A performance test pitting Cato's SASE cloud against Zscaler Private Access. and what it means for security architecture.
For as long as anyone can remember, organizations have had to balance four key areas when it comes to technology: security efficacy, cost, complexity, and user experience. The emergence of SASE and SSE brings new hope to deliver fully in each of these areas, eliminating compromise. but not all architectures are truly up to the task.
SASE represents the convergence of networking and security, with SSE being a stepping-stone to a complete single-vendor platform. The right architecture is essential to providing an experience that aligns with the expectations of modern workers while delivering effective security at scale.
Marketing claims aside, you should consider how many unique geographic locations can provide all capabilities to your user base, as well as how effective the organization has been at adding and scaling new PoPs. These PoPs should be hosted in top-tier data centers and not rely on the footprint of a public cloud provider.
Cloud and mobile adoption are still on the rise but create challenges as users and apps are no longer in fixed locations. The public internet routes traffic in favor of cost savings for the ISP without consideration for performance. A true global private backbone is critical to any SASE or SSE product and should provide value to both internet-bound and WAN traffic.
QoS has been around for more than 20 years and is useful to ensure that critical applications have enough available bandwidth, but QoS does not do anything to improve performance beyond this. When evaluating a provider, look for networking optimization capabilities such as TCP proxy and packet-loss mitigation that will improve the overall user experience.
To quantify this, Cato Networks conducted a performance test for a customer comparing Cato's SASE cloud to Zscaler Private Access. Files were transferred from London to Tokyo. Even for files only 100MB in size, the performance improvement was substantial. It's worth noting that ZPA doesn't inspect traffic for threats. and despite Cato's complete zero-trust approach to WAN traffic with all inspection engines active, Cato's SASE cloud achieved up to a 317% improvement in performance.
SASE and SSE vendors deliver critical capabilities to organizations and should be carefully evaluated before adoption. While performance is one of many factors to consider, don't make it the lowest priority. Users are doing their best to be productive and high-performers will naturally look for ways to bypass obstacles that are slowing them down. Fast is secure. Secure is fast.
If you're working on something worth talking about, reach out.