Cato Networks Manufacturing
Cato Networks Manufacturing Case Studies
How Cato Networks helps Manufacturing
The Network for Whatever’s Next 5 Manufacturing Case Studies
Delivering Networking and Security Ready for Today and Positioned for Tomorrow The high cost and rigidity of MPLS are driving WAN transformation in the manufacturing arena. Leveraging Cato Cloud, the world’s first Secure Access Service Edge (SASE) platform, enterprises benefit from the convergence of SD-WAN capabilities and a full network security stack. This enables IT to eliminate MPLS, maintain a strong security posture, natively support cloud applications and remote users, and improve the overall quality of network performance. IT can respond to business needs faster, deploy new offices or upgrade bandwidth in a fraction of the time compared to telco-provided services. Redundant last-mile connections become feasible for even small sites. And enterprises are able to deliver remote offices larger “pipes,” improving application performance and the overall user experience. You can also benefit from optimized bandwidth spend and enhanced network security with SASE. Read about the experiences of five IT executives, who deployed Cato Cloud to deliver a network that supports their business needs today and into the future. Quintupling Optimizing and Achieving an Capacity, Boosting Securing Global A昀昀ordable, Flexibility with Network Converged Global Cato Cloud Network Cutting Costs, Improving Uptime Enhancing and Security, Performance Globally Cato Cloud The Network for Whatever’s Next 5 Manufacturing Case Studies 2
Quintupling Capacity, Boosting Flexibility with Cato Cloud David Brouwers IT Infrastructure Manager New Wave Group creates, acquires and develops brands and products for corporate, sports, gifts, and interior design sectors. Network Capacity and Flexibility Challenges New Wave relied on MPLS to connect its European subsidiaries and Far East branch to its two corporate datacenters in Sweden and the Netherlands. Internet VPNs also connected locations to one another. For security, the company relied on centralized security appliances, requiring that all traffic be backhauled through New Wave’s two datacenters. Complexity Cost Ever since 1990, the company has been New Wave was struggling to afford global acquiring new brands and expanding at a WAN connections with enough bandwidth rapid pace. Network flexibility and quick to support its rapidly growing operations. ramp-up of new WAN connections became critical – a huge problem for MPLS. “ MPLS is really expensive. It always felt “ as if we couldn’t afford the bandwidth With MPLS, it took up to six months wereally needed.” to connect a new office or warehouse location. That was simply unacceptable for a growing business like ours.” MPLS Couldn't Support Business Needs Like many organizations, New Wave was looking for a flexible and affordable MPLS alternative. The company started launching and acquiring new brands across Europe at a rapid pace and expects to continue doing so in the coming years. MPLS couldn’t support the company’s fast growth. Reliability was another thorny issue. “Even with a large telco and lots of backup lines, we found that our MPLS went down too often,” says Brouwers. “We tried switching MPLS providers, but the improvement was minimal.” And with MPLS’s limited bandwidth, applications underperformed with staff complaints running five or ten per week under MPLS,” says Brouwers. Last-mile provider options offered by the telcos were limited, and even though they were supposedly managing their providers, New Wave found performance and reliability lacking. “When there was an outage it could take up to two days to get up and running again,” says Brouwers. “Even with a large telco and lots of backup lines, we found that our MPLS went down too often. When there was an outage it could take up to two days to get up and running again.” New Wave’s centralized security architecture was also problematic, as it required backhauling all the traffic through the security solutions at its two datacenters, with the inevitable performance hit. The Network for Whatever’s Next 5 Manufacturing Case Studies 3
