Cato competes for OT budgets
Cato Networks
This pushes Cato into a bigger pool of infrastructure spend, not just security spend. OT and IoT projects are often bought by plant operations, facilities, and clinical engineering teams that pay for industrial firewalls, segmentation gear, and monitoring tools to protect factory equipment, medical devices, and building systems. By making OT discovery, policy, and threat prevention native inside SASE, Cato can attach that budget to the same rollout that already replaces branch networking and firewall hardware.
-
The product motion matters. Cato launched IoT and OT security in December 2024 as a native feature that can be turned on without new hardware or software. That changes the buying process from adding another appliance in an industrial network to activating another module in an existing platform contract.
-
The incumbent set is different from classic SASE rivals. In OT, buyers have historically used specialists like Claroty, Nozomi, Dragos, and Armis, or industrial firewalls and gateways, because these environments run unmanaged devices and industrial protocols that standard IT tools were not built to inspect. Winning here gives Cato access to budgets tied to plant uptime and safety, not just laptop and SaaS protection.
-
This also strengthens Cato's land and expand model. Internal research shows customers can start with SD-WAN and NGFW, then add ZTNA, XDR, IoT and OT security, DEM, and AI policy modules over time. Each added workload raises ARR per site without forcing a separate vendor search or a new box deployment.
The next step is for Cato to make OT and internal network protection feel like standard parts of the branch stack. The March 2026 rollout of LAN side IPS points in that direction. If Cato keeps pulling east west traffic, industrial assets, and AI controls into one control plane, it can keep shifting spend from fragmented operations tools into a single network security contract.