Firewall-as-a-Service (FWaaS)

Firewall-as-a-Service (FWaaS) is a new and revolutionary way of delivering firewall and other network security capabilities as a cloud service. It eliminates the constraints and complexities of legacy physical and virtual firewalls, and make network security consistently available everywhere.

Firewall-as-a-Service Capabilities

Full Traffic Inspection Without Blind Spots

Cato inspects network traffic from all sources and to all destinations across the internet (north-south) and the WAN (east-west). This includes traffic over all ports and protocols, and is not limited to HTTP/S traffic only.
Cato helps enterprises retire both branch and datacenter firewall appliances and replaces them with Cato FWaaS. Firewall elimination is possible because Cato can deliver all legacy firewall capabilities in a network (and not proxy) architecture, from the cloud, with multi-gig throughput.
Using Cato FWaaS enterprises avoid configuration gaps, blind spots, and reduce the risk of data breaches

Scalable Firewall Ruleset Management

Cato FWaaS processes rules based on their order in the ruleset, stopping at first hit. To avoid flooding the ruleset with numerous rules, each rule can be set with specific exceptions. Cato allows admins to group rules into sections for better readability and efficient review by 3rd party auditors.
Cato offers a rich set of objects (user identity, organization unit, device, host, application, protocol, location, network, VLAN, and many more) that can be used in the rules, and the ability manage them in logical groups that can combine multiple object types.

Full Logging and Monitoring for Detailed Analysis and Reporting

All rules and actions in the Cato FWaaS can be set to record an event and store it on the Cato SASE Cloud Platform for an agreed upon retention period.
Email notifications can be configured to alert on selected event that repeat during a defined period and at a defined urgency.
Event monitoring and analysis is available through dedicated dashboards and through the event monitoring interface which provides easy-to-use searching and filtering.
An audit trail records all admin activities for tracking, monitoring and auditing.

Unlimited Processing and Inspection Capacity for Every Need

Cato FWaaS is a cloud service that benefits from a cloud-native software architecture. Features and capabilities are not limited by the underlying hardware, and autonomous and elastic scaling and self-healing ensures high performance and service resiliency.
Cato allow admins to enable all features, including TLS inspection, and use any type and number of objects, groups and rules without worrying about performance or availability.
Cato’s cloud-native software architecture eliminates concerns of increased latency due to CPU load, packet drops, or device failure. Similarly, risk of mid-term appliance replacement due to insufficient compute power is avoided.

Microsegmentation, Access control and Zero Trust for Risk Reduction

Microsegmentation can be easily configured to restrict access to sensitive resources. Policies can be set based on groups, networks, VLANs and individual objects such as hosts and users to govern granular access that meets business requirements. For zero trust, Cato allows admin to set identity-to-identity, identity-to-app, and app-to-app access policies that factor in not only the identity of a user, but also their geo location, method of connectivity, security posture and more.

DPI-based Application and User Awareness

Cato FWaaS includes built-in awareness to thousands of applications across all ports and protocols and the ability to define custom applications. A DPI engine identifies the application or service as early as the first packet and without having to decrypt the payload.
Cato allows policy configuration and enforcement that factors the identity of the users and the organization units they belong to. By synchronizing with the user directory, and using the identity agent in the Cato Client, a user identity is associated with every network flow.

Firewall-as-a-Service Video Demo

Cato’s FWaaS provides granular access control with multiple context options and complete visibility into user and device activity, all with smart organization options that simplify policy management at scale.

真のSASEプラットフォームの戦略的メリット

真にクラウドネイティブなSASEプラットフォームとして、ゼロからアーキテクチャの構築が行われたCatoのセキュリティ機能はすべて、現在も将来においても、Catoプラットフォームの特徴であるグローバルな分散化、抜群のスケーラビリティ、高度なレジリエンシー、自律的なライフサイクル管理、そして一貫性のある管理モデルを活用します。

一貫性のある ポリシー適用

Catoは、すべてのセキュリティ機能をグローバルに拡張し、非常に大規模なデータセンターからユーザーの各デバイスまで、すべての場所と人を対象に一貫性のあるポリシー適用を実現します。

スケーラブルでレジリエントな保護機能

Catoは、TLS通信の完全な復号化が可能で、スケーリングにより、すべてのセキュリティ機能においてマルチギガのトラフィックストリームを検査できます。また、サービスコンポーネントの不具合から自動的に回復し、継続的なセキュリティ保護を実現できます。

自律的なライフサイクル管理

Catoは、すべてのユーザーと拠点を対象に、お客様の関与なしでSASEクラウドプラットフォームが最適なセキュリティポスチャを維持し、99.999%のサービス稼働率と低遅延のセキュリティ処理を実現できるよう万全を期しています。

管理を一元化

Catoなら、構成、アナリティクス、トラブルシューティング、インシデント検知・対応など、セキュリティとネットワークに関するすべての機能を一元的に、一貫性のある形で管理できます。統一的な管理モデルにより、ITチームおよび業務において簡単に新機能を導入できます。

Cato SASEクラウドプラットフォームがデジタルビジネスを強化

Catoを利用することで、セキュリティ関連の複数のポイントソリューションや高価なネットワークサービスで構成された、複雑なレガシーアーキテクチャを解消できます。Cato独自のSASEプラットフォームが、安全で最適化されたアプリケーションアクセスを、すべての場所と人を対象に、一貫性のある形で自律的に実現します。