SD-WAN Roundup: Cato Fires Back on Security

It’s always interesting when vendors call each other by name.

Our previous SD-WAN column featured Gary Sevounts, Aryaka‘s chief marketing officer, who pulled no punches on why he believes his company is distinct from Cato Networks. While both vendors’ organizations are young, with an international presence and a cynicism toward MPLS, both agree that their approach to security sets them apart from one other.

Cato’s Yishay Yovel

Aryaka took the partnering approach, teaming with Palo Alto Networks, Radware and Zscaler, and Cato built its own security apparatus. And Sevounts argued that Cato has the bandwidth to protect large enterprises.

“You have a small startup in Israel with small funding — albeit with a huge pedigree of security. But still, [it’s] a small company that tries to do everything that billion-dollar companies try to do themselves,” Sevounts told me. “They want to be a combination of Cisco, Palo Alto Networks, Symantec, Radware [and] Zscaler. With tiny resources, it’s really hard to have a security level as one of those companies, let alone all the companies.”

Yishay Yovel, vice president of marketing for Cato, reached out to me with a counterargument. You’ll hear from Infovista and Elfiq Networks in the next edition of our roundup, but for now we focus entirely on Cato’s rebuttal.

Cato, whose co-founder, Shlomo Kramer, also founded security providers Check Point Software and Imperva, has billed itself as the SD-WAN vendor that offers built-in security. Last week it rolled out a new threat hunting system to offer visibility without a “costly data collection infrastructure.”

Yovel says the heart of Cato’s value proposition is the joint architecture of networking and security. He says this convergence takes the best approach to the hodgepodge of mobile users, cloud assets and branches that comprise the modern wide-area network.

“Aryaka is a carrier. They want to do security. They add security from somebody else and somehow integrate them together,” Yovel said. “It’s not built into their system, and that’s what makes Cato very different. It’s not just that we have security in our network, but the whole thing is immersed from a single design.”

It’s the Cato Cloud that Yovel says brings the necessary visibility and flexibility. From the cloud, it can inspect packets on customer endpoints, and the cloud presence allows branches to fail over onto the nearest point of presence (POP). Yovel says the Cato Cloud brings a centralization that the partnering approach can’t provide.

“When you integrate networking and security from different vendors, they each obscure the line of sight and the data that every component gets,” he said. “They see different data at different times, and they have much smaller context to make inferences across the entirety.”

And the Cato Cloud has spokes – “massively …