Cato Networks Healthcare
Cato Networks Healthcare Case Studies
How Cato Networks helps Healthcare Providers.
Cato Case Studies Healthcare
Contents Topcon Achieves a Fast, Secure Global WAN with Cato 3 Work from Home • Optimized Global Connectivity Diamond Braces Uses Cato to Boost WAN Security, Performance and Reliability 7 Secure and Optimized SD-WAN Arlington Orthopedics Replaces Carrier-Managed SD-WAN Service 11 Branch Appliance Elimination • Secure Cloud-Based SD-WANConnectivity • Affordable MPLS Alternative Cato. Ready for Whatever’s Next Case Studies - Healthcare 2
Topcon Achieves a Fast, Secure Global WAN with Cato Work from Home • Optimized Global Connectivity The Challenge: A Single, Fast Global WAN Proved Challenging Cato’s biggest bene昀椀t from my point of view is with MPLS that our network operators no longer need any Global enterprises often struggle to provide consistent WAN performance specialized knowledge.” and security across all their locations. MPLS is very expensive or unavailable in some remote regions and VPN alternatives can be slow and Takashi Nakajima, unreliable. Topcon Corp knew this problem only too well. Head of the Digital Transformation (DX) Topcon is based in Tokyo, Japan with offices spread across the Promotion Division and Chief of Business Americas, Middle East, Africa, Asia Pacific, and China. With expertise in Operations advanced technology and global business development, the company provides global solutions to meet societal challenges in healthcare, About Topcon agriculture, and infrastructure. Some of these include technologies that Based in Tokyo, Topcon automate the operation of agricultural equipment and harness digital Corp provides global sensors to manage the growth of agricultural crops. technology solutions to meet societal challenges in healthcare, agriculture, and Seventy-seven percent of our sales come from overseas infrastructure. and nearly 80% of our employees are not Japanese,” says Takashi Nakajima, Head of the Digital Transformation (DX) Promotion Division and Chief of Business Operations.” Cato. Ready for Whatever’s Next Case Studies - Healthcare 3
Topcon was struggling to provide fast, secure connectivity to its offices in China. Most of its other locations took advantage of fast MPLS connections, but China’s offices had slower connections that were often problematic. “We started seeing the limitations of MPLS for worldwide deployment and started looking for a next generation network we could deploy everywhere,” says Nakajima. “We needed a simple, fast, secure solution for regions in Asia where MPLS hadn’t yet been established.” Topcon Searches for a Global WAN Solution, Chooses Cato GlobalDots, a global cloud solutions provider, introduced Nakajima to the Cato solution and he was immediately impressed. “I had already been working with a local SD-WAN deployment in my previous job, so I was familiar with the technology. I liked that the Cato SASE could give us the fast connectivity in China and other parts of Asia that we needed while also keeping our communications secure and allowing us to monitor everything properly.” Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance, which links automatically to the nearest of Cato’s more than 75 globally dispersed Points of Presence (PoPs). At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and five nine’s uptime; it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features, improving remote access performance. Nakajima was sold on Cato, but convincing internal management was another story. “We had a lot of conversations in which I had to explain Cato and SD-WAN to management and field staff and assure them that I couldn’t find anything else with all the built-in security and monitoring that Cato had,” says Nakajima. “I made those features the big selling points and got it though the internal approval process.” We had a lot of conversations in which I had to explain Cato and SD-WAN to management and 昀椀eld sta昀昀 and assure them that I couldn’t 昀椀nd anything else with all the built-in security and monitoring that Cato had.” Cato. Ready for Whatever’s Next Case Studies - Healthcare 4
Fast, Secure WAN and Remote Access Worldwide Implementing the Cato solution was quick and smooth, thanks to Cato’s simple socket appliances and help from GlobalDots. “They did most of the work,” says Nakajima. “As long as there was an Internet connection in our Asian offices, GlobalDots could handle just about everything else remotely. We also replaced our remote access service with Cato’s for about 600 employees, starting with smart phones. It took a little education to get them started but it was pretty smooth.” Staff PC’s will come next. Performance in China and other regions without MPLS has been fast, but its Cato’s simplicity that has really impressed Nakajima. “Cato’s biggest benefit from my point of view is that the network operators no longer need any specialized knowledge,” says Nakajima. “We have a small network staff, and they have to look after the internal network, the Asian network, and our domestic WAN. Now they don’t have to deal with all those version upgrades, security patches, outages, and support issues. Aside from the time and resources saved, there are no more of the human configuration errors we used to have.” Nakajima is also impressed with how easy and quick bandwidth upgrades are with Cato. We’ve been moving to cloud services such as AWS and Azure, and in the initial design phase we can invest in the minimum bandwidth we need. Then we can quickly ramp up the bandwidth with