Cato Networks

Cato Networks was founded in Tel Aviv in 2015 by Shlomo Kramer and Amit Segal. Shlomo Kramer is one of the most decorated serial founders in Israeli cybersecurity: he co-founded Check Point Software Technologies in 1993 alongside Gil Shwed and Marius Nacht, and later co-founded Imperva in 2002, where he served as CEO until 2014. Amit Segal, who held the CTO role in the company's early years and later became CEO, brought deep networking infrastructure expertise that became the technical backbone of the platform.

Cato Networks is headquartered in Tel Aviv, with its principal engineering and product operations centered there. The company also maintains significant go-to-market offices in the United States, primarily in Boston, Massachusetts, as well as commercial presences in London and Singapore to serve European and Asia-Pacific enterprise customers. The Tel Aviv headquarters houses the majority of R&D, security research, and platform engineering functions.

Cato Networks remains a private company. Its most recent publicly disclosed funding round was a Series G in December 2022, which raised $238 million and valued the company at $3 billion. Total cumulative funding exceeds $770 million across all rounds. Key investors include Lightspeed Venture Partners, Greylock Partners, Aspect Ventures, and Singtel Innov8. No S-1 filing with the U.S. Securities and Exchange Commission had been confirmed as of late 2025, though industry analysts have noted an IPO remains a plausible near-term outcome given the ARR trajectory.

The company employs approximately 1,000 people globally, with roughly 500 based in Israel performing R&D, product, and platform operations roles. The remaining workforce is distributed across North America, Europe, and Asia-Pacific, predominantly in sales, customer success, and marketing functions. Hiring in Israel has remained active through 2023 and 2024, with a particular focus on networking engineers and machine learning researchers.

The core product is a cloud-native SASE (Secure Access Service Edge) platform that converges SD-WAN networking with a full security stack — including NGFW, SWG, CASB, and ZTNA — delivered as a single, globally distributed cloud service through approximately 85 Points of Presence (PoPs) worldwide. The single most significant event of the past 12 months was Cato's announcement in 2024 that its ARR (Annual Recurring Revenue) had surpassed $200 million, positioning it as one of the fastest-growing companies in the SASE category globally.

Cato Networks is not a subsidiary of any parent company; it operates as an independent private corporation with Israeli founders, Israeli-led R&D, and a global commercial footprint.

The primary product line is the Cato SASE Cloud, a unified cloud service that combines Cato SD-WAN, Cato SSE 360 (Security Service Edge), and a proprietary threat-intelligence engine. All traffic — whether from branch offices using Cato Sockets, remote users using the Cato Client, or cloud workloads — is routed through the nearest PoP, where both networking optimization and security inspection occur simultaneously. This single-pass architecture is central to the company's performance claims.

The problem Cato addresses is the operational and security complexity that arises when enterprises manage separate networking and security stacks across dozens or hundreds of locations. Legacy WAN architectures based on MPLS circuits force traffic through central data centers, creating bottlenecks for SaaS applications like Salesforce and Microsoft 365. Simultaneously, point-product security stacks — discrete firewalls, VPN concentrators, web proxies — create visibility gaps and require specialized staff to operate. Cato replaces all of this with a single cloud service.

Cato's primary buyers are mid-market and enterprise organizations with between 500 and 10,000 employees, operating across industries including financial services, healthcare, manufacturing, retail, and logistics. The principal buyer persona is the CISO or VP of IT Infrastructure, typically at a company that is modernizing its WAN and security posture simultaneously. Cato's value proposition resonates particularly strongly with organizations that have been burned by managing multi-vendor complexity and want a single throat to choke.

The company sells primarily through a direct, sales-led motion with a globally distributed team of Account Executives supported by Sales Engineers. In parallel, Cato operates an extensive channel partner program encompassing MSSPs (Managed Security Service Providers) and global systems integrators including Orange Business Services, Dimension Data, and BT. Channel partners account for a meaningful proportion of new bookings, especially in EMEA and APAC regions where direct field coverage is thinner.

Cato's pricing model is not fully disclosed publicly, but customer and analyst reports indicate a subscription model billed annually, with per-seat pricing for mobile users (the Cato Client) and bandwidth-based pricing for site connectivity (Mbps per Cato Socket). No free tier or community edition is offered. Enterprise contract sizes reportedly range from $100,000 to several million dollars annually depending on user count and site footprint.

Cato's technical moat rests on several concrete pillars. First, the platform was built entirely from scratch as a cloud service — it has not been assembled through acquisitions of disparate products, unlike many competitors. Second, its global PoP network uses a proprietary anycast routing protocol that Cato has patented, enabling deterministic low-latency routing for enterprise traffic. Third, the threat-detection engine processes billions of traffic flows daily across all customer tenants, enabling cross-customer threat intelligence that improves detection accuracy as the network scales.

The engineering organization in Tel Aviv works daily with Go and C++ for high-performance networking components, Python and PyTorch for the machine-learning threat detection models, Kubernetes for container orchestration across the PoP infrastructure, and ClickHouse for high-throughput analytics ingestion. The Cato Socket device firmware is built on a hardened Linux kernel with custom networking drivers optimized for sub-millisecond failover.

The Cato SASE Cloud is the flagship product, delivering converged networking and security from a single cloud platform. It includes site connectivity via Cato Sockets, remote user access via the Cato Client application (available for Windows, macOS, iOS, and Android), cloud resource access for AWS, Azure, and GCP workloads, and a full security stack encompassing NGFW with application-aware inspection, IPS with over 20,000 signatures, anti-malware powered by multiple engines, and DNS security. All of this is managed through the Cato Management Application, a single web-based console that provides unified policy, monitoring, and analytics.

Cato SSE 360 was formally introduced in 2022 as a modular entry point for organizations that want to start with security transformation rather than WAN modernization. SSE 360 includes SWG for internet access control, CASB for sanctioned and unsanctioned SaaS visibility, ZTNA for zero-trust application access, and FWaaS for cloud-based network firewall capabilities. The "360" designation refers to the full-traffic visibility the product provides — including encrypted traffic inspection — which Cato claims differentiates it from competitors that only inspect a subset of flows.

The Cato Socket is the edge CPE (Customer Premises Equipment) device that physically connects branch offices to the Cato SASE Cloud. It is available in multiple hardware models — X1500, X1700, and X2000 — differentiated by throughput capacity (from 100 Mbps to multiple Gbps). The Socket is zero-touch provisioned and managed entirely through the Cato Management Application; it supports dual-WAN with automatic failover in under a second.

Cato XDR (Extended Detection and Response) was announced in 2023 as a native expansion of the platform's detection capabilities. Rather than integrating with a third-party XDR product, Cato built threat-hunting and incident-response workflows directly into the SASE platform, leveraging the same telemetry already collected from all network flows. In 2024, Cato extended the platform further by adding EPP (Endpoint Protection Platform) capabilities, enabling customers to protect endpoint devices through the same console that manages their SASE policy.

Cato does not appear to have sunset any major product to date; the platform has grown additively. The Cato SASE Cloud is listed on both the AWS Marketplace and the Microsoft Azure Marketplace, enabling procurement through cloud committed-spend agreements. Cato holds SOC 2 Type II certification, ISO 27001 certification, and ISO 27017 certification for cloud security. The company has also achieved GDPR compliance certification and, as of 2024, was reported to be pursuing FedRAMP authorization to enter the U.S. federal government market.

Cato's most direct competitor is Zscaler, listed on NASDAQ under ticker ZS, which reached over $2.1 billion in ARR for its fiscal year ending July 2024. Zscaler's architecture is fundamentally proxy-based, which gives it strong data-inspection capabilities but creates separation between the security and networking layers. Cato argues that its single-stack architecture delivers better performance and simpler operations for organizations that need both SD-WAN and security transformation simultaneously, rather than bolting them together post-hoc.

Palo Alto Networks (NASDAQ: PANW) competes through its Prisma SASE offering, which was assembled in part through the $420 million acquisition of CloudGenix in 2020 for SD-WAN and the earlier acquisition of Demisto for SOAR. Palo Alto's brand strength and existing relationships with large enterprise security teams give it an advantage in accounts above 10,000 seats. Cato competes most effectively against Palo Alto in mid-market accounts where customers are starting fresh rather than extending existing Palo Alto investments.

