Tech in 20 Minutes Ep. 4: Josh Garland, Cato Networks
In this episode, Max Clark talks with Josh Garland, the Regional Sales Director at Cato Networks. Josh offers insight into how Cato Networks provides an Integrated Security solution to businesses spread out across the country and the globe.
INTRO: [00.00] Welcome to the Tech in 20 Minutes podcast, where you’ll meet new tech vendors, and learn how they can help your business. At Clarksys, we believe tech should make your life better, searching Google is a waste of time, and the right vendor is often one you haven’t heard of before.
Max: [00.18] Hi, I’m Max Clark and I’m with Josh Garland with Cato Networks. Josh, thank you for joining.
Josh: [00.22] Good morning, Max, thanks for having me.
Max: [00.24] So Josh, what does Cato do?
Josh: [00.27] Max, that’s a great question. You know, we like to think of ourselves as the next generation WAN, or wide area network. So essentially, we connect sites, whether those sites are customer offices, datacenters, mobile users, and really the big difference there is, we connect and secure them. So, there’s really an embedded security in this wide area network. But we also provide full management of this service, you know, so provide management for our customers. So, we’re really not only providing the network proportion of it, which I think we’ll get into a little later, but we’re also providing the full embedded, advanced security.
Max: [01.08] So, let’s go down a stack. I mean, what is the problem that Cato solves.
Josh: [01.13] So there’s really four main issues we solve. As customers are moving away from MPLS, which is, you know, the traditional wide area networking platform – MPLS is high-performing, it’s a consistent experience, and as they move from MPLS – customers move from MPLS to SD-WAN – they’re going from this consistent experience to the public internet. So really, that’s the first thing Cato solves, and we solve it by providing a backbone… So, we solve performance, and replacing of MPLS… Second thing we provide is security, right? As you move away from MPLS is… You’re moving away from a secure, a private connection – really to multiple public connections. So, a lot of SD-WAN vendors didn’t take into account, you know, now that they went from one point of breach to a hundred points of breach. So, Cato also solves that problem, with providing security. A lot of customers are trying to do all this with different point solutions; it’s really unmanageable, so that’s where the third problem we solve… It’s manageability, right? Since we have all these services we can consolidate security and network and routing and SD-WAN, into a single cloud, and have it easily manageable, because it’s fully integrated. The fourth thing is, you know, since we are cloud-based and all the processing happens in the cloud, we want to add new features, you know, you want more throughput… It’s all inherent, just like the reason people are moving to SaaS applications: it’s scalability. So truly, performance, security, ease of management, and future proofing scalability.
Max: [02.59] So Cato has a global network of gateways… I mean, literally a global network of gateways. Would you say that you’re a security company with a network and SD-WAN, are you a network company with security and SD-WAN, are you a SD-WAN company with a network and security… I mean, how does this actually feed into each other?
Josh: [03.17] Max, that’s a great question. So, we actually – we started as a cloud-based, global security solution, and then layered on top of that a global optimized backbone. So, we can provide this security as a service, we can provide WAN optimization as a service, and really the SD-WAN portion of it that everyone’s talking about today, that is just a feature we provide; we are not an SD-WAN company. What SD-WAN – we use SD-WAN for – is to get from the customer prem to our POP or to our cloud. Once you’re on the POP, you now have access to all our features, you know, whether it’s security, whether it’s WAN optimization, and all those cool SD-WAN features – again – just happen, the act to act, back to failover, packet duplication… All these features everyone’s talking about over multiple internet circuits, just happens between the customer prem and our POP.
Max: [04.07] SD-WAN relates to an office location, you know – so a connection of an office to your backbone to your gateways. What about mobile users? Post-COVID this is really important… What are you doing for remote workers, a distributed workforce, with Cato?
Josh: [04.23] Well it’s an interesting question, and I think where Cato provides value is – it goes back to my statement about customers trying to provide all these different point solutions. So right now, you know, along with a VPN concentrator, to get the VPN users into a centralized hub; they also need a firewall, they need an MPLS router, maybe they need an SD-WAN device. In the Cato world, all this is fully integrated, I mean, even the VPN users are fully integrated. The beauty is, since the VPN user – just like a site – would connect to the closest Cato POP at that point during the backbone, or our Cato cloud. So they get really – at that point – they get two advantages… They get to take… They get the better performance, because they’re hitting our POP and using our backbone, but since we have embedded security, we can also lock those users down. So, we’re actually protecting those users and the corporate environment, from any breaches. So, it’s really security and performance that those VPN users get, that they wouldn’t get from a traditional VPN concentrator.
