Cato Networks can now incorporate user identity into its SD-WAN policies. This gives network operators and administrators more options to align network policies with business outcomes.
Administrators can now use data points such as a user’s role, group, or department around which to build SD-WAN rules.
The company says this enables more fine-grained policy options. For instance, most SD-WAN vendors can recognize a real-time communication app such as voice or video and prioritize it. With identity, administrators can set more granular rules such that, for example, voice calls from the sales team get the highest priority in the organization.
The goal is to better align network policies with business outcomes; i.e., ensure that customer calls are of the highest available quality. (Note that Cato can’t distinguish between a call from a customer and a non-business related call. The prioritization policy is based on user role or department, not the call source or content.)
Cato Networks gets user identities by syncing with a customer’s Active Directory or LDAP database, or when a customer logs in to Cato’s own mobile agent. The user’s identity then feeds into the policy management engine.
Cato says customers can set policies down to the individual user, but recommends sticking to policies based on roles, teams, or departments.
Besides finer-grained policies, Cato says this identity feature provides more visibility for IT into how departments and teams use network resources. This visibility can inform chargeback, capacity planning, and other internal functions.
The base capabilities of SD-WAN have coalesced around certain features: the ability to identify applications, the ability to to send different applications over different links based on a combination of internal policies and link performance, and the ability to set and manage policies from a single controller.
With these base features defined and generally available from every SD-WAN solution, vendors are looking for ways to distinguish themselves.
Identity is one option. Part of the value of SD-WAN is that it can help better align network policies with business outcomes, and using identity to help inform policy extends that value.
I’m curious to see if other SD-WAN vendors also adopt this capability.
Cato’s identity-aware routing feature is available now.