A common objection raised by organizations about any new network security technology is that it will somehow slow down operations. That's an objection that Cato Networks is looking to help overcome.

Cato just announced that it is accelerating its secure access service edge (SASE) platform with new power that the company claims can enable 5 Gbps of bandwidth with all security inspections enabled, on a single encrypted tunnel. Previous iterations of Cato's technology could only achieve bandwidth of 3 Gbps under those conditions.

"The need for 5 Gbps is happening on the most intensive, heavily used network connections within the enterprise -- the connections to data centers or to the cloud housing shared applications, databases and data stores," Dave Greenfield, director, Technology Evangelism at Cato Networks, told SDxCentral. "Not all companies have the need for 5 Gbps connections, but for large organizations that do have that need, yes, it can make a significant difference."

When it comes to network access, organizations have often been able to add more bandwidth, simply by paying for more bandwidth from a service provider. But that's not how more bandwidth throughput is being added to the Cato platform.

SASE is an overlay technology that sits on top of a provider network. When turning on encryption and security inspection there is some overhead, which will consume some of the provider bandwidth. Greenfield explained that the 5 Gbps bandwidth number that Cato can now provide represents the total traffic from a single edge, which could be a data center or branch network to the Cato platform.  It can be any combination or upstream and downstream. Usually to achieve this throughput, he said that the underlay provider network will be a 10 Gbps fiber licensed for 5 Gbps.

What Cato has done to boost bandwidth has to do with some significant improvements in software, specifically the Cato Single Pass Processing Engine (SPACE) architecture running in the Cato points of presence (PoP) deployments.

Greenfield explained that unlike appliance architectures, the Cato SASE Cloud is a cloud-native architecture. All of the security inspections and the bulk of the packet processing are conducted in parallel in the Cato PoP by the SPACE technology and not at the edge. Cato Sockets, which are the edge SD-WAN devices, are relatively simple with just enough intelligence to move traffic to the Cato PoP and manage and optimize the last mile.

"The improvements enhanced Cato SPACE scalability, enabling the architecture to take advantage of additional processing cores," Greenfield said. "By processing more traffic, more efficiently, Cato SPACE enables Cato Socket to send more traffic."

Greenfield added that all Cato PoPs run the exact same version of SPACE. Any existing customer using our X1700 Sockets, which is the version of the Socket meant for data centers, will now benefit from this update.

In addition to the Cato SPACE improvements, the company is also rolling out a new cloud cross-connect.

The new cross connect is a point to point (P2P) connection from the Cato server into the Equinix Cloud Exchange or Digital Reality Cloud Connect. Greenfield explained that a VLAN circuit is mapped from the customer’s Cato account to the customer’s tenant in the cloud provider.

"It enables a reliable and fast connection between our customer’s cloud instances and our PoPs that is entirely software-defined and doesn’t require any routers, IPsec configuration, or virtual sockets," he said.