Max: [05.22] I think that’s an important point, right? Because, if you have a corporate HQ and a VPN concentrator there, and… Let’s say that’s in Los Angeles, and you have users in Europe, you’re pinging traffic from Europe to Los Angeles, versus Cato, where you’re pinging traffic from you know, London to London, to then come across your backbone… That’s right?
Josh: [05.38] That is right! So, a huge advantage there is most customers, whether it’s regionally or typically they have one central hub, or they have a VPN concentrator there. For instance Max, in your example, they have a datacenter in LA with a VPN concentrator, they have a user in… Global, in Tokyo. That user, wherever they have to go, even if it’s another site in Tokyo, they have to go all the way back to the US, hit that concentrator, and then back across the wide area network. In the Cato world, if you’re in Tokyo, the VPN user – or even a site – terminates directly on the Cato Tokyo POP. In a hairpin… If you’re going to Tokyo, we’ll just hairpin back to Tokyo. So really, we decrease a huge amount of latency and increase performance dramatically.
Max: [06.24] So say that you have an accelerated backbone, or you have a single cloud-based firewall and endpoint management… I mean, those are solutions, right? When you’d say… You know, as a business leader, how would I know that these are things that I need to solve for, right? Like, what is driving that conversation that brings somebody to Cato?
Josh: [06.44] Well, from a CIO level or IT director level… A lot of folks are moving away from MPLS to – I’m not going to say to reduce costs – but part of the promise is reduced cost when you’re moving to SD-WAN. And what they’re finding is – first of all – they’re taking a hit on performance, there’s no built in security, the promise of simplicity with SD-WAN isn’t fulfilled, and if you upgrade you still have to upgrade these boxes to higher throughput – there’s really no scalability. So what Cato provides really, from an IT director standpoint, is ease of management, right? So, now they have all these resources in one spot, they can simply manage, whether it’s changing your content filtering on a hundred and eighty sites with a single click, that can happen. But it’s also the scalability of it. So, essentially and since we are cloud – like I said before about SaaS environments – the scalability is infinite. There is obviously some top limit, but if they needed new services, we add new services, if they needed new features or functionality, we can add that, without really changing anything on the edge, because it all happens within our quarter.
Max: [07.59] You know, a lot of SD-WAN and security vendors in the market… What is an ideal customer for Cato? You know, if somebody is listening to this and they’re thinking about Cato – where are you guys a home run? What do you do better than anybody else in the market, and what brings people to Cato?
Josh: [08.17] So really it’s… Any customer that’s concerned about security, that is always the big one. Any customer that’s concerned about WAN performance, that is a huge one. Any customer’s that are sick of having six or seven appliances at each one of their sites, and having to manage each one of those appliances, and having no integration between all those platforms. I would also say, from a regional standpoint – listen, since Cato is POP based, and we have this optimized backbone I keep mentioning with, you know, WAN optimization as a service on it, that really doesn’t help the regional plays. If you have ten offices in LA, the backbone’s not going to help you. But security can still help you – the next generation firewall, the IPS, the IDS… It may be a reason to look at Cato, but it may not be a perfect fit. But if your sites are spread out across the United States, and you want performance, and you want this holistic view, and security, and all your traffic, Cato would be a fit. And then to expand a little further: if you’re global, where performance really becomes an issue, Cato would become an even better fit.
Max: [09.29] So in that you’re saying, your customers – not so much regional, or regional that are looking for integrated security – but more distributed, across the country, across multiple countries or across multiple continents?
Josh: [09.42] Exactly.
Max: [09.44] How is Cato priced? I mean, what is your unit measurement, can you give me a price range example of, you know, low-end and high-end of what this would deploy like?
Josh: [09.54] It all depends. Our services price is the operating cost – so we do bill monthly, quarterly or yearly – and it’s based on aggregate bandwidth into the Cato cloud, and it’s based on region. So, we’re priced very aggressively in the United States. If all your sites are in the United States – and the reason is, at that point, we’re competing against the box vendors, which in general, are an expensive… As we go globally, we’re now competing against MPLS vendors, because SD-WAN vendors, box vendors, cannot overcome the issues with the internet – especially globally. I mean, they have a hard time doing it east coast to west coast of the United States. So, it’s priced a little higher from that point, but compared to MPLS providers, and what you get with the Cato network – the WAN optimization, the next generation firewall, the built in security for VPN users, from a price perspective, it’s very compelling.
Max: [10.45] What I’m hearing you say is, if you’re in the United States, bandwidth in the United States is relatively inexpensive, and therefore the service is relatively inexpensive. If you have sites in Mexico, bandwidth in Mexico is more expensive, and so your sites in Mexico become more expensive as a result.