The Cato Experience Simplicity Gain Connecting new locations now takes days “ or hours instead of months. We found we could multiply the bandwidth of each site by five or more with Cato, without “ increasing cost.” Connecting new locations now takes days or hours instead of months. The business With Cato we increased bandwidth, improved is moving very fast. Now with Cato we can support, and gained the flexibility to grow match that speed on the network side.” and experiment. The Cato Cloud just fits our business a lot better than MPLS.” The productivity impact was dramatic. “Staff complaints about business system performance have plummeted to two or three total in the past six months with the Cato Cloud.” New Wave Boosts Bandwidth with Cato New Wave considered SD-WAN alternatives to MPLS, including Cato Cloud. After a POC, New Wave chose Cato and started adding locations one by one to Cato Cloud. “The difference was dramatic almost immediately,” says Brouwers. New Wave allotted the same budget to Cato that that was allocated for MPLS and other external lines. The result? Tons more bandwidth; 10 Mbps went to 50 Mbps, 20 Mpbs went to 100 Mbps. The productivity impact was dramatic and staff complaints were reduced to “more than 90% fewer service tickets and a lot fewer frustrated users,” says Brouwers. Performance has been consistently good even as average file sizes have grown. “We’re working with much larger image files today, particularly in our textile firms,” says Brouwers. “In the past, if someone uploaded a huge catalog, network performance lagged, and everyone’s productivity was affected. Not anymore.” Connecting new locations now takes days or hours instead of months. And, reliability issues have also been reduced, especially along the last-mile. We’ve been considering last-mile management for a while, but “ we haven’t moved on it because, truthfully, with Cato we’ve had so few outages.” Cato: The Future for New Wave Networking and Security While New Wave still takes advantage of the security solutions at its two datacenters, Cato enabled the company to gradually move away from security appliances, shifting anti-malware and IPS to Cato Cloud for several subsidiaries and branch offices – resulting in performance and security improvement. With Cato we increased bandwidth, improved support, and gained “ the 昀氀exibility to grow and experiment. The Cato Cloud just 昀椀ts our business a lot better than MPLS.” New Wave Group’s network spans over 50 locations worldwide all interconnected by Cato The Network for Whatever’s Next 5 Manufacturing Case Studies 4
Optimizing and Securing Global Network Andrew Thomson Director of IT Systems and Services BioIVT is a provider of biological products to life sciences and pharmaceutical companies. Mergers and Acquisitions Challenges BioIVT’s network was a 14-site, old Cisco network, with branches running local firewalls interconnected via Internet-based VPNs. The company’s applications included an ERP system, Active Directory, and Office 365. Complexity Cost Accessing the company’s ERP system and Mergers and acquisitions (M&As) are part Office 365 meant traversing the Internet, of BioIVT’s DNA, yet quickly integrating and which became a problem particularly securing new company networks required for remote users. too much time and resources when running appliances. “ On top of that there was the security “ issue. “Updating our security With every new site, we needed to build architecture was going to require tunnels to every other location. Configuring running around to different vendors, those tunnels took time. We budgeted 90 piecing together a solution, and going days or so to get new locations up and through all of the deployment and running.” management pains.” Adding New Locations, Delivering Performance and Security was Too Complicated Like many fast-growing companies, BioIVT depends on its network being agile and secure. Yet, fast integration of new networks as a result of many M&As is challenging when running appliances. And protecting the network from Internet-borne threats is also complicated. Cloud application performance was also a problem. The company’s New York-based ERP system and Office 365 instance were accessed by the other branches. Accessing both applications meant traversing the Internet, which became a problem particularly for users working from home or overseas. And then there was the security issue. “We knew we’d have to look at our security strategy. Penetration testing with our Cisco routers was going to be a step. But updating our security architecture was going to require running around to different vendors, piecing together a solution, and going through all of the deployment and management pains.” The Network for Whatever’s Next 5 Manufacturing Case Studies 5
