Cato Solution:
Optimized and Secure Remote Access (SDP) for Everyone and Everywhere

Cloud-native SDP delivers secure remote access as an integral part of a company’s global network and security infrastructure. A global, cloud-scale platform supports any number of remote users within their geographical regions. Performance improves with end-to-end optimized access to any application using a global private backbone. Risk is minimized before and after users access the network through strong authentication and continuous traffic inspection for threat prevention. Cloud-native SDP makes mobile access easy — easy to deploy, easy to use, and easy to secure.

“Cato’s mobile VPN is my secret BCP [business continuity plan] in my back pocket. If my global network goes down, I can be like Batman and whip this thing out.”
Stuart Gail Paysafe
Stuart Gail,
Infrastructure Architect, Network and Systems Group


Delivering a scalable, optimized, and secure access to all users and applications

Remote and mobile access to on premises and cloud applications is challenging legacy VPN appliance-based architectures. Cloud traffic is forced through chokepoints at physical locations adding latency. VPN concentrators are needed for global coverage, scale, and load balancing. And, unrestricted network access creates excessive security risk.

Cato Solution

Cato SDP enables global, cloud-scale, optimized and secure access to everyone

Cato provides an integrated client-based and clientless remote access solutions as part of the Cato Cloud. Users benefit from optimized and secure access to all applications on-premises and in the cloud while at home or on the road. Cato enforces strong authentication and granular access control as well as deep packet inspection of all traffic against threats. Cato’s global, cloud-scale platform seamlessly supports any number of users and applications globally

Traditional Solutions vs. Cato Solution

Legacy VPN


Massively Scalable Architecture

Non-scalable client/server architecture

Legacy VPN requires specialized hardware appliances and regional concentrators, to cover a global workforce. Because the architecture is appliance-based, it is subject to capacity constraints, especially with a sudden increase in work-from-home users.

Cloud-scale infrastructure supporting multi-gig traffic

SDP is an integral part of Cato Cloud, a global, cloud-native architecture. Cato seamlessly scales to support optimized and secure access to any number of globally distributed users without requiring setting up any additional infrastructure.

Secure Access and Authentication

Unrestricted network access is a high risk

Legacy VPN provides secure access to whole networks. This expands the attack surface and enables excessive access that increases the risk of compromise and data breach.

Application-specific access reduces risk

Cato Cloud enforces multi-factor authentication and granular application access policies that restrict access to approved applications, on premise and in the cloud. The user never gets unrestricted access to the network layer.

Continuous Threat Prevention

Access only, no continuous threat prevention

Legacy VPN rarely includes continuous deep packet inspection (DPI) to protect against threats post authentication. This enables propagation of threats inside corporate networks that emanate from compromised endpoints.

Post access protection against threats

Cato provides continuous protection against threats, applying deep packet inspection (DPI) for threat prevention to all traffic regardless of source and destination. Protection is seamlessly extended to Internet access, as well as application access on-premises and in the cloud.

Optimal End-to-End Performance

No performance optimization

Legacy VPN requires mobile users to access resources across the public Internet. The increased latency and packet loss of public Internet routing undermines the user experience.

Built in global access optimization

With Cato, remote users access resources, on-premises and in the cloud, through Cato’s global private backbone which delivers a consistent and optimized user experience.

Business Continuity and Work from Home

VPN can't support all users all the Time

Legacy VPN is designed to enable access for a subset of users over short periods of time. It’s not designed for 24×7 access to all users that are needed in business continuity scenarios.

Cato is built to deliver continuous access to everyone

Cato provides a globally distributed, cloud-scale platform to enable continuous access to all employees in the office, on the road, or at home.

Frequently Asked Questions

  • What is SDP?

    Software-defined Perimeter (SDP) is a new application access technology. It provides enterprises with three key capabilities: strong authentication of users, application-specific access rights based on their profile, and continuous risk assessment throughout their session.

  • How is SDP related to Zero Trust?

    The concept of Zero Trust is built into SDP by restricting access to specific applications without granting full access to the underlying network. Historically, once on the network, through a VPN connection or by being in a corporate office, an endpoint was deemed trusted and could access any application (subject only to application-level security). This means the network itself is vulnerable to attacks from compromised endpoints. Zero Trust is a new model aimed to fix that problem by “never trusting” an endpoint on the network unless it was granted specific access.

  • How is SDP different from ZTNA?

    Zero Trust Network Access (ZTNA) is a synonym to SDP. These are two names for the same thing.

  • How is SDP different from VPN?

    Legacy VPN is a network access technology. Post authentication, it provides users with an IP address on the network that enables them to access any application on that network (subject only to application-level security). This is considered a risky way to deliver application access because it exposes the network as a whole to attack from compromised endpoints. In addition, VPN doesn’t include global access optimization and on-going threat prevention.

  • What is the benefit of SDP as part of a SASE?

    When SDP is converged into a SASE platform it leverages four key attributes of SASE for scalable, optimized, and secure global application access . First, it is built into a cloud platform, so no point solution has to be deployed. Second, it benefits from cloud scalability and elasticity to support very large number of users. Third, it is made available globally via the SASE global backbone, so it doesn’t need to be distributed geographically and traffic from every endpoint to the application is fully optimized. Lastly, SDP traffic is inspected end to end with a full cloud-based security stack to stop threats and attacks.

Learn more about Cato Remote Access

Cato Networks
recognized 12x
by Gartner

  • Gartner Market Guide for Managed SD-WAN Services
  • Gartner Market Guide for Virtual Private Networks
  • Gartner Market Guide for Zero Trust Network Access
  • Hype Cycle for Business Continuity Management and IT Resilience, 2021
  • Gartner Hype Cycle for Enterprise Networking, 2021
  • Gartner Hype Cycle for Cloud Security, 2021
  • Gartner Hype Cycle for Midsize Enterprises, 2021
  • Gartner Hype Cycle for Threat-Facing Technologies, 2019
  • Gartner Hype Cycle for Edge Computing, 2021
  • Gartner Hype Cycle for Network Security, 2021
  • Gartner Hype Cycle for Workplace Infrastructure and Operations, 2021
  • Gartner Hype Cycle for Cloud Computing, 2021

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose