Interview with Shlomo Kramer, Co-Founder and CEO of Cato Networks

Shlomo Kramer is a well-known name in the cybersecurity field and was kind enough to grant us an interview regarding his newest venture, Cato Networks, which recently came out of stealth mode in February 2016. Cato Networks believes that cloud-based network security is the answer to the fragmented and increasingly difficult world of network security. Thank you, Shlomo, for your time and insight into this field.

SDN Networking, Hyper Scale and NFV Startup Primer

Software defined networking (SDN) has helped companies worldwide separate and improve upon the hardware and software components of their often ineffective and inefficient networks. Network functions virtualization (NFV) is an alternative method to enhance a network’s performance by virtualizing the hardware and software of a network.

Instead of separating control and forwarding planes, as in SDNs, NFV optimizes the existing network services. NFV was developed out of frustration when trying to speed up deployment of new network services with hardware-based appliances. NFV uses standard IT virtualization technologies and encourages innovation and improves provisioning. When the European Telecommunications Standards Institute (ETSI) was formed, according to, it created “the foundation of NFV’s basic requirements and architecture.”

Some reports indicate that SDNs will be mainstream around 2020 and the global SDN market will reach $11.5 Billion by 2020, including both open and proprietary SDN, but not NFV. Another estimate from a study done by Plexxi, SDN Central, and Lightspeed Ventures puts the SDN market at $35 billion by 2018 with a compound annual growth rate (CAGR) of 128 percent. The Global NFV Market, meanwhile, is estimated to experience an amazing compound annual growth rate (CAGR) of 51.57 percent between 2013 and 2018. Though there are a few tech giants in this field, it is dominated by smaller, more innovative companies.

Big Switch Networks, in its predictions for 2016, stated that IoT and NFV will make networks so complex that programmable network control via SDNs will be a necessity. They also predicted that 15 percent or more of all ports shipped will be bare metal, at least 10 percent of Global 2000 organizations will deploy bare metal and/or SDN solutions, and “two or more publicly held networking vendors will embrace a modern approach that disaggregates hardware and software,” which Juniper Networks, Arista Networks, and Cisco Systems have just announced.

Pluribus Networks

Pluribus Networks was established in 2010 and has raised $97 million in venture capital funding. Pluribus has also been highly successful in gaining partnerships with the likes of Super Micro Computer and Red Hat to offer private or public cloud providers Infrastructure-as-a-Service (IaaS) with Micro-Blade servers, Red Hat’s OpenStack, and Pluribus’ Open Netvisor Linux. Pluribus offers a powerful, quick to deploy, and cost-effective technological infrastructure. Pluribus also has distribution of its product through Dell, and its Netvisor is integrated with Oracle Solaris 11 to form the Pluribus Freedom Server-Switch products.

SDN-WAN Startup Primer

Traditional hardware and software pairings are both expensive and may severely limit programmer’s capabilities to manage traffic, safety, and other network features. The disruptive force in network hardware and software is the software-defined network (SDN). SDNs allow companies to independently choose their components and pair advanced software with high-powered bare-metal hardware. Networks need not be tied to an expensive and pre-configured hardware and software combination, and a more powerful network can be developed.

SDNs often reduce capital expenditure as well as operating expenses by virtualizing and allowing configuration of network architecture, which is highly valuable when delivering cloud applications to many servers. Gateways can also be used to extend the SDN architecture across many remote data centers. Many SDNs allow pay-as-you-grow models of billing and the ability to automate provisioning and orchestration to reduce management time. Furthermore, SDNs offer quick deployment, application awareness and analytics, and encourage innovation by allowing diverse and sophisticated methods network management.

Growth in SDNs has been further aided by a transition to mobile devices and the cloud which challenge traditional networks. SDNs are quick to adapt, can be highly scalable, and may offer network savings of components around 60 to 80 percent. Importantly, SDNs do not require a partnership with a specific Internet Carrier, so networks are free to choose the Carrier that fits their needs.

