Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

Similar documents
Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Cato Networks. Network Security as a Service

How to Re-evaluateYour MPLS Service Provider

Switching Firewall Vendors? Drop the Box!

90 % of WAN decision makers cite their

MPLS, SD-WAN, and the Promise of SD-WAN as a Service

Transform your network and your customer experience. Introducing SD-WAN Concierge

Network. Arcstar Universal One

Future of the Enterprise WAN: Too Complex to Ignore?

VeloCloud Cloud-Delivered WAN Fast. Simple. Secure. KUHN CONSULTING GmbH

INNOVATIVE SD-WAN TECHNOLOGY

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Transform your network and your customer experience. Introducing SD-WAN Concierge

Business Strategy Theatre

Citrix SD-WAN for Optimal Office 365 Connectivity and Performance

Benefits of SD-WAN to the Distributed Enterprise

Innovative Solutions. Trusted Performance. Intelligently Engineered. Comparison of SD WAN Solutions. Technology Brief

Deliver Office 365 Without Compromise Ensure successful deployment and ongoing manageability of Office 365 and other SaaS apps

SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN

WHITE PAPER. Applying Software-Defined Security to the Branch Office

SD-WAN Transform Your Agency

Simplifying the Branch Network

Deliver Office 365 Without Compromise

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

NETWORK AND SD-VPN. Meshing legacy and Cloud Service Providers

Features. HDX WAN optimization. QoS

Unity EdgeConnect SP SD-WAN Solution

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

SERVICE DESCRIPTION SD-WAN. from NTT Communications

Takes 3-6 Months to Deploy. MPLS connections take 3-6 months to be up and running in some remote locations. Incurs Significantly High Costs

Delivering the Wireless Software-Defined Branch

SteelConnect. The Future of Networking is here. It s Application-Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

The Top 10 Reasons to Replace Your Branch Router with SD-WAN. An ebook presented by Silver Peak Systems

Ensuring a Consistent Security Perimeter with CloudGenix AppFabric

SteelConnect. The Future of Networking is here. It s Application-Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Cisco Borderless Networks Value Proposition

Mitigating Branch Office Risks with SD-WAN

Data center interconnect for the enterprise hybrid cloud

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

AKAMAI CLOUD SECURITY SOLUTIONS

Simplifying WAN Architecture

Application-Aware Network INTRODUCTION: IT CHANGES EVOLVE THE NETWORK. By Zeus Kerravala -

Future-ready security for small and mid-size enterprises

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Total Threat Protection. Whitepaper

Converged World. Martin Capurro

RingCentral White Paper UCaaS Connectivity Options in the New Age. White Paper. UCaaS Connectivity Options in the New Age: Best Practices

Deploying Cisco SD-WAN on AWS

The Why, What, and How of Cisco Tetration

SteelConnect. The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Connectivity to Cloud-First Applications

SD-WAN 101. November 3 rd 2016 Rob McBride Marketing

Enterprise WAN Agility.

Versa Software-Defined Solutions for Service Providers

Hybrid Network present & future

Seceon s Open Threat Management software

Q-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ

WHITE PAPER ARUBA SD-BRANCH OVERVIEW

Sichere Applikations- dienste

Cisco ASA Next-Generation Firewall Services

Reaping the Full Benefits of a Hybrid Network

Introducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN

Not all SD-WANs are Created Equal: Performance Matters

Why the Cloud is the Network

Imperva Incapsula Product Overview

SD-WAN Solution How to Make the Best Choice for Your Business

Transforming the Cisco WAN with Network Intelligence

MASERGY S MANAGED SD-WAN

PROTECT WORKLOADS IN THE HYBRID CLOUD

SONICWALL SECURITY HEALTH CHECK SERVICE

BUILDING A NEXT-GENERATION FIREWALL

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

How Smart Networks are changing the Corporate WAN

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

Juniper SD-WAN Alexandre Cezar Consulting Systems Engineer, Security/Cloud

VMware vcloud Networking and Security Overview

MODERNIZE INFRASTRUCTURE

IPS-1 Robust and accurate intrusion prevention

SD-WAN. The CIO s guide to. Why it s time for a new kind of network

JURUMANI MERAKI CLOUD MANAGED SECURITY & SD-WAN

Cisco Meraki Cloud Managed IT Solution Derrick Phua. May 12, 2017

Building Infrastructure for Private Clouds Cloud InterOp 2014"

