Cato Networks’ Secure Access Service Edge (SASE) offering converges , cloud networks and security service edge (SSE) functions into a unified, cloud-native service. The company’s latest offering, Digital Experience Monitoring, utilizes generative AI and other optimizations to help security and network teams quickly find answers to networking and security issues across global applications and locations. Brian Anderson, global field CTO at Cato Networks, demonstrates some of the key features of the new Cato DEM feature.
Register Now
Hi everybody. Welcome to DEMO, the show where companies come in and they show us their latest products and services. Today, I'm joined by Brian Anderson, he's with Cato Networks. Welcome to the show, Brian. Tell me a little bit about Cato Networks. Who are you?
What do you guys do? ?
Cato Networks is a SASE provider, so it's Secure Access Service Edge, and it's basically networking and security converged into a single cloud native platform. ?
So what are you here to show us today? ?
Today, we're going to be showing you a new capability that we're making available next month to our customers, Digital Experience Monitoring. ?
Is this designed for security people? Is it designed for networking people? ?
So the platform caters to security and networking. The Digital Experience Monitoring caters to IT operations folks. So extending past the capability of traditional SASE, which is networking and security, into more of an IT operations. ?
And what's the big problem that you're trying to solve? Like, why should viewers care about what this Digital Experience Monitoring thing is? ?
Well, with SASE in general, we have a cloud-native platform that combines security and networking into one platform and then identifying where problems are throughout the environment.
If this is an experience issue, if someone's unable to access a business-critical application, how do we get down to the root of that cause? What does that? What does that cost to a company? And so that's really what this is honing in on.
It's a byproduct of us having visibility throughout an entire environment. And then giving that capability of identifying those issues to IT support and staff. ?
Now, if a company did not have this product, what would they be doing? Would they have a separate security team using one platform and a separate networking team using a second one or, what would they be doing if they didn't? ?
So typically, historically, there's a variety of point solutions that address individual particular issues. And so this is the SASE market consolidating that or converging that into one platform, simplifying everything down to a single dashboard, down to a single set of events, down to a single set of policies.
That's the charter of what Cato is looking to solve. And this is just one more additional feature or capability that's built into that platform. ?
All right, so let's jump into the demo and show me some of the cool features. ?
Okay, so what we're looking at here is the CMA, or Cato Management Application that is the front end to the CATO SASE cloud platform. And on this screen we see a topology of all the different data centers and branch locations and users that are connected to the network.
Up at the top here, I've got some navigation here that's interesting. Again, we said that this platform caters to networking and security.
Under the network tab, I could define all of my subnets, my routing, my network rules under the access I could define who can access the platform and how they can connect under security, I can create firewall rules for things like Internet access or WAN connectivity, wide area network connecting branch locations and data centers.
And then I have also maybe LAN connectivity, for inter-branch networking that I can make rules for there as well, we have assets that talk to integrations, and then administration for general system settings.
But under monitoring on the left side here, what's important to note is we have dashboards that cater to each one of these personas that may jump into the dashboard that needs information. ? So in here, here's a networking dashboard.
If I look at the last month worth of data, I can see if I have any congestion on my network, if I have any links that are down, if I have any packets that are being dropped.
Then I jump up maybe to a security use case, where I want to see what kind of threats and attacks that I have coming into my environment, and get visibility from that perspective, because of the breadth of data and visibility that we have, we also have application analytics.
So we give you visibility into who is accessing what application across your entire environment, and this is just another way to converge or consolidate these into a single platform here and waiting for connectivity for this to come back here. ?
But today we're going to be looking at Digital Experience Monitoring. So in Digital Experience Monitoring, there's three use cases that we'd like to share. One is going to be real-time user monitoring.
The second one is going to be cloud application and network optimization, and the third piece is troubleshooting and triage, or investigation and triage.
So in the first use case here, what I'm looking at is in the experience monitoring screen, an overview and average of all the connectivity that I have across my sites, my users, my host and my applications.
So if I go back and let's say that I'm an IT operations staff member, and I get a call about somebody not able to access a particular application, what I can do is go down into the user section and maybe filter for a particular user.
I'm going to filter for Brian Anderson in this case, right? And I see, sure enough, that there was a degradation in performance during a certain window of time. Now what I can do is dig into this and say, OK, what happened during this window of time?
And let's see and get a little bit more information. So I had a poor connection when I click on Brian Anderson's user and I scroll down here, first of all, I get some attributes here about the last time I connected. This is my ISP.
Here's the host I'm connected from. But now I have this hop by hop breakdown of analysis of each step from the host all the way to the application. And we have the Wi-Fi connection details. We have the LAN gateway, which is the box that connects to the Internet.
We have the quality of Internet connection that you have. And then we have the tunnel, which is what we call the overlay, or the encrypted tunnel, that connects to our platform. And then, at last, we have the application itself.
Now, for this window of time, it looks like we have some resource issues on this host. We've got 85% plus memory consumption trying to access 20-something applications at the same time. But then we also see that there's an Internet connection issue as well.
So if you jump into the Internet connection issue, I'm going to see that there's some distance between this looks like there's 900-plus millisecond delay. ?
And just for context, in our platform, globally, we have an average connection time, a round-trip time for under 20 milliseconds. So 900 milliseconds is significant. And so this poor Internet connection led to, obviously a bad tunnel, and obviously poor connection to these applications.
So in addition to that, with the host being under-resourced, an IT service member can then come in and get right to the root of the problem and understand why somebody may be experiencing an issue. ?
And in a case like this, could it have been something that was historical too? Like it happens every day between nine and 10 am and you know, and you go back weeks and discover that? ? That's exactly right.
So in the IT space, there's a concept of time to innocence, yeah, and time to resolution, because people will always want to blame the security product on the issue, or they maybe don't know where the issue is.