Many SDNs are eliminating the concept of customer premise equipment (CPE) entirely and offering virtual installation of their systems. Instead of installing 50 firewalls and protocols in all 50 branches of a network, SDNs can offer virtual installation across all branches of the network. SDNs can provide the virtual CPE, WAN, and security or can be paired with any other security company.

SDNs also allow high levels of customization. Most recently, SD-WAN has begun to penetrate the market and replace multiprotocol label switching (MPLS) and rid networks of the typical headaches of private WANs including latency, jitter, packet loss, many security vulnerabilities, WAN link outages, and immense lead times to install new or upgrade existing WAN link capacities.

An SD-WAN requires some combination of the following components: a policy manager to define traffic classes, security parameters and QoS characteristics, forwarders that may operate as routers and are aware of the applications flowing through them, a central controller to tell forwarders how to forward traffic, and analytics to change network topology, link load, and circuit performance in real time.

CloudGenix believes that three factors have led to the possibility of SD-WANs: the viability of Internet links (which also requires encryption and QoS not easily solved by Internet service providers), the presence of hybrid WANs in which a WAN configuration is needed for every iteration, which drastically increases costs, and the rise of x86 as a network computing platform. Though SDNs may not be overtly present in the current market, IDC predicts that the SDN market will reach revenues of $3.5 billion in 2016 and $8 billion in 2018.


Founded in 2014, Viptela specializes in virtualizing the WAN through their Secure Extensible Network (SEN), an SD-WAN overlay which integrates policy, network security, routing and operations. Viptela launches a vSmart Cloud-based SDN-WAN Controller which virtualizes the network to provide many of the benefits of private MPLS Layer 3 virtual private networks (VPNs) without its drawbacks. It also incorporates the vManage Network Management System with a real-time dashboard on the health of the network, and, should the company choose to replace their current routers, vEdge routers can provide secure data connectivity over any transport. Viptela can be used as a backup for MPLS, alongside MPLS for traffic steering at high bandwidths, on new sites, or to replace MPLS.

Weekly Intelligence Digest – Dec 7, 2015

Top Weekly Updates

1. Instart Logic Partners with Verisign for Advanced DDoS Mitigation and Scrubbing 

Distributed Denial of Service (DDoS) attacks have doubled in the last year as hybrid clouds have become increasingly popular. Verisign, which protects 70% of the global e-commerce, has integrated with Instart Logic to improve upon their current Web Application Firewall. This partnership will allow DDoS capabilities and scrubbing of malicious attacks.

Recent surveys of the causes of outages indicated that they are increasing at at 245% year-to-year, and often the result of DDoS attacks, averaging 7.4 Gbps. At 2.0 Tbps scrubbing capacity, Instart Logic aims to protect against any DDoS attack, large or small, saving incalculable amounts of money and time. By offering enhanced security that uses machine learning, Instart Logic hopes to offer a high-performing and secure CDN.

2. CloudFlare Introduces HTTP/2 

CloudFlare, the Edge Security CDN, has introduced HTTP/2 support. The CloudFlare user will not have to choose between SPDY and HTTP/2. Both SPDY and HTTP/2 will be available for the customer and provider, and CloudFlare itself will continue to use both. The basis of HTTP/2 was SPDY, but the HTTP working group took into consideration the community’s input to develop the replacement for HTTP.

The HTTP methods, status codes and semantics remain the same, but end-user perceived latency, and network and server usage will be improved by HTTP/2. HTTP/2 is binary, multiplexed, uses one connection, compresses headers, and allows servers to proactively “push” responses into client caches. Google will no longer be using SPDY and its protocol beginning in January 2016.

3. AppLovin Scales Out Mobile Advertising Platform with Internap

Mobile advertising company AppLovin made the switch from Amazon Web Services’ (AWS) public cloud to Internap’s Bare-metal IaaS, in order to scale-out their performance-intensive mobile application globally. AWS, as a traditional cloud service, could not scale cost-effectively as AppLovin’s user base grew to over 50 billion ad requests daily, increased growth in video advertising, and global demand for advertising solutions. Internap’s AgileSERVER allows Applovin and other customers to achieve peak performance and scalability for big data workloads.

