BizTech BizTech Podcasts

96. Is the SASE Revolution going to empower networks, and secure the future? With Mark Spiers of Cato

November 22, 2023

Subscribe to the Next Level BizTech podcast, so you don’t miss an episode!
Amazon Music | Apple Podcasts | Listen on Spotify | Watch on YouTube

Do you want to learn about SASE, why it’s important, and how SDWAN and Security are converging? Then tune in on this episode where we’re joined by Mark Spiers of Cato and talk SASE and convergence. We talk about CATO’s unique positioning, why the timing is perfect right now, how this helps understaffed IT teams, and more.

Welcome back. We are here. We’re talking SASE. We’re talking the networks of the future, and we’re on with a good long-term friend of mine. Long-time friend, Mark Spiers regional director at Cato. Spiers welcome on, my man. Thank you. Good to be here. Thanks for having me. So if you do not know this, Mark and I sold side by side for many years. We worked at a startup. We cut our teeth. We had to fulfill a lot of crazy promises. I think at some point we’ve even installed satellite dishes on top of hospitals in the middle of Michigan in winter and whatever it takes to help customers. So, man, we’ve had some good times together, man. We’ve sold a lot of stuff. We have indeed. We have indeed. Yeah, I mean, that was me coming into the industry. So we’ve been side by side since the beginning. I love it. Let’s talk about your background a little bit. I love hearing about this. What is everybody’s journey? How did you get into this space? Did it suck you in? Were you destined to do this? Where did you start? Yeah, you bet. So back in 2006, 2007, I was working in the financial services industry. It was right about then that the financial market started to crash. So I was a part of the very beginning of that. The bank that I was working for closed its doors abruptly.

So I find myself without a job for the first time in my career. So fortunately, I was able to get on with another company pretty quickly. Within three, four months, that bank shut its doors. So I’m out of work again with a young family trying to figure out what’s next. So I’m thinking to myself, I’m not going to do this again. I’m not going to go this route. Started looking into IT. And that’s what took me to the little startup you just referenced. I was able to get on there. And that was the beginning of my career in tech. Was working side by side with you. And you played obviously a big part, not. And it was just trying to figure it out. It was just jumping in feet first and kind of figuring the industry out from the acronyms to the language to everything else. And that’s where it started. Yeah, it’s interesting. I think, you know, this industry is a testament to if you just have the right acumen and the right determination. I mean, it’s a metaphor for anything in life. But neither you or I knew what anything from a PRI to telco to any of that stuff. And I think within months of each other, we both landed there. And I’d say we learned a lot in that time period. And we successfully sold tons of backup communications to people that now helps us in this space. So love the journey. Glad you were there. I remember scooting back from my cubicle and asking you, gosh, what’s a PRI? I mean, it was that kind of stuff, right? You thankfully had some of that guidance for me. But we figured it out. And just kind of went. And I think we had a good five year run doing that and introduced both of us to a lot of what was to come. So I want to talk about Cato. You know, this is about, you know, empowering the networks and convergence and sassy and all of that good stuff. But, you know, I’ve always been a, you know, slo-mo Kramer fan. You know, understood him from the early Imperva days, WebOut Firewall, the Checkpoint days. And so I always loved what he’s done. Tell us about what what’s cooking at Cato. Where did it start and where is it now? Yeah, you bet. I remember it’s funny. I remember years ago having a conversation with you about security and you mentioned the name slo-mo Kramer. And I’m like, who’s you know, what’s this guy all about? And you said this is this guy’s where it’s at when it comes to security.

So slo-mo Kramer is the founder of Cato, but he’s actually a pioneer in the industry. And when I say pioneer, I mean all the way back. So early days of the Internet taking taking hold back in the 90s, he started a company called Checkpoint.

They were really one of the first kind of behemoths in the market in the cybersecurity space and introduced commercial firewalls to the market. So he grew that business, became very, very successful.

And from there went on to found a company called Imperva, which was the first web application firewall and then grew that. And he’s just he’s a serial entrepreneur. He’s involved in a lot of different things. He was an early stage investor in Palo Alto, just just constantly looking forward to what’s next. And that that really is the origin of Cato is back in 2014, 2015.

