Managed Service Providers (MSPs) of SASE: Part 1

As part of a guide published by Network World (NWW) last December about the questions IT organisations should consider when evaluating SASE platforms, they also included a series of questions specific to managed service providers (MSPs) that Cato has addressed. Cato, in addition to building a SASE platform is also a service provider, so they took the liberty of responding to these questions as well.

How many PoPs do they have and where are they located? Does the vendor cloud footprint align with the location of your branch offices?

The Cato Global Private backbone currently serves 140 countries worldwide from more than 75 PoPs that we continue to expand each quarter.

Does the vendor have the scale, bandwidth, and technical know-how to deliver line-rate traffic inspection?

Thanks to our highly scalable cloud-native architectures, the Cato Cloud delivers line-rate performance regardless of whether traffic is encrypted or unencrypted or the number of security operations performed. PoPs have enough spare capacity to accommodate traffic surges. Case in point was how our Manchester PoP accommodated additional traffic during the Interxion outage in London.

For the cloud-native vendors: How can you demonstrate that your homegrown SASE tools stack up against, say, the firewall functionality from a name-brand firewall vendor?

Cato can fully replace branch office firewalls and, usually, datacentre firewalls. Moreover, the convergence of capabilities allows us to deliver security capabilities and visibility impossible with legacy point solutions. For example, we can use data science and machine learning algorithms on networking data to spot security threats before they can exfiltrate data. The company was founded by security luminary Shlomo Kramer, co-founder of Checkpoint Software. It taps some of the brightest global minds in cybersecurity. You’re welcome to try out our platform and see for yourself.

Is there a risk that the vendor might be an acquisition target? As the market continues to heat up, further acquisitions seem likely, with the bigger players possibly gobbling up the cloud-native newcomers.

Cato is a well-established company with well over 1,100 enterprise customers committed to serving the needs of those customers for the long term. We’ve raised over $500 million in venture capital resulting in a private $2.5 billion valuation and are well funded for our future growth.

For the traditional managed services powerhouses like AT&T and Verizon, do they have all the SASE capabilities, where did they get them, and how well are they integrated? What is the process for troubleshooting, SLAs, and support? Is there a single management dashboard?

Cato, just like any cloud service provider, enables organisations to co-manage their own Cato implementation while Cato maintains the underlying infrastructure. IT teams can opt to manage infrastructure themselves, outsource a subset of responsibilities to a Cato partner, or have a Cato partner fully manage the infrastructure. Naturally, there’s a single easy-to-use management dashboard and 24/7 support available.

Is there flexibility in terms of policy enforcement? In other words, can a consistent SASE security policy be applied across the entire global enterprise, and can that policy also be enforced locally depending on business policy and compliance requirements?

Yes, customers apply a consistent security policy across the enterprise. In fact, enterprises have full control over their security policies. We instantiate the most commonly used security policies at start up, so most customers require little or no changes. The policy set is instantly applied across the global enterprise or to a specific site or user depending on requirements. Enterprises can, of course, add/change policies as necessary.

Even if enforcement nodes are localised, is there a SASE management control plane that enables centralised administration? This administrative interface should allow security and network policy to be managed from a single console and applied regardless of the location of the user, the application, or the data.

Cato provides centralised administration via our management application. Both security and network policies are managed from the same interface for all Cato-connected users and resources, whether they exist in the office, on the road, at home, or in the cloud.

How is sensitive data handled? What are the capabilities in terms of visibility, control and extra protection?

Cato encrypts and protects all data in transit and at rest within the Cato network. Designated applications or data flows that contain sensitive information can also remain encrypted if required in a way that bypasses Cato inspection engines.

In part 2 of this article will continue with some more questions specifically related to managed service providers (MSPs).

To find out more about optimising and securing global access to applications and data, on premise and in the cloud, for an increasingly mobile workforce, contact [email protected]