The Cato Experience Simplicity Gain “ BioIVT securely connected new locations With Cato we just ship a configured device in just 30 days. Sage ERP has become more to the site. Personnel plug it in and we’re responsive; Active Directory synching works ready to go. There are no subnetting more effectively. As for Office 365: issues; no building individual tunnels. The Cato Socket connects to the Cato “ network itself. The whole operation is a lot It’s been fantastic, really good speed benefit. less administrative and involves a lot less SD-WAN made the most sense from an ease technique than the Cisco series routers.” of use perspective.” Customer service and support was fantastic. Everyone was great to work with and rollout was very easy.” Agility and Speed: Key Requirements for BioIVT’s Networking Solution Thomson began looking at various networking solutions for connecting his locations. Agility and speed of deployment were critical for integrating new offices faster. He considered an SD-WAN appliance and a telco-managed SD-WAN service. But, SD-WAN appliances meant operating over the unpredictable Internet and both involved deploying even more infrastructure. Neither would have addressed his security issues. Then he ran into Cato. “ Cato did a lot of what we were after — which is saying a lot.” Instead of taking 90 days to configure tunnels and integrate each location, Thomson now is able to bring up new locations in as little as 30 days. And with his locations connecting across the Cato Cloud Network not the public Internet core, performance has improved. BioIVT Protects Sites With Cato MDR Today, BioIVT has all locations on Cato. But it’s not just networking provided by Cato that’s helped BioIVT; it’s also the security services. Thomson secures Internet connectivity and site-to-site connections with Cato’s Next Generation Firewall (NGFW); protects remote users running the Cato Client with Cato’s secure web gateway (SWG); and uses Cato IPS for preventing network-based threats. More recently, he’s activated Cato Managed Threat Detection and Response (MDR) to hunt for threats on his network. When we found out that Cato not only delivered a global network “ but also o昀昀ered built-in security services and now MDR, we were extremely excited. It was a huge help.” Cato MDR is a fully managed service that offloads the detection of compromised endpoints onto Cato’s SOC team. The service uses machine learning algorithms to look for anomalies across the billions of flows in Cato’s data warehouse and correlates them with threat intelligence sources and complex heuristics. This process produces a small number of suspicious events that Cato security researchers analyze, only alerting BioIVT on actual threats. BioIVT is relieved from handling the flood of false-positives that suck precious IT resources. Cato MDR has already discovered several pieces of malware “ missed by our antivirus system,” says Thomson, “We removed them more quickly because of Cato. Now I need to know why the antivirus system missed them.” Remediation Without the Fuss As part of Cato MDR, customers are notified immediately of verified live threats. Cato’s SOC team advises on the risk’s threat level, recommends remediation, and follows up until the threat is eliminated. “We’ve integrated Cato’s ticketing system with our own,” says Thomson, “so once the SOC discovers a threat the right IT resources are allocated.” Cato also allows companies to automatically block C&C domains and IP addresses. Best of all, Cato MDR is built into BioIVT’s network. Before Cato, we didn’t look at MDR. We just hadn’t gotten around “ to it because of the complexity. So having MDR built into the Cato platform has made all the di昀昀erence in the world.” Respond Predict C R A T D O M Datacenter Branch C OT OL A C Mobile Cloud DU Detect Prevent The Network for Whatever’s Next 5 Manufacturing Case Studies 6
