Cato SASE Cloud Platform Architecture

The Single Pass Cloud Engine (SPACE) is the core security engine of Cato. It converges multiple network security functions for flow control and segmentation (NGFW), threat prevention (SWG, IPS, NGAM, RBI), and application and data protection (CASB, DLP, ZTNA) into a cloud-native software stack. The SPACE consistently enforces security policies for both inline traffic and out-of-band access. With complete real-time traffic visibility, the SPACE captures rich context and event data for each inspected flow including network, device, application, and data attributes and feeds it to Cato’s open data lake for incident detection and response. All future network security capabilities will be built into the SPACE to benefit from the same single pass efficiency, cloud distribution readiness, and common data and policy management framework.

The Cato SASE Cloud Platform is built on an open data lake that ingests both Cato-generated feeds and third-party feeds from threat intelligence services to support real-time threat prevention. Network and security events are generated through SPACE processing and include rich context of the device, user, network, applications, and data associated with each flow. Endpoint events are created by the Cato Client ZTNA and EPP/EDR engines or via 3rd party endpoint solutions such as Microsoft Defender and Crowdstrike. The complete data set is used by Cato’s AI/ML-based threat hunting and network degradation detection and underpins Cato’s AI-assisted incident investigation and response tools. The data lake can be accessed by customers using the Cato API to extract granular data for processing by external solutions such as SIEM.

Cato autonomously sustain the cloud platform resiliency, scalability, performance, and global reach. It takes away complex planning, design, deployment, and testing work from IT and enables agile response to new business needs.

• Self-evolving: new capabilities are seamlessly delivered through non-disruptive updates across the cloud service, edge SD-WAN devices, and clients.
• Self-healing: in case of a transport, PoP, or SPACE failure, Cato immediately migrates affected edges to an alternate component to ensure service continuity.
• Self-optimizing: Cato monitors the availability and performance of each path inside the cloud service to determine the fastest route between any source and destination.
• Self-scaling: Cato distributes traffic from high throughput locations across multiple SPACEs and can seamlessly scale with more compute nodes or new PoPs.
• Self-expanding: Cato builds new PoP locations, based on customers’ needs. New PoPs integrate into the global footprint to automatically serve nearby users and locations.

Cato enables customers to easily migrate to the Cato SASE Cloud. Cato instantly connects physical locations to the Cato Cloud using zero-touch provisioning of Cato edge SD-WAN devices. Cato Clients are easily deployed through a self-service portal or enterprise endpoint mangement (MDM) platforms.

Cato is often used to fully migrate an organization to SASE. However, the Cato platform is modular, and can co-exist with current IT networking and security infrastructure including routers, firewalls, and cloud-based security services. Organizations can deploy Cato selectively and gradually, by use case, geography, or organizational unit, to address business and technical constraints until such a time they are ready to achieve full convergence.