AIT Partnership Group Ltd

Cato Secure SD-WAN as a Service

Secure, global SD-WAN, delivered as a service, replaces your MPLS leased lines with a low latency private backbone in the Cloud. Last Mile and WAN security is provided in the Cloud enabling secure direct internet access, SLA-backed connectivity, and seamless extension of the WAN to branches, datacenters and mobile users.


  • Global , SLA-backed, SD-WAN backbone in private Cloud.
  • 30 PoPs worldwide, interconnected with tier-1 global IP Transit providers,
  • Full network security stack: firewall, web gateway, anti-malware , IPS
  • Network and security policies configured in cloud management application.
  • Policy-based routing and transport agnostic overlay
  • Optimises Last Mile links between the customer edges and PoPs
  • Optimises Middlle Mile on the Private Cloud global backbone.


  • Eliminate MPLS leased lines and asscoiated cost, complexity and risk
  • Streamline networking and security infrastructure
  • Eliminate need for branch security appliances and other security services
  • Connect physical locations, data centres, cloud infrastructure, and mobile users.
  • Eliminate need to backhaul traffic
  • Optimisation maximizes throughput by controlling packet flow end to end


£100 to £1000 per licence per year

  • Education pricing available

Service documents

G-Cloud 10


AIT Partnership Group Ltd

Mr Steven Bailey


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Using a combination of a high quality Internet last mile and the SD-WAN Cloud service customers can replace MPLS.The SD-WAN Private Cloud Cato Cloud is strategically deployed to accelerate access to key cloud application like Amazon AWS, Microsoft Azure and Office 365.
Cloud deployment model Hybrid cloud
Service constraints No known constraints
System requirements
  • Network and security equipment securely tunnels to Private Cloud
  • Secure Tunneling via an SD-WAN device for physical locations.
  • Cloud datacenters integrated via tunnel to VPN Gateway
  • Client endpoint software conects laptops, tablets and smartphones

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Variable SLA depending on contract
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Variable and flexible SLA dependent on contract
standard 9-5.30 Monday to Friday (excluding Bank Holidays) 4 hr response telephone support is included in contract cost

on site support next business day is 15%
24/7 4 hour response is 25%
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started All methods of training can be provided including; onsite training, online training, or user documentation.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data can be provided in a number of formats
End-of-contract process Tbc

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices No
Accessibility standards WCAG 2.0 A
Accessibility testing Unknown
Customisation available No


Independence of resources The WAN links have been developed using SLA backed private circuits and Tier 1 carriers with dedicated POPs at a cost of over $150 million


Service usage metrics Yes
Metrics types Security and WAN bandwidth use metrics
Reporting types
  • API access
  • Real-time dashboards


Supplier type Reseller providing extra support
Organisation whose services are being resold Cato Networks

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency Never
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Data is exported via reports
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks The service provides a full cloud-based network security stack to secure all WAN and Internet traffic. Last Mile access can be provided in a number of ways with all security managed in the cloud.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability WAN links are SLA backed - contracts and terms will vary depending on contract type, region and service
Approach to resilience A resilient Global Backbone has been developed at a cost of over $150 million, more details available on request
Outage reporting A public dashboard
email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
Access restrictions in management interfaces and support channels Tbc
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes GDPR, ISO27001 , Cyber Essentials

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All changes made to our internal systems must first be approved by our senior management team before being thoroughly test. When the acceptance criteria has been met the change will be implemented.

All perimeter appliances are regularly tested for vulnerabilities. Updated firmware and security patches are implements to all perimeter and internal appliances as appropriate.

Our security appliances have proprietary software that will detect any unauthorized activities and notify our systems manager.

Incident management is handled using our Ticketing / CRM system
Vulnerability management type Undisclosed
Vulnerability management approach All perimeter appliances are regularly tested for vulnerabilities. Updated firmware and security patches are implements to all perimeter and internal appliances as appropriate and when advised by the vendor. Information in relation to potential threats is gathered from vendor websites.
Protective monitoring type Undisclosed
Protective monitoring approach With full visibility of the traffic flowing through the Cato Cloud, Cato Research Labs can identify emerging threats at any given customer and proactively deploy countermeasures to protect all customers.
Incident management type Undisclosed
Incident management approach Cato agile cloud software is constantly and seamlessly updated to incorporate the most up-to-date defense against emerging threats
Cato’s global Network and Security Operations Center, manned by network and security experts, augment your IT teams with crucial network management and network security skills to ensure your business remains connected and secured 24/7/365
Predefined processes provide immediate response to automated incident reports or online reports. Incident reports are delivered on line

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £100 to £1000 per licence per year
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