Achieving an A昀昀ordable, Converged Global Network Don Williams Corporate IT Director Innovex Downhole Solutions is a worldwide leader in helping companies drill for oil more efficiently. Secure Global Network Challenges Innovex’s global network had 20+ locations within North America and one in Saudi Arabia. A managed MPLS service connected nine locations, and an Internet-based VPN connected 16 additional locations with a stand-alone site in Saudi Arabia. A centralized, network-based firewall provided Internet access to the MPLS-connected sites. Complexity Cost Some Innovex sites relied on Internet- Global MPLS connections are extremely based VPNs and others on MPLS. expensive. Innovex considered a global, independent backbone provider, but the “ solution lacked the necessary security and We wanted something that could be proved far more expensive than Cato. rolled out in hours and days not weeks and months. On this, we were tired of “ dealing with big telecom. They were about three-to-four We wanted the ability to see the times the cost of Cato.” environment with a click-of-a-button and without deploying a lot of hardware infrastructure. When you integrate with third-party tools, you find vendors often get into a finger pointing contest when something goes wrong. I wanted to avoid all of that.” Innovex Evaluates Alternative SD-WAN Solutions Before Cato, Innovex evaluated various SD-WAN solutions, but they lacked the necessary security and proved far more expensive than Cato. As for appliances, a well-known provider quoted him an SD- WAN and security appliance-based solution that over its lifecycle would have cost five- to six-times more than Cato. “It’s like a printer vendor,” he says. “They discount the hardware but then get you on the maintenance — and the maintenance never ends.” He also didn’t like the cross-domain vendor lock-in. “I was told that I’d have to upgrade my networking equipment in order to use my VoIP phone,” he says, “I would never tie myself to a vendor in that way.” An SD-WAN appliance vendor with built-in WAN optimization lacked the necessary security services. “They didn’t have a complete solution to our problem. Web monitoring and Web filtering meant having to integrate third-party tools,” he says. “I wanted one solution that I could plug-in and send to a branch.” The convergence of functions makes an enormous difference, particularly when looking at branch offices. Eventually, he tried implementing an SD-WAN appliance. They claimed to do all the stu昀昀 Cato could do, but after two-and-a- “ half months of going back to their programmers they were unable to get a meshed network to work.” The Network for Whatever’s Next 5 Manufacturing Case Studies 7
The Cato Experience Simplicity Gain “ “ When we first heard the value proposition Your technology stack is saving us many we thought, this is too simple we’re man-hours and real money as compared to missing something. the other solutions we have evaluated or Within 30 minutes we got the boxes up used in the past. and running. My network engineer and I kept wondering We are literally not spending hours/days how can we get so much more for so much to get this thing to work, he says.I’ve never less?” done that with any other vendor. I can go to the Cato console and push the mobile client to the user. We don’t have to remote control into their device to set things up. It just works. I can’t do that with any technology I’ve seen.” Innovex Selects Cato Cloud Frustrated by the deployment and in a time crunch, he emailed Cato. “We required immediate shipment and configuration of 25 devices for 24 locations, with 2 being in the datacenter for a high availability configuration. As if that wasn’t tight enough, I also asked to have three devices overnighted for testing,” he says. He sent the email on Sunday. On Tuesday three devices were received at his office. He used his existing Internet connections and plugged in the Cato Sockets. Within 30 minutes we got the boxes up and running. “We were like “ ‘These guys get it’.” Innovex was able to replace its mix of MPLS, site-to-site VPNs, remote access, firewall, and IPS solutions with Cato Cloud. Since deploying Cato, Williams says his team spends far less time worrying about the network. With many users working in the field, Williams and his team also looked at Cato’s mobile access optimization strategy. “The cherry on top was Cato’s remote access solution – Cato Software-defined Perimeter (SDP). It was the coolest technology I’ve seen,” he says. “In less than 10 minutes we were connected through a mobile client on the device.” I can go to the Cato console and push the mobile client to the user. “ We don’t have to remote control into their device to set things up. It just works. I can’t do that with any technology I’ve seen.” Saving Hours and Connecting Locations with Cato Today, Williams has all of his locations connected to Cato Cloud, using local Internet access, as well as his mobile users. Despite moving off of MPLS and onto Cato Cloud, Williams continues to be impressed. “Your technology stack is saving us many man-hours and real money as compared to the other solutions we have evaluated or used in the past.” Rates Last 48H 1.0Gbps oughput500.0 Mbps Thr 0 bps 18:00 Aug 29 06:00 12:00 Accounts Top Applications Last 24H SMBv2:24.19% Technological apps: 4.65% udp: 5.88% Outlook: 19.04 Microsoft general: 6.52% Business apps: 8.45% http: 17.13% SMB:14.13% With Cato Cloud, Innovex gains a single, global console with deep insight into application and user performance. The Network for Whatever’s Next 5 Manufacturing Case Studies 8