Cato when we need it.” Topcon had a WAN connection in the U.S. that was impacted by wildfires, requiring a quick replacement, which came easily with Cato SASE. “Normally we would have had to run another MPLS line, which would have taken a long time, but with Cato we were able to recover immediately with nothing more than a contract change,” says Nakajima. “It’s so great for our business when we can do these kinds of things so fast.” Nakajima also saw the true value of Cato’s remote access service when Covid hit. “Basically, nothing happened,” said Nakajima. “Cato’s remote access was already deployed for our workers so there wasn’t much to do. And since nothing happened, management was amazed when they started reading about all the problems other companies were having giving their employees the capability to work from home.” Overall, the Cato SASE solution has been a big success for Topcon. “We were able to provide a fast connection and secure environment for our employees, even when Covid hit and they had to work from home, “says Nakajima.“ The Wi-Fi networks users had at home were not very secure after all, but it didn’t matter with Cato’s security services. Management has been happy with how quickly we can set up Cato at new locations and how well work-from-home went during Covid.” Cato. Ready for Whatever’s Next Case Studies - Healthcare 5
As for the future, Nakajima plans to use Cato to create a business continuity/disaster recovery plan that will fail over from AWS to Azure or vice versa. “I’m trying to create a structure where if one cloud service goes down the network won’t be cut off,” says Nakajima. I would recommend Cato most of all for its 昀氀exibility. It’s so easy. Jut try it out and see if it works for you. We started with our overseas WAN, expanded to remote access and now we’re moving on to other locations. We really haven’t had any major issues.” Background With expertise in advanced technology and global business development, Topcon Corp provides global solutions to meet societal challenges in healthcare, agriculture, and infrastructure. Solutions include agricultural equipment automation and agricultural crop management using digital sensors. Topcon is based in Tokyo, Japan with offices in the Americas, Middle East, Africa, and Asia Pacific. Before Cato, Topcon relied on MPLS connections where they were available and VPN connections where they were not, with firewall appliances at each location and a VPN service for remote access. Cato. Ready for Whatever’s Next Case Studies - Healthcare 6
Diamond Braces Uses Cato to Boost WAN Security, Performance, and Reliability Secure and Optimized SD-WAN The Challenge: Easy Deployment Alexander Azikov, and Management; Fast, Reliable IT Manager Connectivity About Doctors’ and dentists’ offices have stringent security requirements, Diamond Braces thanks to HIPAA and other regulations for protecting patient data. They Headquartered in New work with large X-ray image files and many have been moving medical York City, Diamond Braces consists of 32 orthodontist management applications to the cloud. For dentist office chains, such offices in New York as Diamond Braces, fast, secure, reliable communications among State, New Jersey, and locations and the cloud are an absolute requirement. Connecticut. Before Cato, The Diamond Braces network spans 32 orthodontist locations in most Diamond Braces’ locations were connected New York State, New Jersey, and Connecticut, with headquarters in through broadband and New York City. Before Cato, most Diamond Braces locations were Internet VPNs. Only the connected via Internet VPNs, with fiber running only from its main main office and call center office and call center. Each location ran a separate firewall gateway/ used fiber. Security came VPN appliance, which led to increasing complexity as the number of from a firewall gateway/VPN locations grew. “It was all getting too difficult to manage and it was appliance installed at each taking too much time to ensure it worked properly,” says Alexander location. Azikov, IT Manager at Diamond Braces. We had people accessing malicious sites, often unintentionally via a typo or spam mail. We needed the capability to warn them or block those sites. I was also looking to add IPS capabilities and I needed an integrated solution that could do it all with a single-pane-of-glass.” Cato. Ready for Whatever’s Next Case Studies - Healthcare 7
For all their complexity, however, the firm’s firewalls couldn’t filter HTTPS traffic, so Diamond Braces was left without any content filtering capability, unless it added it separately, which would only increase complexity and cost. “We had people accessing malicious sites, often unintentionally via a typo or spam mail,” says Azikov. “We needed the capability to warn them or block those sites. I was also looking to add IPS capabilities and I needed an integrated solution that could do it all with a single-pane-of-glass.” Applications such as Office 365 and the firm’s patient management solution were mostly in the cloud, so fast, reliable cloud and office connectivity were vital. Large X-rays averaged 7MB each and the company made extensive use of cloud-based VoIP and videoconferencing, so hefty bandwidth and quality of service were also WAN requirements, as was backup connectivity in the event of service disruptions. With Diamond Braces adding an average of 10 locations a year, quick deployment and easy, centralized management were also key capabilities that IT was not getting from its VPN’s, fiber, and branch-based firewall appliances. “We really needed a scalable solution with unified security and management,” says Azikov. Diamond Braces Taps Cato for Simplicity and Security Azikov had heard how SASE merges WAN and security in a single cloud-native solution and was pretty sure it was what he was looking for. He considered several vendors, but the only one that filled all the SASE requirements was Cato. “One vendor had an excellent infrastructure, but very limited security, so we would have had to go to another vendor for content filtering, just like with our current solution,” says Azikov. “Another vendor relied to a large extent on its endpoint security appliances, so it wouldn’t relieve the complexity of our current appliance-based architecture.” Only Cato offered a completely integrated cloud-native SASE solution with a single management interface for WAN and security. It also had all of the required security functions–firewall, IPS, and content filtering. The only appliance to install was the Cato Socket, which was a cinch to configure and required no real management. Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next generation firewall, content filtering, and IPS. Cato. Ready for Whatever’s Next Case Studies - Healthcare 8
We had a proof-of-concept stage, during which I was able to set up an o昀케ce myself,” says Azikov. “I just had to ask some questions about the best way to do certain things. After the 昀椀rst, I could set up locations without even thinking about it.” Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 65 globally dispersed PoPs. At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features and improving remote access performance. Once we had it all connected on a single Cato network, everything was so easy and reliable. We can get by on 25 Mbits/s, but 50 made working very comfortable, and Cato’s QOS made for very smooth video. For the central o昀케ce, Azikov went for 75 Mbits/s.” Installing the Cato solution was incredibly fast and easy. “We had a proof-of-concept stage, during which I was able to set up an office myself,” says Azikov. “I just had to ask some questions about the best way to do certain things. After the first, I could set up locations without even thinking about it.” It didn’t take long to set up all 33 locations with 50 Mbits/s Cato connectivity. “Once we had it all connected on a single Cato network, everything was so easy and reliable,” says Azikov. “We can get by on 25 Mbits/s, but 50 made working very comfortable, and Cato’s QOS made for very smooth video. For the central office, Azikov went for 75 Mbits/s Cato Brings Security, Reliability, and Easy Management Azikov loves the simplicity and reliability of the Cato solution. “Cato’s centralized management saves tons of time,” says Azikov. “We troubleshoot issues so much faster. When you have everything in one place you can just switch back and forth and analyze different pieces of the puzzle. IT really ticks all the boxes for us.” Cato. Ready for Whatever’s Next Case Studies - Healthcare 9
We troubleshoot issues so much faster. When you have everything in one place you can just switch back and forth and analyze di昀昀erent pieces of the puzzle. IT really ticks all the boxes for us.” With the original firewall solution, Azikov had to copy and paste text-based configuration information from one site appliance to another. Sometimes there were IP address mistakes, which led to hours of troubleshooting. We don’t have to deal with all those IP issues. And when there’s a provider issue, I can see it on the Cato interface immediately before employees call me and tell them we’re using a backup connection and I’m already working with the provider to get things up again.” “With Cato it’s all just plug and play,” says Azikov. “We don’t have to deal with all those IP issues. And when there’s a provider issue, I can see it on the Cato interface immediately before employees call me and tell them we’re using a backup connection and I’m already working with the provider to get things up again.” With easy management, Azikov has more time to research new financial and project management tools to improve the business. I love the analytics Cato provides to help me troubleshoot issues and tweak the system for optimal performance. Otherwise, I really wouldn’t know what to change to make things better. This helps especially with QoS on the slower broadband and LTE backup connections.” Azikov’s favorite Cato feature is Event Discovery. “I love the analytics Cato provides to help me troubleshoot issues and tweak the system for optimal performance,” says Azikov. “Otherwise, I really wouldn’t know what to change to make things better. This helps especially with QoS on the slower broadband and LTE backup connections.” In all, Cato has made business much smoother for Diamond Braces and management of WAN and security much easier for Azikov. Perhaps the best thing: “We have a lot fewer complaints from end users,” says Azikov. Cato. Ready for Whatever’s Next Case Studies - Healthcare 10
Arlington Orthopedics Replaces Carrier-Managed SD-WAN Service Branch Appliance Elimination • Secure Cloud-Based SD-WANConnectivity • Affordable MPLS Alternative Challenge: How to Run Lean George McNeill, and Still Deliver Agile, E昀昀ective Director of IT Security and Networking About Arlington It’s an all too familiar problem: IT is called to support more users and Orthopedics deliver more services without increasing budget. With MPLS and firewall appliances that might have seemed like mission impossible. Arlington Orthopedic The sheer complexity of the traditional network infrastructure almost Associates, P.A. is one of the largest orthopedic practices requires IT to maintain networking and security specialists on staff, in North Texas. The company not to mention an extensive investment in infrastructure, limiting cost was looking to nearly double reductions and constraining efficiencies. its regional network, growing But new technologies, such as SD-WAN as a service (SDWaaS) and from three Texas locations — the main office in Arlington firewall as a service (FWaaS), are enabling IT to operate far leaner and branches in Mansfield than ever. Just ask Arlington Orthopedics where the network nearly and Irving — to five locations, doubled in size without having to expand its IT team. adding offices in Midlothian and Odessa. The existing locations had firewall It was obvious to me that I had to focus my resources. appliances connected I needed my infrastructure to be as lean as possible. by 100 Mbits/s, layer-2, This way we could invest in business analysts or other MPLS connections (VPLS). customer-facing roles and technologies not internal IT Internet-bound traffic was backhauled to Arlington, roles, such as networking and security specialists.” which had a 100 Mbits/s Internet connection secured by another firewall appliance. Cato. Ready for Whatever’s Next Case Studies - Healthcare 11
But the Arlington network was anything but lean. Arlington spent $10,000 per month for the 100 Mbits/s MPLS service and connections were still “choking out,” he says. MPLS’s infamous deployment times also meant he needed a 90-day window for deploying new offices — far too long for the firm. The existing firewall appliances were also sucking up resources he didn’t have. “Firewalls are complicated by default, but they’re even more complicated when set up by someone else who’s no longer with the company and with his or her own ideology and thought,” he says. Troubleshooting the performance problem that was “choking” his network wasn’t easy. The company’s office and regional networks were flat, layer-two subnets. Firewall appliances at each location were connected by meshed, point-to-point, virtual private networks (VPNs). Servers located in Arlington were accessed by the branch locations. George knew that some locations had performance problems, but diagnosing them was very difficult. “We could see the traffic, but figuring out the source of the problem was impossible,” he says. And with IT resources spent keeping “the lights on,” other projects had to be pushed to the side. Disaster recovery (DR) was one such example. “I could have set up a DR site using a site-to-site VPN,” he says, “But then I would have to put a whole lot of work into the effort and still have a single point of failure.” Cato’s “Easy Experience” Simpli昀椀es SD-WAN Adoption George had heard about the cost savings of SD-WAN from a local provider. During his research, he stumbled on to Cato and how Cato Cloud, Cato’s SD-WAN as a service, combines SD-WAN with FWaaS. He decided to trial Cato Cloud. I expected the company to take a month to get me equipment when two days later, I received two Cato Sockets (Cato’s zero-touch, SD-WAN appliances), precon昀椀gured for installation.” Within 10 minutes the Cato Sockets were installed and the Cato solution was working. “We had the whole shebang for a month. A fully functional, free trial for a month, to verify that it works. Apparently, that’s not very common with SD-WAN,” he says. For his due diligence, George went back to the initial provider. Instead of Cato’s converged secure SD-WAN as a service, the provider offered a managed service integrating third-party, SD-WAN appliances and firewall appliances. The result was a complex, heavy, and cumbersome environment. Cato. Ready for Whatever’s Next Case Studies - Healthcare 12
It was the classic difference between traditional, appliance-centric, managed services and the elastic, software-driven cloud all of which led to serious adoption and configuration problems for George. “The provider wanted me to buy without a trial. What person in his right mind would use a service without a trial?” he says. “I was on a call with 10 of their people, and they said, ‘Okay we’re going to replace your firewall.’ I said ‘WHAT? No, you’re not!’ Replacing the firewall or placing the SD-WAN appliance in front of the firewall would have meant reconfiguring his entire site-to-site VPN just for a trial.” “When I told them that they needed to place the appliance alongside the firewall. Their response was ‘that’s complicated.’ One dude from Cato figured out the problem in five minutes you mean your entire team couldn’t get it to work?” he says. “After a month, the reseller still hadn’t given us the trial.” Arlington Deploys Cato in Minutes In the end, George went back to Cato. “Yes, Cato met my technical requirements, but the reason why I returned and am staying with Cato is that it made buying SD-WAN so simple.” Rather than ripping-and-replacing the firewall, Cato allowed George to extend the life of his firewall and transition off as needed. External traffic could be sent to a Cato Socket sitting alongside the existing firewall. The traffic is secured by the Cato Security Service built into Cato Cloud Network. Cato Security Services include next-generation firewall (NGFW), secure web gateway (SWG), and IPS. As firewalls would reach their end-of-life or the limits of their capacity, traffic can be moved over to Cato. They can also be configured to “burst” to Cato Cloud. Any implementation has its share of challenges and McNeil’s