Bellwether Cato's roaring 2020 signals breakout for SASE — Chua

Cato is receiving more customer requests for richer security capabilities, which it intends to fulfill. (Photo by Ryan Pernofski on Unsplash)
roy chua

Israeli-based unicorn Cato Networks revealed details of its 2020 business performance today. Cato grew bookings by over 200% for the fourth consecutive year, expanded its number of channel partners by 2.5 times, and added multiple 1000+-site large enterprises to its 800-strong customer list. Last year, Cato raised an additional $207 million in two rounds, with the latter round valuing the company at over $1 billion post-money.

Cato has evolved from a tiny, hard-to-categorize startup a few years ago to a recognized brand helping lead the secure access services edge (SASE) charge. While the world faced a pandemic lockdown, Cato saw its remote and mobile use grow 5 times, serving more than 200,000 remote users on its software-defined-perimeter (SDP) product.

Last year's pandemic helped drive the SASE and software-defined wide-area networking (SD-WAN) market. SD-WAN/SASE companies saw a slight pause in branch deployments but massive demand for work-from-home (WFH) solutions. SD-WAN/SASE vendors without software clients scrambled to add them. The focus switched to SDP and zero-trust network access (ZTNA) solutions as enterprises looked to expanding or replacing their legacy remote-access VPN solutions. Other SD-WAN turned SASE vendors like Versa Networks, who succeeded in rolling out software-only solutions to complement their branch offerings, were similarly rewarded with outsized sales and channel performance.

RELATED: Cato Networks CMO Yovel on what is and what isn't SASE

Meanwhile, cloud-based security solutions from Zscaler, Palo Alto Networks Prisma Access, Cisco Umbrella saw their popularity skyrocket. Whether purchased directly by enterprises, or bundled in by carriers to enhance connectivity offerings, these cloud solutions gained visibility and customers in 2020. Along with cloud security, carriers also sought to package WFH solutions they could rapidly bring to market. Many combined 4G LTE backup links with wireline broadband offerings, while mobile network operators (MNOs) with fledgling 5G networks experimented with 5G fixed wireless access (FWA) packages.

The telco SASE opportunity — if they are up to it

In a world where connectivity has become essential, and remote security is critical, Cato's performance is emblematic of the direction of enterprise and carrier access offerings. At AvidThink, our work with leading carriers has recently focused on the next-generation of SD-WAN and SASE offerings leveraging carrier edge assets, such as central offices or mobile switching centers. There's renewed focus on using these edge locations as points-of-presence (POPs), or on-ramps, onto the internet. By either service-chaining traffic into aforementioned cloud security services or enforcing directly at these POPs, the carriers hope to combine last-mile access offerings (wireline and mobile) with next-generation security solutions. They aim to address both enterprise connectivity and security needs simultaneously.

Vendors like RAD and others who have briefed AvidThink are now offering carrier solutions that help operationalize these types of telco edge-based SASE services.

The jury is out on whether carriers can win by leveraging their edge and core assets to add differentiated SD-WAN/SASE services on top of connectivity. It is also unclear whether these telcos can leverage their own over-the-top (OTT) solutions to expand into other carriers' turfs. The alternative outcome is that OTT SASE and cloud security offerings reduce the hold carriers have and commoditize last-mile access, both wireline and wireless (4G LTE, and yes, even 5G FWA). As always, with these initiatives, I expect a few leading and innovative carriers will succeed and monetize. Meanwhile, unsuccessful carriers will be bogged down by legacy culture and stuck with maintaining expensive infrastructure with limited returns on capital.

SASE/SD-WAN — focus shifts from networking to security

In any case, whether carriers catch up or not, the conversation is changing. We're close to, or at the point, where SD-WAN/SASE starts tipping over from networking-centricity to security-centricity. Previously, the focus was on multi-link redundancy, cloud gateway POPs, private backbones, smart routing, application quality-of-service, and basic access control. While COVID-19 accelerated the need for robust connectivity, it exposed a much larger attack surface and one more challenging to secure — our homes.

RELATED: SD-WAN for work-from-home heats up with a new entry by Versa

The new focus is on the richness of security services: identity and authentication, ZTNA, extended detection and response (XDR), deep packet inspection (DPI), and application proxies. That's where new SD-WAN and SASE features will expand over the next few years. Whether we will achieve the entire kitchen sink that Gartner envisioned when it first defined SASE is unclear. The AvidThink view is that today's cloud-centricity coupled with innovations in analytics, AI/ML, and SaaS software architecture (modern messaging and transport, service mesh adoption), offers an opportunity to rethink and streamline enterprise security. We should not burden ourselves with a historical collection of security application acronyms: RBI, IPS/IDS, NGFW, CASB, EDR/XDR, SWG, ZTNA, DLP, SDP, that add unnecessary bloat to SASE.

In my conversation over the weekend with Yishay Yovel, CMO at Cato Networks, he indicated that Cato is receiving more customer requests for richer security capabilities, which it intends to fulfill. It's no surprise that a company helmed by founders from security giants Checkpoint and Imperva/Incapsula would eventually emphasize security. As part of its announcement, Cato indicated it released 136 features and 2,725 enhancements in 2020 (clearly a metrics-driven operation), including support for 2 Gbps full decryption and security services. No one said inspecting WW84, Bridgerton, or episodes of The Mandalorian was going to be easy. Powered by its cash-rich war chest, I'm going to predict that the bulk of Cato's 137+ features and 2,726+ enhancements this year will be security-focused. And I'm going to bet that the same will be true of the other leading SASE and SD-WAN vendors in 2021 and beyond.

Shields up and get ready for a ride on the SASE rocket ship!

Roy Chua is founder and principal at AvidThink, an independent research and advisory service formed in 2018 out of SDxCentral's research group. Prior to co-founding SDxCentral and running its research and product teams, Chua was a management consultant working with both Fortune 500 and startup technology companies on go-to-market and product consulting. As an early proponent of the software-defined infrastructure movement, Chua is a frequent speaker at technology events in the telco and cloud space and a regular contributor to major leading online publications. A graduate of UC Berkeley's electrical engineering and computer science program and MIT's Sloan School of Business, Chua has 20+ years of experience in telco and enterprise cloud computing, networking and security, including founding several Silicon Valley startups. He can be reached at [email protected]; follow him at @avidthink and @wireroy

Industry Voices are opinion columns written by outside contributors—often industry experts or analysts—who are invited to the conversation by FierceTelecom staff. They do not represent the opinions of FierceTelecom.