Cutting Costs, Enhancing Performance with Cato Cloud Willem-Jan Herckenrath, Manager ICT Alewijnse designs, delivers and integrates electrical engineering systems around the world for the maritime, industry, and retail sectors. WAN Transformation Challenges For decades, Alewijnse relied on MPLS. The company’s Amsterdam datacenter, nine sites in the Netherlands, and a branch office in Romania were connected by a fully meshed, MPLS network. MPLS was essential for delivering the company’s high-definition video system, and remote desktops. Three other locations established VPN tunnels across direct Internet access (DIA) connections to the Amsterdam datacenter. MPLS: Expensive and Incompatible with Alewijnse’s Business MPLS wasn’t addressing Alewijnse’s business requirements. Users complained about poor Internet and cloud performance – and for good reason. Applications were starved for bandwidth, as they were backhauled across 10 Mbits/s MPLS connections to the Internet breakout in Alewijnse’s datacenter. “Internet traffic was driving up MPLS costs. Cloud applications and Internet usage accounted for about 50 percent of MPLS bandwidth to the datacenter,” says Willem-Jan Herckenrath. IT agility was also constrained by MPLS. “Our business demands that we can set up project locations in a short period of time,” says Herckenrath, “With MPLS, I often had to wait three months to get a connection, if the technology was even available in that region.” Herckenrath had to also reevaluate the company’s security architecture. He needed a better way to secure remote offices, as firewall appliances added operational costs around deployment, management and upgrades. A better approach was needed to protect mobile users against ransomware and zero-day attacks. Complexity Cost Connecting locations via an Internet-based “ VPN means installing, con昀椀guring, and Internet traffic was driving up MPLS costs. managing VPN routers at every location. Cloud applications and Internet usage Traditional SD-WAN doesn’t connect accounted for about 50 percent of MPLS mobile or cloud, and lacks advanced bandwidth to the datacenter. security services and a global backbone. The feature comparison looked good “ on paper, but they were more difficult to Our business demands that we can implement and much more expensive than set up project locations in a short Cato Cloud. period of time. With MPLS, I often had to wait three months to get a connection, if With MPLS, I often had to wait three months the technology was even available in to get a connection, if the technology was that region.” even available in that region.” The Network for Whatever’s Next 5 Manufacturing Case Studies 9
The Cato Experience Simplicity Gain With Cato Cloud, Alewijnse consolidated its “ datacenters, cloud resources and mobile With Cato monthly costs dropped 25% users onto a single, secured WAN. Internet and yet we still received 10x more traffic goes directly to Cato Cloud, where bandwidth. it’s inspected and secured, and from there With Cato, we got the functionality of to the public Internet. SD-WAN, a global backbone, and security “ service for our sites and mobile users, Users are much happier now with our integrated together and at a fraction of Internet services. the cost. I hear from my guys is that they We like Cato’s all-in-one approach and WhatsApp with Cato’s support guys. the competitive pricing gave us very good They don’t always have to first go, log a value for money.” complaint, and open a ticket. I really like that approach.” Converging Networking and Security Reduces Complexity and Costs Herckenrath wanted a simpler WAN design that made more e昀昀ective use of the Internet without compromising on MPLS’ “quick performance” required by his loss-sensitive applications. The architecture would also have to address company’s security requirements and mobility concerns. Connecting locations through an Internet-based VPN was one approach, but that