4. SiteLock Teams with GoDaddy for Enhanced Website Security 

SiteLock, with their year-long partnership with GoDaddy,  announces that they are integrating a new security plugin feature in WordPress, cutting down need to switching in-between both services for daily updates. This will enable SiteLock to integrate better malware-detecting services within WordPress right from the dashboard.

5. VTech Hires FireEye in Response to Data Breach

Hong Kong-based toymaker VTech is now utilizing FireEye’s Madiant forensics unit to restore security systems after a recent cyber hack exposed VTech’s server data on over 6.4 million children worldwide. The hack, which comprised of using an SQL injection, stole information which includes names, email, street and IP addresses, passwords,  customers’ download histories, and the names, genders and birth-dates of children who used VTech’s apps.

VTech has faced scrutiny from parents for not taking enough precautions for securing children’s data in the first place. Additionally, VTech is cooperating with law enforcement agencies worldwide to investigate the incident.

FireEye’s Mandiant will help identify the extent of the recent data breach, look at how VTech handles customer information, and suggest ways to strengthen user data security to prevent future pervasive cyber security attacks.

6. Qwilt Provides Open-Caching and Video Delivery Platform to MyRepublic 

MyRepublic, an ultra-fast Internet service provider in Singapore and New Zealand, has opted to use Qwilt for their award-winning open caching solution and live video streaming to boost network capacity and improve the quality of over-the-top (OTT) video service delivery. Qwilt’s Video Fabric solution analyzes traffic across networks in real-time to identify trending and popular content and then immediately caches and localizes it to the subscriber, causing faster delivery times and less traffic congestion. This clearly gives Qwilt a competitive edge as they plan to further expand further onto Southeast Asian markets.

7. Akamai Achieves a Near Perfect Climate Disclosure Score 

Scoring 99 out of a possible 100 points, Akamai earned a spot on the S&P Climate Disclosure Leadership Index (CLDI) for the second year in a row. Each year, companies worldwide voluntarily submit their annual climate disclosures to the Carbon Disclosure Project (CDP), the international not-for-profit, to be independently assessed and ranked according to CDP’s scoring methodology.  Akamai’s excellent score indicates a high level of transparency of climate-change related information. Its commitment to sustainability, according to CDP, provides “investors with a level of comfort to assess corporate accountability and preparedness for changing market demands and emissions regulation.”

8. ChinaCache Subsidiary Xin Run Launches Atecsys Data Center, Sells 60% of Equity Interest 

Xin Run introduced its Atecsys Cloud Data Center just before the end of the quarter. Atecsys is expected to be the largest cloud data center in Beijing with 15,000 server racks, allowing the launch of China’s first Internet Exchange upon it’s completion.

Subsequently, ChinaCache, China’s leader in internet content and application delivery, has announced that it will be selling 60% of its equity interest in Xin Run to Tianjin Shuishan Technology Co., Ltd., KPIW (Beijing) Investment Fund Co., Ltd. and Tianjin Dingsheng Zhida Technology Co., Ltd. for 36%, 22% and 2%, respectively, for a total of approximately $58.5 million.

CDN Eco-Graph #3

Here’s the latest CDN Ecosystem diagram, which includes three new players: 1) Cloudbric 2) LiveQoS and 3) Skypark CDN. The three have introduced new and innovative business models into the ecosystem further segmenting the market place, away from the basic caching and streaming services, to algorithm driven platforms for optimizing the three miles: first, middle, and last mile.

Interview with Satish Raghunath, Co-Founder of Twin Prime

Recently, we had the opportunity to interview Satish Raghunath, Co-founder of Twin Prime, which officially launched in March. Twin Prime has introduced an innovative business model to the CDN Ecosystem that’s a first of its kind. Twin Prime is a “Mobile App Acceleration Network in the RAN”. The way the service works is simple. The service is comprised of two parts, the SDK that’s integrated into the mobile app, and a PoP infrastructure that houses the brains and communicates with the mobile app. Once implemented, their platform studies and learns the behavioral conditions of the mobile network, and then intelligently optimizes the network to accelerate content delivery over 3G, 4G and WiFi networks. 