Fortinet competes with FortiSASE and its Secure SD-WAN offering, built on top of its FortiGate hardware appliance line. Fortinet has strong penetration in SMB and mid-market accounts where price sensitivity is high, and its hardware-centric model gives it an installed base advantage in branch offices. Cato differentiates from Fortinet by offering a fully cloud-native service with no on-premises security hardware required beyond the Socket CPE.

Netskope is a fourth significant competitor, privately valued at $7.5 billion following its 2023 funding round, with particular strength in CASB and data security for SaaS-heavy enterprises. Netskope competes with Cato on SSE deals where the primary driver is data-loss prevention and cloud application governance rather than WAN modernization.

In Gartner's Single-Vendor SASE Magic Quadrant for 2023, Cato Networks was positioned as a Challenger, while Zscaler and Palo Alto Networks held Leader positions. In 2024, Cato announced it had been elevated to the Leaders quadrant by Gartner — a meaningful recognition that the platform had reached the breadth and customer-satisfaction thresholds required for that designation. Cato's pricing is mid-to-premium: more expensive than Fortinet's hardware-bundled SASE but more accessible than Zscaler's large-enterprise pricing for comparable feature sets.

Publicly disclosed customer wins include Carlsberg Group, Coca-Cola FEMSA, and several global manufacturing and logistics companies cited in official press releases and case studies between 2021 and 2024. The overall trajectory for Cato is one of accelerating growth: crossing $200 million ARR in 2024 while the overall SASE market is projected by Gartner to reach $25 billion by 2027. Cato has not made any acquisitions of other companies as of late 2025, growing entirely organically.

Cato Networks occupies its principal offices in Tel Aviv, situated in the commercial district near the Azrieli Center area — one of the densest clusters of cybersecurity and enterprise software companies in Israel. The Tel Aviv office serves as the company's global headquarters and the operational center of its engineering, product, research, and finance functions. No secondary R&D office in another Israeli city has been publicly confirmed, though the company has explored options in Herzliya's technology park given the talent concentration there.

Of approximately 1,000 total employees worldwide, roughly 500 are based in Israel. In Israel, the dominant functions are R&D (platform engineering, networking, cloud infrastructure), security research (threat intelligence, vulnerability research), data science and ML engineering, product management, and UX/design. Go-to-market functions — field sales, customer success, demand generation — are weighted toward North America and EMEA, though a local Israel sales team serves regional and multinational accounts operating out of Israel.

Cato expanded its Tel Aviv office footprint in 2023 to accommodate continued hiring growth, particularly in ML engineering and security research. Unlike many Israeli tech companies that announced headcount reductions in 2022–2023 during the post-ZIRP correction, Cato did not publicly announce any layoffs during this period, a reflection of its ARR growth trajectory and strong investor backing. The company's Israel headcount has grown net-positively over the 24-month window through late 2025.

Both founders are Israeli. Shlomo Kramer served in IDF Unit 8200 during his military service, and the network of Unit 8200 alumni — along with alumni of Unit 81, Mamram, and the IDF's C4I Directorate — constitutes a primary hiring pipeline for Cato's technical staff. Many of the company's senior engineers and researchers have backgrounds in signals intelligence and offensive cyber operations, which feeds directly into the depth of the threat-intelligence capabilities embedded in the Cato SASE Cloud.

Typical roles hired in Israel include Backend Engineers (Go, C++), Network Engineers with deep BGP and routing protocol expertise, Security Researchers with experience in threat hunting and malware analysis, ML/Data Science Engineers for anomaly detection models, Senior Product Managers with SASE or networking domain knowledge, DevOps and SRE engineers for the globally distributed PoP infrastructure, and QA Automation Engineers. Engineering roles in Israel often require candidates with IDF unit backgrounds in technology or intelligence, as the vetting process benefits from that common professional language.

Among notable investors with Israeli connections, Greylock Partners has a dedicated Israeli investment arm. Glilot Capital Partners — co-founded and advised by Shlomo Kramer himself — is a Tel Aviv-based cybersecurity-focused venture fund that, while not a direct investor in Cato, shares portfolio relationships and deal-flow with many of the same angels and co-investors who backed Cato's early rounds. Kramer's dual role as a founder-investor and active board member of Glilot places Cato at the center of Israel's cybersecurity ecosystem, generating access to talent, customer introductions, and co-investor relationships that reinforce the company's position in the Israeli technology landscape.