cato corporate overview 0916
TRANSCRIPT
CatoNetworksNetworkSecurityasaService
CATONETWORKS©2016
Team
CoreCompetency:Buildinganddeliveringmissioncritical,globalscalenetworkingandsecurityplatforms
SHLOMOKRAMER,CEOFounder:CheckPoint(CHKP),Imperva(IMPV)Investor:PaloAltoNetworks(PANW),Trusteer,…
GURSHATZ,CTOVPR&D,PM:Imperva(IMPV)Founder:Incapsula(Impervacompany)
GLENN ESPOSITO,VPSALES(AMERICAS)VPSales(Americas),Barracuda(CUDA)
YISHAYYOVEL,VPMARKETINGVPMarketing:TrusteerSr.Director,ProductMarketing:Imperva(IMPV)
AVIRAMKATZENSTEIN,VPOPERATIONSSr.Director,R&DOperations:Imperva(IMPV)
CATONETWORKS©2016
DissolvingNetworkPerimeter
CloudApps(SaaS)
MobileUsers
CloudDataCenter(IaaS)
Users
DataCenter
Locations
3
NetworkingandSecurityareIncompatiblewiththeShapeoftheBusiness
Madeforthis
Notforthis
ClearNetworkPerimeter
Users
DataCenter
Locations
NetworkSecurityAppliance
WideAreaNetwork(WAN)
CATONETWORKS©2016
EnterprisesPaythePriceofIncompatibility
MobileUsers
CloudDataCenters(IaaS)
HQ / DataCenter RemoteBranchRemoteBranch
ExpensiveMPLSBackhaul
NoDirectInternetAccess
CloudApps(SaaS)andPublicInternet(WWW)
ApplianceSprawl
HighLatencyMesh
PointSolutions,SplitPolicy
BypassNetworkSecurity
4
CATONETWORKS©2016 5
TheWANisIncompatibleCost,Speed,Cloud&Mobility
ExpensiveConnectivityMPLScostpremiumshrinksasInternetqualityimproves
CloudandMobileareNeglectedWANslowtoevolvebeyond“branches”
LongTimetoDeployPainfullylongMPLSrollouttonewlocations
InternetTrafficisExplodingBackhaulingiswastefulandimpactsuserexperience
InsecurebyDesignBolt-onsecurityneededforDirectInternetAccess
NetworkSecurityAppliancesareIncompatibleBudgets,Resources,ThreatLandscape
CostlyApplianceLifeCycleBuy,Install,Configure,Repair,Upgrade,Renew,Retire
SlowtoEvolveandAdaptPainfulpatchesandupgrades,fallsbehindthethreatlandscape
CapacityConstrainedToobigortoosmall,youpayforItall
LocationBoundandRigidPartialcoverageforlocationsanddataaccesspaths
DependentonSkilledStaffScarceexpertiseandstaffoverload
Catopresents:NetworkSecurityasaService
CATONETWORKS©2016
NetworkingandSecuritymustmovetotheCloud
Cato’sVision
Becausetheyaretoocostlytoownandtooriskyandcomplexto
manage
7
CatoTakesStuffOffYourPlate
CATONETWORKS©2016
NetworkSecurityisSimpleAgain
CloudInfrastructure
HQDatacenter
MobileUsers
Branches
CatoSecurityServices
SecurityPolicy
CatoCloudNetwork
OneSecurity: Builtintothenetwork
OnePolicy:Allusers,locations,resources
OneNetwork:CarryingWAN&Internettraffic
8
CATONETWORKS©2016
Routing Reliability Optimization Encryption
OneNetwork
Global,SLA-backed,lowlatency,WANbackboneofphysicalCatoPoPs
SecureTunnelsOverlay:FWIPSEC,CatoSocket(Branch),CatovSocket(Cloud),CatoClient(MobileVPN)
SecureandOptimizedSD-WANaugmentsMPLSlinks,eliminatesinternetbackhaulw/secure,directinternetaccess
CatoCloud
Network
Security
9
MPLS
CatoClientCatoSocket CatovSocket
MobileUsersHQ/Data Center CloudDataCenterBranch
CATONETWORKS©2016
OneSecurity
Enterprisegradesecurityavailableeverywhere(LOCALsecureInternetexit)
ElasticandAgile:scaleup,seamlesslyupdated
Cloudtrafficvisibilityacceleratesdefenseadaptation
Routing Reliability Optimization Encryption
URLFiltering
AppControl
NGFirewall
CatoCloud
CatoSocket CatovSocket CatoClient
MobileUsersHQ/Data Center CloudDataCenterBranch
InfectionPrevention
CloudAccessControl
ExtrusionPrevention
NetworkForensics
Network
Security
10
CATONETWORKS©2016
OnePolicy
CatoNOC/SOC,MSPPartners,EnterpriseIT
Unifiedpolicyacrossallusers,locationsandaccesstobothinternalandCloudapps/data