Weekly Intelligence Digest – April 13, 2015

Top News Stories

1. Ericsson Launches Cloud DVR Solution

Ericsson launched a cloud DVR (digital video recorder) solution at NAB this week on the back of its acquisition of Fabrix Systems. The launch positions Ericsson as a market leader in cloud DVR because of its new video storage and processing platform. This innovative platform reduces cost and simplifies consumer experience by reducing the size of set-top-boxes while also providing consumers with on-demand, anywhere TV access. Ericsson’s new cloud DVR solution will run on all QAM and IP-based TV platforms. It is powered by the Ericsson Video Storage and Processing Platform, which enables seamless integration between legacy TV services and new cloud-based services to give viewers simplicity of content selection, immediacy of access and high quality delivery.

BID Insight Ericsson’s research department anticipates that by 2020, time spent watching on-demand and time-shifted content will reach equal levels. As viewers increasingly demand ‘anywhere access’ and time-shifted viewing, TV service providers will need to ensure they give consumers the control to record and watch live TV content anytime on the device of their choosing. Ericsson’s new Cloud DVR solution integrates and virtualizes the storage and processing capabilities of as many Commercial-Off-The-Shelf (COTS) servers as needed, which in turn provides superior performance gains and allows operators to avoid the complexities and fiscal challenges connected to launching new services. The cloud-centric solution drives functions from the home into the cloud, enabling service differentiation and new efficiencies.

2. Alcatel-Lucent Provide Telefonica with Motive CEM

Alcatel-Lucent, an IP and cloud networking firm – in conjunction with management consultancy firm, Accenture – have signed a four-year agreement with telecommunications industry leader Telefonica. Telefonica will employ Alcatel-Lucent’s Motive Customer Experience Management (CEM) software portfolio for its European and Latin American customers. The CEM technology will enable Telefonica to detect, diagnose and solve customer device complaints more efficiently, thereby reducing call resolution time. It will also allow Telefonica to provide self-care channels for customers so that they can resolve problems independently, reducing heavy dependence on call centers.

BID Insight The new contract for Alcatel-Lucent represents another recent positive development for the telecom equipment manufacturer, which only six months ago was facing major threats to its long-term success. In fact, Alcatel-Lucent had a long-term strategic vision statement in place, which it called the Shift Plan; this involved selling off its non-core assets and focusing on the business with the highest potential growth. Alcatel has nurtured and formed various partnerships such as the one with Telefonica this week that allow it to create more inclusive packages of equipment with wide distribution. There is even talk that Alcatel-Lucent could become a prospective takeover target.

3. Bit9 + Carbon Black Connect Are Joined by Active Canopy

Bit9 + Carbon Black Connect, an alliance specializing in endpoint threat protection, detection and response, have been joined this week by Active Canopy, an information security services firm, as both an incident response partner and a managed security services provider. Active Canopy is a “Connect” MSSP and IR partner, allowing it to use the newest Bit9 Carbon Black technology to provide cybersecurity to its customers. The Active Canopy team spot malicious files that can execute an attack and will now utilize Carbon Black to pinpoint each endpoint and server on which malware has appeared and disclose the complete “kill chain” of the attack. This allows responders to have enhanced visibility to see where and how the attack began and rapidly contain it.

Weekly Intelligence Digest – April 6, 2015

Top News Stories

1. China Telecom and IBM Push MobileFirst for iOS

China Telecom, China’s largest fixed-line operator and cloud provider, has formed a deal with IBM to offer and manage enterprise apps for Apple devices. China Telecom will host IBM’s MobileFirst service on its servers in the country. Initially 24 apps have been translated and additional apps will be available soon. IBM/China Telecom users will be able to deploy services from the IBM MobileFirst Platform for iOS to build, integrate and secure made-for-business enterprise apps which will be hosted on China Telecom’s cloud. Companies will also benefit from cloud-based management and security capabilities for mobile devices, applications, content and transactions.

