Looking for a SASE vendor? Ask these questions first.

6 august 2020

Since a short period we start to see lots of legacy vendors acknowledging the SASE architecture. The SASE architecture has been defined in 2019 by Gartner and is based upon the design and realization of Cato Networks. These vendors claim to have the technology that it takes to be a SASE player. So, in this article we propose some questions to ask when evaluating of a particular vendor is able to claim the SASE architecture.

Is it converged ?

Is the solution built out of many existing components that have to perform their function separately ? This so called service-chaining is often detrimental to performance and experience, and often forces the administrator to use multiple loosely coupled tools to manage the entire network. An example is where you have a different solution for SD-WAN than for your Next-Generation Firewall functionalities or your IPS/DPI functionalities. This is pretty much every legacy vendor that bought itself into the SASE market the last few months. You don’t want to be looking through multiple platforms when an issue arises.

In comparison, Cato Networks offers single pass architecture to provide optimization one point of decryption and deep packet inspection and protection of all traffic, WAN and internet.

Is it cloud-native ?

This question is a bit more complex to answer, since it requires a technical view of the solution you are evaluating. However, today it can be easily drilled down to the following: was the solution designed to be run natively in the cloud, or is it simply a firewall that has been virtualized in a VM somewhere? For most if not all of the legacy vendors, the solution itself can be traced back to virtualized firewalls and not a cloud-native network stack. 

In comparison, Cato Networks has built their entire solution to be run cloud-native, and has no need for legacy approaches such as placing firewalls into individual VMs. The software being run on the Cato Networks PoPs was designed entirely from scratch and being cloud-native allows it to scale endlessly and perform their workload anywhere in the world, compared to a single firewall VM somehere in a single datacenter..

Is it global ?

Does the vendor offer a global network that allows the solution to pass traffic to anywhere in the world? Is there any WAN optimization built-in ? Does it support east-west traffic or only north-south like a legacy firewall usually does?

Cato Networks offers a global network that allows your traffic to pass from one side of the world to another under optimal conditions, offering mostly near MPLS experience but often even better. Built-in WAN optimization technology speeds up applications between sites separated by large distances.

Can it run on all edges ?

Does it support physical sites, mobile phones, workstations or even clientless implementations ? Does it offer hardware that is native to the product or is it another bolt-on solution that has been acquired by the vendor? 

Cato Networks offers light edge connectors (SD-WAN, SDP, Cloud) with a cloud first architecture to deliver same service to all edges.

Does it have unified management ?

This is a quite simple question, is the entire solution comprised into a single pane of glass that allows you to manage your WAN/FW infrastructure ? Or does it offer multiple tools you need to learn and use to manage multiple parts of the network. An example could be the following, the vendor might offer different portals to activate and onboard the hardware than the tools you actually manage the solution with. Quite often you see zero-touch provisioning portals that are not part of the management tool for the solution itself.

In comparison, Cato Networks offers a single pane of glass that allows you to onboard, manage, monitor and analyze the entire WAN/FW infrastructure. This single portal manages every aspect of the solution, not a single extra tool is needed.

Cato Networks

Cato Networks is a revolutionary network service which laid the groundworks for the SASE model. Cato Networks was founded in 2015 as a managed SD-WAN provider but has since then extended the platform to a unique model which was named SASE by Gartner.