still meant installing, con昀椀guring, and managing VPN routers at every location. SD-WAN showed promise, but traditional SD-WAN solutions don’t connect mobile users or cloud resources. They also lack advanced security services and a global backbone. Herckenrath and his team looked at bundling SD-WAN solutions with a secure web gateway (SWG) service and another provider’s backbone. But they rejected the idea. “The feature comparison looked good on paper, but they were more di昀케cult to implement and much more expensive than Cato Cloud,” says Herckenrath. Cato Cloud is a secure, global SD-WAN service, connecting locations, cloud resources, and mobile users. Advanced security services are built into Cato Cloud and include NGFW, SWG, IPS, and advanced threat protection. “With Cato, we got the functionality of SD-WAN, a global backbone, and security service for our sites and mobile users, integrated together and at a fraction of the cost,” he says. Cato Cloud: MPLS-like Performance without MPLS-like Price Alewijnse began a gradual deployment of Cato Cloud. In the first phase, Herckenrath connected the offices in the Netherlands, Romania, and Vietnam into Cato, using high-quality, Internet last-mile. In the next phase, Herckenrath connected the rest of the offices to the Internet and Cato Cloud. Cato’s ability to use any available last-mile service gave Herckenrath additional agility. Established locations could still be connected via MPLS, but now Herckenrath was no longer dependent on MPLS services. As long as users can connect to the Internet, they can access Cato Cloud. And where physical Internet connectivity is not available, they can use 4G. Moving off of MPLS, didn’t come at the expense of performance. “Our users haven’t noticed a difference,” he says, “Latency and packet loss are low. Even the users outside of Europe have the same or better user experience with our HD video conferencing and our CAD system.” With Cato Cloud, Alewijnse consolidated its datacenter, locations, cloud resources and soon, mobile users, onto a single, secured WAN. With Cato, Alewijnse avoids backhauling, as Internet traffic goes directly to Cato Cloud, where it’s inspected and secured, and from there to the public Internet. “Users are much happier now with our Internet services,” he says. Alewijnse Extends WAN Transformation to Mobile Users and Eliminates Security Appliances To achieve the full value of the converged solution, Alewijnse planned to gradually deploy Cato Clients to secure employee laptops and mobile devices. Also on the roadmap is eliminating the firewall appliances in the branch offices. “We like Cato’s all-in-one approach and the competitive pricing gave us very good value for money.” Top Applications Last 24H With Cato, Alewijnse understands how its network is used by all users and locations The Network for Whatever’s Next 5 Manufacturing Case Studies 10
Improving Uptime and Security, Globally Ville Sarja, CIO Salcomp develops and manufactures adapters for mobile phones and electronic devices for Samsung and other major mobile companies. Production Line Challenges An MPLS network connected the company’s headquarters and datacenter in Finland with R&D facilities in Finland and Taiwan, and manufacturing plants across China, India and Brazil. All sites had WAN optimizers and firewall clusters that established IPsec tunnels across local Internet connections for redundancy. Critical applications, including Microsoft Lync, SAP, and Siemens Teamcenter were hosted at the Finish datacenter Complexity Cost “ Global MPLS bandwidth was limited, We thought an appliance-based SD- which would prove problematic as traffic WAN solution was the most promising requirements grew. approach, but the SD-WAN reseller was The company’s global MPLS network unable to get our POC started. There consumed a “significant portion” of Salcomp’s were cooperation issues with the SD- IT budget. WAN vendor, and we were caught in the middle of everything. A small hiccup in production line could be disastrous for customers — and business. We wanted to be more cloud compliant, which was not compatible with the infrastructure in place.” Salcomp Finds Global MPLS Too Unreliable and Rigid As a primary manufacturer to major mobile phone companies, uptime and security were critical for Salcomp. A small hiccup in production line could be disastrous for customers and business. All of which might sound like a good reason for sticking with expensive managed MPLS services, until