Cato Networks is the latest SD-WAN vendor to announce it has blended SIEM capabilities into its platform. But Cato is laying claim to being the first vendor to add SIEM, which stands for security information and event management, into a secure access service edge (SASE) platform at no additional cost.
Gartner recently coined the SASE term. SASE converges the functions of network and security point solutions into a unified, global cloud-native service, according to Gartner.
On the SD-WAN front, Windstream Enterprises announced SIEM capabilities in February that were compatible with its core services, including SD-WAN and MPLS. Netsurion, another SD-WAN vendor, also has a managed SIEM service. SIEM monitors services for threats, and helps businesses stay compliant with PCI and HIPAA regulatory requirements.
Cato said its Instant*Insight SIEM offering converges networking and security into its SASE platform to cut down on deployment complexities and upfront costs when compared to traditional SIEM services, event managers and network analysis tools.
“From its founding, Cato realized that converging networking and security into the cloud would simplify all aspects of networking. Cato Instant*Insight attests to that vision. With our SASE platform, we’re able to deliver the kind of visibility out-of-the-box that previously required extensive custom integration and development,” said Shlomo Kramer, CEO and co-founder of Cato Networks, in a statement.
The use cases for Instant*Insight include threat detection and diagnosis, and fixing network issues. Cato's Instant*Insight organizes millions of networking and security events into a single timeline that can be queried. It enables IT teams to quickly sift through the millions of events that are being tracked to find the root cause of an issue.
Cato's SIEM is able to consolidate all of the security and networking events into one data warehouse without the need for additional agents or code to normalize the data. It also includes a network analysis workbench, which is a built-in interface for data mining. For searches, network and security teams can select the requisite items to build out there queries.
"So, one of the key trends in SD-WAN is adding more integrated security capabilities," said Lee Doyle, principal analyst of Doyle Research. "Cato already had good security features and now they are broadening their capabilities.
"SIEM is something that directionally you'll see other vendors do. VMware has it in its portfolio. Cisco has it in its portfolio, so it’s a matter of integrating the different piece parts."
Last month, Cato Networks was named as one of FierceTelecom's top disrupters for 2019.