Hoyer Motors Taps Cato to Connect China Offices and Cato MDR for Better Malware Protection The Challenge: Keep Firewalls Current Without Sacrificing Control
It's no secret that manufacturers everywhere need to protect themselves against malware. But as attacks come faster and attackers become more sophisticated, how do enterprises secure themselves without compromising their budget or relinquishing control?
Hoyer Motors faced that same challenge. The near half-century-old Danish manufacturer of electric motors had relied on Internet-based VPN and branch firewall appliances to connect its locations across Europe, Korea, and China. The China office also had an MPLS connection. A third-party managed the company's branch firewall appliances.
"It's really, really crucial that a firewall update be applied immediately. Otherwise, you risk being breached. But it could take our management provider 14 days to update our firewalls."
And it was in those branch firewalls that the company faced so many challenges. "It's really, really crucial that a firewall update be applied immediately. Otherwise, you risk being breached," says Kenneth Middelboe Carlson, IT Senior Administrator at Hoyer. "But it could take our management provider 14 days to update our firewalls."
"By using smaller hardware-based firewall appliance solutions, which were outsourced to another company, Hoyer had no control, no visibility, and no clue the firewalls were working or not working," explains Kristian Secher-Johnsen, CEO at Secher Security, a premium Cato partner and security advisor to Hoyer.
Hoyer was also facing service interruptions at many offices. "The offices had difficulties in connecting," says Carlson.
And then there was cloud migration. Since Hoyer had first deployed its global network, the cloud services had matured. As a result, Hoyer wanted to migrate to the cloud and wanted an infrastructure that would reflect that change.
Hoyer Embarks on Its WAN Transformation Journey
Hoyer began looking for another global networking solution. "In general, the core functions we were looking for were some cloud possibilities so that we could get the same benefits in Denmark, Europe, and China," says Carlson.
"We wanted something that could be updated and managed easily, something that IT could do themselves."
Hoyer was also looking for something easier to manage. "We wanted something that could be updated and managed easily, something that IT could do themselves. We like to do most of the things ourselves instead of paying consultant fees to other companies."
And the company wanted SD-WAN to provide last-mile redundancy and high availability by leveraging multiple Internet connections. "In case someone digs up the fiber and cuts it in half, you can still use 4G. It's essential that you do not have a single point of failure because if your infrastructure fails, then our customers, our colleagues, can't do the work, and we lose money," he says.
Hoyer Selects Secher Security with the Cato Global SASE Platform
Hoyer began looking at various solutions when the team was contacted by Secher Security offering the Cato solution. "I believe we had our little sheet with five key notes and the Cato solution that Secher presented to us was actually down on all of them," says Carlson. "We have WAN optimization. We have SD-WAN. It's a SaaS solution, but it's global everywhere."
Carlson was excited by the Secher-Cato proposal but skeptical. "Sometimes you know when a salesperson contacts you, it's like, of course, it can be better. But is it better?" asks Carlson.
"4G connections in the outer areas of China where you normally cannot connect to anything just worked with Cato. It was really, really impressive to see."
So, Hoyer requested a testing phase. First, they deployed Cato Sockets, Cato's edge SD-WAN devices, in their server room and equipped five users with the Cato Mobile Client. "The improvement, especially in China, was incredible. I have never seen anything like it," says Carlson. "4G connections in the outer areas of China where you normally cannot connect to anything just worked with Cato. It was really, really impressive to see."
When Hoyer saw results like those, the outcome was clear. "We knew we needed to agree on a price and terms. But, compared to the MPLS that we already had, which is a pretty hefty price, it didn't really take much to do the change."
Hoyer Taps Cato MDR for Improved Security
Hoyer eventually equipped remaining mobile users with the Cato Mobile Client and locations with Cato Sockets. Branch firewalls were replaced with Cato's security-as-a-service, which Hoyer can fully manage. Additional insight was provided by Cato Managed Threat Detection and Response (MDR).
With Cato, site and mobile users automatically send all traffic to the nearest Cato PoP. With each PoP, Cato's converged networking and security, cloud-native software stack inspects the traffic, applies the necessary security and networking policies before sending the traffic onto to Internet, or optimizing it and sending it across the Cato global private backbone.
"Our connection is better than what we have ever had, especially in China. We have people in factories in northern China that have never been able to work on remote desktop to connect to our system, and now with Cato, they can do that, and that is really, really big."
"Generally, we have had everything that Secher Security promised," Carlson says. "Our connection is better than what we have ever had, especially in China. We have people in factories in northern China that have never been able to work on remote desktop to connect to our system, and now with Cato, they can do that, and that is really, really big."
With Cato, gone are his concerns around timely patching of firewalls. Instead, the Cato team keeps the Cato security stack, which includes a next-generation firewall (NGFW), Intrusion Prevention System (IPS), and Secure Web Gateway (SWG), always current. And by constantly hunting the network for the symptoms indicative of malware and network attacks, Cato MDR often identities threats missed by legacy, anti-malware systems.