Cato deployment was no different. “We had a problem accessing Cato’s Dallas PoP [point of presence] at one point,” he says, “Yes, things were a bit slower, but our users didn’t notice it so much. The Sockets automatically migrated everyone to Cato’s Chicago PoP. But here’s the thing — we didn’t have to do anything. Our firewall rules remained the same, there was no reconfiguration, and Sockets automatically re-connected to the Dallas PoP when Cato resolved the problem.” Better Management, Better Control with Cato With Cato, George has improved agility, increased visibility, and control, and expanded his level of service to the business all without scaling up his IT team. Deploying new sites takes far less time. “With Cato, I am setting up an office before they have electricity to every socket,” he says. McNeil can also diagnose problems more efficiently. By sending all traffic to the Cato PoP, McNeil gains a single-pane-of-glass into his network. He’s been able to use that tool to improve governance and IT’s interaction with the business. Cato. Ready for Whatever’s Next Case Studies - Healthcare 13
“We found that Netflix was being streamed across the network during company hours. With our firewall, we would have only been able to block Netflix, and that was my knee-jerk reaction, but then whoever was watching Netflix would switch to another network. With Cato, I was able to identify the user watching Net昀氀ix and on which device — his cell phone. This way I was able to send him an email to hold o昀昀 on movie time during company time. And if he keeps doing it without permission? I’m going to turn o昀昀 Net昀氀ix for just that phone during work hours.” And he’s been able to address his disaster recovery issues. “Cato has made a separate disaster recovery site possible for us,” he says. Instead of configuring individual site-to-site VPNs for each location to a DR facility, now the DR facility sits like any other office on the same Cato Cloud-based WAN. “The Cato Sockets allow me a huge level of high availability,” he says. Looking Ahead with Cato Means Keeping Lean and E昀昀ective George has largely eliminated MPLS and the firewall appliances, transitioning most offices to Cato Cloud. He plans to migrate his last office to Cato once he’s finished his MPLS contract. Eliminating MPLS will free up budget for other IT projects, such as increasing front-line support, but one thing George won’t need to hire is deep engineering expertise. “If we didn’t have Cato, I would have to expand headcount with a networking expert. Now I can put my resources elsewhere,” he says. The bottom line? “Cato enables me to be more diligent. Questions I could not have answered because of a lack of time like ‘What are people doing on my network?’ I’m now able to answer.” As the company matured, it grew through acquisitions, and with that came the need to update its connectivity and security options. The impending expiration of many of the sites’ license-support for the firewalls drove the company to reassess its security approach. The existing firewalls lacked the capacity to meet the company’s needs and would have required massive upgrades. Otherwise, the company would have had to disable critical services, such as virus scanning and SSL traffic scanning. The company knew it needed to enable advanced security globally, but the cost to do so with firewall appliances was very high. Availability was another critical concern. High availability was only set up in offices in a few countries, leaving the remaining locations exposed with single points of failure. What’s more, the company had little visibility into the network’s operations. If users had performance issues, or worse, the site experienced a network failure, the IT team lacked the insight to know what was going wrong. And as more applications began moving into the cloud, the company needed additional solutions for WAN optimization, and to reduce latency for applications such as SharePoint, team collaboration, email and M3 (ERP). Cato. Ready for Whatever’s Next Case Studies - Healthcare 14
Cato’s SASE Platform Provides Signi昀椀cant Advantages The company’s IT team made the pitch to executive management: standardize on Cato Networks’ global solution to benefit from several advantages. First, every site would be configured for high availability by installing redundant, cost-effective Cato Sockets, Cato’s edge SD-WAN appliances. Second, advanced security is fully converged into Cato’s SASE platform. The company’s network would be continuously monitored and scanned to detect suspicious traffic. Global performance was also key. Cato includes WAN optimization in its global private backbone. By contrast, the existing VPN offered very poor performance in several countries, especially China, Costa Rica, Chile and Ecuador, due to its dependence on the public Internet. This made access to global systems like Office 365 and M3 almost useless. Network visibility was another advantage offered by Cato. The company would now have deep insight into the performance of all last mile connections. Cato provides real-time and historical graphs for throughput, latency, jitter, and packet loss. The company would also have centralized management 24×7 support and monitoring. Finally, there were the cost savings of going with Cato. With Cato’s global private backbone, the company would be able to eliminate all MPLS circuits. And with Cato running security in the cloud, the company would avoid hardware upgrades of its legacy firewalls. Cato. Ready for Whatever’s Next Case Studies - Healthcare 15