And so the IT staff is burdened with trying to find where that issue is getting down to the root of it, and then trying to resolve that.
And that's a real cost that time and that resource and the time it takes to resolve a case is real cost to big organizations. ? This is the real-time user monitoring use case. The second use case is around cloud application and network optimization.
So what I've done is I've navigated over to the stories workbench here and the stories workbench, let me just increase the time here for the amount of data that we're looking at. A story is an anomaly.
We see a lot of data, and we have models that run on top of that data to say, Hey, this is an actionable event. You should look at something that changed in this environment.
And if I filter you, there's a lot of security anomalies and other types of anomalies that we have, but I'm specifically going to be looking for an experience anomaly. So let's see what we can find under the experience anomaly filter here.
I've got a lot of events that have popped up here, and I could organize them by maybe my sources. So these are categorized by site. If I'm an IT professional, maybe I come back from PTO, I want to look at what happened last week.
I see I've got two critical issues and several other non-critical issues that are tied to a certain location. When I click on this, it's going to give me an indication that there was an application that had a performance problem.
And the same way that we saw when I looked at a user, I can then dig into this particular time frame, and I could look again at this hop by hop here.
So the scenario here is we have an application that stopped performing well, and I can see that these are neutral, because these are not necessarily involved in the story that's being produced. We have synthetic probes that go from our app, from our infrastructure, down to the application.
And what we've identified is that that application stopped responding quickly. So we could say, hey, something happened here. Now the reason we're bringing this up is that Cato owns the network, and we can optimize that network.
So in this case, what we can do is, if it's a cloud application that's either a SaaS application or it's hosted in some public cloud, maybe they're hosted in Virginia, and somebody's trying to connect from Australia, what we can do is egress, or have that traffic come out of our infrastructure in Virginia directly, close to where the origin server is.
And we can also implement something called the QoS rule, quality of service rule, we prioritize maybe Office 365 traffic over things like YouTube or Facebook or Instagram that don't have as much priority.
So for the bandwidth that we have under high utilization, we could prioritize that traffic, and that's how we can optimize that end to end. ?
It sounds fairly complicated to kind of get all through, through all a lot of this, is it easy to deploy? Or do you have to be a customer of cater networks already? Or is it something that that customers can look without having, you know, working with you guys?
?
So to answer the first question, it's very, very easy to connect to us.
We have a variety of ways to connect to any of your branch locations or data centers, and users can connect to the same network from their workstations right as soon as you connect with you connect to it, you're on the global backbone, you have access to everything there.
And this is something that's available to all Cato customers. So if you're a Cato customer, Digital Experience Monitoring or Cato DEM can be enabled on your account.
You get this next level of visibility, but the network rules and all the other capabilities are already a part of the platform. This is something that will just help you inform how to optimize that more efficiently. ? We just looked at the cloud application, network optimization.
And the third use case that we have to share is around investigation and response. Now what I've done is I've navigated over to the to the monitoring events tab here, and under events, we have access to every single event, every network flow, everything that's traversed our backbone. ?
So I can go through and filter for, again, all kinds of security, all kinds of network events. Specifically, what we're looking for today, though, is, you know, accessing user data. So in this case, maybe somebody calls in and they say I wasn't able to access my application.
It was blocked for some reason. Either it's a performance problem or I was not able to get to that. So we do give you the ability to ability to filter for these events down here, but I can also do this in something that's like normal language. ?
So I can say show me risky events this week, for example. ?
And I can ask this anything, and it'll give me back those events. But maybe what I want to do instead of showing me risk events.
I want to show Brian Anderson, and we have user display name, and I want to see the domain, and I'll say with domain and action. ?
And the action is what the rule is, whether or not I got blocked on that, right? So then I could see, okay, now I have Brian Anderson's traffic. This is my user that's logged in, and I see that there was some monitor events.
Let's go ahead and say powered by AI, by the way, absolutely, this is the AI portion. Okay, so we have a model, and you can ask it anything, because there's so much data here.
And what I see that's interesting about this is, I do see an Office, Brian Anderson was trying to access Office 365, we see the application. This is a raw event, but we have so many rich attributes.
It's an enriched event that I could see the direction of the traffic, I could see the domain, the egress IP address, the host IP, and I could also see the rule that was triggered.
In this case, the rule triggered here says restricted geo access for SaaS applications, and maybe it's a corporate policy that I can't log in from, in this case, Auckland to try to access this application. So this is a good indicator of getting to the root of the issue.
I could see now see at the host level, if this user had an issue, at the network level for anomalous kind of things, yeah. And even at the raw event level, what actually happened with this, with this raw event here?
So I can go and get right to the root of the issue. And this really speaks to investigation and response. ?
Yeah, it feels like this would save companies a lot of time trying to investigate a lot of the different problems that they have on their networks and on the security side. ? That's exactly right.
So we provide a world class security, an enterprise grade security solution on top of our network that handles all of your threats and all of your attacks, and then we give you, of course, a global, resilient, available network, five nine availability across any region that you would need to be in with.
Again, the 20 millisecond connectivity time and now insights on top of that, to be able to get to the bottom of why people would experience an issue over their network. ?
Are you offering a free trial of the new the new digital experience? ?
Absolutely managed digital experience, yeah, digital experience monitoring. ?
So where can people go for more information? Because there's a lot of features here that people should explore. ?
You can go to CatoNetworks.com, and you can sign up for a demo and sign up for a trial. ?
Brian Anderson, again, thanks for being on the show. That's all the time we have for today's episode. Be sure to like the video, subscribe to the channel, add any thoughts you have below. Join us every week for new episodes of DEMO. I'm Keith Shaw, thanks for watching.
Sponsored Links