Is CATO too much for a small shop?

We have a small office of 17 employees and have shifted from on prem file server and firewall to M365 and will be decommissioning the on prem stuff by years end.

Looking at CATO for our firewall solution moving forward and to help cover my users who TW, or while on the road.

Seems like a solid solution but pricey and kinda overkill feature wise for what I feel we need. However, what do you all think? Also looked at CORO and it feels the opposite end of the spectrum so kind of still looking.

What are you trying to accomplish with these if all you use is M365? Get a Fortigate 60F for the office and a good MDM for your mobile workforce.

If you are going full remote, MDM.

So one of the rationale for CATO (or similar) is not needing to activate VPN when working outside of the office since all our services are cloud anyways. Plus if the office burns down/loses power/etc we are still G2G since it’s cloud based. CATO did have an on prem device to cover the office network just didn’t require us to connect through it remotely for our coverage. Again this isn’t my area of expertise and I have been working with a network vendor and this is what they are pitching.

Think most people are leaning towards higher quality endpoint solutions rather than trying to tackle distributed security with a distributed firewall.

It’s not really overkill per se. It’s a set cost per user. I’m however surprised that they sell to such low amounts of users.

Probably easier to get started with something like Cloudflare Zero Trust as you can test with free users for a while and then buy just as many as you need.

If you are decomissioning on prem completely and don’t need the VPN features, then perhaps you could argue for an overkill unless they sell the web portion separately. Cloudflare/Cisco Umbrella are fast to set up for the Web only part.

I guess the goal here is a cloud firewall solution to replace my on prem one (NSA2600) that gave us the extra layer of security and ability to monitor and limit traffic / sites. We do conferences in hotels so that seems like another good reason. Otherwise we are just running Windows Defender, we don’t control our users networks when they TW, and it’s seems like that’s not enough. Honestly though I’m no expert in this area hence my questioning.

Can you elaborate on this? What higher quality endpoint solutions?

You can use Cisco Umbrella for that, and then just keep a small firewall at the office because you still need a firewall at a physical location.

Like crowdstrike or defender for endpoint. Usually combo of endpoint + EDR to tackle more advanced threats.

Can CS or Defender do things like In-Line CASB and web filtering?

What local web filtering software do you recommend? Can they do https decryption and in line casb?

Yes you can do filtering and it actually works since the endpoint knows what hostname the OS just called for.

Defender integrates neatly with conditional access.

Not sure what all you are trying to get out of a CASB in your scenario. Visibility to unmanaged services?

Cloudflare and ZScaler are the two biggest when it comes to endpoint based web filtering and tunneling (zero trust stuff). And yes they can both do HTTPS decryption. With CASB I’m not sure of, we use the one built into Defender for Endpoint, but I do know Cloudflare has an option (for customers on enterprise plans) and ZScaler probably has something, but I’m less familiar with their products.

I’m trying to use CASB to restrict users to only log in to my companies office 365 tenant and block other tenants as well as personal outlook accounts. Is that something for CrowdStrike or Defender?

So EDR paired with a SASE solution like Cato is probably a good fit??