Him and his partner had this vision for for kind of where things were heading. And it was very insightful, you know, looking forward even 10 years, was this, you know, he saw this convergence happening of the network and network security and was in a place where he could go out and raise a whole bunch of money from outside investors and build this vision, which has evolved into Cato, which was this idea of taking a cloud-native service that kind of covers both the network side of things and security, converging that and really simplifying that whole stack. So that’s started that back in 2015. And that’s evolved into what Cato is today.

So let’s talk about, I mean, I think if we lay the foundation for fundamental SD-WAN, right? The need came out of we need resilient networks. So SD-WAN comes alive and, you know, at a bare bare bare minimum, if we strip off everything else, it gives people resiliency if a connection drops, right? And I remember when we started this conversation, people, you know, were a little leery on, wait a minute, well, are you going to touch my security too? Well, I’ve got this other appliance that does that. And well, okay. But are you managing it? Do you have the expertise? All those good things. And so the idea of managing these things, you know, separately, managing and hugging boxes was just kind of the way things were architected. And there’s still a great presence for that in some environments. But now with what we’re seeing, the convergence and SASE, for anybody that’s not familiar, walk us through, okay, we’ve got the SD-WAN overview. But how does SASE in the convergence work from Cato’s perspective? Yeah, great question. I think so. Yeah, you make a good point. SD-WAN kind of evolved out of this move, pivoting away from private networks from MPLS, that’s maybe too expensive or too rigid for certain use cases. So there’s SD-WAN, I think where that evolved, at least for us with Cato. And I think where this whole SASE thing started was Shlomo saw an opportunity to converge all that. He’s, Cato at its core is a cybersecurity company. That’s what Shlomo was building. But as we’re building out this global network, he sees all this happening with SD-WAN and says, wait a minute, why, if we’re going to do the network over here and the security over here, why don’t we just put the two together and simplify this, right? A single pass all the way through. That’s where it evolved from was just this idea of how do we simplify this? How do we make this more cloud centric? And that’s where the vision for Cato came from. And that’s where it continues to grow is let’s put all this together. It only makes sense that network security and network work together. And like you said, the proliferation of boxes and appliances, it’s still out there. There’s a place for that. But most companies just don’t have the expertise and the resources and the people to do all this themselves. That’s kind of the evolution. Yeah, it seems like timing is critical on this. And we’ve reached this point, even pre-COVID, right? This is a huge talking point of, I just don’t have the right people to do this. I can’t keep them. I can’t afford them. I’m an S&P. I’m a mid market. Even I’m an enterprise. And, you know, they’re jumping from job to job because they can go from 300 to 400 to 600, right? If I’m a CSO kind of thing. Oh, yeah. So is that, from your perspective, when you have these conversations with customers, do they get that right away that, you know, you need to converge this, you need help managing this? Or are you having to help them see the light? How has that shifted in the market? I think, you know, I think they know. I think it’s obvious, right? The technology stack has continued to grow, especially as it relates to security, right? I mean, there’s, you look at charts of, you know, the providers in the security space and it’s an I-chart. It’s just insane. I think most companies are somewhat resigned to the fact that they can’t do it all, but that’s a dangerous space to be. Cybersecurity is maybe the biggest single threat to any business today. And so I think most companies know that they’re not doing enough. They know that they don’t have the resources to do everything they need to do. But what do we do? How many people can we hire? How, you know, what salaries can we afford? And even then, you know, are we there? So I think there’s a knowledge out there that companies need to do more. It’s just how. It’s a matter of resources. That’s really what it comes down to, money and people. And so SASE is sort of the tool that gives them that power. It gives them kind of the ability to consolidate everything and do more with less. So I think it’s out there. And I think sometimes to your point, yeah, there’s a little bit of an education that has to happen, right? People are used to doing things a certain way, but SASE is out there. It’s a hot topic and it’s opening eyes. Well, you mentioned a key thing there that we’ve heard a lot of in the last 12 months, given market conditions and just, you know, bears, bulls, all that kind of stuff. Do more with less. I think this is what businesses are being tasked to because regardless of the ups and downs of the market, whether they’re selling their products more or they’re selling them less, they’ve got to figure out profitability. So I’m going to harp on, do more with less here. Talk to me about the advantages that, you know, we’re talking about this network architecture, the convergence of this. I’m going to get, I’m going to pick out products. We’re going to talk products in a second. But just the advantages. If you’re, if you’re talking to a customer, what are the advantages of having this converged network help? Help, you know, what does it help them do that? They just can’t do themselves. Yeah. Man, it starts, it starts from probably visibility. One of the, when we start having a conversation with a customer, one of the primary things that comes up is we just don’t know what we don’t know. Whether that’s security, whether it’s network, whether it’s bandwidth usage, we just don’t know. And so I think it starts there. But it escalates into, you know, the unfathomable number of cyber threats and how do we address all of this? We don’t have the people, we don’t have the resources, we don’t have the tools. And even if we do have the tools, it’s a stack of boxes sitting somewhere that we don’t have the people to manage and we don’t know what to pay attention to and what not to. So it’s a very, very complicated thing. And that’s the primary aim of SASE is to simplify that, to give people the power to manage all of those things with the little resources they have. I can think of a customer, you know, we may talk about later that managing over 600 locations and has only four people on their IT staff. How in the world are those people supposed to manage something like that? SASE gives them that ability by that convergence, by boiling it down into something more manageable.

