Catching up with Cato Networks

Cato has had quite a year so far. The company raised $55 million back in January, introduced an integrated managed threat detection and response (MDR) service in February, and added advanced malware detection capabilities. I recently sat down with the vice president of marketing, Yishay Yovel, to catch up on Cato Networks.

How to Spend $55 Million?

Uppermost on my mind was how will Cato take advantage of the new infusion of cash. The company is using the funding to accelerate customer acquisition and support the ramp-up of new customers, he says.

Cato needs to do this, given the competition. Cato is not an SD-WAN player that sells boxes, says Yovel. “It’s a new kind of carrier and we’re ramping up to challenge telcos.” He points to GTT and CenturyLink as specific examples.

Cato is building out a service portfolio with all of the capabilities of a traditional telco in a single platform.  That platform connects sites (SD-WAN), mobile users (mobile access), cloud datacenter and cloud applications (cloud access). It uses a private backbone and is protected by a full security stack including —  NGFW, SWG, IPS, and, now, MDR. No additional security tools, cloud-based SD-WAN appliances, or anything is needed.

Cato’s service platform now involves traditional managed services, such as last-mile management, site deployment, and a fully managed option where the Cato team runs the network (in the past, Cato has only offered co-management or self-service models). Those are in addition to the managed security services provided by Cato.

Why Cato and Not an Established Telco?

Of course, it begs the question as to why enterprises should want to go with Cato if they can already get managed services from an established telco.

“Telcos must put together many different solutions to solve a customer’s problem. It adds complexity, increases costs, and reduces agility,” he says. “With a telco, everything looks good on paper but  you end up speaking with different groups who have to piece together all sorts of components.”

Instead, Yovel says Cato is carrier designed for the cloud. The core value proposition is the company’s cloud-native software. (This Cato blog that does a good job outlining the importance of cloud-native networking.)

Cato’s software provides all of the routing and networking functionality, including TCP optimization, policy enforcement, and security capabilities. There are no routers, security devices, or third-party appliances providing the core value of the offer. That’s a big deal for a carrier where hardware deployment and integration increases telco costs and can delay geographic expansion. “This is a carrier operating system built from scratch for the cloud,” he says.

And like a cloud provider, Cato does not own the fibers in the ground or any of the other physical infrastructure. The company’s network runs over-the-top (OTT) of existing IP connectivity.  But instead of relying on the unpredictable public Internet, Cato’s 45+ PoPs are interconnected by SLA backed transit agreements across three different tier-1 carriers. Cato’s software monitors each network, selecting the optimum one in real-time. In this way, Yovel claims enterprises realize far better performance than the Internet, akin to MPLS latency and loss, at a fraction of the price.

The Benefits of Going Cloud-Native

I’ve seen in my own work how Cato is often less expensive than telcos but that’s not necessarily a good thing if the company isn’t being profitable. Yovel argues that because of how Cato built its backbone and because it owns the software, the company’s cost structure is lower than a traditional telco.  “We don’t need to pay license fees or royalties. We own the platform,” he says.

He also points to the velocity as another key benefit. “If a customer has a feature request, we build it and the customer gets a date when it’ll be available. If they have a problem the support and programming teams can work together to solve it. It’s what we call ‘Roadmap Velocity,’” he says.

“In the three years since Cato’s been offering it’s managed SD-WAN service, the 130 people here have made so many changes on the platform.  We move at cloud speed.”

That kind of velocity is unusual for telcos.  Over the years, countless customers of mine have complained about the bureaucracy around trouble ticketing and service innovation of telco managed services. A study Cato just released of 432 IT professionals found that just 2% of respondents said telcos exceeded their expectations in delivering new features and enhancements.

But Wait What About Viptela and VeloCloud….

Cisco (Viptela) recently introduced multicloud on-ramps built into colocation facilities. VMWare (Velocloud) has something similar. It all sounds like very “Cato-like” since Cato has long touted that cloud-connectivity is natively integrated into its service. I asked Yovel about the difference.

“Look, it’s the telco bundle without the bundle.  What Viptela (and Velocloud) have done is still require you to do-it-yourself. You still need to connect the colos with a global network. That’s not provided. You still need to integrate security. That’s also not provided. So you’re talking about integrating three pieces, major pieces, together. What if something doesn’t work?  Is it the colo or the Viptela box? Who is responsible for troubleshooting? You. With Cato, you avoid all of that.”

Let’s Talk Application Analytics

One of the areas of great interest in our recent review of SD-WAN management platforms are the tools provided to diagnose application-layer issues.

Cato has “deep” application-identification ability.  They can identify which application is consuming capacity. They measure latency, jitter, and packet loss. They also provide real-time analytics, not just a delayed log review. But these analytics do not yet tell you SaaS server response time, which a handful of SD-WAN competitors offer.

Because they are in the cloud, they see every flow between every destination.  So they have a database of every flow. They can look at a single phone call and analyze it down to the network layer.  But many of these tools are only available to the internal support team. Now Cato is starting to make them visible to customers.

What’s Next for Cato? 

With so much in the Cato service, what should we expect to see in the near future? Yovel pointed to expanding network footprint and we should expect to see new PoPs in Africa. As for functionality, Cato’s been unusual in offering an SD-WAN platform with built-in mobile access. Yovel says to expect additional work in the area, enabling remote access without requiring a VPN client.

Share this post