Managing a complex network requires lots of training, which Rosen wanted to avoid as a requirement for Guardian’s IT operations team. “It takes a ton of time and expertise. You don’t just go out and take a couple of courses in how the network works in a complex environment,” says Rosen. “So for us, moving to SD-WAN wasn’t necessarily about reducing costs, even though that was something that happened, but it was more about visibility of the network. We wanted to reduce the complexity of the network but maintain its protection and resilience.” One reason improving visibility was particularly important for Rosen and his team was because of the struggles voice and cloud applications had across private networks like Guardian’s. The company was increasingly looking to adopt video conferencing, Microsoft 365, and other applications so providing quality of service (QoS) at the edge was very important. SD-WAN Requires Security to Replacing MPLS SD-WAN provided a way to simplify the network but that meant adopting Internet everywhere. The inherent risks were obvious. “Now that we’re getting away from private connections, we risk exposing ourselves by providing Internet connections now at all locations. So that was something to weigh. How could we mitigate that risk? “ It meant that security had to be part of his SD-WAN assessment. The notion that traffic across the WAN can be trusted, a common belief in legacy network design, had to be upturned. “If you trust the traffic between a branch and a datacenter, you’re increasing your risk. If there’s a piece of malware in the branch, which thankfully we never had, the malware could propagate across the network. You must inspect the traffic.” And that inspection must be based in the network. “You can use endpoint control in the computers but that doesn’t fix IoT or devices that might have different operating systems than the ones you control. You really need to have inspection and control in the network.” Rosen Considers SD-WAN Solutions but Finds Security, Management Lacking Rosen investigated conventional SD-WAN solutions, but none of those alternatives prioritized security. “We led with ‘security first’ in our assessment, but conventional SD-WAN solutions sold security as an add-on or required a separate security solution.” We led with ‘security 昀椀rst’ in our assessment, but conventional SD-WAN solutions sold security as an add-on or required a separate security solution.” Cato. Ready for Whatever’s Next Case Studies - Banking/Credit union & Financial Services 4
Cato Networks Case Study Financial Services Page 3 Page 5