"Guest computers were brought into our office and connected to the Guest Internet, which is not connected to the company domain. Cato MDR notified us that they were infected with anti-malware even though they were running Windows 10 with active antivirus."
"We were pleasantly surprised with Cato MDR," he says, "Guest computers were brought into our office and connected to the Guest Internet, which is not connected to the company domain. Cato MDR notified us that they were infected with anti-malware even though they were running Windows 10 with active antivirus." Cato MDR also flagged unknown devices on the network.
In short, "MDR has changed how we look at security," says Carlson. "Right now, we're optimizing security, antivirus, pattern control, and everything more thoroughly than we have ever done before, basically because of MDR. Cato MDR has been more impactful than I ever thought imaginable."
Cato: Restoring Control to IT
Hoyer might have gone out looking for a more consistent, more secure network, but in the end, Hoyer gained far more than just better technology. "I believe the biggest thing by moving to Cato compared to what we had before is that I feel that we are in control," says Carlson. "Yes, we've seen increased productivity. It's easier for people to connect globally because of Cato. But for IT, it's all about the management. The more you can manage yourself, the better."
HIS Group Simplifies and Strengthens Global WAN Security and Connectivity with Cato
HIS Group Simplifies and Strengthens Global WAN Security and Connectivity with Cato *Video filmed prior to HIS logo change
HIS Group Looks to Simplify Security
Global enterprises with lots of dispersed retail locations often struggle with network and security complexity. Such was the case with HIS Group, a diverse global enterprise that specializes in travel products and operates theme parks, hotels, and other businesses. HIS Group runs 233 retail outlets in 141 cities across 66 countries.
“Our network security architecture was different at our headquarters, overseas subsidiaries, and affiliates, says Mr. Takahashi, Infrastructure Team Leader for HIS’s IT Security Group. “We were concerned that we were not always fully aware of the security status of some of our subsidiaries and affiliates,” adds Mr. Ishitani, Security Team Leader for the IT Security Group.
Ishitani and Takahashi knew they had to find a way fast to get better global visibility and improve their overall security posture. “We needed to integrate all those disparate networks and centralize their security and management,” says Takahashi.
Security was provided primarily by diverse hardware appliances, which required complex management and periodic refreshes. “It took a lot of work to reevaluate equipment every three to five years,” says Takahashi. “We wanted a solution that would relieve us of all those hardware upgrades and manage all our networking and security together under a single architecture” says Takahashi.
“Our business was also diversifying,” says Ishitani, “and each new business had its own networking and security needs. Setting up new locations and responding to those needs was taking too much time.”
Cato Offers Network and Security Consolidation
That was when a staff member at one of HIS Group’s overseas locations introduced Takahashi and Ishitani to Cato. “He recommended Cato very highly, so I contacted the company,” says Takahashi. Cato was a brand-new company at the time, which, under normal circumstances would be considered a risk for a large enterprise such as HIS Group, but Takahashi immediately liked what he heard. “I was struck by Cato’s spirit, how well they worked together and with us, and how quickly they responded to our concerns,” says Takahashi. “Immediately I felt a strong sense of trust in Cato’s technical expertise and support.
The Cato solution also had a very high level of functionality and met all of HIS Group’s requirements. “It would vastly simplify our operations because we’d no longer have to monitor and manage all that equipment installed at our locations,” says Ishitani. It didn’t hurt also that the Cato solution had some significant cost advantages compared with the current tangle of networks and security solutions.
Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 70+ Points of Presence (PoPs) and its fast global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last mile links in physical locations, while Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.
Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on premises and in the cloud, protecting users against threats and preventing sensitive data loss.
After a short time working with Cato, Takahashi and Ishitani were sold. “We both felt we could trust Cato’s high level of technological expertise and support and that Cato would be the best choice for HIS Group in the future,” says Takahashi. Convincing upper management took some effort, but “they approved the solution after we showed them that it fulfilled all our security requirements, including Zero Trust, and that updates would happen automatically,” says Ishitani.
Cato Centralizes WAN Security and Management, Boosts Visibility
Installing Cato at HIS Groups various locations was quick and easy. “There were some challenges, such as dealing with the laws of various countries overseas,” says Takahashi, “but we were able to clear these without major problems,” says Takahashi. “Domestic expansion was very smooth.”
Performance has been excellent, and Takahashi is impressed with Cato’s management console. “Cato has made it much easier for us to visualize all our network traffic, monitor performance, and make necessary changes,” says Takahashi.
Three-to five-year hardware refreshes are a thing of the past. “Cato handles periodic feature upgrades, so our network and security solutions don’t become obsolete.” There have been a few instances of PoP failures, but the business impact was negligible, thanks to Cato’s PoP redundancy.
And, thanks to Cato’s easy installation and fine-grained management, Takahashi and Ishitani can equip new and acquired locations with the exact network and security functionality they need almost instantly.
“Cato has definitely turned out to be the best choice for HIS when it comes to speed and ease of implementation,” says Ishitani.
