Secure Global SD-WAN as a Service - illustration

The Cato Solution:
Secure, Global SD-WAN as a Service

Cato’s secure and global SD-WAN enables customers to eliminate multiple point products and the cost, complexity, and risk associated with maintaining them. With Cato SD-WAN Solution, WAN transformation will not merely end in MPLS cost avoidance but present a full roadmap for streamlining the networking and security infrastructure of the organization.

“The cost of the total solution Cato is providing us – including the centralized management, cloud-based monitoring, and reports – matches the cost of the firewall appliances alone."
Alf Dela Cruz
Alf Dela Cruz,
First VP, Head of IT Infrastructure and Cybersecurity


Traditional, Appliance-based SD-WAN

By introducing Internet transports into MPLS WAN, SD-WAN can expand WAN capacity and offload Internet-bound traffic at the branch. Yet, traditional SD-WAN fails to address network security requirements of accessing Internet and cloud resources and the need to continue and rely on MPLS for latency sensitive apps.

Traditional SD-WAN fails to address network security requirements

Cato Solution

Secure, Global SD-WAN as a Service

Cato is providing a fully converged global SD-WAN with built-in network security, delivered as a cloud service. SD-WAN edge device is the enabling network infrastructure. Core capabilities, such as policy-based routing and transport agnostic overlay, are extended to address key problems with traditional SD-WAN.

Cato SD-WAN Solution: Secure Global SD-WAN as a Service

Traditional Solutions vs. Cato Solution




No global latency controls persists MPLS dependency

One of its main benefits is MPLS cost reduction. But since SD-WAN uses the public Internet where latency is unpredictable, enterprises need to maintain some MPLS capacity to support latency-sensitive applications.

Replace, not just augment, MPLS

Cato provides its own global, affordable, SLA-backed backbone. With Cato, customers can move to a combination of a high-quality Internet last mile and the Cato Cloud to augment and ultimately replace MPLS. The Cato Cloud is strategically deployed to accelerate access to key cloud application like Amazon AWS, Microsoft Azure and Office 365.

Secure Internet Access

No integrated network security capabilities

SD-WAN directs WAN traffic across encrypted Internet tunnels. This provides the most basic security needed to send traffic over a public network. However, accessing websites and cloud applications directly from a remote office and not backhauling to a datacenter, requires a network security stack to protect users against phishing, malware, and other threats. This security stack often includes a next-generation firewall (NGFW), URL filtering, anti-malware, IPS and more. Other solutions must partner with network security vendors for this functionality, complicating and fragmenting network and security policy management.

Cloud-based network security everywhere

Cato provides a full enterprise-grade, network security stack built directly into its global backbone. There is no need to backhaul traffic to specific choke points or introduce 3rd party security products service chained together. All network and security policies are configured within Cato’s cloud-based management application.

Cloud and Mobile Support

No support for cloud infrastructure and mobile users

Software-defined wide area network solutions were designed to reduce spend on MPLS connectivity between physical locations. For legacy WAN architectures, cloud data center integration was an afterthought and mobile support was not a consideration. Yet, cloud and mobility represent a big part of how business gets done today.

Seamless support for cloud infrastructure and mobile users

Cato was designed to easily connect all enterprise resources into the WAN, including physical locations, cloud resources, and fixed and mobile users. With Cato SD-WAN Solution, networking and security capabilities are available everywhere and to all resources without the need to introduce point solutions.

Frequently Asked Questions

  • What is SD-WAN used for?

    SD-WAN is used to reduce networking costs and improve resiliency and agility by connecting branch locations with affordable Internet connectivity and smart software. When combined with a global private backbone and cloud-based security stack, SD-WAN can extend secure and optimize access to cloud resources and mobile users.

  • What is the difference between WAN and SD WAN?

    The WAN connects enterprise network resources, like branches and datacenters, typically over one type of connectivity (MPLS or Internet). SD-WAN is a modern implementation of the WAN, that uses smart software to dynamically route application specific traffic across multiple services such as MPLS, DSL, cable, and 4G/LTE. SD-WAN as a Service can extend these benefits to other resources such as cloud datacenters and cloud applications.

  • Why is SD WAN important?

    SD-WAN is important because it lets enterprises leverage affordable Internet links to boost network capacity, and improve resiliency by dynamically adjusting to changing network conditions. When coupled with a global private backbone, SD-WAN can extend its benefits to cloud resources and mobile users anywhere in the world.

  • Is SD WAN better than MPLS?

    SD-WAN can aggregate multiple transports including DSL, Cable, and 4G/LTE and route traffic to work around network problems. These capabilities can achieve better last-mile availability and performance than MPLS. For global networks, the Internet is too unpredictable to provide optimal user experience for key applications like voice, remote desktops, and ERP. SD-WAN must be combined with an affordable global private backbone, to match the predictable latency and low packet loss of global MPLS at a lower cost.

  • How secure is SD WAN?

    SD-WAN establishes encrypted tunnels between locations to prevent data loss. However, encryption alone does not protect against network-based threats, malware, and phishing. Security capabilities including decryption, firewalling, URL filtering, anti-malware, and IPS must be deployed alongside or within the SD-WAN.

Learn more about SD-WAN