ManagedservicebyCatoandPartnerswithFullEnterpriseITsupervision
Routing Reliability Optimization Encryption
URLFiltering
AppControl
NGFirewall
CatoCloud
CatoSocket CatovSocket CatoClient
MobileUsersHQ/Data Center CloudDataCenterBranch
InfectionPrevention
CloudAccessControl
ExtrusionPrevention
NetworkForensics
Network
Security
11
CATONETWORKS©2016
BeforeCato
Manufacturing,4locations,National
UTMFWs,Site-to-SiteMesh
MobileVPNDrivers
UTMsrefresh,subscriptionrenewal
DistributedUTMmanagementcomplexityCatoSolution
Phase1:SplitInternettraffictoCatoSockets(sidebysidewithUTMs)
Phase2:ReplaceUTMswithCatoSockets(takeoverWAN)
CustomerCaseStudyFirewallElimination&DirectInternetAccess
12
DataCenter
Firewall
Branch MobileuserBranchBranchDataCenter
SecurityNetwork
Mobileuser
BranchFirewall
BranchFirewall
BranchFirewall
CATONETWORKS©2016
CustomerCaseStudyFirewallElimination,Low-latencyWAN,CloudDCIntegration
13
BeforeCato
GlobalManufacturer,36locations,FWateachsite
BackhaultoSAPERPinDatacenter
Driver
MigratetoSAPHanaEnterpriseCloud(HEC)
WANbackhaulnolongerviable
CatoprovidesglobalWANwithfullmeshforSAPHEC
ConnectalllocationstoCatowithFirewallIPSECtunnels
Connect3Cloudsdatacenters(AWS,Azure,SAP)
Providelow-latencyglobalconnectivityacrossallelements
4sitesreplacedFWapplianceswithCatoSockets
Next:continuousfirewalleliminationIPSECTunnelsToSAPHEC
CatovSocket(GatewayforAWS-to-SAPTraffic)
IPSECfromFW(AzureEdition)
(4)CatoSocket(FWreplacement)
(30)IPSECTunnelFWAppliance
CATONETWORKS©2016
WhereDoYouWantToStart?
14
Routing Reliability Optimization Encryption
URLFiltering
AppControl
NGFirewall
CatoCloud
CatoSocket CatovSocket CatoClient
MobileUsersHQ/Data Center CloudDataCenterBranch
InfectionPrevention
CloudAccessControl
ExtrusionPrevention
NetworkForensics
Network
Security
PolicyManagement
CatoUseCases
ApplianceElimination(Firewall,UTM,…)
DirectInternetAccess,NoAppliances
Low-LatencyGlobalWAN
SecureSD-WAN
HybridCloudNetworkIntegration
MobileWorkforce,SecureCloudAccess
Summary
CATONETWORKS©2016
Appliancesprawlinbranchofficestoocostlyandcomplextomaintainandmanage?
CatosecuresWANandInternettrafficfromBranchOffices
EliminatesUTM,NGFWandWANoptimization
appliances
Centralizedpolicyenforcement
FullMeshintheCloud,nopoint-to-pointVPN
tunnelsconfigurations
#1:ApplianceEliminationStopApplianceSprawl
15
HQ/Data Center Branch
HQ/Data Center Branch
SecurityNetwork
CATONETWORKS©2016
MPLSbackhauloverloadedbyInternettraffic?
BackhaulingOffice365,Box,CloudERP/CRMtraffic
overexpensiveMPLScapacity
BranchInternetaccessisn'tsecure
CatoprovidessecuredirectInternetaccessforbranches
OffloadInternet-trafficfromMPLSlinks
Cloud-basedsecuritystack,eliminatestheneedto
deployUTM/NGFWappliancesintheoffice
#2:DirectInternetAccessEliminatebackhaulandsecurelyaccesstheInternetdirectlyfromtheBranch
16
HQ/Data Center Branch
MPLS/InternetSplitMPLS
HQ/Data Center Branch
MPLS
SecurityNetwork CatoSecure
Internet
CATONETWORKS©2016
BeforeCato
Manufacturing,3Offices,USSouthwest
MPLSbackhaulingtoanon-premiseERP
Driver
MigrationtoCloud-basedERP
CatoenablesDirectInternetAccesstoAllLocations
CatoSockettunnelsInternettraffictoCatoCloud
CatoCloudprovidesvisibilityandcontrolforCloud-basedERPandPublicInternetAccess
CustomerCaseStudyDirectInternetAccess
17
ERPBackhaul
DataCenterwithOn-premiseERP
Branch Branch
ERPDirectInternetAccess
DataCenterBranch Branch
SecurityNetwork
CloudERP
MPLS
MPLS MPLS
MPLS
CATONETWORKS©2016
CatoLow-LatencyWAN
NeedmorebandwidthforbranchesbutcantaffordtopayforMPLSupgrades?
