SD-WAN is a new and exciting opportunity to transform enterprises costly and rigid MPLS-based wide area networks (WAN). It promises to make the WAN more affordable and agile, boost capacity, and improve resiliency. But, SD-WAN goes far beyond replacing MPLS. It can optimize global connectivity, streamline network security, and seamlessly integrate cloud resources and mobile users into simple coherent network.
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
1. Global Backbone SD-WAN Firewall as a Service
All in one
The Future of SD-WAN
WAN Transformation in the Cloud and Mobile Era
Mark Bayne
Director, Sales Engineering, EMEA
2. $70,000,000
Cato Networks
2
CUSTOMERSCLOUD SCALEBUILT TO LAST
Gur Shatz, CTO
(Incapsula)
Shlomo Kramer, CEO
(Check Point, Imperva)
Global Network, 39 PoPs
Multi Tier-1
Providers
Optimized and Secure
Everywhere
24/7
Network Operations
Manufacturing
70% cost reduction
CatoMPLS
10 clouds, 700 mobile
105 stores
Technology
Retail
100s of customers
1000s of global locations
3. The WAN is Incompatible with Today’s Business Needs
3
Cloud, Mobility and Globalization drastically changing traffic patterns
Security
Appliances
Legacy
WAN
4. The WAN is Incompatible with Today’s Business Needs
4
Legacy tech blind spots
• MPLS: expensive and capacity constrained
• Site-to-site VPN: appliance sprawl
• Cloud and mobile: unmanaged and insecure access
HQ / Data Center Mobile UsersBranch
Unmanaged and
insecure connectivity
Unmanaged
connectivity
Branch
Capacity constrained
Internet backhaul
Managed connectivity
MPLS
Unmanaged connectivity,
appliance sprawl
5. The WAN is Incompatible with Today’s Business
5
Traditional SD-WAN offers a partial solution
HQ / Data Center
Unmanaged
connectivity
Unmanaged
connectivity
• SD-WAN: Cheap capacity, Still MPLS dependent
• Secure Branch: More security point solutions
• Cloud and mobile: Still unmanaged
Branch Branch Mobile Users
Unmanaged connectivity,
appliance sprawl
Managed connectivity
MPLS
SD-WAN
device
SD-WAN
device
Cheap capacity,
Unmanaged connectivity
More security point solutions
Cloud-
based
security
6. One Security
Zero maintenance, built-in network
security as a service
One Network
Affordable MPLS Alternative that
extends to all traffic
The Future of SD-WAN. Today.
6
HQ
Branch
Mobile Users
Cloud Data Center
Cato Cloud
One Policy
Unified management and enforcement
for all locations and users - everywhere
7. One Network
7
Global SD-WAN
CatoCloud
Routing Reliability Optimization Encryption
Network Overview PoPs Map Cato Socket
• Global, SLA-backed backbone
of Points of Presence (PoPs)
• Secure Tunnels Overlay
connects all resources to the
backbone
• MPLS Augmentation with core
SD-WAN capabilities
• MPLS Replacement
with SLA-backed backbone
• Connects Cloud Data Center
and Mobile Users to the WAN
(2) MPLS Replacement
SLA-backed Backbone
Branch
Cato
Socket
HQ
Cato
Client
Mobile Users
Agentless
Cloud Data Center
Network
Security
SD-WAN
(1) MPLS Augmentation or
Enhanced Internet WAN
Policy based routing,
Active/Active, FEC
MPLS
9. Next Generation
Firewall VPN
Secure Web
Gateway
Secure Cloud and
Mobile Access
Advanced Threat
Prevention
Network
Forensics
• Enterprise grade security
available everywhere
(local secure Internet exit)
• Elastic and agile: scale up,
seamlessly updated
• Cloud traffic visibility
accelerates defense
adaptation
• Appliance elimination in
remote locations and
datacenters
One Security
9
Built-in Network Security
CatoCloud
Routing Reliability Optimization Encryption
Branch
Cato
Socket
HQ
Cato
Client
Mobile Users
Agentless
Cloud Data Center
Network
Security
SD-WAN
MPLS
WAN & Internet Firewall Policy
10. One Policy
10
Unified Network and Security Policy
CatoCloud
Routing Reliability Optimization Encryption
Branch
Cato
Socket
HQ
Cato
Client
Mobile Users
Agentless
Cloud Data Center
SD-WAN
MPLS
• Unified policy across all
users, locations and access
to both internal and cloud
apps/data
• Managed service by Cato
and partners with full
enterprise IT supervision
Cato NOC/SOC,
MSP Partners,
Enterprise IT
Management
Next Generation
Firewall VPN
Secure Web
Gateway
Secure Cloud and
Mobile Access
Advanced Threat
Prevention
Network
Forensics
Network
Security
11. Next Generation
Firewall VPN
Secure Web
Gateway
Secure Cloud and
Mobile Access
Advanced Threat
Prevention
Network
Forensics
Convergence Drives Holistic WAN transformation
11
MPLS cost reduction, Appliance Elimination, Streamlined Operations
CatoCloud
Routing Reliability Optimization Encryption
Branch
Cato
Socket
HQ
Cato
Client
Mobile Users
Agentless
Cloud Data Center
SD-WAN
MPLS
Firewall as a Service3
Firewall
Appliances
4 CASB5 Remote Access6Edge
SD-WAN
2
Global MPLS1
Network
Security
Cato
6-in-1
12. Cato connects and protects all stores
without edge firewalls
• Eliminated or avoided deployment of edge firewalls
• Naturally extend to protect and optimize connectivity
for all regional franchise stores
Pet Lovers Center, Retail
12
Firewall Elimination/Avoidance, global WAN, 105 sites
Situation
• Retail firm, 65 locations in Singapore,
40 franchises in APAC
Drivers
• Store protection (IPS and Anti-malware)
• Datacenter connectivity
National FWaaS
(65)
International FWaaS,
MPLS Alternative
(105)
Case Studies Summary
13. AWS Data
Center
Firewall
Paysafe, Financial
13
Global WAN, Improve User Experience
Situation
• 19 locations: US, Canada,
Europe, India
• MPLS/VPN mix
• Multiple FW brands
Drivers
• Lack of global access to key
datacenter applications
• Complex VPN and security
environment
• High costs of MPLS and
firewalls
Cato provides secure global WAN
Phase 1:
• Move global WAN access to Cato Cloud
Phase 2:
• Secure direct internet access from all sites
MPLS
Branch
Branch
Firewall
Vendor A
HQ
VPN
Branch
Firewall
Vendor B
VPN
Case Studies Summary
14. Adroll, Technology
17
Transforms Global Access to Amazon
Situation
• Global firm: San Francisco, New York, Dublin, UK, Tokyo,
Sydney, India
• All employees VPN to HQ Firewall for AWS access
Drivers
• Improve WAN and Mobile access latency to AWS
Cato provides global optimized mobile access
to the cloud
• Connect mobile users globally to AWS via the Cato Cloud
• Optimized global access to AWS VPC without a “chokepoint”
Case Studies Summary