BID Insight IBM’s Chinese strategy continues to be about forming collaborations with local companies as a result of the government’s preference towards state-run firms who use domestic tech suppliers over their foreign counterparts. Western firms have criticized the Chinese government for their repeated efforts to protect local firms, claiming such measures affect Chinese enterprises’ vulnerability to cybersecurity threats. IBM has announced that a significant part of the deal with China Telecom will involve technology sharing to help Chinese companies expand their mobility efforts. As China’s largest cloud computing service, China Telecom hosts over 70% of domestic Internet content and services. As the country sees accelerated development of mobile internet services, innovative mobile transformation has become increasingly important to Chinese enterprises; China Telecom’s deal with IBM will accelerate their ability to offer cutting edge mobile solutions for traditional companies and startups across China.

2. Incapsula Publishes Report on Dark Side of Anonymous Proxies

Incapsula, the website security firm, published a report this week that looks at the use of anonymous proxies as a source of DDoS attacks. The report reveals that up to 20% of all application layer attacks are coming from anonymous proxies and that on average, perpetrators are directing traffic from 1800 different IPs. Incapsula calls this kind of threat a “Shotgun” attack. It makes the attackers harder to trace by using a large number of open proxies, transforming a single-source denial of service (DoS) attack into a distributed one (DDos), making it much harder to prevent. The attackers gather a list of publicly available proxy servers that they find online. They then modify a DoS toolkit or homemade DoS script to deliver a batch of malicious requests dispersed through each of the harvested proxies.

BID Insight Incapsula call these kinds of attacks, “Shotgun” attacks because they produce a scattering effect similar to the small pellets from a shotgun shell being fired. However, while shotgun pellets disperse, the DoS requests narrow in on a single focus, hitting it from multiple directions thereby creating a DDoS attack. With anonymous proxies, the attack can spread across multiple geographies as well as multiple IPs, which immediately makes geo-blacklisting techniques ineffective. They represent a new type of threat, which cybersecurity firms like Incapsula are racing to understand how to mitigate.

3. Alcatel-Lucent Land 4G Deal with China Telecom and Alcatel-Lucent Launches New Optical Tech

Alcatel-Lucent has signed a 4G deal with China Telecom, allowing it to become one of the carriers three most important 4G suppliers, alongside Huawei and Nokia. ALU will help enable 4G across 12 provinces in 40 cities, including Shanghai, providing ultra-fast broadband speeds to its users. Alcatel-Lucent will supply base stations and software as part of its 9926 eNodeB solution.

Weekly Intelligence Digest – March 30, 2015

Significant Developments of the Week

1. China Unicom and Huawei to Innovate Smart Home Gateway

China Unicom, ranked as the worlds third-biggest mobile provider, has announced a new partnership between China Unicoms Research Institute and Huawei to innovate the Fiber to the Home (FFTH) smart home gateway solution, facilitating wide-spread provision of smart home services. Users will gain access to a complete program of smart home services – to include home entertainment, home security, health monitoring and home appliance control. Users who experience “Smart WO Home” will also benefit from the FTTH high speed broadband network, allowing for high efficiency and rapid speed of access.

In additional news this week, China Unicom has signed an agreement with Bridge Alliance, a group of 36 mobile operators from Asia-Pacific, Middle East and Africa, allowing it to extend its global reach.

BID Insight The partnership between Huawei and China Unicom extends the industry value chain for both companies and their end-users. Getting the most out of the home broadband business is crucial in order to retain a solid customer base and to secure new business. The FTTH network improves the service for end users through its innovation of new techniques and standards. For China Unicom, it allows the company to further diversify its access services, in line with its vision of becoming a universal information service provider with an eye on future expansion as the Internet of Things (IoT) becomes a reality.