SONICWALL SECURITY HEALTH CHECK PSO 2017

Not all SD-WANs are Created Equal

Secure Extensible Network. Solution and Technology Introduction

Unity EdgeConnect SD-WAN Solution

Next Generation Privilege Identity Management

Dynamic WAN Selection

Technology Brief. VeloCloud Dynamic. Multipath Optimization. Page 1 TECHNOLOGY BRIEF

SONICWALL SECURITY HEALTH CHECK SERVICE

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

EdgeConnectSP The Premier SD-WAN Solution

SERVICE DESCRIPTION MANAGED FIREWALL/VPN

Global IP Network (GIN) Connects You to the World

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Making Enterprise Branches Agile and Efficient with Software-defined WAN (SD-WAN)

Verizon Software Defined Perimeter (SDP).

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

SD-WAN. Evolving Beyond MPLS in the Enterprise Network. 55 Water Street, 32nd Floor New York, NY (877)

Transcription:

Cato Cloud Global SD-WAN with Built-in Network Security Solution Brief 1

Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise The rise of cloud applications and mobile workforces is changing the shape of business and legacy network traffic patterns. The Wide Area Network (WAN) and network security appliances were built to connect and secure static and physical locations, not today s fluid mobile-first and cloud-centric networks. The network is broken: Rigid and expensive MPLS connectivity doesn t fit today s dynamic enterprise requirements. Legacy SD-WAN falls short: Addressing network capacity problems and adding inexpensive bandwidth is just a first step. Optimized global connectivity, secure internet access, and integrating cloud resources and mobile users is sorely missing. Complexity creates vulnerability: The proliferation of point solutions and management silos expands attack surface as threat velocity is increasing and IT skills are scarce. Cato Cloud: Software-Defined and Cloud-Based Secure Enterprise Network Cato provides organizations with an integrated network and security platform that is designed for the modern enterprise s needs. One Network Global SLA-backed backbone that carries Internet and WAN traffic, and can augment or replace MPLS. One Security A full suite of cloud-based network security services built directly into the network and protecting all traffic. Cato Cloud One Policy Cato enforces a unified policy for all traffic and across all users, locations, and applications. HQ Mobile user Cloud Data Center Branch 2

Cato Cloud The Cato Cloud connects all branch locations, the mobile workforce, and physical and cloud datacenters, into a global, encrypted and optimized SD-WAN in the cloud. With all WAN and Internet traffic consolidated in the cloud, Cato applies a set of security services to protect all traffic at all times. A Global, SLA-Backed Backbone Cato runs on top of a global network of physical points-of-presence (PoPs) connected to multiple tier-1, SLA-backed carriers with multi-gigabit links. The PoPs are designed for redundancy and high availability within and across regions. Management, Scalability and Adaptability Cato seamlessly scales and rapidly evolves to introduce new features and adapt to emerging threats. Network usage, security events and policy configuration are done through a cloud-based management application. Secure Tunneling Options to the Cato Cloud Existing Firewall: IPsec tunnel for WAN and/or internet traffic Cato Socket: A zero touch SD-WAN device for a physical location Cato vsocket: Virtual gateway for Amazon AWS and Microsoft Azure Cato Client: A software agent for laptops, tablets and mobile devices www Cato Cloud Next Generation Firewall VPN Secure Web Gateway Security Advanced Threat Prevention Secure Cloud and Mobile Access Network Forensics Network Routing Reliability Optimization Encryption MPLS Cato Socket SD-WAN Cato vsocket or Agentless Cato Client aws HQ/Data Center Branch Cloud Data Center Mobile Users Accelerated, Encrypted and Optimized Network Traffic routing and encryption is handled by the Cato Cloud. Optimal routing over the last mile and between PoPs is ensured by handling traffic end-to-end, which minimizes hops and latency. Multiple optimizations, including dynamic path selection, forward error correction and transparent proxy, are applied to all traffic. Agile and Elastic Network Security Cato has developed a next generation firewall, secure web gateway, anti-malware and IPS directly built into the network fabric that enforces corporate wide security policy on all traffic. Cato is seamlessly evolving its security capabilities without customers needing to maintain point solutions. 3