Josh: [10.59] Exactly, so our plat – I mean, just in general when you think about it, to build a POP next to a city is going to be a lot more than to build a pop in Las Vegas, or even to build a POP in Tel-Aviv or to build a POP in Johannesburg, it’s going to be a lot more expensive than to build a POP in San Jose. So, really that’s where those costs come in also, right? Why globally the costs are a little bit more, because of the services in those areas are a bit more.
Max: [11.26] So you’re charging based on the number of users, the amount of bandwidth in the offices, services that are layered on top of it, I mean, what does that actually look like?
Josh: [11.30] Yeah, so the first pricing component is bandwidth, aggregate bandwidth into the Cato cloud or into the POP. So, if you’re in LA – and this is in increments of 25mb – and you had 200mb circuits, and you want to go full back to back, that would be a 200mb licence. To add on top of that, you can use this just for SD-WAN, and use this for a backbone – you can use us for WAN optimization, but most customers also use us for this embedded security. So, the service does come with a next-generation firewall, the additional features on top that are advanced security features. So, we have IPS, IDS… Next-generation anti-malware, we’re using artificial intelligence to find zero-day threats. The beauty of this is that Cato is managing all this. We’re managing the signatures – which is very resource intensive, as most customers know who manage firewalls – in general, they can’t keep up with these signatures, which are applied from threats, by the way; they can’t even keep up with them, because they don’t have the resources to. So, this is all managed by Cato. And then, the VPN user is another cost; a per-user cost. And then we have super-advanced security and management features that are also additional costs, for instance: we do a lot of managed detection and response, which is really a managed service operations center – security operations center, excuse me, SOC. And since we have this SOC – globally, we can also manage circuits. We don’t provide any local transport, Cato doesn’t want to be in the business, but with LOAs, we can actually open tickets with underlying carriers – AT&Ts, Verizons, GTTs, whoever the local transport is – to open a ticket, and own that troubleshooting process with that end carrier.
Max: [13.15] Give me an idea of who your existing customers are in terms of like, industries or size, or you know, brands people would know. I mean, where do you play? What’s your space?
Josh: [13.25] Max, that’s a hard question to answer. We are all over the place – there is no one vertical that’s getting most of our business. If I had to say, and give you one vertical, it would be manufacturing, because simply – they are global. Again, Cato can be a great fit on a regional US play, but globally does make it better. But we have law firms, we have retail shops, global retail – because we are secure, we have that embedded PCI compliance – we also have some customers in the medical field, because of our embedded security, we’re also HIPAA compliant. So really, it is all over the map.
Max: [14.07] So if I want to evaluate Cato or a customer wants to evaluate Cato, what’s your process? I mean, do you offer demos, proof of concept, trial periods… What… How does that work?
Josh: [14.17] Cato is relatively new, we’ve been around since 2015, and we like to use that to our advantage, right? We see where the SD-WAN companies fell short, and we’re able to see that and build our product to fill in those gaps. But, with that said, because our name isn’t a household name, we’re more than willing to allow our customers to do no charge, no paperwork, proof of concepts, provide them full training on these services, and also, they’re assigned an engineer, who will help them configure these proof of concepts, or trial architectures. So, we want to be easy to work with.
Max: [14.56] But in a post-COVID world right now, what are you seeing from your customers, and how are you helping them with the shift in workforce?
Josh: [15.03] You know, some customers we talk to, “Okay, this is great, we have four hundred users, and guess what? We thought ahead and now every one of those users has a VPN license, even though, you know, we only have twenty of them who actively – pre-COVID – actually worked remote. But that’s not normal. What we normally find is, customers have a thousand users who now are forced to work remote; these customers, they didn’t have enough VPN licenses, right? Now they have to get licenses from their firewall vendor, but guess what? That firewall box doesn’t support a thousand vendors, and now they have to buy a new box, or guess what? Now all the more customers are coming through – you know – in and out of their internet circuit, so now bandwidth is doubled. So, they don’t take this into consideration. So what Cato – in this case, and what we’ve been doing successfully – is… We’ve seen a lot of traffic on our VPN usage, because there’s no back-calling, because it is fully secure, you know? When a user on the VPN hits our POP, they either go to the internet, or if it’s SD-WAN services, they are directly sent to the datacenter. So, we’re seeing a lot of traction with that, and I guess the biggest problem is our industry is… No-one expected a hundred percent of their workforce to work remote, and they just weren’t architected for it.
Max: [16.16] Josh, thank you very much.
Josh: [16.19] No, thank you.
OUTRO: [16.21] Thanks for joining the Tech in 20 Minutes podcast. At Clarksys, we believe tech should make your life better, searching Google is a waste of time, and the right vendor is often one you haven’t heard of before. We can help you buy the right tech for your business, visit us at Clarksys.com to schedule an intro call.