that factors the identity of the users and the organization units they belong to. By synchronizing with the user directory, and using the identity agent in the Cato Client, a user identity is associated with every network flow.

The Strategic Benefits of a True SASE Platform

Architected from the ground up as a true cloud-native SASE platform, all Cato's security capabilities, today and in the future, leverage the global distribution, massive scalability, advanced resiliency, autonomous life cycle management, and consistent management model of the Cato platform.

Consistent Policy
Enforcement 

Cato extends all security capabilities globally to deliver consistent policy enforcement everywhere and to everyone, from the largest datacenters and down to a single user device.

Scalable and Resilient Protection

Cato scales to inspect multi-gig traffic streams with full TLS decryption and across all security capabilities, and can automatically recover from service component failures to ensure continuous security protection.

Autonomous Life Cycle Management

Cato ensures the SASE cloud platform maintains optimal security posture, 99.999% service availability, and low-latency security processing for all users and locations without any customer involvement.

Single Pane of Glass

Cato provides a single pane of glass to consistently manage all security and networking capabilities including configuration, analytics, troubleshooting, and incident detection and response. Unified management model eases new capabilities adoption by IT and the business.

Recognized as a SASE Pioneer and Leader by Industry Analysts

Cato is the category creator of SASE. We didn't invent the name, but SASE is Cato's founding vision. Since 2015 we are continuously evolving and perfecting the only true SASE platform. Cato is fully committed to deliver on the promise of SASE: making secure and optimized access effortlessly available for everyone and everywhere.

“We ran a breach-and-attack simulator on Cato, Infection rates and lateral movement just dropped while detection rates soared. These were key factors in trusting Cato security.”

Try Cato

The Solution that IT teams have been
Waiting for. Prepare to be amazed!

Contact Us