2. Alcatel-Lucent’s Bell Labs Launches Consulting Division

Alcatel-Lucent have launched a consulting division through Bell Labs, their industrial research arm, which will advise the tech industry on the path to the network of 2020. The consulting division will apply penetrating analysis, hands-on experience and techo-economic modelling tools to some of the key challenges facing the IT and communications networking industry. The group will specialize in five key areas: the Emergence of the New Enterprise, the Rise of the Machine, the Confluence of Networks, the Move to the Edge Cloud and the Era of Cognitive Operations. The division will be headed by Alcatel-Lucent’s Cassidy Shield, who will be Managing Director. Shield previously led marketing for Alcatel-Lucent’s software business and has also been a consultant for Cap Gemini and PriceWaterhouseCoopers.

BID Insight Alcatel-Lucent is committed to applying deep STMicroelectronics and Qihoo 360 Technology. One of the key focuses of the consulting division will be helping companies consider how to take advantage of technologies that help them move forwards past previous tech limitations, encouraging providers to re-consider how they deploy and operate their networks. Some of the trends the division already predict include international demand for content on mobiles driving traffic growth thirty one-fold and metro video traffic increasing nine-fold by 2020. Bell Labs’ consulting division promises to be an important new force in predicting future tech developments, helping enterprises proactively move forwards in step with current and future changes in SDN, NFV, cloud, wireless, and other key areas.

3.  Incapsula Activates Four New Data Centers

Incapsula, an enterprise-grade, cloud-based application delivery service, announced four new data centers opening this week in Sao Paulo, Brazil; Toronto, Canada; Warsaw, Poland; and Madrid, Spain. The intention is to improve its worldwide service to clients in strategic regions in South America, North America, Eastern and Western Europe by quickening CDN speeds and increasing Incapsula’s total network throughput. Across 2014 and early 2015, Incapsula has also been concentrating on an extensive network-wide upgrade. Incapsula’s overall network capacity now surpasses 1Tbps.

BID Insight Over 2014 and for the first part of 2015, Incapsula has been making a concerted effort to expand its number of data centers. In 2014, it launched new data centers in numerous cities including Seattle, Washington; Dallas, Texas; Paris, France; and in January 2015, Incapsula launched a data center in Zurich, Switzerland. The total number of Incapsula data centers now stands at twenty-five. The extended global coverage improves Incapsula’s ability to withstand the rapidly growing threat of large-scale DDoS attacks while furthermore improving worldwide performance for Incapsula content delivery network (CDN) clients. Brazil represents Incapsula’s first point of presence (PoP) in South America.

GPON Impact On Last Mile VOD Infrastructure

GPON Wireline Innovation

  • Challenge: Last mile bandwidth limitations have been a constant bottleneck limiting end user content consumption
  • Solution: GPON  (Gigabit Passive Optical Network) provides multi-gigabit wireline connectivity to homes and businesses, efficiently, inexpensively and cost-effectively over the last mile
  • Description: GPON replaces outdated DSL, and operates over existing fiber connections. GPON works in a point-to-multipoint architecture, and does not use switching, but enables the use of many signals over a single fiber
  • Benefits:
    • Leverages existing fiber
    • GPON hardware has a smaller footprint, and supports more customers per fiber compared to PTP (point-to-point) connectivity solutions
    • Estimated hardware cost reduction of 75%+ according to Verizon
    • Favored by government institutions due to fiber optic security
    • Companies driving GPON: Verizon, Cisco, Juniper, and dozens of carriers around the world

Video Delivery   

The video delivery chain is a highway blocked by inadequate off-ramps.  Content must travel through multiple networks in order to reach the consumption stage. Streaming video severely taxes network infrastructure, burdening  first mile, middle mile, and last mile systems. Large video files and live streaming to large audiences challenge current infrastructure. The bandwidth problem can be solved in the first mile by  bigger bandwidth pipes, and in the middle mile through the use of a CDN; however, the last mile bottleneck is a huge obstacle, as upgrading millions of homes with 1Gbps connections is not currently feasible. The last mile bandwidth problem will soon be history, thanks to a new and relatively unheralded technology called GPON. GPON has the potential to revolutionize video delivery, with support for VOIP and POTS services over the same single fiber.