In 2019, Gartner presented the Secure Access Service Edge (SASE). This took the industry by surprise. Unlike numerous advancements in technology, SASE was not a novel networking capability. It was also not a response to an unsolved security enigma. Instead, it dealt with an everyday yet business-critical question: how can IT help the business with the expected security, performance, and speed in an age marked by multiple complexities?
Gartner has replied to this question by delineating a SASE architecture as the convergence of many WAN edge and network security capabilities. It is deployed via a global cloud service that enforces a standard policy on every business edge: users, sites, and applications.
This new infrastructure represented a sizable ordeal for the current vendors who led the IT networking and security enterprise with a lot of disconnected point solutions. It was their infrastructures and designs that were chiefly liable for the pervasive complexity clients had to deal with over the past 20 years. Why was the SASE infrastructure such a challenge for them? Because following Gartner’s structure needed a tremendous re-architecture of legacy products that were in no way constructed to support a converged, global cloud service.
This is precisely the scenario in which Cato Networks creates a fresh opportunity for clients by launching the Cato Single Pass Cloud Engine (SPACE). Cato SPACE is the essential element of the Cato SASE infrastructure and was made from the ground up to command a global, scalable, and flexible SASE cloud service. Thousands of Cato SPACEs empower the Cato SASE Cloud to give a complete set of networking and security capabilities. It is meant for any user or operation, anywhere in the world and it is a cloud-scale service that can mend and manage itself.
Why Convergence and Cloud-Native Software are Critical to Authentic SASE Architecture
SASE was created as a cure to the complexity enigma. It goes against the approaches that drive complexity into the IT lifecycle. Such approaches only exhibit many points of failure and delay in decoding, examining, and re-encrypting packets within every point solution.
Convergence is the foremost step in reducing complexity by substituting the multiple capabilities of numerous point solutions with a single software stack. The single stack is easier to manage, facilitates more efficient processing, simplifies management through a single pane of glass, and more. Convergence, though, has strategic benefits, not just functional ones.
A converged stack can disseminate context and execute rich policies to make more intelligent decisions on optimizing and safeguarding traffic. This is not the case with point solutions that often have restricted visibility because of how they process traffic (e.g., proxy) and the information needed for the specific function they provide.
Cloud-native is adding to the significance of convergence by allowing the scaling and distribution of the converged software stack. The converged stack caters to many enterprises and the traffic flowing from their users, locations, and applications to any point on the WAN or Internet. The orchestration layer oversees the globalization, scalability, and resiliency of the service. This is not a mere retrofit of legacy product-based architecture, but an outcome of a novel service-based architecture.
Cato SPACE: The Secret Ingredient to Strengthening the Cato SASE Architecture
The Cato SASE Cloud is a worldwide cloud service that supports Cato’s customers. Each business organization is represented within the Cato SASE Cloud as a virtual network robustly assigned to the right traffic processing capacity. This optimizes and secures the client’s traffic from any edge to any destination.
The Cato SASE Cloud is constructed on a global network of Cato SASE Points of Presence (PoPs). Each point has a considerable number of compute nodes with numerous processing cores. Then each core processes a copy of the Cato Single Pass Cloud Engine, Cato SPACE, the converged software stack that optimizes and protects all traffic according to customer policy.
These are the 6 primary features of the Cato SPACE:
- Consolidated software stack, single-pass processing: The Cato SPACE comprehensively handles global route optimization, WAN and cloud access acceleration, and security. It is also a service with a next-level firewall, safe web gateway, next-gen anti-malware, and IPS. Cato is constantly developing the software stack with more capabilities but is consistently minding the same SASE architectural framework.
- Every client, edge, and flow: The Cato SPACE is not limited to any particular customer network or edge. Through a procedure of active flow orchestration, a certain edge tunnel is assigned to the least busy Cato SPACE within the Cato SASE PoP closest to the client edge. The Cato SPACE can thus manage any number of tunnels from any number of clients and edges. This creates an intrinsically load-balanced and rapid environment.
- On-time contextual policy implementation: Once assigned to a Cato SPACE, the flow’s context is drawn, the relevant policy is dynamically pulled and associated with the flow, and traffic processing is executed according to this context and policy.
- Cloud-scale: Each Cato SPACE can take on up to 2GBPS of encrypted traffic from one or additional edge tunnels with all security engines enabled. Edge tunnels are flawlessly disseminated within the Cato SASE Cloud and across Cato SPACEs to acclimate to changes in the whole load. Capacity can also be expanded by adding compute nodes to the PoPs as the Cato SPACEs are fully proportional and can be staged into the service at any time.
- Independent mending: Cato SPACE can take over any tunnel operated by any other Cato SPACE. The orchestration layer moves the tunnels across Cato SPACEs if failure ever happens. If a Cato PoP becomes unavailable, edge tunnels can relocate. This is possible within the same region or across regions according to customer policy. Clients no longer must develop failover strategies for their regional hubs.
- Independent management: Cato DevOps, Engineering, and Security units are in charge of maintaining all aspects of the Cato SASE Cloud. Software innovations and improvements are applied behind the scenes across all Cato PoPs and Cato SPACEs. New IPS regulations are designed, tested, and executed by Cato SOC to address arising threats. Cato DevOps and NOC units perform all-day monitoring to ensure top-notch performance. Clients can, thus, concentrate on policy configuration analytics using Cato’s management platform that delivers a single-pane-of-glass for the whole service.
Your Choice of SASE Architecture Matters
SASE was called transformative technology by Gartner for a reason. It alters the way IT supplies the whole networking and security capability to the enterprise. SASE functional capabilities will keep increasing over time with all vendors. But, without the apt fundamental architecture, businesses will not discover the transformational power of SASE.
Cato is the trailblazer of the SASE category. They built the only architecture purposely designed to showcase the value of SASE. You can rest assured and be ready for whatever comes next with this solution from Cato.