CatoprovidesMPLSoffloadwithsecurityandoptimizationbenefits
SplitInternetandselectedWANtraffictoCatoCloud
ResilientlastmileconnectivitytoCato:CatoSocketusesdualInternetlinks,4G/LTEfailover,protocoloptimizations
Unique: Low-latencyWANconnectivity:CatoCloudNetworkprovidesoptimalroutingvs.“PublicInternet”
Unique: DirectSecureInternetAccess,withnobackhaul
Unique:ClouddatacenterandMobileUserWANintegration
#3:SecureandOptimizedSD-WANAugment/ReplaceMPLSNetworkswithSecureInternetConnectivity
18
BranchHQ/DataCenter
BranchHQ/DataCenter
CatoDirectInternetAccess
MPLS/InternetSplit
MPLS
SecurityNetwork
MPLS
CATONETWORKS©2016
Highlatencybranch-to-datacenterconnectivityovertheInternet?
ConnectyourLocationsusingCatoCloudNetwork
MPLS-likeLatencyforthelonghaul
LastMileandMiddleMileOptimizations
MultipleTier-1carriers,DynamicPathSelection
ForwardErrorCorrection,TCPProxy
#4:Low-latencyWANConnectyourlocationsusingtheCatoCloudNetwork
19
BranchHQ/DataCenter
BranchHQ/DataCenter
SecurityNetwork
CATONETWORKS©2016
SplitCloudandPhysicalDatacenterSecurityPolicy?
Datacenterfirewallrules
Amazonsecuritygroups
CatoprovidesUnifiedPolicyforAllDatacenters
SecurelyconnectPhysicalandCloudDatacenter
Unifiedpolicyacrosslocations
#5:HybridCloudNetworkIntegrationUnifiedpolicyacrosshybriddatacenters
UnifiedPolicy
20
CloudDataCenterPhysicalDataCenter
CloudDataCenter
SecurityNetwork
PhysicalDataCenter
Admins,Users
Admins,Users
Split Policy
CATONETWORKS©2016
MobileusersunprotectedbygoingdirectlytotheInternet?
Withoutcorporatenetworksecuritystack,usersareatrisk
fromphishingandmalicioussites
Cloudaccesscontrolisnotenforced
Catoprotectsmobileuserseverywhere,enforcescorporatepolicy
ConnectsmobileuserstoOn-premiseandCloudresources
Protectmobileinternetaccesseverywhere
ReduceSaaScredentialtheftimpactwithCatoIPrangerestriction
#6:MobileWorkforceSecureCloudandInternetAccessFullVisibilityandControlforMobileUsersaccessingCloudandInternetsites
21
MobileUsers
MobileUsers
Security
Network
CATONETWORKS©2016
Summary:BenefitsoftheCatoArchitecture
• Eliminatesbranch firewalls,UTMs,WANoptimization,URLfiltering
• DirectInternetAccess,EliminatesbackhaulingofInternettraffic
• MPLS-likelatencyforglobalconnectivity
• SLA-backedCatoCloud,betterthan“publicinternet”VPNtunnels
BranchOfficeSimplification
LowLatency,AffordableNetwork
• ConnectsmobileusersandCloudresourcestotheEnterpriseWAN
• Reducepointsolutionsandsplitpolicies
MobileandCloudSecureNetworkIntegration
22
BackupSlides
CATONETWORKS©2016
CatoNetworksPhasedDeployment(Example)
25
CatoSocketCatovSocket
RemoteBranch
HQ/Datacenter RemoteBranch
MobileUsersCloudDataCenters(IaaS)
MPLSVPN
1
2
3
ConnectremotebranchtotheInternet
• BranchwithFirewall:VPNtunneltoCatoCloud
• BranchwithMPLSBackhaul:UsingCatoSocket
ConnectdatacenterforWANaccess
• BranchwithFirewall:WANaccess,firewallelimination
• BranchwithMPLSBackhaul:CatoSD-WAN
Connectmobileusers,clouddatacenter
• AccessInternetorWANresources
CatoClient
CATONETWORKS©2016
MPLSBackbone
ExpensiveCapacity,SingleProvider
Products&People
OwnandHire
CloudManagedServices
SharedResources
SoftwareAgile,Elastic
InternetBackbone
MassiveCapacity,LowPrices
HardwareCustom,Rigid
OLD
NEW VS.