Cato Cloud Network Routing Optimal Routing: SLA-backed latency and packet loss between PoPs Proprietary Protocol: Better than BGP, considers distance, packet loss, jitter and more Reliability Active/Active: Uses multiple ISP links (MPLS, ADSL, Cable, 4G/ LTE) to maximize availability during provider blackout or brownout Forward Error Correction (FEC): Minimizes the impact of packet loss Encryption Secure Last Mile: Encrypted tunnel from a location or a mobile device to the nearest PoP Secure Backbone: Encrypted last mile and inter-pop communication Optimization Dynamic Path Selection: Routes traffic between tier-1 carriers based on real-time behavior Transparent TCP Proxy: Maximize window size via packet-loss mitigation and fast socket-pop retransmission Policy-based Routing: Dynamically routes traffic based on application priority and link quality (packet loss, latency, jitter) Cato Management Application Cato NOC/SOC teams, managed service providers and customers IT staff can: Monitor the Network in Real Time: Including topology, connected devices and network usage statistics Enforce Network Usage and Security Policies: By business requirements and across all enterprise resources Audit, Monitor and Alert on Events: Monitor and alert on security events and network usage with full audit of all changes to the system configuration and policies 4

Cato Security Services Next Generation Firewall/VPN Secure Internet Access from Anywhere: Eliminates traffic backhaul with direct internet access from any location Simple Mesh: Uses simple rules to connect any-to-any location High Performance and Elastic: Secures traffic at multi-gigabit speeds with no capacity upgrades Application Awareness: Identifies network access to on-premise and Cloud applications regardless of port, protocol, SSL User Awareness: Identifies users, groups, and locations regardless of IP address Unified, Granular Security Policy: Controls access to applications, servers and network resources Advanced Threat Prevention Anti-malware: Scans HTTP and HTTPS for malicious files and stop endpoint infections IPS/IDS: Applies context-aware protection to all traffic based on known vulnerabilities, domain/ip reputation, geo location, DNS, and application and user awareness. Secure Cloud and Mobile Access Enforce access control policies on mobile access to internal and cloud resources Seamlessly extend security policies to cloud infrastructure Secure Web Gateway Dynamic Site Categorization: Includes a URL database with broad site classification by category including phishing, malware delivery, botnets and other malicious sites Enforce Web Access Policies: Enforces a corporate policy for web usage Block, Prompt or Track User Access: Reduces legal or security exposure from risky web usage Network Forensics Detailed reporting and monitoring of real-time and historical network activity Collection and delivery of full network and security events logs for external analysis 5

Use Cases Secure and Optimized SD-WAN Expensive MPLS Links with Limited Capacity? Enterprises are dependent on high cost and bandwidth constrained MPLS links. They are looking to augment or replace MPLS-based WAN connectivity with affordable SLA-backed connectivity. Augment or Replace MPLS Links Cato SD-WAN enables organizations to augment MPLS with affordable last mile services (Fiber, cable, xdsl, and 4G/LTE) and dynamically directs traffic based on applications needs and link quality. Unlike legacy SD-WAN solutions that use the public Internet with MPLS, Cato is uniquely capable to replace MPLS only Cato can replace MPLS altogether with a global, inexpensive, SLA-backed backbone. Cato further extends the benefits of SD-WAN to cloud resources and mobile users and provides a full cloud-based network security stack to protect all WAN and Internet traffic. SLA-backed, Affordable WAN Poor Response at Remote Locations? High network latency can have a serious impact on productivity and the user experience in remote locations. Enterprises need to make a tough trade off between an affordable, but high latency, internet-based network or an expensive low-latency MPLS network. SLA-backed, Affordable WAN Cato leverages cloud scalability, software-defined networking and smart utilization of a multi-carrier backbone to deliver a high performance and SLA-backed global WAN - at an affordable price. 6

Use Cases Secure Direct Internet Access Appliance Sprawl or Traffic Backhaul? Securing Internet access in the branch office is a tough trade off between deploying security appliances everywhere or backhauling internet traffic to a secure location, overloading expensive MPLS links and impacting the user experience. No Appliances and No Backhaul Cato connects all branch offices and remote locations to the Cato Cloud, providing enterprise-grade network security for any location without the need for dedicated appliances or traffic backhauling. Appliance Elimination Costly and Complex Appliance Sprawl? Traditional networks need multiple, dedicated appliances at each location to provide wide area networking (WAN) and security services. Distributed appliances require ongoing management, updates, upgrades and capacity planning to maintain the environment. Branch Footprint Reduction Cato eliminates dedicated branch office equipment such as UTMs, Firewalls and WAN optimization appliances. Cato protects all connected locations and seamlessly scales to secure all traffic, without the need for unplanned hardware upgrades and resource-intensive software patches. Cato delivers continuous, up-to-date protection without any customer involvement. 7

