According to Gartner’s projections, by the close of 2024, more than 40% of enterprises are expected to have well-defined strategies for Secure Access Service Edge (SASE) adoption. This is a substantial leap from the mere 1% reported in 2018. Cato, recognized as the “poster child” of SASE by Forrester Research, has seen the extraordinary surge in SASE’s popularity. This surge is evident not only in its adoption by organizations of all sizes but also in the increasing number of requests from third-party vendors eager to integrate SASE into their software solutions.
This is where Cato API comes into play, seamlessly delivering the Cato SASE Experience to third parties through a planned approach. The convergence of security and networking information within a singular API not only reduces costs but also streamlines data retrieval. It is this same blend of elegance, agility, and intelligence that characterizes the Cato SASE Experience. In the past year, nearly a dozen technology vendors, including Artic Wolf, Axonius, Google, Rapid7, Sekoia, and Sumo Logic, have unveiled Cato integrations. Cato’s channel partners, such as UK-based Wavenet, have independently executed internal integrations, reporting substantial improvements in return on investment (ROI).
“So many of vendors who didn’t give us the time-of-day are now approaching and telling us that their customers are demanding they integrate with Cato,” says Peter Lee, worldwide strategic sales engineer and Cato’s subject matter expert on the Cato API.
One single API
Cato delivers a one API that retrieves worldwide security, networking, and access data for any site, user, or cloud resource in a single converged platform. Developers can make a single request to obtain information on a specific object, class of events, or timeframe—whether pertaining to any location, user, or cloud entity, or encompassing all objects within their Cato SASE Cloud account.
This singular “window into the Cato world” stands as a distinctive hallmark of a genuine SASE platform. Cato’s commitment to convergence is evident in the creation of a unified API, enabling access to events related to SD-WAN and networking, as well as security events from our SWG, CASB, DLP, RBI, ZTNA/SDP, IPS, NGAM, and FWaaS capabilities. All delivered in a consistent format and structure for immediate processing.
In contrast, approaches centered around individual products require developers to submit multiple requests for each product and every location. Separate requests would be made for firewall events, IPS events, and connectivity events for each enterprise location. Managing multiple locations entails initiating distinct requests. Additionally, each product provides data in a varied format and structure, demanding additional investment to standardize them prior to processing.
Better ROI
The difference between the two is more than semantic; it reflects on the bottom line. Just ask Charlie Riddle. Riddle heads up product integration for Wavenet, a UK-based MSP offering a converged managed SOC service based on Microsoft and Cato SASE Cloud.
He had a customer who switched from ingesting data from legacy firewalls to ingesting data from Cato. “Cato’s security logs are so efficient that when ingested into our 24/7 Managed Security Operations Centre (SOC), a 500-user business with 20+ sites saved £2,000 (about $2,500) per month, about 30% of the total SOC cost, just in Sentinel log ingestion charges,” he says.
For Cato customers, Wavenet found it sufficient to feed the SIEM with log data rather than the complete network telemetry data, ensuring precise event correlation. Since Wavenet oversees both the Cato network and the SOC, its SOC team can directly leverage Cato’s security tools for investigating and responding to alerts, rather than depending solely on EDR software or the SIEM. This integrated management of network and security not only enhances threat detection and response but also leads to cost savings.
Addressing a range of use cases
Delivering security, networking, and access data via one interface has resulted in a variety of third-party integrations. SIEMs rely on incorporating Cato data for comprehensive incident and event management, while detection and response mechanisms leverage Cato data to pinpoint threats. Asset management systems utilize Cato data to monitor network assets effectively.
Sekoia.io XDR, for example, ingests and enriches Cato SASE Cloud log and alerts to fuel their detection engines. “The one-click “cloud to cloud” integration between Cato SASE Cloud and Sekoia.io XDR allows our customers to leverage the valuable data produced by their Cato solutions and drastically improve their detection and orchestration capabilities within a modern SOC platform,” Georges Bossert, CTO of Sekoia.io, a European cybersecurity company.
Another vendor, Sumo Logic, ingests Cato’s security and audit events, making it easy for users to add mission-critical context about their SASE deployment to existing security analytics, automatically correlate Cato security alerts with other signals in Sumo Logic’s Cloud SIEM, and simplify audit and compliance workflows.
“Capabilities delivered via a SASE leader like Cato Networks has become a critical part of modern organizations’ response to remote work, cloud migration initiatives, and the overall continued growth of SaaS applications required to run businesses efficiently,” said Drew Horn, Senior Director of Technology Alliances, Sumo Logic. “We’re excited to partner with Cato Networks and enable our joint customers the ability to effectively ensure compliance and more quickly investigate potential threats across their applications, infrastructure and digital workforce.”