considering that IT is also being evaluated on budget management. Such was the challenge for Ville Sarja, who was responsible for the aging IT architecture at Salcomp. “The IT template hadn’t changed in nearly 20 years since Nokia spun out Salcomp”, says Sarja. During those two decades, though, Salcomp’s business had changed significantly. Headquarters and datacenter were still in Finland, but most manufacturing occurred in Brazil and Asia Pacific. Offices had given way to more mobile users, particularly in China. The cloud had become far more popular, something Sarja was looking to leverage, and video conferencing had become the norm. MPLS: Not Suited for the Future Global MPLS bandwidth was limited, which would prove problematic as traffic requirements grew. To address the situation, Salcomp deployed WAN optimizers at each end of the MPLS connections, but the WAN optimizers were challenging to configure. MPLS was also poorly suited for taking advantage of cloud services, which Sarja knew Salcomp wanted to leverage. “We wanted to be more cloud compliant, which was not compatible with the infrastructure in place.” And for all of its touted uptime and availability, MPLS has last-mile connectivity problems that arise on global connections. Unable to control the last-mile outside regional networks, MPLS providers must rely on local third-party partners, often with mixed results. For just that reason, Salcomp equipped locations with backup connections – local Internet access and firewall clusters running antimalware and IPS. In Brazil, we had a problem with an MPLS circuit, and the o昀케ce was “ out of service for six months. Luckily we had Internet redundancy, so we were able to direct tra昀케c to the Internet and bandwidth and connectivity were good enough. Our MPLS provider was unable to resolve the problem.” The last straw was MPLS’s rigidity around new site installation. Says Sarja “In terms of deploying new sites, which was something we’re doing more in the past year, MPLS takes up to six months to have a circuit in place. That’s not very critical because it’s a site to be established and we can plan but regardless the inflexibility was there,” he says. The Network for Whatever’s Next 5 Manufacturing Case Studies 11
The Cato Experience Simplicity Gain “ “ With just one architecture, not three, we We’ve reduced our networking OPEX by can make changes in a few minutes that 50 percent and more since moving from required weeks with our MPLS provider. MPLS to Cato.” I liked the fact that the Cato service used Since the deployment, Sarja was able to Cato’s own technology. It makes your life show far better budget management. He’s easier when you’re working with the vendor. playing less per megabit for bandwidth and The knowledge is there, and logistical eliminating all of those appliances at each problems are resolved beforehand, making location has saved him a bundle. onboarding much easier.” Performance Testing Shows Cato Blows Away MPLS Sarja was determined to find an MPLS alternative. “We thought an appliance-based SD-WAN solution was the most promising approach, but the SD-WAN reseller was unable to get our POC started. There were cooperation issues with the SD-WAN vendor, and we were caught in the middle of everything,” he says. That’s when he learned about Cato. Sarja and his team tested Cato Cloud from Salcomp’s Finland datacenter and locations across China, Taiwan, and India. They deployed a Cato Socket at each location with policies in the local firewall steering the pertinent traffic to Cato. Three types of tests were performed: x Sharepoint file transfer and file sharing: Salcomp wanted Cato performance to be at least as good as the current 10 Mbits/s, MPLS connection or other SD-WAN providers over the Internet (also operating at about ~10 Mbps). x SAP user experience: Salcomp didn’t want any degradation in SAP experience as measured by running reports and in the time taken to execute transactions. x Office 365 performance: Uploading and downloading of files from Sharepoint Online in the Hong Kong region across Cato was to be compared against the regular Internet and other Internet- based SD-WAN solutions. Sarja was impressed with the results. Data throughput on Sharepoint file transfer testing from Taiwan to Finland with Cato was 30x better than MPLS with a WAN optimizer; file sharing improved by more than 40x. SharePoint Throughput Testing 50 40x+ 46 45 Mbits/s 40 30x 35 16 Mbits/s 30 25 20 15 10 5 0.5 1 Mbits/s