skip to Main Content

Evaluating SASE: 4 Essential Questions

Are you evaluating your legacy MPLS, VPN or SD-WAN network and potentially looking at the benefits that next generation SASE offers? Last December, Network World (NWW) published a thoughtful guide outlining the questions IT organisations should be asking when evaluating SASE platforms. It was an essential list that should be included in any SASE evaluation.

Too often, SASE (Secure Access Service Edge) is a marketing term applied to legacy point solutions, which is why we suspect these questions are even needed. By contrast, the Cato SASE Cloud is the world’s first cloud-native SASE platform, converging SD-WAN and network security in the cloud. Cato Cloud connects all enterprise network resources including branch locations, the mobile workforce, and physical and cloud datacentres, into a global and secure, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of security services to protect all traffic at all times. In short, Cato provides all of the core SASE capabilities identified by NWW.

We are pleased to respond point-by-point to every query raised. 

Does the vendor offer all of the capabilities that are included in the definition of SASE? If not, where are the gaps? If the vendor does claim to offer all of the features, what are the strengths and weaknesses? How does the maturity of the vendor offerings mesh or clash with your own strengths, weaknesses, and priorities? In other words, if your biggest need is Zero Trust, and the vendor’s strength is SD-WAN, then the fit might not be right.

Yes, Cato provides all of the core capabilities NWW defines for SASE – and more. On the networking side, the Cato Global Private backbone connects 70+ PoPs worldwide. Locations automatically connect to the nearest PoP with our edge SD-WAN device, the Cato Socket. Cloud datacentres are connected via an agentless configuration, and cloud applications are connected through our cloud-optimised routing. Remote users connect in by using the Cato Mobile Client or clientless browser access. On the security side, Cato Security-as-a-Service is a fully managed suite of enterprise-grade and agile network security capabilities, directly built into the Cato Global Private Backbone. Current security services include firewall-as-a-Service (FWaaS), secure web gateway with URL filtering (SWG), standard and next-generation anti-malware (NGAM), IPS-as-a-Service (IPS), and Cloud Access Security Broker (CASB), and a Managed Threat Detection and Response (MDR) service.

How well integrated are the multiple components that make up the SASE? Is the integration seamless?

The Cato SASE Cloud is completely converged. The Cato SPACE architecture is a single software stack running in our PoPs. Enterprises manage and monitor networking, security, and access through a single application. All capabilities are available in context via a shared user interface. Objects created in one domain (such as security) are available in other domains (such as networking or remote access). 

Assuming the vendor is still building out its SASE, what does the vendor roadmap look like? What is the vendor’s approach in terms of building capabilities internally or through acquisition? What is the vendor’s track record integrating past acquisitions? If building internally, what is the vendor’s track record of hitting its product release deadlines? 

Cato has demonstrated its ability to develop and bring capabilities to market. Since its founding in 2015, Cato has successfully developed and delivered the global SASE cloud, which is used today by more than 1,000 enterprises. We regularly add new services and capabilities to our platform, such as our recent announcement of more than 103 frontend improvements and updates to our backend event architecture. (Other additions included a Cloud Application catalogue, a Threats dashboard, an Application Analytics dashboard, CASB launch, and updates to our managed detection and response (MDR) service that automated security assessments.)

Whose cloud is it anyway? Does the vendor have its own global cloud, or are they partnering with someone? If so, how does that relationship work in terms of accountability, management, SLAs, troubleshooting?

Cato owns and maintains the Cato SASE Cloud. The PoPs are on our hardware hosted in tier-3 datacentres, running Cato’s cloud-native software stack. Every PoP is connected by at least two and many by four tier-1 carriers, who provide SLA-backed capacity. Cato’s custom routing software constantly evaluates these paths identifying the shortest path for each packet.

The secure Cato SASE platform is based on a fully distributed self-healing network built for the cloud era that we manage 24/7 on behalf of our customers. Anything less than that from our perspective simply isn’t SASE.

In the next article, we will focus on a series of questions asked by Network World, specific to managed service providers (MSPs).

Find out more about what Secure Access Service Edge can do for your business. Contact [email protected]

Back To Top