SD-WAN Roundup: Aryaka, Cato Differ on Security

**Editor’s Note: Read our list of 20 top SD-WAN providers offering products and services via channel partners.**

Aryaka and Cato Networks are often lumped into the same category of SD-WAN vendors that want to replace MPLS with internet.

But they are by no means identical.

Today we examine perhaps the most significant differentiating factor between the two upstart companies: their approach to security.

Check Point Software co-founder Shlomo Kramer built Cato on the premise of providing a built-in security platform, while Aryaka recently announced security partnerships with Radware, Palo Alto Networks and Zscaler.

Aryaka’s Gary Sevounts

Gary Sevounts, Aryaka’s chief marketing officer, tells Channel Partners that legacy enterprise WAN connectivity enjoyed the private, secure connectivity of MPLS. But SD-WAN introduced some uncertainty.

“From a security perspective, the traffic is moving away from a safe and secure private network environment to an internet environment, which by definition is not secure,” Sevounts said. “Internet traffic — you can’t control the half of it. It goes through multiple hubs that are not owned by the same company. It’s owned by people or companies we don’t know. It could be individuals, it could be companies, universities, governments and so on and so forth.”

Customers came to SD-WAN vendors asking for additional security measures to help navigate traffic through the new hubs.

Sevounts says vendors approach this demand with two broad categories. The first, which includes companies like VeloCloud, Silver Peak, Viptela and Aryaka, uses multiple technology partners to address different layers of security.

Cato is the probably the most well-known member of the second category, which does the security on its own and prevents the customer from needing to partner with other vendors. This presents an obvious cost advantage, but Sevounts says the first approach better addresses the various “layers” of security.

He says if a threat makes it through the appliance level, the other layers – be they at the cloud level or firewall level – will catch it.

Sevounts says Cato is trying to do more than one company can do, even though it has a “huge pedigree of security.”

“They want to be a combination of Cisco, Palo Alto Networks, Symantec, Radware, Zscaler,” he said. “With tiny resources, it’s really hard to have a security level as one of those companies, let alone all the companies.”

But Cato’s approach might fit very well with companies of a particular size. This is where the all-encompassing idea of the use case comes into play again.

“Small businesses may not have the same level of assets to protect, so their risk appetite may be quite a bit higher than large enterprises. They deploy this kind of model because it’s cheaper. Usually it provides better integration between different layers, and it doesn’t require as many resources,” Sevounts said. “There’s some cost and some simplicity benefit that for small businesses may be very appealing, while for large businesses, the risks that model brings are absolute show-stoppers.”

Aryaka has more than 800 enterprise deployments, and Sevounts says there is a correlation between vendors that adopted the ecosystem security strategy and vendors that …