All right, so so let’s talk, let’s talk products here. Let’s let’s intermix SD-WAN and security. So in addition to your SD-WAN core, you know, people tend to come to us of who do we have that does this? Who do we have that solves this problem, that kind of thing. So let’s talk about all the problems that Kato can solve when we talk about the Kato security story, lay those products out for us.

So we talked about SD-WAN, right? That’s that’s part of the core. On the security stack side of things that the foundation is next generation firewall, right? Every business has to have a firewall at its core. So next generation firewall is the foundation from the Kato perspective.

And one of the things that’s interesting about the way we’re building this, where we’re building Kato is we’re almost introducing a new security company, like every quarter.

So intrusion prevention, next generation anti-malware, cloud access security broker, data loss prevention, all these, you know, I call it alphabet soup, right? Because when you start talking about the acronyms, it’s IPS, NGA, CASB, all those things. But but it’s that entire stack, it’s the whole enterprise security stack. And it just continues to grow, it continues to evolve as SASE continues to expand, we’re picking off use cases, one of the new things is endpoint protection. That’s, that’s being introduced to help people manage devices. So it’s the whole stack, it’s and it continues to grow. I think everybody naturally gets to this point of, as a business, as the business grows, oh, okay, well, we need that now. All right. Well, the NIST framework tells me I need to have this thing now. So it seems to me like you guys have stayed pretty ahead of the curve from a product perspective, so that, you know, they may come at you of seeing that you solve their need for SD-WAN or that you solve their need for visibility. And you’re standing over here waving your hand go, guys, we do all these things, you don’t have to go look at 85 different places, we’ll give it all to you, we’ll give you access. You know, it’s all Cato. It’s almost not fair, in a way, because it Cato was built in the cloud. So we can evolve, we can adapt, we can add new products at a speed that is really unattainable for most, right? Shlomo Kramer, our founder and CEO has this term he uses, he likes to say, you can’t unscramble the A. If we’ve built ourselves as a hardware provider, it’s really difficult to go back and evolve that into a cloud-delivered service. Cato had the good fortune of being born in the cloud. We were purpose-built to do this. So you’re exactly right. It’s our customers come on board, they introduce, you know, we maybe take over their WAN on the SD-WAN side. on the SD-WAN side. And then they start looking inside of the portal and going, wait a minute, there’s all these other cool toys and tools in here and it’s software. All I have to do is flip a switch and turn it on. They can start moving up the enterprise security stack very, very easily. – Love it. – Which is also by the way, a very appealing tool set for a partner, for a trusted advisor to be able to go out and talk to their customers and say, here, I can simplify this path for you. – Yeah, yeah. What’s on your, I mean, we get partners that walk into deals a lot of those a lot of times because it’s, hey, Mr. Customer, what are the projects that you have next? Well, I have this, I have this and I’m like, okay, I have an answer for that. I mean, I can tackle that for you right now to your point. And that makes sense, especially to those customers that are tasked to do more with less or manage a bunch of sites or whatever the case is. – Yeah, yeah. – All right, let’s talk about an implementation scenario, SD-WAN, SASE.

