Cato Networks' Cloud Security-as-a-Service Platform Debuts

Startup Cato Networks, which emerged from stealth mode, is building a cloud-delivered security-as-a-service technology.

Cato Networks security

Gur Shatz, founder and former CEO of security vendor Incapsula, spent years building cloud-based Web application firewall technology. Now, as the CTO of startup Cato Networks, he is building a cloud-delivered security-as-a-service platform.

At the helm of Cato Networks is CEO Shlomo Kramer, who is well-known in the information security community, both as an investor and as the founder of Check Point. Cato Networks just emerged from stealth mode.

Cato Networks' technology is built on the premise that existing networking security models are too complex to maintain and are inadequate to defend against modern threats. A primary challenge for enterprises of all sizes is the fact that, with cloud and mobility, legacy models of security, such as traditional firewalls, no longer are entirely effective.

"What we're doing is taking the local network and rebuilding it in the cloud," Shatz told eWEEK.

The Cato Network model includes a cloud-based overlay network with a virtual LAN for an organization's traffic.

The Cato approach aims to simplify networking and security by providing a single logical network, Shatz said. "Everything flows through Cato, so organizations get logical control over what is flowing in and what is flowing out," he said.

Cato Networks has points of presence (POPs) throughout the world that are interconnected. Rather than using Border Gateway Protocol, the interconnected POPs provide a multi-point networking model.

"We are using our own protocols, which are data-path-aware, so we can select the best route to different points," Shatz explained. "It's a software-defined infrastructure that is built on our own hardware throughout the world."

The Cato technology was built from the data packet level up to be software-defined, which enables the fast, data-aware network, he said.

For an organization's LAN, that local traffic in a branch office works much the same as it does before Cato is engaged, Shatz said. Cato's current network focus is the WAN and inter-site communications across a distributed enterprise. Cato can integrate with ActiveDirectory, which provides user access and authentication controls.

"Since we take over the whole DNS [Domain Name System] process, we can forward traffic to ActiveDirectory," Shatz explained. "We are ActiveDirectory-aware, and that's where we can really know what's going on."

The entire Cato enabled network becomes an application-aware network, which can provide security visibility, he said. A next-generation firewall is built into the Cato platform, but rather than needing to look at multiple networks, there is a single logical network, making it easier to maintain and control. A Web services gateway that is part of the platform can perform URL filtering. Looking forward, additional security controls that will be added to the platform include malware protection and cloud access security broker, or CASB, capabilities.

By having the network as a "choke point" for visibility and control, it's possible to improve security, Shatz said. "What we're doing now is building a security stack, including security controls that can be collapsed into our network," he said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.