1272 Bond Street, Naperville, IL 60563 630-505-7500
Cloud Compute

Cato Launches Instant Access: The First SASE-Based Clientless Access Service to Enable Enterprises to Support Work-From-Home at Scale

Cato Networks, provider of the world’s first SASE platform, introduced today Cato SDP with Instant Access to help IT leaders rapidly deliver work-from-home solutions at scale worldwide. Instant Access adds a new clientless access option and application portal to Cato SDP, the first software-defined perimeter (SDP) solution to leverage a true secure access service edge (SASE) architecture, delivering shorter rollout times, unlimited scalability, continuous threat prevention, and optimized performance worldwide.

“With the global health crisis, enterprises are looking to deploy work-from-home capabilities at scale. Cato has seen remote access adoption more than double since the outbreak of COVID-19. The enhancements to Cato SDP will further help IT leaders to quickly deliver secure remote access at scale to their employees across the globe,” says Shlomo Kramer, CEO and co-founder of Cato Networks.”

Cato SDP With Instant Access Delivers Optimized Remote Access Worldwide in Minutes

As work-from-home becomes the norm, remote access has become an even more critical part of IT infrastructure. Legacy VPN servers suffer from scalability limitations, which impact the expansion of work-from-home access to all employees, and performance problems for distant remote users. VPNs also introduces security risks as malicious users are a mere password away from sensitive business-critical resources.

Cato SDP addresses those challenges. With Instant Access, users can only access authorized applications. They simply click a URL, authenticate once through single sign-on (SSO), and gain access to their portal of authorized applications. For those requiring full access to both Web and legacy applications, Cato continues to offer its Cato Client as part of Cato SDP.

Cato SDP

With Instant Access, Cato SDP makes securely accessing applications remotely easy

Cato SDP Leverages the Power of SASE to Transform Remote Access

By leveraging Cato’s global SASE platform, Cato SDP with Instant Access solves the critical scaling, performance, security, and management limitations that have hampered legacy mobile access solutions. Specifically, Cato SDP delivers:

Rapid Deployment

Cato SDP deploys instantly, requiring no additional software on the mobile device, or SDP connector software or SDP gateway hardware in the datacenter. As the enterprise network, Cato already controls application flows, allowing Cato customers to publish applications with just a few clicks at their Cato management consoles.

Unlimited Scalability

Cato’s SASE cloud-native and globally distributed architecture supports an unlimited number of users across the globe. Users can easily move from the office to their homes, or work on the road, with their access being consistently secure and always optimized.

Optimal Global Performance

Cato SDP sends remote traffic across Cato’s optimized, global private backbone not the unpredictable public Internet. Remote users are first-class citizens on the corporate network.

Secure Access

Multi-factor authentication is part of the SASE platform and is provided with Cato SDP. What’s more restricting access to approved applications and eliminating network credentials simplifies not only the user experience but also removes the risk of attackers or advanced malware accessing unauthorized network resources.

Continuous Threat Prevention

Cato’s cloud-based network security stack continuously protects remote workers against network-based threats. Cato’s security stack includes NGFW, SWG, IPS, advanced anti-malware, and Managed Threat Detection and Response (MDR) service.

Single-Pane-of-Glass Management

Cato SDP is configured, maintained, and managed through the same portal as the rest of Cato’s networking and security services making configuration and management very simple.

Cato management console

The Cato management console is a single-pane-of-glass for managing remote access and the rest of the enterprise network.

Enterprises Rely on Cato SDP for Remote Access During Global Health Crisis

Many are already benefiting from the power of Cato SDP. Here’s what several enterprises had to say:

ASM Assembly Systems

“Cato has helped us respond to the COVID-19 outbreak significantly faster than would otherwise have been possible. We had been using a firewall as our VPN server but when our users shifted to working from home, we saw the CPU load jump to 79% as concurrent VPN usage more than tripled. We expect to hit over 90% when our VPN usage quintuples by end of week,” says Ian Bleazard, IT Director of Infrastructure and Analytics in the SMT segment of ASM Assembly Systems, a leading global supplier to the electronics business.

“With Cato, we can equip all employees with a very scalable remote solution and instead of connecting to a VPN server, they can just connect straight into the Cato Cloud and be able to source all our global applications.  We are also able to issue those licenses and manage the remote users from the same dashboard we use for our global offices. Having one console for everything makes the whole management process much simpler, and very much helped us stay on top of these unique circumstances.”

Geosyntec Consultants

“Our company is dispersed across the globe with over 80 office locations, many of them are on the Cato network. We utilize a few different VPN technologies. With the COVID-19 pandemic on the rise, many of our users began to work remotely. Our VPN traffic spiked, in some cases hitting the limits of our VPN servers,” says Edo Nakdimon, Senior IT Manager, at Geosyntec Consultants, an environmental engineering firm.