What I love about this is, we’ve dove into the tech a little bit. I think you’ve clued everybody in on what some of those products are. I know some of those are acronyms we didn’t go into, but they’re all the security acronyms. If anybody wants to look them up. – Alphabet suit. – Yeah, I love it.

Walk us through an example though, where you sold one, it got implemented. What is the initial environment? What are the business problems that you called out? And then ultimately, what did this thing look like after? And what did you really do for this customer? – There are so many. There’s so many great use cases, right? There’s so many, you look at it globally, solving use cases out of China is a big one. People that have to send transmissions overseas, things like that. There’s a lot of different things. The one that I’ll probably hit on, I kind of touched on it earlier. We were approached by one of the Telarus trusted advisors with a customer who is now a very large customer.

At the time they were, so what they are is they’re private equity owned, they operate medical clinics. And what they’re doing, their growth path is, they’re out there acquiring mom and pop clinics and folding them into their brand. So they had grown to, I think at the time, 350, 400 locations. And these are all acquired locations. So the technology stack inside of these is everything you can imagine, right? From just having maybe a phone and internet to having an outdated firewall or having Cisco equipment or whatever else. The challenge for them was, how do we take these existing hundreds of locations with their mishmash of technology

and build that into something that number one, we can deploy quickly to get them all protected and covered. And then how do we grow? How do we make that scalable? So the way we did this, and we had a lot of great help from Josh Hazelhorst at Telarus was very, very instrumental in this. And just did some deep discovery. And the way this worked was, let’s ship a Kato socket, a little appliance out to each one of these locations,

plug it in, it doesn’t have to be anybody technical. You can have whoever’s sitting at the front desk, plug it into a WAN port. These will call home and then Kato can push down a security policy where it’s a single global policy for each of these locations. Now we’re very quickly moving to a place where all these hundreds of existing locations are on a very similar, right? They’re single global policy. And then going forward now, you’ve got this approach where the Kato device goes out, calls home, policies are pushed down, you’ve got the same security policy at all these locations.

Simple to manage, and you’ve got four people managing 700 locations. – Yeah, I love it. Good story. I think that calls out, there’s just a ton of great examples. I think people can pull out of that depending on the scenario that they have. – Oh yeah. – Love that example. Now Hazel Horse seems to always get a shout out on these podcasts. I love it. – He worked wonders with this customer. And by the way, when they brought this customer to us, the customer had this lengthy insane list of security requirements and this patchwork of security vendors. It was very complicated and would have been virtually impossible to manage. So it was a good find. – Love it. Okay.

Last couple of thoughts here. So, you know, I like to ask questions. I’d like to arm partners with questions.

We talk about that a lot and I want people to walk away from that. So let’s say I’m a partner. I’m listening to this. Maybe I haven’t sold into this area yet, but now I go, okay, I’ve got plenty of prospects or existing customers I could talk to about this that maybe I haven’t approached yet. They were hesitant before. What’s the advice? What’s the strategy? I mean, is there questions that you want to give out to partners listening? I’ll leave it to you for that. – I think education’s huge and Calaris is an excellent resource for that. Cato has a portal, a partner portal where you can educate yourself.

I actually have a book on my desk right now called Sassy Explained. It’s a beginner’s reference for the Secure Access Service Edge, another great resource.