Mbits/s 0 MPLS Cato MPLS Cato File Transfer File Sharing Within China, Sarja found downloading a 116 MB Excel file across the site’s 20 Mbits/s connection to Cato Cloud on average took 83 seconds. And across MPLS, download times were 20x longer. File Download Time Downloading 116MB Excel File 700 econds600 S 500 400 300 20x improvement 200 100 0 MPLS Cato Latency also dropped by 13% when tested from China to Finland across Cato. And not only was performance as good if not better than MPLS, but Cato deployment was much quicker. He could use any Internet line to connect locations to Cato Cloud, eliminating the six-month deployment times required for MPLS. Latency Reduction China to Finland 245 econds240 Millis235 230 225 13% improvement 220 215 210 205 195 MPLS Cato Salcomp Replaces MPLS with Cato Cloud Sarja decided to move forward with a phased migration of Salcomp’s production line onto Cato. Initially, the team connected the datacenter in Helsinki to Cato. Then, they migrated the Indian and Brazilian locations. During the final phase, they moved over the China locations of Shenzhen and Guigang, and the Taiwan location in Taipei. Across all locations, he replaced the routers, firewall appliances, and WAN optimizers with redundant Cato Sockets configured in high-availability mode. Without local firewalls, Sarja relied on Cato Security Services to protect against network-based threats. Cato Security Services is a fully managed suite of enterprise-grade and agile network security services built into Cato network that includes NGFW, SWG, Advanced Threat Prevention, Cloud and Mobile Access Protection and Network Forensics. Testing done by a leading mobile phone manufacturer vetted Cato’s security, allowing Sarja to extend an IPsec tunnel from the Cato network to the mobile phone provider’s premises. Salcomp IT: Better Positioned to Address New Challenges Sarja is planning a Microsoft Office 365 deployment and expects to connect his Office 365 instance to Cato. Cato dramatically improves cloud performance, routing traffic along the optimum path across the Cato backbone to the Cato PoP nearest to the customer’s cloud instance. Cato PoPs collocate in the same physical datacenters as the IXPs of Microsoft, AWS, and other leading cloud providers, making it a short hop across the datacenter’s local network into the cloud provider. It’s like having premium, direct cloud connections from 40+ locations across the globe – for free. Cato’s range of built-in optimizations also benefit unified communications. “Video quality with Microsoft Lync from China has been very good,” he says. Sarja is also looking at equipping mobile users with Cato SDP to connect to Cato Cloud, once their existing VPN licenses expire. Overall, Sarja says he’s received the best feedback any CIO could want from his users – nothing. “Users just aren’t complaining any longer,” he says. And that’s a very good thing. The Network for Whatever’s Next 5 Manufacturing Case Studies 12
About Cato Networks Cato is the world’s first SASE platform, converging SD-WAN and network security into a global, cloud- native service. Cato optimizes and secures application access for all users and locations. Using Cato, customers easily migrate from MPLS to SD-WAN, optimize global connectivity to on-premises and cloud applications, enable secure branch Internet access everywhere, and seamlessly integrate cloud datacenters and mobile users into the network with a zero trust architecture. Cloud Optimization NG Firewall WAN Optimization Secure Web Gateway Global Route Optimization Advanced Threat Prevention Self-healing Architecture Cloud and Mobile Security WWW Converged Agent/Agentless Network and Hybrid/ Security PoP Multi Cloud e n o t kb c a B e t a e v ri P l ba o n Gl er t n I Internet IPSec MPLS Client/Clientless Edge SD-WAN SDP Active / Active / Active Dynamic Path Selection Branch Application- and User Aware QoS Datacenter Mobile Packet Loss Mitigation Cato. The Network for Whatever’s Next. Cato Cloud Managed Services Global Private Backbone Managed Threat Detection and Response (MDR) Edge SD-WAN Intelligent Last-Mile Management Security as a Service Hands-Free Management Cloud Datacenter Integration Site Deployment Cloud Application Acceleration Secure Remote Access Cato Management Application r u i t c y e M S a n n a o i g t e a m m r o f n I t ne ISO 27001 Certified 27001 Certified SOC2 Approved GDPR Compliant The Network for Whatever’s Next 5 Manufacturing Case Studies 13