“Instead of purchasing more VPN server licenses, we equipped remote users with Cato access. In a matter of 30 minutes we configured the Cato mobile solution with single-sign-on (SSO) based on our Azure AD.  Cato provided us a scalable remote access solution that extends our QoS  and network policies in our SD-WAN to our remote users and reduced the network overhead and bottlenecks for remote users as they connected directly to Cato, eliminating unnecessary hops across the public Internet core. The easily deployed SSO and web filtering integration provided us additional layers of security for our VPN users. The Cato mobile access solution is simple to deploy, yet robust. It improved our employees’ ability to securely and productively work remotely.

Westmoreland Mining

“We found ourselves having to rapidly increase our capacity to support a larger than normal remote workforce and successfully rolled out 150+ Cato VPN clients within 24 hours. It was a huge success,” says Kent Wade, Director of IT and Cybersecurity at Westmoreland Mining LLC, a coal supplier.


Cloud Compute

A Modern VPN Alternative to Deploy Now

Work from anywhere has recently become a hot topic. The corona virus outbreak has forced many organizations to move some or all of their employees to work from home. In some cases, work from home was a way to reduce possible exposure, in others it was mandated by health authorities to prevent the spread of the disease across communities.

This unforeseen set of events caught many organizations off guard. Historically, only a subset of the workforce required remote access, including executives, field sales, field service, and other knowledge workers. Now, enterprises need to maintain business continuity by enabling the entire workforce to work remotely.

The most common enterprise remote access technology is Virtual Private Networking (VPN). How does it work? A VPN client is installed on the users’ devices – laptops, smartphones, tablets – to connect over the Internet to a server in the headquarters. Once connected to the server, users gain access to the corporate network and from there to the applications they need for their work.

The obvious choice for enterprises to address the work-from-anywhere requirement was to extend their VPN technology to all users. However, VPNs were built to enable short duration connectivity for a small subset of the users. For example, a salesperson looking to update the CRM system at the end of the day on the road. VPNs may not be the right choice to support continuous remote access for all employees.

VPN is incompatible with company-wide work from anywhere requirements

VPN technology has many shortcomings. The most relevant ones for large scale remote access deployments are scalabilityavailability, and performance.

VPN was never meant to scale to continuously connect an entire organization to critical applications. Under a broad work-from-anywhere scenario, VPN servers will come under extreme load that will impact response time and user productivity. To avert this problem, additional VPN servers or VPN concentrators, would have to be deployed in different geographical regions.

Next, each component in the VPN architecture has to be configured for high availability. This increases cost and complexity. The project itself is non-trivial and may take a while to deploy, especially in affected regions.

Finally, VPN is using the unpredictable public Internet, which isn’t optimized for global access. This is in contrast to the benefits of premium connectivity, such as MPLS or SD-WAN, available in corporate offices.

SASE: A VPN alternative for continuous work from anywhere by everyone

In mid-2019, Gartner introduced a new cloud-native architectural framework to deliver secure global connectivity to all locations and users. It was named the Secure Access Service Edge (or SASE). Because SASE is built as the core network and security infrastructure of the business, and not just as a remote access solution, it offers unprecedented levels of scalability, availability, and performance to all enterprise resources.

What makes SASE an ideal VPN alternative? In short, SASE offers the scalable access, optimized connectivity, and integrated threat prevention, needed to support continuous large-scale remote access.

First, the SASE service seamlessly scales to support any number of end users globally. There is no need to set up regional hubs or VPN concentrators. The SASE service is built on top of dozens of globally distributed Points of Presence (PoPs) to deliver a wide range of security and networking services, including remote access, close to all locations and users.

Second, availability is inherently designed into the SASE service. Each resource, a location, a user, or a cloud, establishes a tunnel to the neatest SASE PoP. Each PoP is built from multiple redundant compute nodes for local resiliency, and multiple regional PoPs dynamically back up one another. The SASE tunnel management system automatically seeks an available PoP to deliver continuous service, so the customer doesn’t have to worry about high availability design and redundancy planning.

Third, SASE PoPs are interconnected with a private backbone and closely peer with cloud providers, to ensure optimal routing from each edge to each application. This is in contrast with the use of the public Internet to connect to users to the corporate network.

Lastly, since all traffic passes through a full network security stack built into the SASE service, multi-factor authentication, full access control, and threat prevention are applied. Because the SASE service is globally distributed, SASE avoids the trombone effect associated with forcing traffic to specific security choke points on the network. All processing is done within the PoP closest to the users while enforcing all corporate network and security policies.

A SASE Service you can deploy TODAY

If you are looking to quickly deploy a work-from-anywhere solution in your business, consider a SASE service. Cato was designed from the ground up as a SASE service that is now used by hundreds of organizations to support thousands of locations, and tens of thousands of mobile users.

Cato is built to provide the scalability, availability, performance, and security you need for everyone at every location. Furthermore, Cato’s cloud native and software-centric architecture enable you to connect your cloud and on-premises datacenters to Cato in a matter of minutes and offer a self-service client provisioning for your employees on any device.