So education’s huge, but I think there’s nothing that’s going to replace just sort of jumping in. So with your existing customers, it could be as simple as, for Sassy, it could just be a simple question like, when’s the WAN refresh? What are we looking at that way? Do we have a WAN refresh in the next 12 months? That can very quickly start a conversation about Sassy. And for a partner, if I’m in a partner’s shoes, I don’t have necessarily the expertise to go out and start talking about this. It’s just engaging a provider like Cato. Let us be an extension of that team. But I think asking questions about a WAN refresh is a great place to start. If we can come in and replace whatever you’re doing on the WAN side with SD-WAN, it creates a really natural opportunity to start talking about security. On the security side, it’s very simply, what does your security architecture look like today? And you might gather a ton of information that way, right? What are you doing for firewalls? When do those come up for renewal? How are you addressing work from home?

A lot of different questions like that, I think you could ask that could open up sort of a much broader path of how do we then engage Lopresto or Hazel Horst or anybody on the Telarus team to come in and start asking maybe the more deep technical questions. But I’ve always said just kind of jumping in and doing it, right, just sort of engaging people that have the answers. And through that process, you sort of start to hear, right, what the conversations sound like. You start to learn more about those acronyms and some of those kinds of things. And so I think it could be just as simple as WAN refresh, it was a good place to start. – I love that too. And yeah, I mean, I like your WAN refresh.

And if we take that back to the last question, a question or two back that we asked about, outline all the products that Cato has, you could argue that from a security perspective, when is your next X refresh? Are you looking at CASB, right, to broker all the security solutions? Are you looking at intrusion prevention, all of those? And obviously those are all teed up, teable opportunities for you guys. – Yeah, what’s on your radar? What’s on your radar these days as it relates to security? What are you concerned about? I think COVID introduced an entire, and that COVID really fast-tracked this whole SASE conversation. Because in the past we had branches connected to a data center and people working in offices. And now everybody’s working everywhere and accessing resources in the cloud and data centers and the hyperscalers and wherever.

This all of a sudden is now how do I as an IT team, how do I address all this? So it could just be a simple question of how are you solving for this? And the answers open up all sorts of avenues. – Love it. All right, final question here. We’re gonna look into Mark Spiers or Miss Cleo’s, Crystal Ball, if anybody knows my Miss Cleo references.

So this is a fast-moving space. You guys are very innovative. I think we’ve talked innovation before with Cato.

What do you want partners to be cognizant of? You know, 2024 is right around the corner. Do we just double down on everything that you’ve mentioned, everything that you’ve given to us and rock that into a strategy for 2024? Or is there anything you want partners to be aware of, of things that are coming next or innovations around the corner that, oh, by the way, think about, you know, customers are gonna care about this or new products like this. – Sure. Well, the name of the game in our industry is consolidation. We all know that. I think there’s gonna be a ton of that in the near future. But this sassy topic, it’s a hot button, it’s a hot topic. And I think it’s only gonna get hotter. I think it’s just gonna continue to grow. It’s gonna turn into a wildfire. So from a partner perspective, from a trusted advisor perspective, you know, I might be focused on CCAS, UCASS, a lot of these other things. I think sassy is a hot topic. It’s a space that I want to be focused in. If my customers aren’t asking me about it already, they’re going to be soon.

You’ll continue to see the security stack evolve. All these acronyms we talked about, you know, it’s going to continue to evolve. There’s new and different ways to access resources and to protect the network. So I think just getting your feet in, just diving in, getting familiar with the space, it’s gonna continue to grow. But I do think you’ll continue to see a consolidation. So a lot of niche providers in this space will start to be folded into a bigger stack.

And so I think you’ll see Cato and a number of other providers of our peers that will sort of push way out front as that single vendor sassy. And I think that will help partners probably eliminate some of the noise.

And simplify, you know, just who their resources are and who they go to. But so I think consolidation is a big thing, but cybersecurity is only gonna become more involved and more advanced. Trying to keep up with the threats is difficult. So you’ll just continue to see new things. I think there’s no better time than now to jump in and become familiar. – Love it. Okay. All right, man, that wraps us up. Man, I appreciate it, Mark. Thanks for coming on and doing this with me, man. – Thanks for having me, buddy.

It’s good to see you and we need to get together soon. – Absolutely. All right. Everybody that wraps us up for today. I’m your host, Josh Lupresto SVP, Telarus Engineering.