The Futuriom Interview: Shlomo Kramer


By: R. Scott Raynovich


Shlomo Kramer is the go-to guy if you want to start a cybersecurity company. The Israeli cybersecurity entrepreneur has founded numerous companies -- including some very large ones. He is the founder of Check Point Software Technologies Inc., Imperva, and Cato Networks, where he currently acts as the CEO. He has also been involved as an executive and a board member at Palo Alto Networks, Exabeam, Trusteer, and others.

Kramer developed his interest in technology at a young age, when he started by selling video games and personal computers. Later, Kramer served in the Israel Defense Forces, well known for its cybersecurity and intelligence acumen. Kramer worked in operations for cybersecurity analytics and decryption.

Check Point, which Kramer co-founded with Gil Shwed and Marius Nacht, was an early pioneer in the firewall market. It went public in 1996 and still trades on the NASDAQ with a market cap of $20 billion. Imperva, which was originally named WEBcohort, was founded in 2002 by Kramer, Amichai Shulman, and Mickey Boodaei. Imperva went public in 2011 on the New York Stock Exchange. The company grew through a series of acquisitions, including the 2014 acquisition of Incapsula and SkyFence. Imperva was recently acquired by private equity firm Thoma Bravo for approximately $2 billion.

Cato, Kramer's most recent venture, is focused on providing cybersecurity and software-defined wide-area networking (SD-WAN) services from the cloud. It delivers these services with software using an IP-based network in the cloud deployed through lightweight customer premises equipment (CPE) hardware and software, know as the Cato client.

Cato's model is unique in that it's one of the few SD-WAN services company that has built its own network using IP transit. Kramer has a unique take on the future of SD-WAN, including his opinionated views about why SD-WAN companies should go it alone and build their own networks. Futuriom recently caught up with Kramer on the phone, and after some followup emails, we are publishing this Q&A.

Read on, and find out where Kramer thinks the SD-WAN market is going.

Shlomo Alt2

Q: Tell us your view of the development of the software-defined wide-area networking (SD-WAN) SD-WAN market.

Kramer: SD-WAN is one element in a bigger project. That is the WAN transformation. It is taking the MPLS wide-area network and re-architecting it for the cloud and mobility.

SD-WAN is a new element. It's an edge device. It enables more flexibility in the last mile, while using regular Internet lines. But if you are replacing MPLS, you have to ask if you are providing the necessary SLAs 9 (service-level agreements) particularly for key or sensitive applications, such as with real-time applications. How do you provide remote-access? How to you integrate cloud? How do you provide optimized connectivity to your SAAS (software as a service) applications?

You need to ask: How do you do all of that with a high-level security? There are a lot of SAAS (software as a service) applications. Today, SD-WAN is an element in that. It is competitive with the telcos. Security is bundled with the service.

Q: So what you are saying is that you are competing with the telcos.

Kramer: Yes, we are competing with the telcos. Very high-end enterprises want to build it themselves. An increasingly large part of the market is looking for a managed service. So the main battle is with the telcos. You can think of us as a new type of telco. We are over the top. You can think of us as new type of carrier.

Q: Others are selling SD-WAN platforms to the telcos to partner on managed services. Is that misguided?

We really believe the model in which the service provider is the integrator is an outdated model. We want to reduce costs and make it much more affordable for the customers. We have much more agility when we don't have to rely on third parties. We are able to offer a vertically integrated solution. This allows for a much better service model. We also have a single console -- the customer is not stuck with solutions from five different vendors.

I would say that the telcos themselves understand this and they have been looking for years for a way forward. The way forward [for them] is NFV [Network Functions Virtualization] and carrier cloud. The idea there is to create a similar orchestrated cloud offering. It is a service-chaining of repurposed appliances. We are not seeing this architecture in the market. Customers do not want service-chaining of point solutions -- it’s not very different to the customer than a bundle of appliances.

Q: What's the matter with this NFV approach?

Kramer: It doesn't have the ROI [return on investment]. The telco has to pay all the vendors because they are third-party solutions. They have to pay the orchestration vendor. There is not a huge ROI. Many people have highlighted that fact. The VNF vendors also don’t like it. They don't want the telco between them and the customers. It doesn’t have full value for the customer either. The real number-one problem is with the telco bundle -- you are stuck with five different solutions and five different policies and it's impossible.

The right architecture is a vertically integrated single stack. You need to be a cloud-native carrier. It’s not only SD-WAN, but software-defined middle mile, all converged into a single cloud solution.

Q: How do you solve Inter-carrier problem -- keeping quality of service intact across different carrier networks?

Kramer: We have built 42 POPs [points of presence]. We buy IP transit from global carriers. Every POP is interconnected using multiple carrier links. Our software is able to benefit from the SLA we get from the carrier. If the SAAS instance is in Chicago and being accessed from Tokyo, traffic will go from our PoP in Tokyo to Chicago across on the best IP transit.

With IP transit and software routing you can choose the optimal route. You are able to provide very high level of SLA to the customers. Our network itself is optimized across the middle mile. Our backbone is very different from an unmanaged Internet [service].

Q: Is the goal for Cato another IPO?

Kramer: We want to build the company. We have a platform play in a $70B market. This is a standalone company. These are numbers we have used from Gartner. The majority is MPLS, which is $60 billion out of the $70 billion, and the rest is the appliances.

Q: Are you also going to offer security software in the cloud?

Kramer: Think of an organization that has several hundred sites in North America and some data centers connecting onto the Internet. They might have [multiple] security stacks and be backhauling traffic with MPLS. That architecture doesn't work anymore. For some of these organizations it means putting a firewall in all the locations, or avoiding the firewall, maybe using security as a service. That drives a lot of growth in cloud security. It is a derivative of re-architecting the wide-area network. The perimeter is dissolving and becoming more fragmented. There are also lot more end users. More devices, including cars, will need security.

Q: There seem to be a lot of point security solutions. Do you think the future is more integrated security solutions?

Kramer: In general I think creating more security widgets is not helping. The real problem is how to make security accessible to the mainstream enterprises. They don’t necessarily have the resources of the Fortune 500.

Q: Where do you think the SD-WAN and security cloud market is in five years?

Kramer: I think it is clear to most market participants that SD-WAN is a piece of a larger story.

I see several competing roadmaps. One, embedding SD-WAN into a router. This is Cisco’s direction. Second, integrating SD-WAN and security at the edge. This is Fortinet’s direction. Third, integrating SD-WAN from the data center to the branch. This is VMware’s direction. The common thread is that these approaches bolt SD-WAN into existing architectures. They don't address the broader transformation needed to support globalization, cloud-first, and mobile-centric business needs.

This is Cato’s vision. We propose a re-architecture of the WAN to address the needs of the modern enterprise across all of these dimensions. Stop the piling up of point-solution-for-every-need and go for a holistic architecture that accommodates your needs today and in the future. Cato wants to transform networking and security in the same way AWS transformed compute and storage. We find a growing number of enterprises open to embrace our vision of IT -- it is simple, affordable, and powerful.

Q: What's next for Cato?

Kramer: We will continue to be innovative. We have a long list of amazing capabilities, including self-healing networks and identity-based routing. We have scaled the networks. We are adding three to four POPs every quarter. We are marching up the size of customers. Last quarter we signed up a customer with 1,000 sites.