Cato Networks CEO Shlomo Kramer cofounded the company in 2015 with a vision of security and networking converging in the cloud, which later became the revolutionary secure access service edge (SASE). Kramer told SDxCentral that SASE is the third form factor of network security, replacing the previous two generations, and some network security vendors are struggling with the transition.

Kramer, referred to by some as the "Godfather of SASE," also cofounded Check Point Software and Imperva. “I am not only the founder of Check Point, I actually with Gil Shwed [cofounder and CEO of Check Point Software] coded the first commercial firewall and put it on a floppy disk,” he said.

“And that was kind of, I would say, the first generation of network security, that started network security essentially. And I was lucky enough also be able to write the first check to Nir Zuk [cofounder and CTO of Palo Alto Networks], that arguably started the second generation of network security.”

Kramer noted each generation differs by its form factor:

• The first generation of network security involved firewall software installed on servers. This approach became cumbersome due to the extensive number of installations required.
• The second generation was appliances that converged network security functionalities into a single box. “It was a great simplification and a great form factor and was basically for 20 years … It still is but it overstayed its welcome,” Kramer said.

He noted, with the rise of software-as-a-service (SaaS) applications, the appliance form factor faces scalability challenges. Traditional firewalls were not efficiently positioned in the line of sight of data access.

For the hybrid-work and hybrid-cloud models, “it was clear that the appliance form factor was wrong. And the perimeter is dissolving because of the mess of points solutions that, together with MPLS [multiprotocol label switching], and together with, you know, interconnecting clouds and all these new challenges.”

Kramer created Cato Networks with Gur Shatz in 2015, envisioning a new form of network security centered on the cloud – a fluid network that could extend security wherever needed.

“That's why our SD-WAN devices are called sockets. The idea it's like a utility. You plug in your mobile device, your office, your cloud data center, your car or your machinery in the factories or whatever IoT you have, and you're on the network and immediately the network security stack is available to you,” he said.

The stack includes the functionalities of previous generations and relevant patches, such as zero-trust network access (ZTNA), secure web gateways (SWGs) and cloud access security brokers (CASBs), converged into a single global network, Kramer noted. Later, Gartner coined the platform as SASE.

Cato Networks this month scored $238 million in equity investment, leading the company to a valuation of over $3 billion.

“We invented SASE and we built it. And I can tell you within the first four years, many people looked at us like … what are we doing? And it's impossible to do, etc. But, eight years later, we have a category defined by Gartner as the future of network security,” Kramer said.

“And we are the only company that has built this platform from the ground up as a solution that provides the full SASE experience,” he added. “In 2019, all these second-generation power companies woke up to it in the Gartner report: the future of network security is in the cloud. “

Kramer pointed out that many firewall companies that didn’t survive missed the transition to the second-generation hardware appliance form factor. And now the industry has seen various companies struggle with the transition from appliance form factor to the cloud-centric approach of SASE.

He used leading players like Palo Alto Networks, Fortinet and Zscaler as examples. “Some of them were faster in kind of duct-taping together a solution like Palo Alto Networks, essentially a rushed solution primarily using Google for their IPs,” questioning the sustainability and cost-effectiveness of such solutions.

“It's going to create a major issue with the split, once it scales; the price is going to be paid by the customers,” he said.

Kramer also argued that the multivendor SASE category is “essentially dead.”

He added that the last and only important player in multivendor SASE is Zscaler, which recently rolled out network hardware that is not yet SD-WAN but will soon be SD-WAN. “So they are scrambling to fix their strategic level.”

Additionally, Kramer said some network security companies were “very late to wake up” and “non-responsive” to the cloud challenge. “Fortinet, for example, is now just starting to talk about the cloud and catching up and it's really difficult, because … it's a company DNA, so we'll see if they're successful.”

Kramer warned, “the security market is broken.”

He argued enterprises are struggling to get insurance policies, particularly organizations with a few thousand to 20,000 employees. “It's going to be either impossible or prohibitively expensive.”

“And the reason is that the security industry is focused on innovation. And forgot that to innovate and come up with the solution is just half of the way, you need to make sure that the customer can consume that solution.”

This is what Cato Networks focuses on now. “I think SASE is not only the current market that we are in, but that concept is allowing for organizations of all sizes to consume the most advanced security capabilities in a way that fits the talent pool and the budgets. So that's my vision for the next 10 years.”

Image: Cato Networks CEO and cofounder Shlomo Kramer. Source: Cato Networks.