As with most organizations, HIS had to send many of its workers home when Covid-19 hit. “We had already set up remote access for everyone through Cato, so it’s no exaggeration to say there was no impact at all,” says Takahashi. “I truly believe that without Cato our current remote work environment would have been unthinkable.”
Overall, Cato has been a great choice. “We’ve developed a strong relationship of trust with Cato, and I’ve been very impressed with their quick response and follow-up when any issues come up,” says Takahahi. “I highly recommend Cato as the best solution for any organization that has a lot of office or retail locations and affiliates with a lot of demanding and complex network and security requirements.”
“As the number of ways of working increases, the security risks to the network have increased dramatically,” says Ishitani. “Cato solves all of them in one tool.”
Waseda University Enables Universal Secure Remote Learning and Digital Transformation with Cato
Waseda University Enables Universal Secure Remote Learning and Digital Transformation with Cato The Challenge: Universal Remote Learning
When Covid-19 hit in 2020, many organizations had to put digital transformation projects on hold while they rushed to accommodate remote work. This often meant a quick network transformation and a dramatic change in security posture.
Waseda University is a prime example. Located in Tokyo, Waseda University is one of Japan’s top private institutions of academic research and higher learning.
“We were planning and implementing next-generation educational infrastructure with a number of digital transformation initiatives in research, education, and university administration. However, when Covid hit IT’s position suddenly changed,” says Hitoshi Kusunoki in Waseda’s Information Planning Department. “
As with most universities, classes at Waseda were conducted mostly in person using white boards. If there was a network interruption, it didn’t cause a significant classroom interruption. “Suddenly when classes were all online, the IT infrastructure became absolutely indispensable,” says Kusunoki. “It became clear that all our plans for next generation infrastructure would have to ensure that communication would never drop at all.”
Waseda had VPN hardware for remote learning, but it was experiencing “VPN traffic jams” from the increased load according to Yokihiro Koizumi, also from Information Planning.
Kusunoki realized he would need a large increase in network capacity to support online classes, which meant a major new network investment. “We had to optimize somewhere to get the performance we needed with the budget we could afford.”
Waseda Chooses Cato, Sees Digital Transformation Potential
Kusunoki was introduced to Cato by a friend and colleague from GlobalDots, a cloud solutions provider.
“Initially I had the impression that Cato was just a VPN alternative for remote work and learning,” says Kusunoki. “As we looked at other Cato options, however, we came to the conclusion that Cato could replace our firewalls and other existing security solutions and go a long way towards optimizing future IT investment.”
Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS.
Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance, which links automatically to the nearest of Cato’s more than 70 globally dispersed Points of Presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime; it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features, improving remote access performance.
Kusunoki started his Cato investment with home online learning. “This gave everyone the chance to use the system and see how user friendly it was,” says Kusunoki. “I think that was a very significant factor in our decision to move forward with more of Cato’s options. We could see that Cato could consolidate and replace our current equipment and be very effective in reducing our network and security costs.”
Home learning deployment was smooth, thanks in part to Waseda’s partnership with GlobalDots. “They helped us do the Proof of Concept (POC) and then we were able to implement the system pretty quickly,” says Koizumi,” Upper management was able to use the system during the POC, which helped lead to their approval.
Simplicity and Scalability at Low Cost
Koizumi was impressed with how quickly the university could ramp up bandwidth using Cato. “If you’re using on-premises hardware, you often have to replace it to upgrade bandwidth, but with Cato there’s no hardware to replace,” says Koizumi. “Cato let me handle bandwidth upgrades almost instantly.” Quick bandwidth upgrades have been very helpful as the university has relied more and more on cloud services during the pandemic. Koizumi sees a future in which regular costly equipment upgrades may be history.
Kusunoki was also impressed with how unintrusive Cato’s security services were.
“The security solutions we had been using up until then sometimes had a negative impact on user convenience, but Cato’s security services let people work freely and securely wherever they were,” says Kusunoki. “Even people on site liked Cato.”
Koizumi feels that Cato’ identity authentication and detailed monitoring capabilities have improved the university’s security posture immensely. “It’s really easy to visualize all the traffic and users on the network,” says Koizumi, “and keep an eye on what users are doing.”
Kusunoki looks at Cato as more than a network and security solution, however. “It’s not something just to put in and get comfortable with,” says Kusunoki. “I see Cato SASE as a tool for digital transformation promotion. We can use it to reorganize our entire security portfolio, reduce costs, and bring out the best in our students, professors, and administrators. The ability to work productively and securely anywhere gives a great boost to all our digital transformation initiatives.”
Kusunoki strongly urges other universities and organizations to look into the Cato solution. “Seeing is believing. It’s easy to give Cato a try. You can start with remote workers, but however you start, take a good look at it”
Based in Tokyo, Waseda University is one of top institutions of academic research and higher learning. Prior to Cato, Waseda relied on VPN hardware to enable its approximately 3,000 students, professors, and administrators to work or learn remotely.