Use Cases Hybrid Cloud Network Integration Fragmented Hybrid Cloud and Multi Cloud connectivity and security? Migrating parts of a datacenter to the cloud can fragment access controls and security policies. This separation complicates policy management and obscures overall visibility. Customers are further challenged to provide optimal and secure access to cloud resources across multiple providers and global regions. Unified Connectivity and Security Across All Physical and Cloud Datacenters Cato connects physical and cloud datacenters, across all providers and global regions, into a single, flat and secure network. Customers can seamlessly extend corporate access control and security policies to cloud resources, enabling easy and optimized access for mobile users and branch locations to all applications and data anywhere. Mobile Workforce Secure Cloud Access No Visibility and Control for Mobile Access to Cloud Applications like Office 365? Mobile users can connect directly to cloud applications like Office 365, which bypasses corporate network security policies. Alternatively, forcing users through a specific network location, such as a datacenter firewall, impacts performance and the user experience. Office 365 represents a unique challenge due to the need to provide globally optimized access to a single regional instance. Secure and Optimize Mobile Access to All Applications, Globally Cato connects every mobile user to the Cato Cloud and provides secure and optimized access to enterprise resources in physical and cloud datacenters, cloud applications and internet sites. Cato uses its global backbone to optimize routing and reduce latency to key applications like Office 365, and enforce applicationaware security policies on all access. 8

Cato s Capabilities Capability Features Benefit Affordable, Optimized Global WAN Secure and Optimized SD-WAN Enterprise-grade Security Services Elastic, Scalable and Agile Network Security Enterprise-wide Security Policy Cloud Applications Access Control Cloud Data center Network Integration Cato Management Application Encrypted, SLA-backed and optimized global backbone for global connectivity Easily and securely connect branches, users and data centers Policy based routing drives use of multiple links (MPLS, cable, xdsl, 4G/LTE) based on application priority and link quality Forward Error Correction: reduce last mile packet loss Multiple Cato Cloud connectivity option from Cato Socket SD- WAN device, Cato Client, and 3rd party IPSEC devices Next Generation Firewall VPN Secure Web Gateway Advanced Threat Prevention Secure Cloud and Mobile Access Network Forensics Network security capacity seamlessly scales in the cloud and Cato Security Services are transparently updated with new features and countermeasures against emerging threats Enforce a unified security policy across all mobile users, branches, physical and cloud data centers and applications (onpremise and in the cloud) Restrict access to cloud apps to Cato Networks IP Range Connect and secure access to cloud data centers Full visibility of network topology and usage by user, location and application Easy configure access control and security policy for all assets Centralized view of network and security events Affordable MPLS alternative, improves user experience for branch offices and mobile users, globally Enhanced WAN performance, availability for all locations and users Simplify on boarding of new users, offices, M&A assets Fully converged, cloud-based security services that are available everywhere and secure all locations and all users No capacity constraints No more patching No appliance upgrades or refresh Better control over enterprise access with fewer point solutions policies Reduce risk of unauthorized access due to credentials theft One policy controlling access to both physical and cloud data centers Reduces the need to use multiple interfaces Enhanced ability to troubleshoot network performance problems Manage a distributed network from a single pane of a glass 24X7 Cato SOC/ NOC Cato s experts continuously monitor global backbone for optimal service Augment your IT team s resources and expertise 9

Cato Networks provides organizations with a cloud-based and secure global SD-WAN. Cato delivers an integrated networking and security platform that securely connects all enterprise locations, people and data. The Cato Cloud reduces MPLS connectivity costs, eliminates branch appliances, provides direct, secure Internet access everywhere, and seamlessly integrates mobile users and cloud infrastructures into the enterprise network. Based in Tel Aviv, Israel, Cato Networks was founded in 2015 by cybersecurity luminary Shlomo Kramer, who previously cofounded Check Point Software Technologies and Imperva, and Gur Shatz, who previously cofounded Incapsula. For more information: www.catonetworks.com @CatoNetworks Where do you want to start? SECURE AND OPTIMIZED SD-WAN AFFORDABLE MPLS ALTERNATIVE SECURE DIRECT INTERNET ACCESS APPLIANCE ELIMINATION HYBRID CLOUD NETWORK INTEGRATION MOBILE WORKFORCE, SECURE CLOUD ACCESS Global Backbone. Cloud-Based SD-WAN. Firewall as a Service. All in One THE 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback