Enterprises in the private sector look to the US federal government for cybersecurity best practices. The US CISA (Cybersecurity & Infrastructure Security Agency) issues orders...
How Long Before Governments Ban Use of Security Appliances? Enterprises in the private sector look to the US federal government for cybersecurity best practices. The US CISA (Cybersecurity & Infrastructure Security Agency) issues orders and directives to patch existing products or avoid use of others. The US NIST (National Institute of Standards and Technology) publishes important documents providing detailed guidance on various security topics such as its Cybersecurity Framework (CSF).
CISA and NIST, like their peer government agencies in the world, have dedicated teams of experts tasked with quantifying the risks of obsolete security solutions and discovered vulnerabilities, and the urgency of safeguarding against their exploitation. Such agencies do not exist in the private sector. If you are not a well-funded organization with an established team of cyber experts, following the government’s guidance is both logical and effective.
What you should do vs what you can do
Being aware of government agencies guidance on cyber security is extremely important. Awareness, however, is just one part of the challenge. The second part, usually the much bigger part, is following their guidance. Instructions, also referred to as ‘orders’ or ‘directives,’ to update operating systems and patch hardware products arise on a weekly basis, and most enterprises, both public and private, struggle to keep up.
Operating systems like Windows and macOS have come a long way in making software updates automatic and simple to deploy. Many enterprises have their computers centrally managed and can roll out a critical software update in a matter of hours or days.
Hardware appliances, on the other hand, are not so simple to patch. They often serve as critical infrastructure so IT must be careful about disrupting their operation, often delaying until a weekend or holiday. Appliances such as routers, firewalls, secure web gateways (SWG) and intrusion prevention systems (IPS) have well-earned reputations of being extremely ‘sensitive’ to updates. Historically, they do not continue to operate the same after a patch or fix, leading to lengthy and frustrating troubleshooting, loss of productivity and heightened risk of attack. The challenge in rapidly patching appliances is known to governments as it is known to cyber attackers. Those appliances, often (mis)trusted as the enterprise perimeter security, are effectively the easy and preferred way for attackers to enter an enterprise.
[boxlink link="https://www.catonetworks.com/resources/cato-networks-sase-threat-research-report/"] Cato Networks SASE Threat Research Report H2/2022 | Get the Report [/boxlink]
The CISA KEV Catalog – Focus on what’s important
Prioritization has become a necessity as most enterprises can’t really spend their resources in continuous patching cycles. The US CISA’s Known Exploited Vulnerability (KEV) catalog which mandates the most critical patches for government organizations, helps enterprises in the private sector know where to focus their efforts.
The KEV catalog also exposes some important insights worth paying attention to. Cloud-native security vendors such as Imperva Incapsula, Okta, Cloudflare, Cato Networks and Zscaler don’t have a single record in the database. This is because their solution architecture allows them to patch and fix vulnerabilities in their ongoing service, so enterprises are always secured.
Hardware vendors, on the other hand, show a different picture. As of September of 2023, Cisco has 65 records, VMware has 22 records, Fortinet has 11 records, and Palo Alto Networks has 4 records.
Cyber risk analysis and the inevitable conclusion
CISA’s KEV is just the tip of the iceberg. Going into the full CVE (Common Vulnerabilities and Exposures) database shows a much more concerning picture.
FortiOS, the operating system used across all of Fortinet’s NGFWs has over 130 vulnerabilities associated with it, 31 of which disclosed in 2022, and 14 in the first 9 months of 2023. PAN-OS, the operating system in Palo Alto Networks’ NGFWs has over 150 vulnerabilities listed. Cisco ASA, by the way, is nearing 400. For comparison, Okta, Zscaler and Netskope are all in the single-digit range, and as cloud services, are able to address any CVE in near-zero time, and without any dependency on end customers.
Since most enterprises lack the teams and expertise to assess the risk of so many vulnerabilities and the resources to continuously patch them, they are forced by reality to leave their enterprises exposed to cyber-attacks.
The risk of trusting in appliance-based security vs. cloud-based security is clear and unquestionable. It is clear when you look at CISA’s KEV and even clearer when you look at the entire CVE database.
All of this leads to the inevitable conclusion that at some point, perhaps not too far ahead in the future, government agencies such as the US NIST and CISA will recommend against or even ban appliance-based security solutions.
Some practical advice
If you think the above is a stretch, just take a look at Fortinet’s own analysis of a recent vulnerability, explicitly stating it is targeted at governments and critical infrastructure: https://www.fortinet.com/blog/psirt-blogs/analysis-of-cve-2023-27997-and-clarifications-on-volt-typhoon-campaign.
Security appliances have been around for decades, and yet, the dream of a seamless, frictionless, automatic and risk-free patching for these products never came true. It can only be achieved with a cloud-native security solution.
If your current security infrastructure is under contract and appliance-based, start planning how you are going to migrate from it to a cloud-native security at the coming refresh cycle.
If you are refreshing now or about to soon, thoroughly consider the ever-increasing risk in appliances.
November 23, 2023
6m read
New applications emerge at an almost impossible to keep-up-with pace, creating a constant challenge and blind spot for IT and security teams in the form...
November 23, 2023
6m read
Cato Application Catalog – How we supercharged application categorization with AI/ML New applications emerge at an almost impossible to keep-up-with pace, creating a constant challenge and blind spot for IT and security teams in the form of Shadow IT. Organizations must keep up by using tools that are automatically updated with latest developments and changes in the applications landscape to maintain proper security.
An integral part of any SASE product is its ability to accurately categorize and map user traffic to the actual application being used. To manage sanctioned/unsanctioned applications, apply security policies across the network based on the application or category of applications, and especially for granular application controls using CASB, a comprehensive application catalog must be maintained.
At Cato, keeping up required building a process that is both highly automated and just as importantly, data-driven, so that we focus on the applications most in-use by our customers and be able to separate the wheat from the chaff.In this post we’ll detail how we supercharged our application catalog updates from a labor-intensive manual process to an AI/ML based process that is fully automated in the form of a data-driven pipeline, growing our rate of adding new application by an order of magnitude, from tens of application to hundreds added every week.
What IS an application in the catalog?
Every application in our Application Catalog has several characteristics:
General – what the company does, employees, where it’s headquartered, etc.
Compliance – certifications the application holds and complies with.
Security – features supported by the application such as if it supports TLS or Two-Factor authentication, SSO, etc.
Risk score – a critical field calculated by our algorithms based on multiple heuristics (detailed here later) to allow IT managers and CISOs focus on actual possible threats to their network.
Down to business, how it actually gets done
We refer to the process of adding an application as “signing” it, that is, starting from the automated processes up to human analysts going over the list of apps to be released in the weekly release cycle and giving it a final human verification (side note: this is also presently a bottleneck in the process, as we want the highest control and quality when publishing new content to our production environment, though we are working on ways to improve this part of the process as well).
As mentioned, first order of business is picking the applications that we want to add, and for that we use our massive data lake in which we collect all the metadata from all traffic that flows through our network.We identify these by looking at the most used domains (FQDNs) in our entire network, repeating across multiple customer accounts, which are yet to be signed and are not in our catalog.
[boxlink link="https://catonetworks.easywebinar.live/registration-everything-you-wanted-to-know-about-ai-security"] Everything You Wanted To Know About AI Security But Were Afraid To Ask | Watch the Webinar [/boxlink]
The automation is done end-to-end using “Shinnok”, our in-house tool developed and maintained by our Security Research team, taking the narrowed down list of unsigned apps Shinnok begins compiling the 4 fields (description, compliance, security & risk score) for every app.
Description – This is the most straightforward part, and based on info taken via API from Crunchbase
Compliance – Using a combination of online lookups and additional heuristics for every compliance certification we target; we compile the list of supported certifications by the app.For example by using Google’s query API for a given application + “SOC2”, and then further filtering the results for false positives from unreliable sources we can identify support for the SOC2 compliance.
Security – Similar to compliance, with the addition of using our data lake to identify certain security features being used by the app that we observe over the network.
Risk Score – Being the most important field, we take a combination of multiple data points to calculate the risk score:
Popularity: This is based on multiple data points including real-time traffic data from our network to measure occurrences of the application across our own network and correlated with additional online sources. Typically, an app that is more popular and more well-known poses a lower risk than a new obscure application.
CVE analysis: We collect and aggregate all known CVEs of the application, obviously the more high-severity CVEs an application has means it has more opening for attackers and increases the risk to the organization.
Sentiment score: We collect news, mentions and any articles relating to the company/application, we then build a dataset with all mentions about the application.We then pass this dataset through our advanced AI deep learning model, for every mention outputting whether it is a positive or negative article/mentions, generating a final sentiment score and adding it as a data point for the overall algorithm.
Distilling all the different data points using our algorithms we can calculate the final Risk Score of an app.
WIIFM?
The main advantage of this approach to application categorization is that it is PROACTIVE, meaning network administrators using Cato receive the latest updates for all the latest applications automatically. Based on the data we collect we evaluate that 80% - 90% of all HTTP traffic in our network is covered by a known application categorization.Admins can be much more effective with their time by looking at data that is already summarized giving them the top risks in their organization that require attention.
Use case example #1 – Threads by Meta
To demonstrate the proactive approach, we can take a look at a recent use case of the very public and explosive launch of the Threads platform by Meta, which anecdotally regardless of its present success was recorded as the largest product launch in history, overtaking ChatGPT with over 100M user registrations in 5 days.In the diagram below we can see this from the perspective of our own network, checking all the boxes for a new application that qualifies to be added to our app catalog. From the numbers of unique connections and users to the numbers of different customer accounts in total that were using Threads.
Thanks to the automated process, Threads was automatically included in the upcoming batch of applications to sign. Two weeks after its release it was already part of the Cato App Catalog, without end users needing to perform any actions on their part.
Use case example #2 – Coverage by geographical region
As part of an analysis done by our Security Research team we identified a considerable gap in our coverage of application coverage for the Japanese market, and this coincided with feedback received from the Japan sales teams on lacking coverage.Using the same automated process, this time limiting the scope of the data from our data lake being inputted to Shinnok only from Japanese users we began a focused project of augmenting the application catalog with applications specific to the Japanese market, we were able to add more than 600 new applications over a period of 4 months.
Following this we’ve measured a very substantial increase in the coverage of apps going from under 50% coverage to over 90% of all inspected HTTP traffic to Japanese destinations.
To summarize
We’ve reviewed how by leveraging our huge network and data lake, we were able to build a highly automated process, using real-time online data sources, coupled with AI/ML models to categorize applications with very little human work involved.The main benefits are of course that Cato customers do not need to worry about keeping up-to-date on the latest applications that their users are using, instead they know they will receive the updates automatically based on the top trends and usage on the internet.
November 16, 2023
5m read
In the ever-evolving landscape of cybersecurity, the line between the defenders and attackers often blurs, with skills transferable across both arenas. It’s a narrative not...
November 16, 2023
5m read
From Shadow to Guardian: The Journey of a Hacker-Turned Hero In the ever-evolving landscape of cybersecurity, the line between the defenders and attackers often blurs, with skills transferable across both arenas. It’s a narrative not unfamiliar to many in the cybersecurity community: the journey from black hat to white hat, from outlaw to protector.
In the 15th episode of Cato Networks’ Cyber Security Master Class, hosted by Etay Maor, Senior Director of Security Strategy, we had the privilege of witnessing such a transformative story unfold.
Hector Monsegur, once known in the darker corners of the internet, shared his gripping journey of becoming one of the good guys – a white hat hacker. Monsegur is a former Lulzsec hacker group leader Sabu and currently serves as director of research at Alacrinet.
His story is not just one of redemption but is a beacon of invaluable insights into the complex cybersecurity landscape.
The Allure of the Abyss
Monsegur’s tale began in the abyss, the place where many black hat hackers find a home. Drawn by the allure of challenge and the thrill of breaking into seemingly impregnable systems, Monsegur recounted his early days of cyber mischief. Like many others in his position, it wasn’t greed or malice that fueled his journey; it was curiosity and the quest for recognition in a community that celebrates technical prowess.
However, as he emphasized in his conversation with Maor, the actions of black hat hackers have real-world consequences. They affect lives, destroy businesses, and even threaten national security. It was this realization, alongside consequential run-ins with the law, that marked the turning point in Monsegur’s life.
[boxlink link="https://catonetworks.easywebinar.live/registration-becoming-a-white-hat"] Becoming a White Hat : An interview with a former Black Hat | Watch the Webinar [/boxlink]
Crossing the Chasm
The transition from black hat to white hat is more than just a title change – it’s a complete ideological shift. For Monsegur, the journey was fraught with challenges. Rebuilding trust was one of the significant hurdles he had to overcome. He had to prove his skills could be used for good, to defend and protect, rather than to disrupt and damage.
It was through this difficult transition that Monsegur highlighted the importance of opportunity. Many black hats lack the channel to pivot their skills into a legal and more constructive cybersecurity career. Monsegur’s case was different. He was presented with a chance to help government agencies fend off the kind of attacks he once might have initiated, turning his life around and setting a precedent for other reformed hackers.
A Valuable Perspective
One of the most compelling takeaways from the interview was the unique perspective that former black hats bring to the table. Having been on the other side, Monsegur understands the mindsets and tactics of cyber attackers intrinsically. This insider knowledge is invaluable in anticipating and mitigating attacks before they happen.
In his white hat role, Monsegur has been instrumental in helping organizations understand and fortify their cyber defenses. His approach goes beyond traditional methods – it’s proactive, driven by an intimate knowledge of how black hat hackers operate.
The White Hat Ethos
Becoming a white hat hacker is not merely a career change; it is an ethos, a commitment to using one’s skills for the greater good. Monsegur emphasized the satisfaction derived from protecting people and institutions from the threats he once posed. This fulfillment, according to him, surpasses any thrill that black hat hacking ever offered.
In his dialogue with Maor, Monsegur didn’t shy away from addressing the controversial aspects of his past. Instead, he leveraged his experiences to educate and warn of the dangers lurking in the cyber shadows. He expressed a desire to guide those walking a similar path to his past, steering them towards using their talents constructively.
Fostering Redemption in Cybersecurity
The cybersecurity community, Monsegur believes, has a role to play in fostering redemption. He advocates for the creation of paths for black hats to reform and join the ranks of cybersecurity professionals. By providing education, mentorship, and employment opportunities, the community cannot only help rehabilitate individuals but also strengthen its defenses with their unique skill sets.
Monsegur’s story serves as a powerful reminder that the road to redemption is possible. It emphasizes that when directed positively, the skills that once challenged the system can become its greatest shield.
Closing Thoughts
As the interview ended, the overarching message was clear: transformation is possible, and it can lead to powerful outcomes for both the individual and the broader cybersecurity ecosystem. Hector Monsegur’s journey from black hat to white hat hacker is not just a personal victory but a collective gain for the community seeking to safeguard our digital world.
Through stories like Monsegur’s, we find hope and a reminder that within every challenge lies the potential for growth and change. It is up to us, the cybersecurity community, to embrace this potential and transform it into a force for good.
November 14, 2023
3m read
My new favorite company took center stage in iconic New York Times Square today with a multi-story high 3D visualization of our revolutionary secure access...
November 14, 2023
3m read
Cato Networks Takes a Bite of the Big Apple My new favorite company took center stage in iconic New York Times Square today with a multi-story high 3D visualization of our revolutionary secure access service edge (SASE) platform. It’s positively mesmerizing, take a look:
The move signals a seismic shift happening across enterprises, the need to have an IT infrastructure that can easily adapt to anything at any time, and the transformative power of Cato’s networking and security platform.
Nasdaq’s Time Square marquee tells our story: Cato was born from the idea of bringing the highest levels of networking, security, and access once reserved for the Fortune 100 to every enterprise on the planet. We pioneered a new approach to delivering these essential IT services by replacing complex legacy networking and security software and infrastructure with a single cloud-native platform.
[boxlink link="https://www.catonetworks.com/resources/cato-named-a-challenger-in-the-gartner-magic-quadrant-for-single-vendor-sase/"] Cato named a Challenger in the Gartner® Magic Quadrant™ for Single-vendor SASE | Get the Report [/boxlink]
And we have become the leader in SASE, delivering enterprise-class security and zero-trust network access to companies of all sizes, worldwide and in a way that is simple – simple to deploy, simple to manage, simple to adapt to disaster, epidemic outbreak and any other unforeseen challenge. With our SASE platform, we create a seamless, agile, and elegant experience for enteprises that enables powerful threat prevention, enterprise-class data protection, and timely incident detection and response.
Today’s Times Square takeover is more than a marketing stunt; it’s a glimpse into the future of network security. Tomorrow’s security must be as bold and brash as Times Square, empowering IT to lead the company through any business challenge and transformation. That’s what you get with the Cato SASE Cloud -- today. Enterprises worldwide have access to a network security solution that is agile, scalable, and simple to manage, while meeting the demands of an always-changing digital landscape.
Want to learn why thousands of companies have already secured their future with Cato? Visit us at catonetworks.com/customers/. If you are looking to be part of the biggest shift in IT since the Cloud, join us at https://www.catonetworks.com/contact-us
A New Reality The nature of the modern digital business is constantly and rapidly evolving, requiring network and security architectures to move at the same...
Addressing CxO Questions About SASE A New Reality
The nature of the modern digital business is constantly and rapidly evolving, requiring network and security architectures to move at the same speed. Moving at the speed of business demands a new architecture that is agile, flexible, highly scalable, and very secure to keep pace with dynamic business changes. In short, this requires SASE. However, replacing a traditional architecture in favor of a SASE cloud architecture to meet these demands can introduce heart-stopping uncertainty in even the most forward-thinking CxOs.
Most CxOs understand what SASE delivers; some can even envision their SASE deployment. However, they require more clarity about SASE approaches, requirements, and expectations. The correct SASE decision delivers long-term success; conversely, the wrong decision adversely impacts the organization. Avoiding this predicament requires due diligence, asking tough questions, and validating their use cases and business objectives.
Understanding the right questions to ask requires understanding the critical gaps in the existing architecture to visualize the desired architecture. Asking the right questions requires clarity on the problems the business is trying to solve. Considerations like new security models, required skills, or potential trade-offs should be addressed before any project begins.
We’ll answer some of those questions and highlight how the right SASE cloud solution delivers benefits beyond architectural simplicity and efficiency.
Answering CxO Questions
Determining which questions are relevant enough to influence a buying decision and then acting on them can be exhausting. This blog addresses those concerns to clarify SASE’s ability to solve common use cases and advance business goals. While the following questions only represent a small set of the possible questions asked by CxOs, they help crystalize the potential of a SASE Cloud solution to address critical questions and use cases while assuaging any concerns.
Does this fit our use cases, and what do we need to validate?
A key decision point for many CxOs is whether or not the solution solves their most pressing use cases. So, understanding what’s not working, why it’s not working, and what success looks like when it is working provides them with their north star, per se, as guidance. One would assume that answering this question is quite easy; however, looking closer we find the answers are rather subjective.
Through our engagements with customers, we’ve found that use cases tend to fall into one of three broad categories:
1. Network & security consolidation/simplification
Point solutions to address point problems yields appliance sprawl. This has created security gaps and sent management support costs through skyrocketing. This makes increasing IT spending harder to justify to the board, pushing more CxOs to explore alternatives amid shrinking budgets.
SASE is purpose-built to consolidate and simplify network and security architectures. The right SASE Cloud solution delivers a single, converged software stack that consolidates network, access, and security into one, thus eliminating solution sprawl and security gaps. Additionally, it eliminated day-to-day support tasks, thus delivering a high ROI.
2. Secure Access/Work-From-Anywhere
Covid-19 accelerated a new working model for modern digital enterprises. Hybrid work became the rule more than an exception, increasing secure remote access requirements.
SASE makes accommodating this and other working model easy to facilitate while ensuring productivity and consistent security everywhere.
3. Cloud Optimization & Security
As hybrid and multi-cloud becomes a core business & technology strategy, performance and security demands have increased. Organizations require compatible performance and security in the cloud as they received on-premise.
SASE improves cloud performance and provides consistent security enforcement for hybrid and multi-cloud environments.
The right SASE cloud approach addresses all common and complex use cases, thus becoming a clear benefit for modern enterprises.
[boxlink link="https://www.catonetworks.com/resources/sase-as-a-gradual-deployment-the-various-paths-to-sase/"] SASE as a Gradual Deployment: The Various Paths to SASE | Get the eBook [/boxlink]
How can we align architecturally with this new model? What will our IT operations look like? Can we inspire the team to develop new skills to fit this new IT model?
When moving to a 100% cloud-delivered SASE solution, it is logical to question the level of cloud expertise required. Can IT teams easily adapt to support a SASE cloud solution? How can we efficiently align to build a more agile and dynamic IT organization?
The average IT technologist joined the profession envisioning strategic thought-provoking projects that challenged their creative and innovative prowess. SASE cloud solutions enable these technologists to realize this vision while allowing organizations to think differently about how IT teams support the overall business. Traditional activities like infrastructure and capacity planning, updating, patching, and fixing now fall to the SASE cloud provider since they own the network infrastructure. Additionally, SASE cloud strengthens NOC and SOC operations with 360-degree coverage for network and security issues. The right SASE cloud platform offloads these mundane operational tasks that typically frustrates IT personnel and leads to burn out.
IT teams can now focus on more strategic projects that drive business by offloading common day-to-day support tasks to their SASE Cloud provider.
How can all security services be effectively delivered without an on-premises appliance? What are the penalties/risks if done solely in the cloud?
Traditional appliances fit nicely into IT comfort zones. You can see it and touch it, so moving all security policies to the cloud can be scary. Some will question if it makes sense to enforce all policies in the cloud and whether this will provide complete security coverage. These questions try to make sense of SASE, highlighted by a fear of the architectural unknown.
There is a reason most CxOs pursue SASE solutions. They’ve realized that current network architectures are unsustainable and require a bit of sanity. The right SASE Cloud platform provides this through the convergence of access, networking, and security into a single software stack. All technologies are built into a single code base and collaborate to deliver more holistic security. And, with a global private network of SASE PoPs, SASE Cloud delivers consistent policy enforcement everywhere the user resides. This simple method of delivering Security-as-a-Service makes sense to them.
What will this deployment journey be like, and how simple will it be?
Traditional network and security deployments are extremely complex. They require hardware everywhere, extended troubleshooting, and other unknown risks. These include integrating cloud environments; ensuring cloud and on-premise security policies are consistent; impact on normal operations; and licensing and support contracts, just to name a few.
Mitigating risks inherent with on-premises deployments is top-of-mind for most CxOs. SASE cloud solution deployments are straightforward and simple with most customers gaining a very clear idea of this during their POC. The POC provides customers with deep insight into common SASE cloud deployment practices and ease of configuration, and they gain clarity for their journey based on their use cases. Best of all, they see how the solution works in their environment and, more importantly, how the SASE cloud solution integrates into their existing production network. This helps alleviate any concerns for their new SASE journey.
What, if any, are the quantitative and qualitative compromises of SASE? How do we manage them?
CxOs face daunting, career-defining dilemmas when acquiring new technologies, and SASE is no different. They must determine how to prioritize and find necessary compromises when needed. Traditional solution deployments are sometimes accompanied by unexpected costs associated with ancillary technology or resource requirements. For example, how would they manage a preferred solution if they later find it unsuitable for certain use cases? Do they move forward with their purchase? Do they select another knowing it may fail to address a different set of use cases?
While priorities and compromises are subjective, it helps to identify potential trade-offs by defining the “must-have”, “should-have”, and “nice-to-have” requirements for a particular environment. Working closely with your SASE cloud vendor during the POC, you will test and validate your use cases against these requirements. In the end, customers usually find that the right SASE cloud solution will meet their common and complex access, network, and security use cases.
How do we get buy-in from the board?
SASE is just as much a strategic business conversation as an architectural one. How a CxO approaches this – what technical and business use cases they map to, their risk-mitigating strategy, and their path to ROI – will determine their overall level of success. So, gaining board-level buy-in is an important and possibly, the most critical part of their process.
CxOs must articulate the strategic business benefits of converging access, networking, and security functions into a single cloud-native software stack with unlimited scalability to support business growth. An obvious benefit is how SASE accelerates and optimizes access to critical applications and enhances security coverage while improving user experiences and efficiency. CxOs can also consult our blog, Talk SASE To Your Board, for board conversation tips.
Cato SASE Cloud is the Answer
A key advantage of Cato SASE Cloud is that it solves the most common business and technical use cases. Mapping the SASE cloud solution into these use cases and testing them during a POC will uncover the must/should/nice-to-have requirements and help customers visualize solving them with a SASE cloud solution.
CxOs and other technology business leaders will naturally have questions about SASE and how to approach potential migration. SASE changes the networking and security game, so embarking upon this new journey requires changing minds. Cato SASE Cloud represent the new secure digital platform of the future that is best positioned to allow enterprises to experience business transformation without limits.
For more advice on deciding which solution is right for your organization, please read this article on evaluating SASE capabilities.
By Vadim Freger, Dolev Moshe Attiya, Shirley Baumgarten All secured webservers are alike; each vulnerable webserver running on a network appliance is vulnerable in its...
Cisco IOS XE Privilege Escalation (CVE-2023-20198) – Cato’s analysis and mitigation By Vadim Freger, Dolev Moshe Attiya, Shirley Baumgarten
All secured webservers are alike; each vulnerable webserver running on a network appliance is vulnerable in its own way. On October 16th 2023 Cisco published a security advisory detailing an actively exploited vulnerability (CVE-2023-20198) in its IOS XE operating system with a 10 CVSS score, allowing for unauthenticated privilege escalation and subsequent full administrative access (level 15 in Cisco terminology) to the vulnerable device.After gaining access, which in itself is already enough to do damage and allows full device control, using an additional vulnerability (CVE-2023-20273) an attacker can elevate further to the “root” user and install a malicious implant to the disk of the device.
When the initial announcement was published Cisco had no patched software update to provide, and the suggested mitigations were to disable HTTP/S access to the IOS XE Web UI and/or limiting the access to it from trusted sources using ACLs and approx. a week later patches were published and the advisory updated.The zero-day vulnerability was being exploited before the advisory was published, and many current estimates and scanning analyses put the number of implanted devices in the tens of thousands.
[boxlink link="https://www.catonetworks.com/rapid-cve-mitigation/"] Rapid CVE Mitigation by Cato Security Research [/boxlink]
Details of the vulnerability
The authentication bypass is done on the webui_wsma_http or webui_wsma_https endpoints in the IOS XE webserver (which is running OpenResty, an Nginx variant that adds Lua scripting support). By using double-encoding (a simple yet clearly effective evasion technique) in the URL of the POST request it bypasses checks performed by the webserver and passes the request to the backend. The request body contains an XML payload which the backend executes arbitrarily since it’s considered to pass validations and comes from the frontend.In the request example below (credit: @SI_FalconTeam) we can see the POST request along with the XML payload is sent to /%2577ebui_wsma_http, when %25 is the character “%” encoded, followed by 77, and combined is “%77” which is the character “w” encoded.
Cisco has also provided a command to check the presence of an implant in the device, by running: curl -k -X POST "https[:]//DEVICEIP/webui/logoutconfirm.html?logon_hash=1", replacing DEVICEIP and checking the response, if a hexadecimal string is returned an implant is present.
Cato’s analysis and response to the CVE
From our data and analysis at Cato’s Research Labs we have seen multiple exploitation attempts of the CVE, along with an even more interesting case of Cisco’s own SIRT (Security Incident Response Team) performing scanning of devices to detect if they are vulnerable, quite likely to proactively contact customers running vulnerable systems.An example of scanning activity from 144.254.12[.]175, an IP that is part of a /16 range registered to Cisco.
Cato deployed IPS signatures to block any attempts to exploit the vulnerable endpoint, protecting all Cato connected sites worldwide from November 1st 2023.Cato also recommends to always avoid placing critical networking infrastructure to be internet facing. In instances when this is a necessity, disabling HTTP access and proper access controls using ACLs to limit the source IPs able to access devices must be implemented.
Networking devices are often not thought of as webservers, and due to this do not always receive the same forms of protection e.g., a WAF, however their Web UIs are clearly a powerful administrative interface, and we see time and time again how they are exploited. Networking devices like Cisco’s are typically administered almost entirely using CLI with the Web UI receiving less attention, somewhat underscoring a dichotomy between the importance of the device in the network to how rudimentary of a webserver it may be running.
https://www.youtube.com/watch?v=6caLf-1KGFw&list=PLff-wxM3jL7twyfaaYB7jxy6WqDB_17V4
Modern enterprise complexity is challenging cybersecurity programs. With the widespread adoption of cloud services and remote work, and the broadening distribution of applications and employees...
SSE Is a Proven Path for Getting To SASE Modern enterprise complexity is challenging cybersecurity programs. With the widespread adoption of cloud services and remote work, and the broadening distribution of applications and employees away from traditional corporate locations, organizations require a more flexible and scalable approach to network security. SASE technology can help address these issues, making SASE adoption a goal for many organizations worldwide. But adoption paths can vary widely.
To get an understanding of those adoption paths, and the challenges along the way, the Enterprise Strategy Group surveyed nearly 400 IT and cybersecurity professionals to learn of their experiences. Each survey respondent is in some way responsible for evaluating, purchasing, or managing network security technology products and services.
One popular strategy is to ease into SASE by starting with security service edge (SSE), a building block of SASE which integrates security capabilities directly into the network edge, close to where users or devices connect. Starting with SSE necessitates having an SSE provider with a smooth migration path to SASE. Relying on multiple vendors leads to integration challenges and deployment issues.
The survey report, SSE Leads the Way to SASE, outlines the experiences of these security adopters of SSE/SASE. The full report is available free for download. Meanwhile, we’ll summarize the highlights here.
Modernization Is Driving SASE Adoption
At its core, SASE is about the convergence of network and security technology. But even more so, it’s about modernizing technologies to better meet the needs of today’s distributed enterprise environment.
Asked what’s driving their interest in SASE, respondents’ most common response given is supporting network edge transformation (30%). This makes sense, considering the network edge is no longer contained to branch offices. Other leading drivers include improving security effectiveness (29%), reducing security risk (28%), and supporting hybrid work models (27%).
There are numerous use cases for SASE
The respondents list a wide variety of initial use cases for SASE adoption—everything from modernizing secure application access to supporting zero-trust initiatives. One-quarter of all respondents cite aligning network and security policies for applications and services as their top use case. Nearly as many also cite reducing/eliminating internet-facing attack surface for network and application resources and improving remote user security.
The report groups the wide variety of use cases into higher level themes such as improving operational efficiency, supporting flexible work models, and enabling more consistent security.
[boxlink link="https://www.catonetworks.com/resources/enterprise-strategy-group-report-sse-leads-the-way-to-sase/"] Enterprise Strategy Group Report: SSE Leads the Way to SASE | Get the Report [/boxlink]
Security Teams Face Numerous Challenges
One-third of respondents say that an increase in the threat landscape has the biggest impact on their work. This is certainly true as organizations’ attack surfaces now extend from the user device to the cloud.
The Internet of Things and users’ unmanaged devices pose significant challenges, as 31% of respondents say that securely connecting IoT devices in our environment is a big issue, while 29% say it’s tough to securely enable the use of unmanaged devices in our environment.
31% of respondents are challenged by having the right level of security knowledge, skills, and expertise to fight the good fight.
Overall, 98% of respondents cite a challenge of some sort in terms of securing remote user access to corporate applications and resources. More than one-third of respondents say their top remote access issue is providing secure access for BYOD devices. Others are vexed by the cost, poor security, and limited scalability of VPN infrastructure. What’s more, security professionals must deal with poor or unsatisfactory user experiences when having to connect remotely.
Companies Ease into SASE with SSE
To tame the security issues, respondents want a modern approach that provides consistent, distributed enforcement for users wherever they are, as well as a zero-trust approach to application access, and centralized policy management. These are all characteristics of SSE, the security component of SASE. Nearly three-quarters of respondents are taking the path of deploying SSE first before further delving into SASE.
SSE is not without its challenges, for example, supporting multiple architectures for different types of traffic, and ensuring that user experience is not impacted. Ensuring that traffic is properly inspected via proxy, firewall, or content analysis and in locations as close to the user as possible is critical to a successful implementation.
ESG’s report outlines the important attributes security professionals consider when selecting an SSE solution. Top of mind is having hybrid options to connect on-premises and cloud solutions to help transition to fully cloud-delivered over time.
Respondents Outline Their Core Security Functions of SSE
While organizations intend to eventually have a comprehensive security stack in their SSE, the top functions they are starting with are: secure web gateway (SWG), cloud access security broker (CASB), zero-trust network access (ZTNA), virtual private network (VPN), SSL decryption, firewall-as-a-service (FWaaS), data loss prevention (DLP), digital experience management (DEM), and next-generation firewall (NGFW).
Turning SSE into SASE is the Goal
While SSE gets companies their security stack, SASE provides the full convergence of security and networking. And although enterprise IT buyers like the idea of multi-sourcing, the reality is that those who have gone the route of multi-vendor SASE have not necessarily done so by choice. A significant number of respondents say they simply feel stuck with being multi-vendor due to lock-in from recent technology purchases, or because of established relationships.
Despite the multi-vendor approach some companies will take, many of the specific reasons respondents cite for their interest in SSE would be best addressed by a single-vendor approach. Among them are: improving integration of security controls for more efficient management, ensuring consistent enforcement and protection across distributed environments, and improving integration with data protection for more efficient management and operations—all of which can come about more easily by working with just one SSE/SASE vendor. It eliminates the time and cost of integration among vendor offerings and the “finger pointing” when something goes wrong.
Even Companies in Early Stages are Realizing Benefits
Most respondents remain in the early stages of their SSE journey. However, early adopters are experiencing success that should help others see the benefits of the architecture. For example, 60% say that cybersecurity has become somewhat or much easier than it was two years ago.
Those who have started the SASE journey have realized benefits, too. Nearly two-thirds report reduced costs across either security solutions, network solutions, security operations, or network operations. Similarly, 62% cite efficiency benefits of some kind, such as faster problem resolution, ease of management, faster onboarding, or reduction in complexity. Proof points like these should pique the interest of any organization thinking about SASE and SSE. View the full survey report, SSE Leads the Way to SASE, here.
According to a recent Yerbo survey, 40% of IT professionals are at high risk of burnout. In fact, and perhaps even more alarming, 42% of...
6 Steps for CIOs To Keep Their IT Staff Happy According to a recent Yerbo survey, 40% of IT professionals are at high risk of burnout. In fact, and perhaps even more alarming, 42% of them plan to quit their company in the next six months. And yet, according to Deloitte, 70% of professionals across all industries feel their employers are not doing enough to prevent or alleviate burnout.
CIOs should take this statistic seriously. Otherwise, they could be dealing with the business costs of churn, which include loss of internal knowledge and the cost of replacing employees, both resulting in putting strategic plans on hold.
So, what’s a CIO to do? Here are six steps ambitious CIOs like you can take to battle burnout in the IT department and keep their staff happy.
This blog post is a short excerpt of the eBook “Keeping Your IT Staff Happy: How CIOs Can Turn the Burnout Tide in 6 Steps”. You can read the entire eBook, with more details and an in-depth action plan, here.
Step 1: Let Your Network Do the Heavy Lifting
If your IT team is receiving negative feedback from users, they might be feeling stressed out. Poor network performance, security false positives and constant user complaints can leave them feeling dread and anxiety about that next “emergency” phone call.
SASE can help ease this pressure. SASE provides reliable global connectivity with optimized network performance, 99.999% uptime and a self-healing architecture that ensures employees can focus on advancing the business, instead of tuning and troubleshooting network performance. With SASE, IT managers can provide a flawless user experience and business continuity, while enjoying a silent support desk.
[boxlink link="https://www.catonetworks.com/resources/keep-your-it-staff-happy/"] Keep your IT Staff happy: How CIOs Can Turn the Burnout Tide in 6 Steps | Get the eBook [/boxlink]
Step 2: Leverage Automation to Maximize Business Impact
IT professionals are often caught in a cycle of mundane activities, leaving them feeling unchallenged. Instead of having IT teams fill the time with endless maintenance and monitoring, CIOs can focus their IT teams on work that achieves larger business objectives. SASE automates repetitive tasks, which frees up IT to focus on strategic business objectives. In addition, the repetitive tasks become less prone to manual errors.
Step 3: Eliminate Networking and Security Solution Sprawl with Converged SASE
IT teams are swamped with point solutions, each corresponding to a specific, narrow business problem. All of these solutions create a complicated mix of legacy machines, hardware and software; which are difficult for IT to operate, maintain, support and manage.
With SASE, CIOs can transform their network into a single platform with a centralized management application. IT can now gain a holistic view of their architecture, and enjoy easy management and maintenance.
Step 4: Ensure Business Continuity and Best-in-class Security with ZTNA
Working from anywhere has doubled IT’s workload. They are now operating in reactive mode, attempting to support end-user connectivity and security through VPNs that were not built to support such scale.
SASE is the answer for remote work, enabling users to work seamlessly and securely from anywhere. Eliminating VPN servers removes the need to backhaul traffic and improves end-user performance. Traffic is authenticated with Zero Trust and inspected with advanced threat defense tools to reduce the attack surface.
Step 5: Minimize Security Vulnerabilities Through Cloudification and Consolidation
Global branches, remote work, and countless integrations between network and security point products have created an expanding attack surface. For IT, this means fighting an uphill battle without the tools they need to win.
A SASE or SSE solution helps IT apply consistent access policies, avoid misconfigurations and achieve regulatory compliance. This also allows them to prevent cyber attacks in real time and helps the organization remain secure and prevent compliance issues.
Step 6: Bridge Your Team’s Skillset Gap and Invest in Their Higher Education
Skills gaps occur for a number of reasons. Whatever the reason, this can leave your IT team members feeling overwhelmed and professionally unfulfilled, resulting in them leaving the organization.
Providing training and professional development helps IT professionals succeed, which in turn, may motivate them to remain in their roles longer, according to a recent LinkedIn survey. These benefits are felt everywhere and by everyone from the IT professional who receives more at-work satisfaction, to CIOs who don’t have to backfill the skills gaps externally. This enables the organization to achieve ambitious plans for growth and business continuity through technology.To read more about how CIOs can tackle IT burnout head on, click here to access the full eBook.
In the world of professional wrestling, one thing separates the legends from the rest: their presence in the ring. Like in wrestling, the digital world...
The PoP Smackdown: Cato vs. Competitors…Which Will Dominate Your Network? In the world of professional wrestling, one thing separates the legends from the rest: their presence in the ring. Like in wrestling, the digital world demands a robust and reliable presence for the ultimate victory. Enter Cato Networks, the undisputed champion regarding Secure Access Service Edge (SASE) Points of Presence (PoPs). In this blog post, we'll step into the ring and discover why Cato Networks stands tall as the best SASE PoP provider, ensuring businesses are always secure and connected.
SASE providers will talk about and even brag about their points of presence (PoPs) because it is the underlying foundation of their backbone network. But if you look a little closer, you will see that not all PoPs are the same and that the PoP capabilities vary greatly.
A point of presence is a data center containing specific components that allow the traffic to be inspected and enforce security. Sounds easy enough. It depends on how those PoPs are designed to function and where the PoPs are located to be of the most value to your organization.
Let’s look at the competition—first, the heavyweight hardware contender, Fortinet. Fortinet has twenty-two PoPs globally. Fortinet relies on its customer install base to do the networking and security inspection at every location globally. This adds complexity and multiple caveats to their SASE solution. The added complexity comes from managing numerous products, keeping them up to date with software and patches, and ensuring they are all configured correctly to enable the best possible protection.
[boxlink link="https://www.catonetworks.com/resources/take-the-global-backbone-interactive-tour/"] Take the Global Backbone Interactive Tour | Start the Tour [/boxlink]
Next, the challenger to the heavyweight title, Palo Alto Networks. They claim many PoPs, but you need to look deeper at where those PoPs are hosted. The vast majority of PANs Prisma Access PoPs are in Google Cloud Platform and some in Amazon Web Services. This adds cost and complexity, making the solution more difficult to manage. Additionally, if you want to use multiple security features, your data will probably have to be forwarded to various PoPs to get full coverage…impacting performance. Since Palo Alto utilizes the public cloud infrastructure, many of the claimed PoPs are just on-ramps to the Google fiber backbone. This is not the best option if you are trying to balance connectivity, security, and cost.
Finally, we have Cato Networks. Cato has an impressive 80+ PoPs that are connected via Tier 1 ISPs, creating the world's largest full-mesh SASE-focused private backbone network. At Cato, all our security capabilities are available from every single PoP worldwide. Since Cato’s PoPs are cloud-native and purpose-built for security and networking functionality, it allows Cato to be highly agile and straightforward to manage…regardless of where your organization has its locations. Speaking of location, Cato has strategically placed our PoPs closest to major business centers all over the globe, including three PoPs in China, and new PoPs are added every quarter based on demand and customer requirements.
In the world of wrestling, champions rise to the occasion with unmatched presence and skills. Cato Networks proves itself as the ultimate champion in the realm of SASE with the best PoPs. With a global reach, low latency, battle-tested security, simplified management, cost-efficiency, and always-on connectivity, Cato Networks ensures your business operates securely and efficiently like a wrestling legend in the ring. So, if you are looking for the best SASE PoPs, look no further – Cato Networks is the undisputed champion!
Picture this: A rock band embarking on a world tour, rocking stages in different cities with thousands of adoring fans. But wait, behind the scenes,...
Rocking IT Success: The TAG Heuer Porsche Formula E Team’s City-Hopping Tour with SASE TAG Heuer Porsche Formula E Team Picture this: A rock band embarking on a world tour, rocking stages in different cities with thousands of adoring fans. But wait, behind the scenes, there's an unsung hero—the crew. They're the roadies, the ones responsible for building the infrastructure that supports the band's electrifying performances in each new location. Now, let's take that same analogy and apply it to the TAG Heuer Porsche Formula E Team.
We invited Friedemann Kurz, Head of IT at Porsche Motorsport, to a special webinar where we discussed how technology drives these races and IT’s key role.
Join us as we dive into the IT requirements faced by this cutting-edge racing team and how SASE (Secure Access Service Edge) rises to the occasion, ensuring a flawless journey from one city to another.
Top IT Requirements
The TAG Heuer Porsche Formula E Team’s IT team faces a number of networking challenges. Surprisingly (or not) these challenges are not that different from the challenges faced by IT teams across all organizations. From battery energy to braking points, and time lost for Attack Mode, the IT support team at the Porsche test and development center in Weissach and trackside will work in parallel to process approximately 300 GB of data on one Cato Networks dashboard to make time critical decisions. Some of these challenges include:
Finding the Right Products
The TAG Heuer Porsche Formula E Team’s IT provides services in a high-pressure environment -- and expectations are high. On-track, the IT team is limited in size, so each person needs to be able to operate all IT-related aspects, from network to storage to layers one to five to end-to-end monitoring. This makes choosing the right products and technologies key to their success.
Operational Efficiency
With so many actions happening simultaneously during the race, IT needs to be able to focus on the issues that matter most. This requires in-depth monitoring that is easy-to-use and the ability to fix issues instantly.
Security
Security needs to be built-in to the solution to ensure it doesn’t require additional effort from the team. Security is a key success factor, meaning all IT team members focus on security, rather than having a dedicated security person.
Easy Deployment
The TAG Heuer Porsche Formula E Team operates worldwide, but they only spend a few days at each global site. Every time they arrive at a new city, IT needs to quickly deploy networking and security from scratch (with no existing infrastructure) and pack it up after the race. This whole process only takes a few days, so it has to be efficient and quick. In addition, the rest of the team arrives on site at the same time as the IT team, demanding connectivity immediately.
[boxlink link="https://catonetworks.easywebinar.live/registration-simplicity-at-speed"] Simplicity at Speed: How Cato’s SASE Drives the TAG Heuer Porsche Formula E Team’s Racing | Watch the Webinar [/boxlink]
IT Capabilities Required to Win Races
Why is the IT team a key component in the TAG Heuer Porsche Formula E Team’s success? Here are a few of the networking and security capabilities they rely on:
Data Analysis
Races are a data-driven and data-intensive event, with large amounts of data being transmitted back and forth across the global network. For example, the TAG Heuer Porsche Formula E Team downloads the car and racetrack data after the races. Then, the engineers in the operations room at the team’s headquarters analyze the data for improving the team’s setup and strategy.
Real-Time Communication
During the races, the team relies on global real-time communication. It is the most critical way of communication between the driver, the support engineers and the operations room. This means that real-time packages that are transmitted across the WAN need to be optimized to ensure quality of services.
Driver in the Loop
The TAG Heuer Porsche Formula E Team’s success relies on large-scale mathematical models that use the data to find better racing setups and strategies. Their focus is on the energy use formula, since, ideally, drivers complete the races with zero battery left. Zero battery means it was the most efficient race. The ability to calculate these formulas is based on data that is transferred back and forth between the track and the headquarters.
Ransomware Protection
The sports industry has been targeted by cyber attackers in the past with ransomware and other types of attacks. To protect their ability to make decisions during races, the TAG Heuer Porsche Formula E Team needs a security solution that protects them and their ability to access their data from ransomware attacks. Since data is the cornerstone of their strategy and key for their decision-making, safeguarding access to the data is top priority.
How Cato’s SASE Changed the Game
To answer these needs, the TAG Heuer Porsche Formula E Team partnered with Cato Networks. Cato Networks was chosen as the team’s official SASE partner. Cato Networks helps transmit large volumes of data in real-time from 20 global sites.
Before working with Cato Networks, the TAG Heuer Porsche Formula E Team used VPNs. This introduced security, configuration and maintenance challenges. Now, maintenance and effort have significantly decreased. One IT member on-site can oversee, manage and monitor the entire network during the races independently and flexibly.
In addition, Cato delivered:
Fast implementation - from 0 to 100% in two weeks.
Simplified and efficient operations.
Quick response times.
Personal and open-minded support.
To hear more from Friedemann Kurz, Head of IT at Porsche Motorsport, watch the webinar here.
Converging networking with security is fundamental to creating a robust and resilient IT infrastructure that can withstand the evolving cyber threat landscape. It not only...
Networking and Security Teams Are Converging, Says SASE Adoption Survey Converging networking with security is fundamental to creating a robust and resilient IT infrastructure that can withstand the evolving cyber threat landscape. It not only protects sensitive data and resources but also contributes to the overall success and trustworthiness of an organization.
And just as technologies are converging, networking and security teams are increasingly working together. In our new 2023 SASE Adoption Survey, nearly a quarter (24%) of respondents indicate security and networking are being handled by one team.
For those with separate teams, management is focusing on improving collaboration between networking and security teams. In some cases (8% of respondents), this takes the form of creating one networking and security group. In most cases, (74% of respondents) indicate management has an explicit strategy that teams must either work together or have shared processes.
The Advantages of Converging the Networking and Security Teams
When network engineers and security professionals work together, they share knowledge and insights, leading to improved efficiency and effectiveness in addressing network security challenges.
By integrating networking and security functions, companies can gain better visibility into network traffic and security events. Networking teams possess in-depth knowledge of network infrastructure, which security researchers often lack. By providing security teams with network information, organizations can hunt and remediate threats more effectively.
[boxlink link="https://www.catonetworks.com/resources/unveiling-insights-2023-sase-adoption-survey/"] Unveiling Insights: 2023 SASE Adoption Survey | Get the Report [/boxlink]
Closer collaboration enables quicker and more effective incident resolution, reducing the impact of cyber threats on business operations. Furthermore, by working together, the organization can optimize the performance of network resources while maintaining robust security measures, providing a seamless user experience without compromising protection.
There are other benefits, too, like streamlined operations, faster incident response, a holistic approach to risk management, and cost savings. All these advantages of a converged team help organizations attain a stronger security posture.
There’s a Preference for One Team, One Platform
Bringing teams together also enables the organization to implement security measures during network design and configuration, ensuring that security is an inherent part of the network architecture from the beginning.
Many organizations today (68%) use different platforms for security and networking management and operations. However, most (76%) believe that using just one platform for both purposes would improve collaboration between the networking and security teams. More than half also want a single data repository for networking and security events.
The preference for security and networking to work together extends to SASE selection. Which team leads on selecting a SASE solution—the networking or the security team? In most cases, it’s both.
When it comes to forming a SASE selection committee, about half (47% of respondents) say it’s a security team project with the networking team involved as necessary. Another 39% flip that script, with the networking team leading the project and involving the security team to vet the vendors.
As the teams come together, it makes great sense they would prefer to use a single, unified platform for their respective roles. Most respondents (62%) say having a single pane of glass for managing security and networking is an important SASE purchasing factor. More than half (54%) also want a single data repository for networking and security events.
Security and Networking Team Convergence Calls for Platform Convergence
Regardless, an effective SASE platform needs to accommodate the needs of all organizational structures whether teams are distinct or together. Essential in that role is rich role-based access control (RBAC) that allows granular access to various aspects of the SASE platform. In this way, IT organizations can create roles that reflect their unique structure – whether teams are converged or distinct. (Cato recently introduced RBAC+ for this reason. You can learn more here.)
As for SASE adoption, a single vendor approach was the most popular (63% of respondents). Post deployment would those who deployed SASE stay with the technology? The vast major (79% of respondents) say, “Yes.”
Additional finding from the survey shed light on
Future plans for remote and hybrid work
Current rate of SASE adoption
How to ensure security and performance for ALL applications
..and more. To learn more, download the report results here.
As reported in global news, on October 7th, 2023, the Hamas terror organization has launched a brutal attack on Israeli cities and villages, with thousands...
Business Continuity at Difficult Times of War in Israel As reported in global news, on October 7th, 2023, the Hamas terror organization has launched a brutal attack on Israeli cities and villages, with thousands of civilian casualties, forcing Israel to enter a state of war with Hamas-controlled Gaza.
While Cato Networks is a global company with 850+ employees in over 30 countries around the world, a significant part of our business and technical operations is based out of Tel Aviv, Israel.
The following blog details the actions we are taking based on our Business Continuity Procedures (BCP), adjusted to the current scenario, to ensure the continuity of our services that support our customers’ and partners’ critical network and security infrastructure.
Business Continuity by Design
Our SASE service was built from the ground up as a fully distributed cloud-native solution. One of the key benefits of our solution architecture is that it does not have a single point of failure. Our operations teams have built and trained AI engines to identify signals of performance or availability degradation in the service and respond to them autonomously.
This is part of our day-to-day cloud operations, and as a result, downtime in one or more of our PoPs does not disrupt our customers’ operations. Our SASE Cloud high-availability and self-healing have already been put to the test before, and proved itself.
Our stock of Sockets has always been globally distributed across warehouses in North America, Europe and APJ. All our warehouses are fully stocked, and no shortage or long lead times is expected. In fact, we have been able to overcome global supply chain challenges before.
24x7x365 Support
Our support organization is designed to always be there for our 2000+ enterprise customers, where and when they need us. We are committed to ensure that support availability to our customers remains intact even during adverse conditions like an armed conflict or a pandemic.
We operate a global support organization from the United States, Canada, Colombia, United Kingdom, Northern Ireland, The Netherlands, Israel, Poland, Ukraine, Macedonia, Singapore, Philippines and Japan. All teams work in concert to deliver a 24/7/365 follow-the-sun service, making sure no support tickets are left unattended.
Customers who require support should continue to contact us through our standard support channels, and will continue to receive the support levels they expect and deserve.
BCP Activation in Israel
The Cato SASE service is ISO 27001 and SOC2 certified as well as additional, global standards.
A mandatory part of such certifications is to have Business Continuity Procedures (BCP) in place, practice them periodically, and improve or fine-tune as needed.
Our BCP was not only tested synthetically, but was successfully activated during the COVID-19 epidemic. In March 2020, we moved our entire staff to work remotely. Using the ZTNA capabilities of Cato SASE Cloud, the transition was smooth, and no customers experienced any impact on the service availability, performance, and support.
We have now re-activated the same BCP for our staff in Israel. Our technical organizations are able to securely connect remotely to our engineering, support, and DevOps systems and continue their work safely from their homes.
Beyond BCP
In the current situation, we are taking additional steps to further our increase our resiliency.
October 8th, 2023:
We have extended shifts of our support teams in APJ to reinforce the teams in EMEA.
We have assigned T3 support engineers to T1 and T2 teams to ensure our support responsiveness continues to meet and exceed customers' expectations.
October 10th, 2023:
We have temporarily relocated select executives and engineers to Athens, Greece. We now have HQ and engineering resources available to support our global staff and cloud operations even in extreme cases of long power or internet outages, which aren’t expected at this time.
The Way Forward
Israel had faced difficult times and armed conflicts in the past, and always prevailed. We stand behind our Catonians in Israel and their families and care for them during this conflict. Our success is built on the commitment of our people to excellence in all facets of the business. This commitment remains firm as we continue our mission to provide a rock-solid secure foundation for our customers’ most critical business infrastructure.
TL;DR This vulnerability appears to be less severe than initially anticipated. Cato customers and infrastructure are secure. Last week the original author and long-time lead...
Cato’s Analysis and Protection for cURL SOCKS5 Heap Buffer Overflow (CVE-2023-38545) TL;DR This vulnerability appears to be less severe than initially anticipated. Cato customers and infrastructure are secure.
Last week the original author and long-time lead developer of cURL Daniel Stenberg published a “teaser” for a HIGH severity vulnerability in the ubiquitous libcurl development library and the curl command-line utility.
A week of anticipation, multiple heinous crimes against humanity and a declaration of war later, the vulnerability was disclosed publicly.
The initial announcement caused what in hindsight can be categorized as somewhat undue panic in the security and sysadmin worlds. But given how widespread the usage of libcurl and curl is around the world (at Cato we use widely as well, more on that below), and to quote from the libcurl website – “We estimate that every internet connected human on the globe uses (lib)curl, knowingly or not, every day”, the initial concern was more than understandable.
The libcurl library and the curl utility are used for interacting with URLs and for various multiprotocol file transfers, they are bundled into all the major Linux/UNIX distributions. Likely for that reason the project maintainers opted to keep the vulnerability disclosure private, and shared very little details to deter attackers, only letting the OS distributions maintainers know in advance while patched version are made ready in the respective package management systems for when it is disclosed.
[boxlink link="https://www.catonetworks.com/rapid-cve-mitigation/"] Rapid CVE Mitigation by Cato Security Research [/boxlink]
The vulnerability in detail
The code containing the buffer overflow vulnerability is part of curl’s support for the SOCKS5 proxy protocol.SOCKS5 is a simple and well-known (while not very well-used nowadays) protocol for setting up an organizational proxy or quite often for anonymizing traffic, like it is used in the Tor network.
The vulnerability is in libcurl hostname resolution which is either delegated to the target proxy server or done by libcurl itself. If a hostname larger than 255 bytes is given, then it turns to local resolution and only passed the resolved address. Due to the bug, and in a slow enough handshake (“slow enough” being typical server latency according to the post), the Buffer Overflow can be triggered, and the entire “too-long-hostname” being copied to the buffer instead of the resolved result.
There are multiple conditions that need to be met for the vulnerability to be exploited, specifically:
In applications that do not set “CURLOPT_BUFFERSIZE” or set it below 65541. Important to note that the curl utility itself sets it to 100kB and so is not vulnerable unless changed specifically in the command line.
CURLOPT_PROXYTYPE set to type CURLPROXY_SOCKS5_HOSTNAME
CURLOPT_PROXY or CURLOPT_PRE_PROXY set to use the scheme socks5h://
A possible way to exploit the buffer overflow would likely require the attacker to control a webserver which is contacted by the libcurl client over SOCKS5, could make it return a crafted redirect (HTTP 30x response) which will contain a Location header with a long enough hostname to trigger the buffer overflow.
Cato’s usage of (lib)curl
At Cato we of course utilize both libcurl and curl itself for multiple purposes:
curl and libcurl based applications are used extensively in our global infrastructure in scripts and in-house applications.
Cato’s SDP Client also implements libcurl and uses it for multiple functions.
We do not use SOCKS5, and Cato’s code and infrastructure are not vulnerable to any form of this CVE.
Cato’s analysis response to the CVE
Based on the CVE details and the public POC shared along with the disclosure, Cato’s Research Labs researchers believe that chances for this to be exploited successfully are medium – low.
Nevertheless we have of course added IPS signatures for this CVE, providing Cato connected sites worldwide the peace and quiet through virtual patching, blocking attempts for an exploit with a detect-to-protect time of 1 day and 3 hours for all users and sites connected to Cato worldwide, and Opt-In Protection already available after 14 hours.Cato’s recommendation is as always to patch impacted servers and applications, affected versions being from libcurl 7.69.0 to and including 8.3.0. In addition, it is possible to mitigate by identifying usage as already stated of the parameters that can lead to the vulnerability being triggered - CURLOPT_PROXYTYPE, CURLOPT_PROXY, CURLOPT_PRE_PROXY.
For more insights on CVE-2023-38545 specifically and many other interesting and nerdy Cybersecurity stories, listen (and subscribe!) to Cato’s podcast - The Ring of Defense: A CyberSecurity Podcast (also available in audio form).
January 2023, Frank Rauch took on the pivotal role of Global Channel Chief at Cato Networks. This appointment marked a significant moment in Cato’s ongoing...
Frank Rauch Discusses the Impact Partners Have on Cato’s Success January 2023, Frank Rauch took on the pivotal role of Global Channel Chief at Cato Networks. This appointment marked a significant moment in Cato’s ongoing commitment to its global channel partner program. To shed light on the program’s value and its role in Cato’s success, we sat down with Frank and asked him to share his assessment after nine months on the job.
Q. Frank, can you explain how Cato Networks’ channel partner program aligns with Cato’s “Channel-First Company”, and how does this benefit Cato’s bottom line?
A. Our commitment to being a “Channel-First Company” means that our channel partners are at the forefront of our growth strategy. Our partner program is designed to empower our partners with the tools, resources, and support they need to succeed. This alignment not only strengthens our relationships with partners but also ensures that they have the necessary resources to drive customer success. By fostering a robust partner ecosystem, we expand our market research and, in turn, boost our Partner’s profitability and Cato’s growth.
Q2. In a recent CRN story, Cato Networks was praised for its unique approach to SASE. How does the channel partner program contribute to this distinctiveness, and what advantages does it provide to partners?
A2. Cato’s unique approach to SASE is underpinned by our commitment to simplicity, security, and agility. Our channel partner program plays a vital role in this by equipping partners with our groundbreaking technology and enabling them to deliver exceptional value to their customers. Partners benefit from differentiated offerings, streamlined sales processes, and competitive incentives and unprecedented customer value allowing them to stand out in the market.
[boxlink link="https://www.catonetworks.com/resources/cato-sase-vs-the-sase-alternatives/"] Cato SASE vs. The SASE Alternatives | Get the eBook [/boxlink]
Q3. Cato Networks has been recognized for its innovative Cato SASE Cloud platform. How does the channel partner program support partners in selling SASE Cloud solutions and ensuring their customers’ network security?
A3. SASE is the future of networking and security, and our channel partners are at the forefront of this transformation, enjoying an early adopter advantage. Our program offers extensive training, certification, and access to our SASE platform, enabling partners to deliver comprehensive security and networking solutions to their customers. This approach not only ensures our partners’ success but also reinforces Cato’s position as a leader in the SASE market.
Q4. In a Channel Futures story, you mentioned the importance of partner enablement. Can you elaborate on how Cato Networks empowers its channel partners to succeed and the impact it has on Cato’s global growth?
A4. Partner enablement is at the core of our strategy. We provide partners with continuous training, technical resources, and marketing support focused on the buyer's journey and customer success. This enables them to serve as trusted advisors to their customers and positions Cato Networks as the go-to provider for secure, global SASE Cloud solutions. As our partners succeed, so does Cato, driving our global growth.
Q5. Cato Networks has established partnerships with some of the highest growth-managed service providers. How does the channel partner program facilitate collaboration with these key partners, and what advantages does it bring to both Cato and its MSP partners?
A5. Partnering with managed service providers is a strategic move for Cato Networks. Our channel partner program is designed to foster strong collaboration with MSPs, providing them with the tools and resources to seamlessly integrate our secure, global Cato SASE Cloud solutions. This collaboration enables us to reach a wider audience and deliver businesses comprehensive networking and security services. For Cato, it strengthens our position in the market as a trusted technology partner, while MSPs benefit from a powerful platform to offer enhanced services to their customers, ultimately driving mutual growth and success. The timing could not be better with customers focusing on security, networking, and resilience in an extremely complex market with more than four million security jobs open worldwide.
Q6. Lastly, Frank, can you provide some insights into what the future holds for Cato Networks’ channel partner program and its role in Cato’s ongoing success?
A6. The future is bright for our channel partner program. We will continue to invest in our partners’ success, expanding our portfolio and refining our support mechanisms. We see our partners as an extension of the Cato family, and their profitable growth is inherently tied to ours. Together, we will continue to redefine networking and security through SASE while reinforcing Cato’s position as a “Channel-First Company” dedicated to empowering partners and delivering exceptional results.
In conclusion, Frank’s perspective on Cato Networks’ global channel partner program highlights its critical role in Cato’s success as a “Channel-First Company.” By equipping partners with the tools they need to excel, Cato not only strengthens its relationships with partners but also expands its market research and continues to innovate in the SASE market. Cato Networks’ commitment to its channel partners is a testament to its dedication to providing top-tier networking and security solutions via SASE to businesses worldwide.
In the fast-paced world of auto racing, where technology and precision come together in a symphony of speed, Cato Networks made its mark as the...
Cato Networks Powers Ahead: Fuels Innovation with TAG Heuer Porsche Formula E Team In the fast-paced world of auto racing, where technology and precision come together in a symphony of speed, Cato Networks made its mark as the official SASE sponsor of the TAG Heuer Porsche Formula E Team. As the engines quietly ran and tires screeched at the 2023 Southwire Portland E-Prix, held at the iconic Portland International Raceway in June, Cato Networks proudly stood alongside the cutting-edge world of electric racing, embodying the spirit of innovation and collaboration.
Formula E racing isn’t just about speed; it’s a captivating blend of advanced technology, sustainable energy, and thrilling competition that resonates with racing enthusiasts worldwide including myself and more than 20 Catonians as we hosted our customers, partners, and journalists in Portland, Oregon. Maury Brown of Forbes eloquently captures its essence stating, “Formula E racing represents the marriage of high-performance motorsports and sustainable energy solutions, all on a global stage.” It’s a spectacle that goes beyond the racetrack, showcasing the potential of electric vehicles and their role in shaping a more sustainable future.” It’s a spectacle that goes beyond the racetrack, showcasing the potential of electric vehicles and their role in shaping a more sustainable future.
Writing for Axios Portland, Meira Gebel emphasizes the profound impact of Formula E racing on the local communities that host these events. Her story highlights how the racing series sparks innovation and inspires environmental consciousness. The 2023 Southwire E-Prix in Portland, Oregon, perfectly encapsulates these ideals, with its picturesque backdrop and its commitment to showcasing the potential of electric racing in a city known for its green initiatives.
At the heart of this electrifying journey is Cato Networks, a company that is redefining networking and security with its Cato SASE Cloud platform. Just as Formula E racing pushes the boundaries of what’s possible, Cato Networks is revolutionizing the way businesses approach networking and security. By partnering with the TAG Heuer Porsche Formula E Team, Cato Networks is aligning its commitment to innovation and performance with the excitement and dynamism of Formula E racing.
[boxlink link="https://catonetworks.easywebinar.live/registration-simplicity-at-speed"] Simplicity at Speed: How Cato’s SASE Drives the TAG Heuer Porsche Formula E Team’s Racing | Watch the Webinar [/boxlink]
Florian Modlinger, Director of Factory Motorsport Formula E at Porsche, underscores the significance of Cato Networks’ involvement: “We are thrilled to have Cato Networks as our official SAES sponsor. Just as our team constantly strives for excellence on the racetrack, Cato Networks is dedicated to delivering exceptional networking and security solutions. Together, we embody the spirit of forward-thinking, high-performance teamwork.”
The 2023 Southwire Portland E-Prix was a true testament to this partnership, where TAG Heuer Porsche Formula E Team, powered by the Cato SASE Cloud, demonstrated their prowess on the racetrack. As electric cars whizzed by, fueled by renewable energy, they visually represented the fusion between technology, speed, and sustainability.
For Cato Networks, the sponsorship of TAG Heuer Porsche Motorsport Formula ETeam goes beyond just the racetrack. It symbolizes the company’s commitment to pushing boundaries, embracing innovation, and fostering a collaborative spirit. As the race cars accelerated down the Portland International Raceway, Cato Networks’ presence was a reminder that the world of business networking and security is also hurtling into a future defined by agility, efficiency, and adaptability.
In an era where sustainability and technological advancement are at the forefront of global conversations, Cato Networks’ role as the official SASE sponsor for the TAG Heuer Porsche Formula E team is a testimony to the company’s vision. Just as Formula E racing fans cheer for their favorite teams, supporters of Cato Networks can celebrate a partnership that embodies progress and transformation.
As the engines quieted down after the exhilarating 2023 Southwire Portland E-Prix, the echoes of innovation and collaboration lingered in the air. Cato Networks’ TAG Heuer Porsche Formula E Team sponsorship left an indelible mark on the racing world and beyond. In the words of Maury Brown, “Formula E isn’t just a motorsport series; it’s a showcase for a more sustainable and connected future.” With Cato Networks driving change on and off the racetrack, the journey toward that future is more electrifying than ever.
A new critical vulnerability has been disclosed by Atlassian in a security advisory published on October 4th 2023 in its on-premise Confluence Data Center and...
Cato Protects Against Atlassian Confluence Server Exploits (CVE-2023-22515) A new critical vulnerability has been disclosed by Atlassian in a security advisory published on October 4th 2023 in its on-premise Confluence Data Center and Server product. A privilege escalation vulnerability through which attackers may exploit a vulnerable endpoint in internet-facing Confluence instances to create unauthorized Confluence administrator accounts and gain access to the Confluence instance.
At the time of writing a CVSS score was not assigned to the vulnerability but it can be expected to be very high (9 – 10) due to the fact it is remotely exploitable and allows full access to the server once exploited.
[boxlink link="https://www.catonetworks.com/rapid-cve-mitigation/"] Rapid CVE Mitigation by Cato Security Research [/boxlink]
Cato’s Response
There are no publicly known proofs-of-concept (POC) of the exploit available, but it has been confirmed by Atlassian that they have been made aware of the exploit by a “handful of customers where external attackers may have exploited a previously unknown vulnerability” so it can be assumed with a high certainty that it is already being exploited.
Cato’s Research Labs identified possible exploitation attempts of the vulnerable endpoint (“/setup/”) in some of our customers immediately after the security advisory was released, which were successfully blocked without any user intervention needed. The attempts were blocked by our IPS signatures aimed at identifying and blocking URL scanners even before a signature specific to this CVE was available.
The speed with which using the very little information available from the advisory was already integrated into online scanners gives a strong indication of how much of a high-value target Confluence servers are, and is concerning given the large numbers of publicly facing Confluence servers that exist.
Following the disclosure, Cato deployed signatures blocking any attempts to interact with the vulnerable “/setup/” endpoint, with a detect-to-protect time of 1 day and 23 hours for all users and sites connected to Cato worldwide, and Opt-In Protection already available in under 24 hours.
Furthermore, Cato’s recommendation is to restrict access to Confluence servers’ administration endpoints only from authorized IPs, preferably from within the network and when not possible that it is only accessible from hosts protected by Cato, whether behind a Cato Socket or remote users running the Cato Client.
Cato’s Research Labs continues to monitor the CVE for additional information, and we will update our signatures as more information becomes available or a POC is made public and exposes additional information. Follow our CVE Mitigation page and Release Notes for future information.
September 26, 2023
4m read
Introduction Businesses have increasingly turned to Secure Services Edge (SSE) to secure their digital assets and data, as they undergo digital transformation. SSE secures the...
September 26, 2023
4m read
Essential steps to evaluate the Risk Profile of a Secure Services Edge (SSE) Provider Introduction
Businesses have increasingly turned to Secure Services Edge (SSE) to secure their digital assets and data, as they undergo digital transformation.
SSE secures the network edge to ensure data privacy and protect against cyber threats, using a cloud-delivered SaaS infrastructure from a third-party cybersecurity provider.
SSE has brought numerous advantages to companies who needed to strengthen their cyber security after undergoing a digital transformation. However, it has introduced new risks that traditional risk management methods can fail to identify at the initial onboarding stage.
When companies consider a third party to run their critical infrastructure, it is important to seek functionality and performance, but it is essential to identify and manage risks. Would you let someone you barely know race your shiny Porsche along a winding clifftop road, without first assessing his driving skills and safety record?
[boxlink link="https://www.catonetworks.com/resources/ensuring-success-with-sse-rfp-rfi-template/"] Ensuring Success with SSE: Your Helpful SSE RFP/RFI Template | Download the Template [/boxlink]
When assessing a Secure Services Edge (SSE) vendor, it is therefore essential to consider the risk profile alongside the capabilities.
In this post, we will guide you through the key steps to evaluate SSE vendors, this time not based on their features, but on their risk profile.
Why does this matter?
Gartner defines a third-party risk “miss” as an incident resulting in at least one of the outcomes in Figure 1.
Its 2022 survey of Executive Risk Committee members shows how these third-party risk “misses” are hurting organizations: 84% of respondents said that they had resulted in operations disruption at least once in the last 12 months.
Courtesy of Gartner
Essential steps to evaluate the Risk Profile of a potential SSE provider
Step 1: Assess Reputation and Experience
Start your evaluation by researching the provider’s reputation and experience in the cybersecurity industry. Look for established vendors with a proven track record of successfully securing organizations from cyber threats. Client testimonials and case studies can offer valuable insights into their effectiveness in handling diverse security challenges.
Step 2: Certifications and Compliance
Check if the cybersecurity vendor holds relevant certifications, such as ISO 27001, NIST Cybersecurity Framework, SOC 2, or others. These demonstrate their commitment to maintaining high standards of information security. Compliance with industry-specific regulations (e.g., GDPR, HIPAA) is equally important, especially if your organization deals with sensitive data.
Step 3: Incident Response and Support
Ask about the vendor's incident response capabilities and the support they provide during and after a cyber incident. A reliable vendor should have a well-defined incident response plan and a team of skilled professionals ready to assist you in the event of a security breach.
Step 4: Third-party Audits and Assessments
Look for vendors who regularly undergo third-party security audits and assessments. These independent evaluations provide an objective view of the vendor's security practices and can validate their claims regarding their InfoSec capabilities.
Step 5: Data Protection Measures
Ensure that the vendor employs robust data protection measures, including encryption, access controls, and data backup protocols. This is vital if your organization handles sensitive customer information or intellectual property.
Step 6: Transparency and Communication
A trustworthy vendor will be transparent about their security practices, policies, and potential limitations. Evaluate how well they communicate their security measures and how responsive they are to your queries during the evaluation process.
Step 7: Research Security Incidents and Breaches
Conduct research on any past security incidents or data breaches that the vendor might have experienced. Analyze how they handled the situation, what lessons they learned, and the improvements they made to prevent similar incidents in the future.
Gartner has recently released a Third Party Risk platform to help organizations navigate through the risk profiles of Third Party providers, including of course, cybersecurity vendors.
The Gartner definition of Third-Party Risk is: “the risk an organization is exposed to by its external third parties such as vendors, contractors, and suppliers who may have access to company data, customer data, or other privileged information.”
The information provided by vendors on Gartner's Third-Party Risk Platform is primarily self-disclosed. While Gartner relies on vendors to accurately report their details, they also offer the option for vendors to upload attestations of third-party audits as evidence to support their claims. This additional layer of validation helps increase the reliability and credibility of the information presented. However, it is ultimately the responsibility of users to perform their due diligence when evaluating vendor information.
Conclusion
Selecting the right SSE provider is a critical decision that can significantly impact your organization's security posture. By evaluating vendors based on their Risk profile, not just their features, and leveraging the Gartner Third Party Risk Platform, you can make an informed choice and gain a reliable cybersecurity provider. Remember: investing time and effort in the evaluation process now, can prevent potential security headaches in the future, ensuring your organization remains protected from evolving cyber threats and compliant to local regulations.
September 21, 2023
8m read
One of the observations I sometimes get from analysts, investors, and prospects is that Cato is a mid-market company. They imply that we are creating...
September 21, 2023
8m read
The Cato Journey – Bringing SASE Transformation to the Largest Enterprises One of the observations I sometimes get from analysts, investors, and prospects is that Cato is a mid-market company. They imply that we are creating solutions that are simple and affordable, but don’t necessarily meet stringent requirements in scalability, availability, and functionality.
Here is the bottom line: Cato is an enterprise software company. Our mission is to deliver the Cato SASE experience to organizations of all sizes, support mission critical operations at any scale, and deliver best-in-class networking and security capabilities.
The reason Cato is perceived as a mid-market company is a combination of our mission statement which targets all organizations, our converged cloud platform that challenges legacy blueprints full of point solutions, our go-to-market strategy that started in the mid-market and went upmarket, and the IT dynamics in large enterprises. I will look at these in turn.
The Cato Mission: World-class Networking and Security for Everyone
Providing world class networking and security capabilities to customers of all sizes is Cato’s reason-for-being. Cato enables any organization to maintain top notch infrastructure by making the Cato SASE Cloud its enterprise networking and security platform. Our customers often struggled to optimize and secure their legacy infrastructure where gaps, single points of failure, and vulnerabilities create significant risks of breach and business disruption.
Cato SASE Cloud is a globally distributed cloud service that is self-healing, self-maintaining, and self-optimizing and such benefits aren’t limited to resource constrained mid-market organizations. In fact, most businesses will benefit from a platform that is autonomous and always optimized. It isn’t just the platform, though. Cato’s people, processes, and capabilities that are focused on cloud service availability, optimal performance, and maximal security posture are significantly higher than those of most enterprises.
Simply put, we partner with our customers in the deepest sense of the word. Cato shifts the burden of keeping the lights on a fragmented and complex infrastructure from the customer to us, the SASE provider. This grunt work does not add business value, it is just a “cost of doing business.” Therefore, it was an easy choice for mid-market customers that could not afford wasting resources to maintain the infrastructure. Ultimately, most organizations will realize there is simply no reason to pay that price where a proven alternative exists.
The most obvious example of this dynamic of customer capabilities vs. cloud services capabilities is Amazon Web Services (AWS). AWS eliminates the need for customers to run their own datacenters and worry about hosting, scaling, designing, deploying, and building high availability compute and storage. In the early days of AWS, customers used it for non-mission-critical departmental workloads. Today, virtually all enterprises use AWS or similar hyperscalers as their cloud datacenter platforms because they can bring to bear resources and competencies at a global scale that most enterprises can’t maintain.
AWS was never a “departmental” solution, given its underlying architecture. The Cato architecture was built with the same scale, capacity, and resiliency in mind. Cato can serve any organization.
The Cato SASE Cloud Platform: Global, Efficient, Scalable, Available
Cato created an all-new cloud-native architecture to deliver networking and security capabilities from the cloud to the largest datacenters and down to a single user. The Cato SASE Cloud is a globally distributed cloud service comprised of dozens of Points of Presence (PoPs). The PoPs run thousands of copies of a purpose-built and cloud-native networking and security stack called the Single Pass Cloud Engine (SPACE). Each SPACE can process traffic flows from any source to any destination in the context of a specific enterprise security policy. The SPACE enforces application access control (ZTNA), threat prevention (NGFW/IPS/NGAM/SWG), and data protection (CASB/DLP) and is being extended to address additional domains and requirements within the same software stack.
Large enterprises expect the highest levels of scalability, availability, and performance. The Cato architecture was built from the ground up with these essential attributes in mind. The Cato SASE Cloud has over 80 compute PoP locations worldwide, creating the largest SASE Cloud in the world. PoPs are interconnected by multiple Tier 1 carriers to ensure minimal packet loss and optimal path selection globally. Each PoP is built with multiple levels of redundancy and excess capacity to handle load surges. Smart software dynamically diverts traffic between PoPs and SPACEs in case of failure to ensure service continuity. Finally, Cato is so efficient that it has recently set an industry record for security processing -- 5 Gbps of encrypted traffic from a single location.
Cato’s further streamlines SOC and NOC operations with a single management console, and a single data lake providing a unified and normalized platform for analytics, configuration, and investigations. Simple and streamlined is not a mid-market attribute. It is an attribute of an elegant and seamless solution.
Go to Market: The Mid-Market is the Starting Point, Not the Endgame
Cato is not a typical cybersecurity startup that addresses new and incremental requirements. Rather, it is a complete rethinking and rearchitecting of how networking and security should be delivered. Simply put, Cato is disrupting legacy vendors by delivering a new platform and a completely new customer experience that automates and streamlines how businesses connect and secure their devices, users, locations, and applications.
Prospects are presented with a tradeoff: continue using legacy technologies that consume valuable IT time and resources spent on integration, deployment, scaling, upgrades, and maintenance, or adopt the new Cato paradigm of simplicity, agility, always on, and self-maintaining. This is not an easy decision. It means rethinking their networking and security architecture. Yet it is precisely the availability of the network and the ability to protect against threats that impact the enterprise’s ability to do business.
[boxlink link="https://www.catonetworks.com/resources/cato-sase-vs-the-sase-alternatives/"] Cato SASE vs. The SASE Alternatives | Download the eBook [/boxlink]
With that backdrop, Cato found its early customers at the “bottom” of the mid-market segment. These customers had to balance the risk of complexity and resource scarcity or the risk of a new platform. They often lacked the internal budgets and resources to meet their needs with existing approaches; they were open to considering another way.
Since then, seven years of technical development in conjunction with wide-spread market validation of single-vendor SASE as the future of enterprise networking and security have led Cato to move up market and acquire Fortune 500 and Global 1000 enterprises at 100x the investment of early customers – on the same architecture. In the process, Cato replaced hundreds of point products, both appliances and cloud- services, from all the leading vendors to transform customers’ IT infrastructure.
Cato didn’t invent this strategy of starting with smaller enterprises and progressively addressing the needs of larger enterprises. Twenty years ago, a small security startup, Fortinet, adopted this same go-to-market approach with low-cost firewall appliances, powered by custom chips, targeting the SMB and mid-market segments. The company then proceeded to move up market and is now serving the largest enterprises in the world. While we disagree with Fortinet on the future of networking and security and the role the cloud should play in it, we agree with the go-to-market approach and expect to end in the same place.
Features and Roadmap: Addressing Enterprise Requirements at Cloud Speed
When analysts assess Cato’s platform, they do it against a list of capabilities that exist in other vendors’ offerings. But this misses the benefit of hindsight. All too often, so-called “high-end features” had been built for legacy conditions, specific edge cases, particular customer requirements that are now obsolete or have low value. In networking, for example, compression, de-duplication, and caching, aren’t aligned with today’s requirements where traffic is compressed, dynamic, and sent over connections with far more capacity that was ever imagined when WAN optimization was first developed.
On the other hand, our unique architecture allows us to add new capabilities very quickly. Over 3,000 enhancements and features were added to our cloud service last year alone. Those features are driven by customers and cross-referenced with what analysts use in their benchmarks. For that very reason, we run a customer advisory board, and conduct detailed roadmap and functional design reviews with dozens of customers and prospects. Case in point is the introduction of record setting security processing -- 5 Gbps of encrypted traffic from a single location. No other vendor has come close to that limit.
The IT Dynamics in Large Enterprises: Bridging the Networking and Security SILOs
Many analysts are pointing towards enterprise IT structure and buying patterns as a blocker to SASE adoption. IT organizations must collaborate across networking and security teams to achieve the benefits of a single converged platform. While smaller IT organizations can do it more easily, larger IT organizations can achieve the same outcome with the guidance of visionary IT leadership. It is up to them to realize the need to embark on a journey to overcome the resource overload and skills scarcity that slows down their teams and negatively impacts the business. Across multiple IT domains, from datacenters to applications, enterprises partner with the right providers that through a combination of technology and people help IT to support the business in a world of constant change.
Cato’s journey upmarket proves that point. As we engage and deploy SASE in larger enterprises, we prove that embracing networking and security convergence is more of matter of imagining what is possible. With our large enterprise customers' success stories and the hard benefits they realized, the perceived risk of change is diminished and a new opportunity to transform IT emerges.
The Way Forward: Cato is Well Positioned to Serve the Largest Enterprises
Cato has reimagined what enterprise networking and security should be. We created the only true SASE platform that delivers the seamless and fluid experience customers got excited about when SASE was first introduced. We have matured the Cato SASE architecture and platform for the past eight years by working with customers of all sizes to make Cato faster, better, and stronger. We have the scale, the competencies, and the processes to enhance our service, and a detailed roadmap to address evolving needs and requirements. You may be a Request for Enhancement (RFE) away from seeing how SASE, Cato’s SASE, can truly change the way your enterprise IT enables and drives the business.
September 19, 2023
4m read
Today, we announced our largest funding round to date ($238M) at a new company valuation of over $3B. It’s a remarkable achievement that is indicative...
September 19, 2023
4m read
Cato: The Rise of the Next-Generation Networking and Security Platform Today, we announced our largest funding round to date ($238M) at a new company valuation of over $3B. It’s a remarkable achievement that is indicative not only of Cato’s success but also of a broader change in enterprise infrastructure.
We live in an era of digital transformation. Every business wants to be as agile, scalable, and resilient as AWS (Amazon Web Service) to gain a competitive edge, reduce costs and complexity, and delight its customers. But to achieve that goal, enterprise infrastructure, including both networking and security, must undergo digital transformation itself. It must become an enabler, instead of a blocker, for the digital business. Security platforms are a step in that direction.
Platforms can be tricky. A platform, by definition, must come from a single vendor and should cover most of the requirements of a given enterprise. This is not enough, though. A vendor could seemingly create a platform by “duct taping” products that were built organically with others that came from acquisitions. In that case, while the platform might check all the functional boxes, it would not feel like a cohesive unity but a collection of non-integrated components. This is a common theme with acquisitive vendors: they provide the comfort of sound financials but are hard pressed to deliver the promised platform benefits. What they have, in fact, is a portfolio of products, not a platform.
[boxlink link="https://www.catonetworks.com/resources/cato-named-a-challenger-in-the-gartner-magic-quadrant-for-single-vendor-sase/"] Cato named a Challenger in Gartner’s Magic Quadrant for Single Vendor-SASE | Get the Report [/boxlink]
In 2015, Cato embarked on a journey to build a networking and security platform, from the ground up, for the cloud era. We did not want just to cover as many functional requirements as fast as possible. Rather, we wanted to create a seamless and elegant experience, powered by a converged, global, cloud-native service that sustains maximal security posture and optimal performance, while offloading unproductive grunt work from IT professionals. A cohesive service architecture that is available everywhere enabled us to ensure scalable and resilient secure access to the largest datacenters and down to a single user.
We have been hard at work over the past eight years to mature this revolutionary architecture, that Gartner called SASE in 2019, and rapidly expand the capabilities it offered to our 2,000+ customers. We have grown not only the customer base, but the scale and complexity of enterprises that are supported by Cato today. In the process of transforming and modernizing our customers’ infrastructure we replaced many incumbent vendors, both appliance-centric and cloud-delivered, that our customers could not find the skills and resources to sustain.
Building a new platform is ambitious. Obviously, we are competing for the hearts and minds of customers that must choose between legacy approaches they lived with for so long, the so-called “known evil,” or join us to adopt a better and more effective networking and security platform for their businesses.
Today’s round of financing is proof that we are going in the right direction. Our customers, with tens of thousands of locations and millions of users, trust us to power their mission critical business operations with the only true SASE platform. They are joined today by existing and new investors that believe in our vision, our roadmap, and in our mission to change networking and security forever.
SASE is the way of the future. We imagined it, we invested in it, we built it, and we believe in it.
Cato. We ARE SASE.
September 13, 2023
5m read
Introduction The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 1.1 has been a critical reference to help reduce or mitigate cybersecurity threats...
September 13, 2023
5m read
NIST Cybersecurity & Privacy Program Introduction
The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 1.1 has been a critical reference to help reduce or mitigate cybersecurity threats to Critical Infrastructures. First launched in 2014, it remains the de facto framework to address the cyber threats we have seen. However, with an eye toward addressing more targeted, sophisticated, and coordinated future threats, it was universally acknowledged that NIST CSF 1.1 required updating.
NIST has released a public draft of version 2.0 of their Cybersecurity Framework (CSF), which promises to deliver several improvements. However, to understand the impact of this update, it helps to understand how CSF v1.1 brought us this far.
Background
Every organization in today’s evolving global environment is faced with managing enterprise security risks efficiently and effectively. Cybersecurity is daunting; depending on your industry vertical, adhering to an intense list of regulatory and compliance standards only adds to this nightmare. Whether it’s the International Organization for Standardization (ISO) 27001, Information Systems Audit and Controls Association (ISACA) COBIT5, or other such programs, it is often confusing to know how or where to start, but they all specify processes to protect and respond to cybersecurity threats.
This was the impetus behind the National Institute of Standards and Technology (NIST) developing the Cybersecurity Framework (CSF). NIST CSF references proven best practices in its Core functions: Identify, Protect, Detect, Respond, and Recover. With this framework in place, organizations now have tools to better manage enterprise cybersecurity risk by presenting organizations with the required guidance.
NIST 2.0
The development of NIST CSF version 2.0 was a collaboration of industry, academic, and government experts across the globe, demonstrating the intent of adapting this iteration of the CSF to organizations everywhere, and not just in the US. It’s focused on mitigating cybersecurity risk to industry segments of all types and sizes by helping them understand, assess, prioritize, and communicate about these risks and the actions to reduce them.
To deliver on this promise, NIST CSF 2.0 highlights several core changes to deliver a more holistic framework. The following key changes are crucial to improving CSF to make it more globally relevant:
Global applicability for all segments and sizes
The previous scope of NIST CSF primarily addressed cybersecurity for critical infrastructure in the United States. While necessary at the time, it was universally agreed that expanding this scope was necessary to include global industries, governments, and academic institutions, and NIST CSF 2.0 does this.
Focus on cybersecurity governance
Cybersecurity governance is an all-encompassing cybersecurity strategy that integrates organizational operations to mitigate the risk of business disruption due to cyber threats or attacks. Cybersecurity governance includes many activities, including accountability, risk-tolerance definitions, and oversight, just to name a few. These critical components map neatly across the five core pillars of NIST CSF: Identify, Protect, Detect, Respond, and Recover. Cybersecurity governance within NIST CSF 2.0 defines and monitors cybersecurity risk strategies and expectations.
Focus on cybersecurity supply chain risk management
An extensive, globally distributed, and interconnected supply chain ecosystem is crucial for maintaining a strong competitive advantage and avoiding potential risks to business continuity and brand reputation. However, an intense uptick in cybersecurity incidents in recent years has uncovered the extended risk that exists in our technology supply chains. For this reason, integrating Cybersecurity Supply Chain Risk Management into NIST CSF 2.0 enables this framework to effectively inform an organization’s oversight and communications related to cybersecurity risks across multiple supply chains.
[boxlink link="https://www.catonetworks.com/resources/nist-compliance-to-cato-sase/"] Mapping NIST Cybersecurity Framework (CSF) to the Cato SASE Cloud | Download the White Paper [/boxlink]
Integrating Cybersecurity Risk Management with Other Domains Using the Framework
NIST CSF 2.0 acknowledges that no one framework or guideline solves all cybersecurity challenges for today’s organizations. Considering this, there is alignment to several important privacy and risk management frameworks included in this draft:
Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations – NIST SP 800-161f1
NIST Privacy Framework
Integrating Cybersecurity and Enterprise Risk Management – NIST IR 8286
Artificial Intelligence Risk Management Framework – AI 100-1
Alignment to these and other frameworks ensures organizations are well-equipped with guidelines and tools to facilitate their most critical cybersecurity risk programs holistically to achieve their desired outcomes.
Framework Tiers to Characterize Cybersecurity Risk Management Outcomes
NIST CSF 2.0 includes framework tiers to help define cybersecurity risks and how they will be managed within an organization. These tiers help identify an organization's cybersecurity maturity level and will specify the perspectives of cybersecurity risk and the processes in place to manage those risks. The tiers should serve as a benchmark to inform a more holistic enterprise-wide program to manage and reduce cybersecurity risks.
Using the Framework
There is no one-size-fits-all approach to addressing cybersecurity risks and defining and managing their outcomes. NIST CSF 2.0 is a tool that can be used in various ways to inform and guide organizations in understanding their risk appetite, prioritize activities, and manage expectations for their cybersecurity risk management programs. By integrating and referencing other frameworks, NIST CSF 2.0 is a risk management connector to help develop a more holistic cybersecurity program.
Cato SASE Cloud and NIST CSF
The Cato SASE Cloud supports the Cybersecurity Framework’s core specifications by effectively identifying, mitigating, and reducing enterprise security risk. Cato’s single converged software stack delivers a holistic security posture while providing extensive visibility across the entire SASE cloud.
Our security capabilities map very well into the core requirements of the NIST CSF to provide a roadmap for customers to comply with the framework. For more details, read our white paper on mapping Cato SASE Cloud to NIST CSF v1.1.
September 11, 2023
6m read
Introduction Organizations need to protect themselves from the risks of running their business over the internet and processing sensitive data in the cloud. The growth...
September 11, 2023
6m read
How to Solve the Cloud vs On-Premise Security Dilemma Introduction
Organizations need to protect themselves from the risks of running their business over the internet and processing sensitive data in the cloud. The growth of SaaS applications, Shadow IT and work from anywhere have therefore driven a rapid adoption of cloud-delivered cybersecurity services.
Gartner defined SSE as a collection of cloud-delivered security functions: SWG, CASB, DLP and ZTNA. SSE solutions help to move branch security to the cloud in a flexible, cost-effective and easy-to-manage way. They protect applications, data and users from North-South (incoming and outgoing) cyber threats. Of course, organizations must also protect against East-West threats, to prevent malicious actors from moving within their networks.
Organizations can face challenges moving all their security to the Cloud, particularly when dealing with internal traffic segmentation (East-West traffic protection), legacy data center applications that can’t be moved to the cloud, and regulatory issues (especially in Finance and Government sectors). They often retain a legacy data center firewall for East-West traffic protection, alongside an SSE solution for North-South traffic protection.
This hybrid security architecture increases complexity and operational costs. It also creates security gaps, due to the lack of unified visibility across the cloud and on-premise components.
A SIEM or XDR solution could help with troubleshooting and reducing security gaps, but it won’t solve the underlying complexity and operational cost issues.
Solving the cloud vs on-premise dilemma
Cato Networks’ SSE 360 solution solves the “on-premise vs cloud-delivered” security dilemma by providing complete and holistic protection across the organization’s infrastructure. It is built on a cloud-native architecture, secures traffic to all edges and provides full network visibility and control.
Cato SSE 360 delivers both the North-South protection of SSE and the East-West protection normally delivered by a data center firewall, all orchestrated from one unified cloud-based console, the Cato Management Application (CMA).
Cato SSE 360 offers a modular way to implement East-West traffic protection. By default, traffic protection is enforced at the POP, including features such as TLS inspection, user/device posture checks and advanced malware protection. See Figure 1 below. This does not impact user experience because there is sub-20ms latency to the closest Cato POP, worldwide.
Figure 1 - WAN Firewall Policy
Using the centralized Cato Management Application (CMA), it is simple to create a policy based on a zero-trust approach. For example, in Figure 2 below, we see that only
Authorized users (e.g. Cato Fong),
Connected to a corporate VLAN,
Running a policy-compliant device (Windows with Windows AV active)
Are allowed to access sensitive resources (in this case, the Domain Controller inside the organization).
Figure 2 - An example WAN Firewall rule
In some situations, it is helpful to implement East-West security at the local site: to allow or block communication without sending the traffic to the POP.
For Cato services, the default way to connect a site to the network is with a zero-touch edge SD-WAN device, known as a Cato Socket. With Cato’s LAN Firewall policy, you can configure rules for allowing or blocking LAN traffic directly on the Socket, without sending traffic to the POP. You can also enable tracking (ie. record events) for each rule.
Figure 3 - LAN Firewall Policy
When to use a LAN firewall policy
There are several scenarios in which it could make sense to apply a LAN firewall policy.
Let’s review the LAN Firewall logic:
Site traffic will be matched against the LAN firewall policies
If there is a match, then the traffic is enforced locally at the socket level
If there is no match, then traffic will be forwarded by default to the POP the socket is connected to
Since the POP implements an implicit “deny” all policy for WAN traffic, administrators will just have to define a “whitelist” of policies to allow users to access local resources.
[boxlink link="https://www.catonetworks.com/resources/the-business-case-for-security-transformation-with-cato-sse-360/?cpiper=true"] The Business Case for Security Transformation with Cato SSE 360 | Download the White Paper [/boxlink]
Some use cases:
prevent users on a Guest WiFi network from accessing local corporate resources.
allow users on the corporate VLAN to access printers located in the printer VLAN, over specific TCP ports.
allow IOT devices (e.g. CCTV cameras), connected to an IOT-camera VLAN, to access the IOT File Server, but only over HTTPS.
allow database synchronization across two VLANs located in separate datacenter rooms over a specific protocol/port.
To better show the tight interaction between the LAN firewall engine in the socket and the WAN and Internet firewall engines at the POP, let’s see this use case: In Figure 5, a CCTV camera is connected to an IoT VLAN. A LAN Firewall policy, implemented in the Cato Socket, allows the camera to access an internal CCTV server. However, the Internet Firewall, implemented at the POP, blocks access by the camera to the Internet. This will protect against command and control (C&C) communication, if the camera is ever compromised by a malicious botnet.
Figure 4 - Allow CCTV camera to access CCTV internal server
All policies should both be visible in the same dashboard
IT Managers can use the same CMA dashboards to set policies and review events, regardless of whether the policy is enforced in the local socket or in the POP. This makes it simple to set policies and track events.
We can see this in the figures below, which show a LAN firewall event and a WAN firewall event, tracked on the CMA.
Figure 6 shows a LAN firewall event. It is associated with the Guest WiFi LAN firewall policy mentioned above. Here, we blocked access to the corporate AD server for the guest user at the socket level (LAN firewall).
Figure 5 - LAN Firewall tracked event
Figure 7 shows a WAN firewall event. It is associated with a WAN firewall policy for the AD Server, for a user called Cato Fong. In this case, we allowed the user to access the AD Server at the POP level (WAN firewall), using zero trust principles: Cato is an authorized user and Windows Defender AV is active on his device.
Figure 6 - WAN Firewall tracked event
Benefits of cloud-based East-West protection
Applying East-West protection with Cato SSE 360 brings several key benefits:
It allows unified cloud-based management across all edges, for both East-West and North-South protection;
It provides granular firewall policy options for both local and global segmentation;
It allows bandwidth savings for situations that do not require layer 7 inspection;
If provides unified, cloud-based visibility of all security and networking events.
With Cato SASE Cloud and Cato SSE 360, organizations can migrate their datacenter firewalls confidently to the cloud, to experience all the benefits of a true SASE solution.
Cato SSE 360 is built on a cloud-native architecture. It secures traffic to all edges and provides full network visibility and control. It delivers all the functionality of a datacenter firewall, including NGFW, SWG and local segmentation, plus Advanced Threat Protection and Managed Threat Detection and Response.
September 6, 2023
4m read
Gartner introduced SASE as a new market category in 2019, defining it as the convergence of network and security into a seamless, unified, cloud-native solution....
September 6, 2023
4m read
7 Compelling Reasons Why Analysts Recommend SASE Gartner introduced SASE as a new market category in 2019, defining it as the convergence of network and security into a seamless, unified, cloud-native solution. This includes SD-WAN, FWaaS, CASB, SWG, ZTNA, and more.
A few years have gone by since Gartner’s recognition of SASE. Now that the market has had time to learn and experience SASE, it’s time to understand what leading industry analysts think of SASE? In this blog post, we bring seven observations from analysts who recommend SASE and analyze its underlying impact. You can read their complete insights and predictions in the report this blog post is based on, right here.
1. Convergence Matters More Than Adding New Features
According to the Futuriom Cloud Secure Edge and SASE Trend Report, “The bottom line is that SASE underlines a larger trend towards consolidating technology tools and integrating them together with cloud architectures.”
Point solutions increase complexity for IT teams. They also expand the attack surface and decrease network performance. SASE converges networking and security capabilities into a holistic and cloud-native platform, solving this problem.
Convergence makes SASE more efficient and effective than point solutions. It improves performance through single-pass processing, improves the security posture thanks to holistic intelligence, and simplifies network planning and shortens time to resolve issues with increased visibility.
2. SASE is the Ultimate “Convergence of Convergence”
SASE is convergence. Gartner Predicts 2022 highlighted how converged security delivers more complete coverage than multiple integrated point solutions. Converged Security Platforms produce efficiencies greater than the sum of their individual parts.
This convergence can be achieved only when core capabilities leverage a single pass engine to address threat prevention, data protection, network acceleration, and more.
3. SASE Supports Gradual Migration: It’s an Evolution, Not a Revolution
According to David Holnes, Senior Forrester Analyst, “SASE should be designed to support a gradual migration. There is definitely a way not to buy everything at once but start small and grow gradually based on your need and your pace.”
SASE is a impactful market category. However, this doesn’t mean enterprise IT teams should suddenly rearchitect their entire network and security infrastructure without adequate planning. SASE transformation can take a few months, or even a few years, depending on the organization’s requirements.
[boxlink link="https://www.catonetworks.com/resources/7-compelling-reasons-why-analysts-recommend-sase/"] 7 Compelling Reasons Why Analysts Recommend SASE | Download the eBook [/boxlink]
4. SASE is about Unification and Simpliciation
According to John Burke, CTO and Principal Analyst of Nemertes, “With SASE, policy environments are unified. You’re not trying to define policies in eight different tools and implement consistent security across context.”
With SASE, networking and security are inseparable. All users benefit from the holistic security and network optimization in SASE.
5. SASE Allows Businesses to Operate with Speed and Agility
According to Andre Kindnes, Principal Analyst at Forrester Research “The network is ultimately tied to business, and becomes the business’ key differentiator.”
SASE supports business agility and adds value to the business, while optimizing cost structures. IT can easily perform all support operations through self-service and centralized management. In addition, new capabilities, updates, bug fixes and patches are delivered without extensive impact on IT teams.
6. SASE is Insurance for the Future
According to John Burke, CTO and Principal Analyst of Nemertes, “It’s pandemic insurance for the next pandemic.”
SASE future proofs the business and network for on-going growth and innovation. It could be a drastic event like a pandemic, significant changes like digital transformation, M&A or merely changes in network patterns. SASE lets organizations move with speed and agility.
7. SASE Changes the Nature of IT Work from Tactical to Strategic
According to Mary Barton, Consultant at Forrester, “IT staff is ultimately more satisfied, because they no longer deploy to remote sites to get systems up and running.”
She also says, “The effect is IT morale goes up because the problems solved on a day-to-day basis are of a completely different order. They think about complex traffic problems and application troubleshooting and performance.”
The health of your network has a direct impact on the health of the business. If there are network outages or performance is poor, the business’ bottom line and employee productivity are both affected. An optimized network frees IT to focus on business-critical tasks, rather than keeping the lights on.
Cato Networks is SASE
According to Scott Raynovich, Founder and Chief Analyst at Futuriom, “Cato pioneered SASE, creating the category before it existed.” He added, “They saw the need early on for enterprises to deliver global, cloud-delivered networking and security. It’s a vision that is now paying off with tremendous growth.”
Read the complete report here.
September 4, 2023
5m read
SASE sets the design guidelines for the convergence of networking and security as a cloud service. With SASE, enterprises can achieve operational simplicity, reliability, and...
September 4, 2023
5m read
Single Vendor SASE vs. the Alternatives: Navigating Your Options SASE sets the design guidelines for the convergence of networking and security as a cloud service. With SASE, enterprises can achieve operational simplicity, reliability, and adaptability. Unsurprisingly, since Gartner defined SASE in 2019, vendors have been repositioning their product offerings as SASE. So, what are the differences between the recommended single-vendor SASE approach and other SASE alternatives? Let’s find out.
This blog post is based on the e-book “Single Vendor SASE vs. Other SASE Alternatives”, which you can read here.
What is SASE?
The disappearance of traditional network boundaries in favor of distributed network architectures, with users, applications, and data spread across various environments, has created greater complexity and increased risk. Consequently, enterprises dealt with increased operational costs, expanding security threats, and limited visibility.
SASE is a new architectural approach that addresses current and future enterprise needs for high-performing connectivity and secure access for any user to any application, from any location.
Per Gartner, the fundamental SASE architectural requirements are:
Convergence - Networking and security are converged into one software that simultaneously handles core tasks, such as routing, inspection, and enforcement while sharing context.
Identity-driven - Enforcing ZTNA that is based on user identities and granular access control to resources.
Cloud-native - Cloud-delivered, multi-tenant, and with the ability to elastically scale. Usually, this means a microservices architecture.
Global - Availability around the globe through PoPs (Points of Presence) that are close to users and applications.
Support all Edges - Serving all branches, data centers, cloud, and remote users equally through a uniform security policy, while ensuring optimal application performance.
In addition, a well-designed SASE solution should be controllable through a single management application. This streamlines the processes of administration, monitoring, and troubleshooting.
Common SASE Architectures
Today, many vendors are offering “SASE”. However, not all SASE is created equal or offers the same solutions for the same use cases and in the same way. Let's delve deeper into a quick comparison of each SASE architecture and unveil their differences.
[boxlink link="https://www.catonetworks.com/resources/cato-sase-vs-the-sase-alternatives/"] Cato SASE vs. The SASE Alternatives | Download the eBook [/boxlink]
1. Single-vendor SASE
A single-vendor SASE provider converges network and security capabilities into a single cloud-delivered service. This allows businesses to consolidate different point products, eliminate appliances, and ensure consistent policy enforcement.
In addition, event data is stored in a single data lake. This shared context improves visibility and the effective enforcement of security policies. Additionally, centralized management makes it easier to monitor and troubleshoot network & security issues. This makes SASE simple to use, boosts efficiency, and ensures regulatory compliance.
2. Multi-vendor SASE
A multi-vendor SASE involves two vendors that provide all SASE functionalities, typically combining a network-focused vendor with a security-focused one. This setup requires integration to ensure the solutions work together, and to enable log collection and correlation for visibility and management. This approach requires multiple applications. While it can achieve functionality similar to a single-vendor system, the increased complexity often results in reduced visibility, and lack of agility and flexibility.
3. Portfolio-vendor SASE (Managed SASE)
A portfolio-vendor SASE is when a service provider delivers SASE by integrating various point solutions, including a central management dashboard that uses APIs for configuration and management. While this model relieves the customer from handling multiple products, it still brings the complexity of managing a diverse SASE infrastructure. In addition, MSPs choosing this approach may face longer lead times for changes and support, adversely impacting an organization’s agility and flexibility.
4. Appliance-based SASE
Appliance-based SASE, often pitched by vendors that are still tied to legacy on-premise solutions, typically routes remote users and branch traffic through a central on-site or cloud data center appliance before it reaches its destination. Although this approach may combine network and security features, its physical nature and backhauling of network traffic can adversely affect flexibility, performance, efficiency and productivity. It's a proposition that may sound appealing but has underlying limitations.
Which SASE Option Is Best for Your Enterprise?
It might be challenging to navigate the different SASE architectures and figuring out the differences between them. In the e-book, we present a concise comparison table that maps out the SASE architectures according to Gartner’s SASE requirements.
The bottom line: a single-vendor SASE is most equipped to answer enterprises’ most pressing challenges:
Network security
Agility and flexibility
Efficiency and productivity
This is enabled through:
Convergence - eliminating the need for complex integrations and troubleshooting.
Identity-driven approach - for increased security and compliance.
Cloud-native architecture - to ensure support for future growth.
Global availability - to enhance productivity and support global activities and expansion.
Support for all edges - one platform and one policy engine across the enterprise to enhance security and efficiency.
According to Gartner, by 2025, single-vendor SASE offerings are expected to constitute one-third of all new SASE deployments. This is a significant increase from just 10% in 2022. How does your enterprise align with this trend? Are you positioned to be part of this growing movement?
If you're interested in diving deeper into the various architectures, complete with diagrams and detailed comparisons, while exploring specific use cases, read the entire e-book. You can find it here.
Introduction In an increasingly digital world, cybersecurity has become a critical concern for companies. With the rise of sophisticated cyber threats, protecting critical infrastructure and...
Achieving NIS2 Compliance: Essential Steps for Companies Introduction
In an increasingly digital world, cybersecurity has become a critical concern for companies. With the rise of sophisticated cyber threats, protecting critical infrastructure and ensuring the continuity of essential services has become a top priority. The EU’s Network and Information Security Directive (NIS2), which supersedes the previous directive from 2016, establishes a framework to enhance the security and resilience of network and information systems. In this blog post, we will explore the key steps that companies need to take to achieve NIS2 compliance.
Who needs to comply with NIS2?
The first step towards NIS2 compliance is to thoroughly understand the scope of the directive and its applicability to your organization. It is critical to assess whether your organization falls within the scope and to identify the relevant requirements.
For non-compliance with NIS regulations, companies providing essential services such as energy, healthcare, transport, or water may be fined up to £17 million in the UK and €10 million or 2% of worldwide turnover in the EU.
NIS2 will apply to any organisation with more than 50 employees whose annual turnover exceeds €10 million, and any organisation previously included in the original NIS Directive.
The updated directive now also includes the following industries:
Electronic communications
Digital services
Space
Waste management
Food
Critical product manufacturing (i.e. medicine)
Postal services
Public administration
Industries included in the original directive will remain within the remit of the updated NIS2 directive. Some smaller organizations that are critical to the functioning of a member state will also be covered by NIS2.
[boxlink link="https://www.catonetworks.com/resources/protect-your-sensitive-data-and-ensure-regulatory-compliance-with-catos-dlp/?cpiper=true"] Protect Your Sensitive Data and Ensure Regulatory Compliance with Cato’s DLP | Download the Whitepaper [/boxlink]
Achieving Compliance
NIS2 introduces more stringent security requirements. It requires organizations to implement both organizational and technical measures to safeguard their networks and information systems. This includes measures such as risk management, incident detection and response, regular security assessments, and encryption of sensitive data.
By adopting these measures, organisations can significantly enhance their overall security posture.
Let’s have a closer look at the key steps to achieve NIS2 compliance:
Perform a Risk Assessment
Conduct a detailed risk assessment to identify potential vulnerabilities and threats to your network and information systems. This assessment should cover both internal and external risks, such as malware attacks, unauthorized access, human errors, and natural disasters. Understanding the specific risks your organization faces will help you design effective security measures.
Establish a Security Governance Framework
Develop a robust security governance framework that outlines the roles, responsibilities, and processes necessary to achieve and maintain NIS2 compliance. Assign clear accountability for cybersecurity at all levels of your organization and establish protocols for risk management, incident response, and communication.
Implement Security Measures
Implement appropriate technical and organizational security measures to protect your network and information systems. Ensure that they are regularly reviewed, updated, and tested to address evolving threats. Example measures include access controls using multi-factor authentication, encryption using services like PKI certificates to secure networks and systems, regular vulnerability assessments, intrusion detection and prevention systems, and secure software development practices..
Supply chain security
Assess suppliers, service providers, and even data storage providers for vulnerabilities. NIS2 requires that companies thoroughly understand potential risks, establish close relationships with partners, and consistently update security measures to ensure the utmost protection.
Incident Response and Reporting
Establish a well-defined incident response plan to address and mitigate cybersecurity incidents promptly. This plan should include procedures for identifying, reporting, and responding to security breaches or disruptions. Designate responsible personnel and establish communication channels to ensure swift and effective incident response.
NIS2 compliant organizations must report cybersecurity incidents to the competent national authorities. They must submit an “early warning” report within 24 hours of becoming aware of an incident, followed by an initial assessment within 72 hours, and a final report within one month.
Business Continuity
Implement secure backup and recovery procedures to ensure the availability of key services in the event of a system failure, disaster, data breaches or other cyber-attacks. Backup and recovery measures include regular backups, testing backup procedures, and ensuring the availability of backup copies.
Collaboration and Information Sharing
Establish a culture of proactive information exchange related to cyber threats, incidents, vulnerabilities, and cybersecurity practices. NIS2 recognizes the significance of sharing insights into the tools, methods, tactics, and procedures employed by malicious actors, as well as preparation for a cybersecurity crisis through exercises and training.
Foster collaboration and information sharing with relevant authorities, sector-specific CSIRTs (Computer Security Incident Response Team), and other organisations in the same industry. NIS2 encourages structured information-sharing arrangements to promote trust and cooperation among stakeholders in the cyber landscape. The aim is to enhance the collective resilience of organizations and countries against the evolving cyber threat landscape.
Compliance Documentation and Auditing
Maintain comprehensive documentation of your NIS2 compliance efforts, including policies, procedures, risk assessments, incident reports, and evidence of security measures implemented. Regularly review and update these documents to reflect changes in your organization or the threat landscape. Consider engaging independent auditors to evaluate your compliance status and provide objective assessments.
Training and Awareness
Invest in continuous training and awareness programs to educate employees about the importance of cybersecurity and their role in maintaining NIS2 compliance. Regularly update employees on emerging threats, best practices, and incident response procedures. Foster a culture of security consciousness to minimize human-related risks.
The right network and security platform can help
Cato Networks offers a comprehensive solution and infrastructure that can greatly assist companies in achieving NIS2 compliance. By leveraging Cato's Secure Access Service Edge (SASE) platform, organizations can enhance the security and resilience of their network and information systems.
Cato's integrated approach combines SD-WAN, managed security services and global backbone services into a cloud-based service offering. Its products are designed to help IT staff manage network security for distributed workforces accessing resources across the wide area network (WAN), cloud and Internet. The Cato SASE Cloud platform supports more than 80 points of presence in over 150 countries.
The company's managed detection and response (MDR) platform combines machine learning and artificial intelligence (AI) models to process network traffic data and identify threats to its customers, in a timely manner.
Cato SASE cloud offers a range of security services like Intrusion Prevention Systems (IPS), Anti Malware (AM), Next Generation Firewalls (NGFW) and Secure Web Gateway, to provide robust protection against cyber threats,
It also provides cloud access security broker (CASB) and Data Loss Prevention (DLP) capabilities to protect sensitive assets and ensure compliancy with cloud applications. The Cato SASE cloud is a zero-trust identity driven platform ensuring access-control based on popular multifactor authentication, integration with popular Identity providers like Microsoft, Google, Okta, Onelogin and OneWelcome.
With Cato's centralized management and visibility, companies can efficiently monitor and control their network traffic as well as all the security events triggered. By partnering with Cato Networks, companies can leverage a comprehensive solution that streamlines their journey towards NIS2 compliance while bolstering their overall cybersecurity posture.
Cato Networks is ISO27001, SOC1-2-3 and GDPR compliant organization. For more information, please visit our Security, Compliance and Privacy page.
Conclusion
Achieving NIS2 compliance requires a comprehensive approach to cybersecurity, involving risk assessments, robust security measures, incident response planning, collaboration, and ongoing training. By prioritizing network and information security, companies can enhance the resilience of critical services and protect themselves and their customers from cyber threats.
To safeguard your organization's digital infrastructure, be proactive, adapt to evolving risks, and ensure compliance with the NIS2 directive.
High availability may be top of mind for your organization, and if not, it really should be. The cost range of an unplanned outage ranges...
SASE Instant High Availability and Why You Should Care High availability may be top of mind for your organization, and if not, it really should be. The cost range of an unplanned outage ranges from $140,000 to $540,000 per hour. Obviously, this varies greatly between organizations based on a variety of factors specific to your business and environment. You can read more on how to calculate the cost of an outage to your business here: Gartner.
The adoption of the cloud makes high availability more critical than ever, as users and systems now require reliable, secure connectivity to function. With SASE and SSE solutions, vendors often focus on the availability SLA of the service, but modern access requires a broader application of HA across the entire solution. Starting with the location, simple, low-cost, zero-touch devices should be able to easily form HA pairs. Connectivity should then utilize the best path across multiple ISPs, connecting to the best point of presence (with a suitable backup PoP nearby as well) and finally across a middle-mile architected for HA and performance (a global private backbone if you will).
How SASE Provides HA
If this makes sense to you and you don’t currently have HA in all the locations and capabilities that are critical to your business, it is important to understand why this may be. Historically, HA was high effort and high cost as appliances-based solutions required nearly 2x investment to create HA pairs. Beyond just the appliances, building redundant data centers and connectivity was also out of reach for many organizations. Additionally, customers were typically responsible for architecting, deploying, and maintaining the HA deployment (or hiring a consultant), greatly improving the overall complexity of the environment.
[boxlink link="https://www.catonetworks.com/resources/cato-named-a-challenger-in-the-gartner-magic-quadrant-for-single-vendor-sase/?cpiper=true"] Cato named a Challenger in the Gartner® Magic Quadrant™ for Single-vendor SASE | Download the Report [/boxlink]
Let’s say that you do have the time and budget to build your own HA solution globally, is the time and effort worth it to you? How long will it take to implement? I understand you’ve worked hard to become an expert on specific vendor technologies, and it never hurts to know your way around a command line, but implementation and configuration are only the start. Complex HA configurations are difficult to manage on an ongoing basis, requiring specialized knowledge and skills, while not always working as expected when a failure occurs.
To protect your business, HA is essential, and SASE and SSE architectures should provide it on multiple levels natively as part of the solution. We should leave complicated command-line-based configurations and tunnels with ECMP load balancing in the past where they belong, replacing them with the simple, instant high-availability of a SASE solution you know your organization can rely on. Want to see the experience for yourself? Try this interactive demo on creating HA pairs with Cato Sockets here, I warn you, it’s so easy it may just be the world’s most boring demo.
The corporate WAN connects an organization’s distributed branch locations, data center, cloud-based infrastructure, and remote workers. The WAN needs to offer high-performance and reliable network...
Traditional WAN vs. SD-WAN: Everything You Need to Know The corporate WAN connects an organization’s distributed branch locations, data center, cloud-based infrastructure, and remote workers. The WAN needs to offer high-performance and reliable network connectivity to ensure all users and applications can communicate effectively.
As the WAN expands to include SaaS applications and cloud data centers, managing this environment becomes more challenging. Companies reliant on a traditional WAN architecture will seek out alternative means of connectivity like SD-WAN.
Below, we compare the traditional WAN to SD-WAN, and explore which of the two is better suited for the modern organization.
Traditional WAN Overview
WANs were designed to connect distributed corporate locations, traditionally, with WAN routers at each location. These WAN routers defined the network boundaries and routed traffic to the appropriate destination.
Key Features
Some of the key features that define a traditional WAN include the following:
Hardware Focus: Traditional WANs are built using hardware products such as routers to connect distributed locations..
Manual Configuration: Heavy manual configurations is characteristic of traditional WANs. While this provided a high level of control over policy configurations, it also introduces significant complexity, overhead, and potential misconfigurations.
Benefits of Traditional WAN
Traditional WANs have a long history. There are several beneficial reasons for this, including the following:
Security: Dedicated leased lines ensured strong security and privacy since no two enterprises shared the same network connection.
Reliability: These dedicated links provide much higher reliability than network routing over the public Internet.
Control: Traditional WANs gave organizations complete control of their network and allowed them to define routing policies to prioritize traffic types and flows.
Limitations of Traditional WAN
While a traditional WAN can effectively connect distributed corporate locations, it is far from perfect, especially for the modern enterprise. Some of its limitations includes:
Cost: MPLS connections are expensive and have hard caps on available bandwidth.
Agility: Modifications and upgrades require extensive manual intervention, limiting their ability to adapt to changing business requirements.
Scalability: Reliance on hardware also makes them difficult to scale. If an organization’s bandwidth needs exceed the current hardware capacity, new or additional hardware is required, and this can be a slow and expensive process.
Complexity: Traditional WANs are defined by complex architectures. Managing these is difficult and can require specialized skills that are difficult and expensive to retain in-house.
Cloud Support: Cloud traffic is often backhauled through the coroporate data center, resulting in greater latency and degraded performance. This is a serious problem as more organizations migrate to Cloud.
[boxlink link="https://www.catonetworks.com/resources/sase-vs-sd-wan-whats-beyond-security/"] SASE vs SD-WAN - What’s Beyond Security | Download the eBook [/boxlink]
SD-WAN Overview
SD-WAN is best defined by: 1) Routing traffic at the software level, and 2) SD-WAN appliances’ ability to aggregate multiple network connections for improved performance and resiliency.
Key Features
Some of the key features of SD-WAN includes the following:
Software Overlay: SD-WAN creates a software overlay, with all routing decisions made at the software level. This allows the use of public internet for transport, which reduces networking costs.
Simplified Management: Most SD-WAN solutions offer centralized management for deploying and monitoring for all functions, including networking, traffic management, and security components and policies.
Increased Bandwidth: Organizations can increase available bandwidth with widely available broadband offerings and ensure optimal network and application performance.
Benefits of SD-WAN
Many organizations have made the switch from traditional WANs to SD-WAN. Some of the benefits of SD-WAN include the following:
Cost Savings: One of the main distinguishers and advantages of SD-WAN is that it does not require dedicated connections and used available broadband. This generates significant cost savings when compared to traditional WANs.
Flexibility: With SD-WAN, the network topology and architecture are defined in software, resulting in greater flexibility in configuration, changes and overall management.
Scalability: Because SD-WAN is a virtual overlay, scaling required bandwidth when business changes dictate it can be made quickly and easily.
Software-Based Management: Operating at the software level, many management tasks are made easier through automation. This reduces the cost and complexity of network management.
Cloud Support: SD-WAN provides direct connectivity to cloud data centers, eliminating backhauling and reducing latency. This is essential for the performance of corporate apps migrated to cloud and for SaaS applications.
Limitations of SD-WAN
SD-WAN has become a popular WAN solution, but it still has limitations, including the following:
Reliability and Performance: Reliance on public Internet to carry traffic can result in unpredictable reliability and performance since the performance of SD-WAN depends on that of the unreliable public Internet.
Security: SD-WAN typically has basic security, so defense against advanced threats does not exist. This requires the organization to purchase and install next-gen firewall appliances, which increases the hardware complexity in their environment.
Traditional WAN vs. SD-WAN: The Verdict
Both options serve similar purposes. They connect distributed locations and carry multiple traffic types. Additionally, both solutions implements QoS and traffic prioritization policies to optimize the performance and security of the network.
That said, legacy WANs don’t offer the same benefits as SD-WAN. A properly designed and implemented SD-WAN can offer the same reliability and performance guarantees as a traditional WAN while reducing the cost and overhead associated with managing it. Also, SD-WAN offers greater flexibility and scalability than traditional WANs, enabling it to adapt more quickly and cost-effectively to an organization’s evolving needs.
Traditional WANs served their purpose well, but in today’s more dynamic networking environment of cloud and remote work, they are no longer a suitable option. Today, modern businesses implement SD-WAN to meet their more dynamic and ever-evolving business needs.
Migrating to SD-WAN with Cato Networks
The main challenge with most SD-WAN solutions is that their reliability and performance are defined by the available routes over public Internet. Cato Networks offers SD-WAN as a Service built on top of a global private backbone. This offers reliability comparable to dedicated MPLS while enhancing performance with SD-WAN’s optimized routing. Additionally, Cato SASE Cloud converges SD-WAN and Cato SSE 360 to provide holistic security as well as high performance.
Learn more about how SD-WAN is evolving into SASE and how your organization can benefit from network and security convergence with Cato.
Customer experience isn’t just an important aspect of the SASE market, it is its essence. SASE isn’t about groundbreaking features. It is about a new...
The Magic Quadrant for Single Vendor SASE and the Cato SASE Experience Customer experience isn’t just an important aspect of the SASE market, it is its essence. SASE isn’t about groundbreaking features. It is about a new way to deliver and consume established networking and security features and to solve, once and for all, the complexity and risks that has been plaguing IT for so long.
This is an uncharted territory for customers, channels, and analyst firms. The “features” benchmark is clear: whoever has the most features created over the past two decades in CASB, SWG, NGFW, SD-WAN, and ZTNA – is the “best.” But with SASE, more features aren’t necessarily better if they can’t be deployed, managed, scaled, optimized, or used globally in a seamless way. Rather, it is the “architecture” that creates the customer experience that is the essence of SASE: having the “features” delivered anywhere, at scale, with full resiliency and optimal security posture, to any location, user, or application. This calls for a global cloud-native service architecture that is converged, secure, self-maintaining, self-healing, and self-optimizing.
The SASE architecture, built from the ground up and not through duct taping products from different generations and acquisitions, is the basis for the superior SASE experience. It is seamlessly managed by a single console (really, just one) to make management and configuration consistent, easy, and intuitive. Users create a rich unified policy using the full access context to drive prevention and detection decisions. A single data lake is fed with all events, decisions, and contexts across all domains for streamlined end-to-end visibility and analysis.
It is important to understand this ‘’features’’ vs. ‘’architectures’ dichotomy. Imagine you would rank any Android phone vs. an iPhone on any reasonable list of attributes. The Android phones had, for years, better hardware, more features, more flexibility, lower cost, and bigger market share. And yet they failed to stop Apple since the launch of the iPhone, for that illusive quality called the “Apple experience.”
[boxlink link="https://www.catonetworks.com/resources/cato-named-a-challenger-in-the-gartner-magic-quadrant-for-single-vendor-sase/"] Cato named a Challenger in Gartner’s Magic Quadrant for Single Vendor-SASE | Get the Report [/boxlink]
Carlsberg called Cato “The Apple of Networking.” Customers understand and value the “Cato SASE Experience” even when our SD-WAN device or converged CASB engine are missing a feature. They know they can get it, if needed, through our high-velocity roadmap that is made possible by our architecture.
What is very hard to do, is to build and mature a SASE architecture that is foundational to any SASE feature. To achieve that, Cato had built the largest SASE cloud in the world with over 80 PoPs. We optimized the service to set a record for SASE throughput from a single location at 5 Gbps with full encryption/decryption and security inspection. We had deployed massive global enterprises with the most demanding real-time and mission-critical workloads with sustained optimal performance and security posture.
And the “features”? We roll them out at a pace of 3,000 enhancements per year, on a bi-weekly schedule, without compromising availability, security, or the customer experience. Cato is expanding its SASE platform outside the core network security market boundaries and into adjacent categories such as endpoint protection, extended detection and response, and IoT that can benefit from the same streamlined architecture.
Cato delivers the true SASE experience. That powerful simplicity customers have been longing for.
Try us.
Cato. We are SASE.
*Gartner, Magic Quadrant for Single-Vendor SASE, Andrew Lerner, Jonathan Forest,16 August 2023
GARTNER is a registered trademark and service mark of Gartner and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
The enterprise networking and security market has seen no end to terms and acronyms. SASE, of course, is chief among them, but let us not...
The New Network Dictionary: AvidThink Explains SASE, SD-WAN, SSE, ZTNA, MCN, and NaaS The enterprise networking and security market has seen no end to terms and acronyms. SASE, of course, is chief among them, but let us not forget SD-WAN, SSE, ZTNA, and Multi-Cloud Networking (MCN). Then we get into specific capabilities like CASB, DLP, SWG, RBI, FWaaS, and micro-segmentation. This alphabet soup of jargon can confuse even the most diligent and capable CISOs and CIOs, especially when vendors continually redefine and reclassify each category to fit their needs.
AvidThink, an independent research and analysis firm, set out to fix that problem. The firm produced the “Enterprise Edge and Cloud Network” report that defines and contextualizes these concepts and terms. AvidThink founder and report author, Roy Chua, lays out the universal network fabric (UNF) -- the grand theoretical architectural model for how enterprises can seamlessly integrate disparate enterprise networking resources while providing a consistent and secure connectivity experience across all endpoints.
He correctly understands that no longer can networking and security stand apart:
“Traditional security measures are proving inadequate in the face of sophisticated threats, forcing organizations to seek security-centric network solutions. Integrating advanced security features directly into network architectures is now a critical requirement. Strong CISO interest in SASE, SSE, and ZTNA is evidence of this sentiment.”
And he correctly identifies that to address this need SD-WAN vendor are trying to remake themselves into SASE vendor:
“...all leading SD-WAN vendors are upgrading to becoming SASE solutions” or partnering with SSE vendors to deliver SASE as a response “...to customer demands for protection from an increasing number of cyberattacks, and to further simplify the messy collection of point products across customer remote and campus sites.”
AvidThink Sees Cato as the SASE Pioneer
But while numerous vendor market themselves as SASE vendors, Cato stands out: “...To be fair to Cato Networks, they were already espousing elements of the SASE architecture years before the SASE umbrella term was coined.”
With that four-year head start (SASE was defined in 2019), Cato’s been able to do SASE right. We didn’t cobble together products and slap on marketing labels to capitalize on a new market opportunity. We build a fully converged, cloud-native, single-pass SASE architecture that today spans 80+ Cato -owned and -operated PoP locations servicing 140+ countries and interconnected by our global private backbone.
[boxlink link="https://www.catonetworks.com/resources/enterprise-strategy-group-report-sse-leads-the-way-to-sase/"] Enterprise Strategy Group Report: SSE Leads the Way to SASE | Get the Report [/boxlink]
It’s this fully single–vendor, converged approach that’s so critical. As Chua reports hearing from one of our customers, “We believe in Cato’s single-vendor clean-slate architecture because it brings increased efficiency and we’re not bouncing between multiple vendors.”
SASE Is About Convergence Not Features
Cato did help sponsor the report, but it doesn’t mean we agree entirely with the author. If there's a weakness in the report, and every report has to stop somewhere, it’s in this area – the centrality of convergence to SASE. As we’ve mentioned many times in this blog, the individual components of SASE -- SD-WAN, NGFW, SWG, ZTNA, and more – have been around for ages. What hasn’t been around is the convergence of these capabilities into a global cloud-native platform.
Converging SASE capabilities enables better insight where networking information can be used to improve security analytics. Convergence also improves usability as enterprises finally gain a true single-pane-of-glass for a management console where objects are created once, and policies are unified, not the kind of “converged” console where when you dig a level deeper you find a new management console needs to be launched with all its own objects and policies.
And its convergence into a single-pass, cloud-native platform, which means optimum performance everywhere and deploying more infrastructure nowhere. All security processing can now be done in parallel at line rate. There are no sudden upgrades to branch or datacenters appliances when traffic levels surge or more capabilities are enabled. And since all the heavy “lifting” runs in the clouds, little or no additional infrastructure is needed to connect users, sites, or cloud resources.
It’s this convergence that’s allowed Cato customers to instantly respond to new requirements, like Juki ramping up its 2742 mobile users or Geosyntec adding 1200+ remote users worldwide in about 30 minutes both in response to COVID. It’s convergence that allows one person to efficiently manage the security and networking needs of companies on the scale of a Fortune 500 company. Convergence IS the story of SASE.
To read the report, download it from here.
Today, Forrester released The Forrester Wave™: Zero Trust Edge Solutions, Q3 2023 Report. Zero Trust Edge (ZTE) is Forrester’s name for SASE. We were delighted...
Cato named a Leader in Forrester’s 2023 Wave for Zero Trust Edge Today, Forrester released The Forrester Wave™: Zero Trust Edge Solutions, Q3 2023 Report. Zero Trust Edge (ZTE) is Forrester’s name for SASE. We were delighted to be described as the “poster child” of ZTE and SASE and be named a “Leader” in the report.
To date, thousands of enterprises with tens of thousands of locations, and millions of users, run on Cato. The maturity, scale, and global footprint of Cato’s SASE platform enables us to serve the most demanding and mission-critical workloads in industries such as manufacturing, engineering, retail, and financial services. Cato’s record-setting multi-gig SASE processing capacity extends the full set of our capabilities to cloud and physical datacenters, campuses, branch locations, and down to a single user or IoT device.
Cato isn’t just the creator of the SASE category. It is the only pure-play SASE provider that built, from the ground up, the full set of networking and security capabilities delivered as a single, global, cloud service. We created the Cato SASE Cloud eight years ago with the aim to level the complex IT infrastructure playing field. Cato focuses on simplifying, streamlining, and hardening networking and security infrastructure to enable organizations of all sizes to secure and optimize their business regardless of the resources and skills at their disposal. This is, at its core, the promise of SASE.
Cato has SASE DNA. As Forrester notes, we deliver networking and security as a unified service. The SASE features, however, and the order we deliver them are driven by customer demand and the identification of new opportunities to bring the SASE value to new areas of the IT infrastructure.
[boxlink link="https://www.catonetworks.com/resources/the-forrester-wave-zero-trust-edge-solutions/"] Forrester Reveals 2023 ZTE (SASE) Providers | Get the Report [/boxlink]
This “architecture vs. features” trade off makes assessing SASE providers very tricky. The SASE architecture is a radical departure from the legacy architecture of appliances and point solutions and into converged cloud delivered services. SASE incorporates into this new architecture mostly commoditized, and well-defined features. In this new market, it is the architecture that sets SASE providers apart as long as they deliver the features a customer actually needs. Simply put, it is the SASE architecture that drastically improves the IT operating model and enables the promised business outcomes.
When we work with customers to evaluate SASE, our focus is always on the IT team and the end-user experience. What they observe is the speed at which we deploy our service through zero touch and self-service light edges, the seamless and intuitive nature of our user interface that exposes an elegant underlying design, the global reach of our cloud service, and total lack of need for difficult integrations.
Cato is the simplicity customers always hoped for because we aren’t a legacy provider that had to play catch up to SASE. All the other co-leaders are appliance companies that were forced to build a cloud service to participate in SASE. They market SASE but deliver physical or virtual appliances placed in someone else’s cloud.
We are committed to helping customers use SASE to achieve security and networking prowess previously available only to the largest organizations. Cato’s SASE will change the way your IT team supports the business, drives the business, and is perceived by the business.
Start your journey today, with the true SASE leader.
Cato. We are SASE.
Today, we announced that Carlsberg, the world-famous brewer, has selected Cato SASE Cloud for its global deployment. It’s a massive SASE deployment spanning 200+ locations...
Carlsberg Selects Cato, the “Apple of Networking,” for Global SASE Deployment Today, we announced that Carlsberg, the world-famous brewer, has selected Cato SASE Cloud for its global deployment. It’s a massive SASE deployment spanning 200+ locations and 25,000 remote users worldwide, replacing a combination of MPLS services, VPN services, SD-WAN devices, remote access VPNs, and security appliances.
The mix of technologies meant that Carlsberg faced the operational problems associated with building and maintaining different service packages. “Some users would receive higher availability and others better capabilities, but we couldn't bring it all together to create an à la carte set of services that could apply to any office anywhere and facilitate our global IT development," says Laurent Gaertner, Global Director of Networks at the Carlsberg Group.
With Cato, Carlsberg expects to do just that -- deliver a standard set of network and security services everywhere. Carlsberg will be replacing MPLS, VPN, and SD-WAN services with Cato SASE Cloud and Cato’s global private backbone. Remote VPN services will be replaced with Cato ZTNA. And the mix of security appliances will be replaced with the security capabilities built into Cato SASE Cloud.
All of this is possible because every Cato capability is available everywhere in the world. While our competitors talk about certain PoPs holding some capabilities but not others, Cato delivers the full scope of Cato SASE Cloud capabilities from all 80+ PoP locations worldwide, servicing 150+ countries. Chances are that wherever your users are located, Cato SASE Cloud can connect and secure them.
The Apple of Networking Makes Deployment Easy
Normally, the complexity of such a project would be daunting. Large budgets and many months would be spent assessing, deploying, and then integrating various point products and solutions.
Not so with Cato.
With Cato SASE Cloud, there’s one product to select, deploy, and manage – the Cato SASE Cloud. “Owning all of the hardware makes Cato so much simpler to deploy and use than competing solutions," says Tal Arad, Vice President of Global Security & Technology at Carlsberg. "We started referring to them as the Apple of networking.” With rapid deployment possible, Cato helps Carlsberg get value out SASE faster.
Nor is Carlsberg alone in that view. In February 2023, Häfele, a German family enterprise based in Nagold, Germany, suffered a severe ransomware attack forcing the company to shut down its computer systems and disconnect them from the internet. At the time, Häfele was in an RFP process to select a SASE vendor with Cato being one of the candidates.
[boxlink link="https://www.catonetworks.com/resources/cato-sase-cloud-identified-as-a-leader-download-the-report/"] Cato SASE Identified as a “Leader” in GigaOm Radar report | Get the Report [/boxlink]
Instead of paying the ransom, the Häfele team turned to Cato. Over the next four weeks, Häfele worked with Cato and restored its IT systems, installing Cato Sockets at 180+ sites across 50+ widely dispersed countries such as Argentina, Finland, Myanmar (Burma), and South Africa. “The deployment speed with Cato SASE Cloud was a game changer,” said Daniel Feinler, CISO, Häfele. “It was so fast that a competing SASE vendor didn’t believe us. Cato made it possible.”
The strategic benefits of being able to rapidly deliver a consistent set of services worldwide can’t be overemphasized. IT leaders have long realized the value of a single service catalog to offer the departments and business units they service. In theory, this would streamline service delivery and simplify management. Solutions could be fully tested and approved and then rolled out across the enterprise as necessary. Operational costs would be reduced by standardization.
Practically, though, worldwide service catalogs are frustrated by regional differences. MPLS services aren’t available everywhere so they can’t be applied to all offices. Even where MPLS services are available, their high costs may be difficult to justify for smaller offices and certainly for today’s home offices. Delivering security appliances also isn’t always possible, particularly when we’re speaking about securing remote users not sites. The end result? What IT thought was to be a standardized set of services and capabilities accumulates so many differences that the exception becomes the new standard.
With Cato’s ubiquity and ability to connect any edge, anywhere enables true service standardization. No matter the type of site or location of remote user, a standard set of security and networking services can be provided. With one set of proven services, IT can immediately reduce its operational overhead from having to kludge together custom solutions for every region – and worse – every site.
To learn more about the Carlsberg deployment, read the press release here.
With the transition to the cloud and remote work, some organizations are undervaluing network security. However, network vulnerabilities and threats still require attention. Enterprises should...
How to Enhance Your Network Security Strategy With the transition to the cloud and remote work, some organizations are undervaluing network security. However, network vulnerabilities and threats still require attention. Enterprises should not forgo the core capabilities required to secure the network from security threats.
In this blog post, we delve into SASE, a converged, cloud-delivered network and security solution, which protects the network while ensuring high performing connectivity. We explain which considerations to take into account, pitfalls to avoid and how to get started.
This blog post is based on the insightful conversation that Eyal Webber-Zvik, VP of Product Marketing at Cato Networks participated in at Infosecurity Europe, which was hosted by Melinda Marks, Senior Analyst at ESG. You can watch the entire conversation, recorded live right from the show floor, here.
What is SASE
Gartner defined SASE in 2019 as a transformational approach that converges network and security in the cloud and replaces legacy solutions. This includes the network, firewalls, routers, SD-WAN appliance, SWG, CASB, and more. The promise of SASE is ingrained in the cloudification of all on-premises point products into one unified solution. Rather than integrating point solutions, SASE is a single software stack designed from the ground up to answer all network and security needs as a cloud service.
[boxlink link="https://catonetworks.easywebinar.live/registration-enhancing-your-enterprise-network-security-strategy"] Enhancing Your Enterprise Network Security Strategy | Watch the Webinar [/boxlink]
Supporting Business Growth
SASE is a fit for modern businesses because it enables connectivity and security in hours, not days. Legacy technologies cannot move as fast, leaving business in the lurch. Whether it’s opening up a new branch, popup store, or construction site, connecting multiple point network and security products to support these moves is very complex and increases the security risk.
Overcoming the Skills Shortage Gap
One of the main organizational challenges enterprises are dealing with is a skills shortage. Losing talented people is a huge business risk, leaving the business exposed. There are a number of SASE vendors that can minimize this risk by providing services as an extension of the IT team. They take away a lot of the work, like maintenance, supervision, inspection, hunting, threat analysis, and more.
This SASE support enables IT teams to focus on business outcomes and strategic requirements, rather than maintenance and keeping the lights on. Consequently, burnout is reduced and so is the risk of talented personnel leaving the organization.
SASE and Managed Services
SASE also supports MSSPs by enabling them to respond faster to business requirements. By normalizing and aggregating all data into a single location, it becomes more accessible. This enables making better and faster decisions, building better practices and providing a better service.
How to Start with SASE
There are two approaches for starting with SASE: rip and replace, i.e going full-blown SASE all at once, or gradually adding more SASE capabilities based on prioritizing needs. The second approach is often easier for organizations, and SASE’s cloud-based nature allows for it.
When planning SASE, it’s important to identify silos or blockers between network and security teams and find ways to overcome them. No team wants to be the inhibitor of business growth. SASE enables these teams to be the IT champions, bringing immense value in terms of performance, ease of use, better security, and more.
What to Expect After Deploying SASE
SASE is transformational. Deploying SASE provides a “before and after” type of experience. Here are some of the real “after” effects SASE users have reported:
The IT team gains better work-life balance back. No more patching, updating and maintaining over the weekend.
The IT team is able to focus on strategic business objectives instead of keeping the lights on.
SASE provides meaning to the team’s day-to-day work and helps avoid burnout.
Pitfalls to Avoid When Choosing a SASE Vendor
When choosing a SASE vendor, it’s important to conduct proper due diligence on the solution that you are evaluating. Run a POC to ensure it ticks all the boxes and fits your use cases. This includes relevant features, visibility, ease of use, and more. Filter through the marketing noise and educate yourself on the vendor’s capabilities and offerings to ensure your vendor sees eye-to-eye with you and can support all your current and future network and security needs.
The Future of Network and Security
As the needs of enterprises are changing, they are looking for new approaches that support their ever-evolving digital business. SASE has emerged as a solution that addresses these requirements, and enterprises are realizing they can rely on the delivery of network and security in the cloud and do not need to be tied to legacy on-prem boxes.
At the same time, customers are educating themselves to ensures they choose the right solution and vendor for all their current and future needs.
In the ever-evolving world of cybersecurity, enterprises are constantly seeking the most effective solutions to secure their networks and data. GigaOm’s Radar Report for Secure...
Cato SASE Cloud: A Two-Time Leader and Outperformer in GigaOm’s Radar Report for Secure Service Access In the ever-evolving world of cybersecurity, enterprises are constantly seeking the most effective solutions to secure their networks and data. GigaOm’s Radar Report for Secure Service Access, GigaOm’s term for SASE, provides a comprehensive look at the industry, and for the second consecutive year, names Cato Networks a “Leader” and “Outperformer.” The recognition points to Cato’s continuous commitment to innovation and improvement.
Cato’s Continued Success and Improvements
GigaOm Radar report is a forward look at the technology of a product looking. Vendor offerings are plotted on multiple axes based on strategy (Feature Play vs. Platform Play) and execution (Maturity vs. Innovation). The ideal solution would be in the middle of the radar.
This year, Cato’s ranking in GigaOm’s Radar came closest to that ideal position among 22 other companies. This placement stemmed from improvements in many areas. We improved our ranking in three deployment models from a year ago: multicloud, edge cloud, and hybrid cloud.
In emerging technologies, Cato upgraded our ranking in the edge and open platforms and vendor support. We elevated our ranking for digital experience monitoring and management in the key criteria category. We also improved our security capabilities rating for detection and response from a year ago.
Finally, we also expanded our global PoP presence, strengthening our ability to deliver our security stack and optimized, low-latency network performance to users across the world. This expansion ensures that enterprises can enjoy a seamless and secure network experience regardless of their users’ locations.
[boxlink link="https://go.catonetworks.com/gigaom-radar-for-secure-service-access-ssa-Ebook.html"] Cato SASE Identified as a “Leader” in GigaOm Radar report | Download the Report [/boxlink]
GigaOm Sees Cato as an “Exceptional” “Leader”
The GigaOm Radar report found Cato SASE Cloud to be one of the few SSA platforms capable of addressing the networking and security needs of the complete market -- large enterprises, MSPs, NSPs, and SMBs.
Cato SASE Cloud was also the only “Leader” ranked "Exceptional" across all evaluation metrics. These are measurements that provide insight into the impact of each product’s features and capabilities on the organization, reflecting fundamental aspects including client support, ecosystem support, and total cost of ownership. More specifically, Cato SASE Cloud was ranked “Exceptional” in its:
Flexibility
Interoperability
Performance
Redundancy
Visibility, Monitoring, and Auditing
Vendor Support
Pricing and TCO
Vision and Roadmap
GigaOm also cited Cato for a near-perfect score in nine core networking and network-based security capabilities comprising SSA solutions: CASB, DNS Security, SWG, SD-WAN, ZTNA, NDR, XDR, FWaaS, and SSAaaS. As the report put it,
“Developed in-house from the ground up, Cato SASE cloud connects all enterprise network resources—including branch locations, cloud, physical data centers, and the hybrid workforce—within a secure, cloud-native service. Delivering low latency and predictable performance via a global private backbone, Cato SASE cloud optimizes on-premises and cloud connectivity, enabling secure remote access via client and clientless options. In addition, Cato SASE cloud's single-pass, cloud-native security engine enforces granular corporate access policies across all on-premises and cloud-based applications, protecting users again security breaches and threats."
For detailed summaries and in-depth analysis of the SSA/SASE market players, download and read the GigaOm SSA report from here.
If your enterprise SD-WAN contract is due for renewal but your existing SD-WAN solution doesn’t align with your functional or business objectives, you have other...
Don’t Renew Your SD-WAN Contract Before Reading This Article If your enterprise SD-WAN contract is due for renewal but your existing SD-WAN solution doesn't align with your functional or business objectives, you have other options. In this blog post, we review four potential paths to replace or enhance your SD-WAN infrastructure. Then, we list which considerations you should take when deciding on your next steps.
This blog post is based on a webinar held with Roy Chua, principal analyst at AvidThink and a 20-year veteran of the cybersecurity and networking industry, which you can watch here.
What is Triggering SD-WAN Evaluation?
For many enterprises, the decision to re-examine their SD-WAN network and ultimately migrate to a different solution is triggered by their evolving business and technical needs. While SD-WAN still serves the enterprise, there are additional use cases it does not answer:
Global connectivity
Improving cloud connectivity
Scaling remote access
Zero Trust Network Access
Architecture simplification
Mobile networking
Connecting Supply-chain partners
TAdvanced security
Supporting M&A
Take Into Account The Growing Importance of the Cloud
When choosing your path forward, it’s important to remember there have been changes since your last SD-WAN deployment. In recent years, Cloud has risen in importance and become a cornerstone of the organizational networking and security strategy.
Many organizations have adopted cloud as their deployment of choice, moving their enterprise applications to cloud and utilizing cloud storage. This is due to the operational benefits of moving to the cloud, namely offloading the maintenance of the security and networking stacks to vendors who provide it as a service.
Moving to cloud also leverages economies of scale: a single vendor can amortize the cost of R&D over many clients.
4 Technology Paths Forward
Now that we’ve mapped out what brought us here and the considerations we need to take, let’s discuss the four main possible transformation paths forward.
1. Replace your SD-WAN vendor
2. Keep your existing SD-WAN and add on SSE
3. Switch your SD-WAN vendor and add on SSE
4. Switch to SASE (including SD-WAN)
[boxlink link="https://catonetworks.easywebinar.live/registration-dont-renew-your-sd-wan-contract-before-watching-this"] Don’t Renew Your SD-WAN Contract Before Watching This Webinar | Watch the Webinar [/boxlink]
Path #1: Replace Your SD-WAN Vendor
If you want to enhance your existing SD-WAN with more features, transition from self-management to an MSP, or adopt a new managed services model, it may be beneficial to find a new SD-WAN vendor. Look for a solution that offers a network of private global PoPs to ensure scalable and reliable global connectivity. A global private backbone with controlled, optimized routing can provide high availability, self-healing capabilities, and automated failover routing without the need for infrastructure or capacity planning.
Upgrading your SD-WAN network is also a good idea when there is no need to address security. This may be when your existing security stack answers all your needs or when security decisions in your company are made by other stakeholders. Just make sure to be conscious of potential security gaps. In addition, when choosing a new vendor, make sure you're not simply trading one pain point for another.
Path #2: Keep Your Existing SD-WAN and Add on SSE
If you’re satisfied with your SD-WAN vendor or you don’t have the budget to upgrade, and you also need to improve security posture and simplify your security architecture, the right solution for you may be to add an SSE (Security Service Edge) solution. SSE complements SD-WAN by providing converged, cloud-native security. SSE converges SWG, CASB, DLP, ZTNA, FWaaS, and IPS. SSE is also easier to manage than point security solutions and enables greater operational savings.
Make sure you have a plan in place for managing two distinct vendors. Also make sure the two integrate well to ensure security is delivered continuously and consistently throughout your entire network.
Path #3: Replace Your SD-WAN Vendor and Add SSE
If you have already signed with a new SD-WAN vendor or have specific requirements only a certain SD-WAN vendor can provide, you can still add SSE features the SD-WAN vendor doesn’t have. This will help you deliver security capabilities and protect against cyber attacks across your organization.
However, be aware you’ve taken on a challenging task: onboarding a new SD-WAN vendor and an SSE vendor at the same time. This creates significant overhead and operational difficulties.
Path #4: Switch to SASE in One Go
The fourth option you have is to transition directly to SASE (Secure Access Services Edge). SASE provides a converged networking and security platform in a cloud-native architecture with a unified networking-security policy. This is the ideal path when your organization can make a joint networking and security decision. With SASE, organizations can benefit by eliminating the cost and complexity of managing fragmented legacy point solutions while providing secure, high performing connectivity to all users and for all resources.
Upgrading your network and security can be hard. So make sure you choose a SASE vendor that has a converged solution for both aspects, rather than loosely-integrated point solutions.
How to Decide On Your Next Steps
You have four possible paths ahead. How can you determine which one is right for you? Here is a framework to help you decide:
1. Understand your short and long-term needs - Know your short and mid-term networking and security requirements and understand your resource and budget limitations.
2. Eliminate weakest fits - Review the four options again. Eliminate the architectural solutions that aren’t a good fit. Determine which route is the best fit for you.
3. Talk to trusted partners - Leverage your professional network to obtain recommendations, reviews and new points of view for evaluating your choices. Then, re-evaluate the sub-set of vendors to ensure they fit your options and needs.
4. Make an informed decision - Decide when and how the next major infrastructure upgrade will take place.
Whichever solution you choose, make sure you take into account future needs, so you’re always ready for whatever is next.
Watch the entire webinar here.
If you’re starting your SASE evaluation journey, Gartner is here to assist. In a new helpful guide, they delineate how organizations can build their SASE...
Gartner: Where Do I Start With SASE Evaluations: SD-WAN, SSE, Single-Vendor SASE, or Managed SASE? If you’re starting your SASE evaluation journey, Gartner is here to assist. In a new helpful guide, they delineate how organizations can build their SASE strategy and shortlist vendors. In this blog post, we bring a short recap of their analysis. You can read the entire document here.
Quick Reminder: What is SASE?
Gartner defined SASE as the convergence of networking and network security into a single, global, cloud-native solution.
How to Start Evaluating SASE
Here are Gartner’s recommendations:
Step 1: Build a Long Term SASE Strategy
Your strategy should aim to consolidate point solutions and identify a single SASE vendor (combining networking and security) or two partnering vendors (one for networking, one for security). Solutions can be self-service or out-sourced as a managed service.
Step 2: Shortlist Vendors
Identify the use cases driving your transition to SASE. This will ensure you shortlist the right type of providers. Otherwise, you might find yourself with unused features and/or missing functionalities.
Drivers may include:
Modernizing the WAN edge - Including branch network modernization, implementing a cloud first strategy, network simplification, and more. In this case, it is recommended to start with SD-WAN and add SSE when the organization is ready.
Improving security - Including advanced security controls for employees, services and data protection. In this case, it is recommended to start with SSE and augment with SD-WAN when the organization is ready.
Reducing the operational overhead of managing network and security, including unified management and easy procurements. In this case, it is recommended to start with managed SASE or single-vendor SASE.
[boxlink link="https://www.catonetworks.com/resources/gartner-report-where-do-i-start-with-sase/"] Gartner® Report: Where Do I Start With SASE Evaluations: SD-WAN, SSE, Single-Vendor SASE, or Managed SASE? | Download the Report [/boxlink]
Step 3: Understand the 4 Markets
There are four potential markets with vendors that can help implement SASE.
SD-WAN - When the organization prioritizes replacing or upgrading network features. Security features can be added natively or via a partnership.
Single-vendor SASE - When the organization has a unified networking and security vision for transitioning to SASE, and prioritizes integration, procurement simplicity and unified management.
SSE - When the organization prioritizes best-of-breed security features. SSE can be integrated with an existing SD-WAN provider.
Managed SASE - When the organization has a strategic approach to outsourcing. The setup and configuration of SASE are outsourced to their MSP, MSSP, or ISP.
Step 4: Verify Vendor Claims
Ensure vendors can support SASE and do not have gaps in their offering.
Prioritize automation and orchestration. This will ensure long-term cyber resilience.
For Managed SASE, only choose a provider with single-vendor or dual-vendor SASE solutions.
Understand the SASE capabilities to make sure it fits your requirements.
If you are investing in solutions that are subsets of SASE functionality, like stand-alone ZTNA, SWG, or CASB, Gartner recommends limiting the investments and keeping them tactical, shorter-term and at lower costs.
Read the entire guide here.
SD-WAN has enabled new technology opportunities for businesses. But not all organizations have adopted SD-WAN in the same manner or are having the same SD-WAN...
Key Findings From “WAN Transformation with SD-WAN: Establishing a Mature Foundation for SASE Success” SD-WAN has enabled new technology opportunities for businesses. But not all organizations have adopted SD-WAN in the same manner or are having the same SD-WAN experience. As the market gravitates away from SD-WAN towards SASE, research and consulting firm EMA analyzed how businesses are managing this transition to SASE.
In this blog post, we present the key findings from their report, titled “WAN Transformation with SD-WAN: Establishing a Mature Foundation for SASE Success”. You can download the entire report from here.
Research Methodology
For this research, EMA surveyed 313 senior IT professionals from North America on their company’s SD-WAN strategy.
Most Enterprises Prefer SD-WAN as a Managed Service
66% of enterprises surveyed prefer procuring, implementing and consuming SD-WAN solutions as a managed service. Only 21% prefer a DIY approach, and the rest are still determining their preference.
EMA found that SD-WAN as a managed service provides organizations with network assurance, integration with other managed services, cost savings and the ability to avoid deployment complexity, among other benefits. The organizations that prefer the DIY approach, on the other hand, wish to maintain control to customize as they see fit. They also view the DIY approach as more cost-effective and as an opportunity to leverage the strengths of their internal engineering team.
Less Than Half of Enterprises Prefer a Single-Vendor SD-WAN
49% of enterprises surveyed used or planned to use only one SD-WAN vendor, nearly 44% preferred a multi-vendor approach, while the rest were undecided. According to the surveyed personnel, a multi-vendor approach was chosen due to functionality requirements, the nature and requirements of their sites, and the independent technology strategies of different business units, among other reasons.
Critical SD-WAN Features
Not all SD-WAN features were created equal. The most critical SD-WAN features are hybrid connectivity, i.e the ability to forward traffic over multiple network connections simultaneously (33.9%), integrated network security (30%), native network and application performance monitoring (28.8%), automated, secure site to-site connectivity (27.5%), application quality of service (24.3%), and centralized management and control, either cloud-based or on-premises (23.3%).
[boxlink link="https://www.catonetworks.com/resources/new-ema-report-wan-transformation-with-sd-wan-establishing-a-mature-foundation-for-sase-success/"] NEW EMA Report: Establishing a Mature Foundation for SASE Success | Download the Report [/boxlink]
SD-WAN Replaces MPLS
The internet has become a primary means of WAN connectivity for 63% of organizations. Almost all the other surveyed organizations actively embracing this trend. This shift impacts the use of MPLS, with the internet is being leveraged more often to boost overall bandwidth.
However, security remains a top concern, with 34.5% of surveyed enterprises viewing security as the biggest challenge for using the internet as their primary WAN connectivity. This is followed by the complexity of managing multiple ISP relationships (25.9%), and lack of effective monitoring/visibility (19.2%).
Operations and Observability
88.5% of surveyed enterprises are either satisfied or somewhat satisfied with their SD-WAN solutions’ native monitoring features. The main challenges revolve around granularity of data collection (32.3%), lack of data retention (30%), lack of relevant security information (28.4%), no drill downs (25.6%) and data formatting problems (25.6%). Perhaps this is why 72.5% of surveyed enterprises use, or plan to use, third-party monitoring tools.
WAN Application Performance Issues
Organizations are struggling with the performance on their WANs. The most common problems were:
Bandwidth limitations (38.7%)
Latency (38.3%)
Cloud outages (38.3%)
ISP congestion (32.9%)
Packet loss (25.9%)
Policy misconfiguration (25.6%)
Jitter (13.4%)
EMA found that cybersecurity teams were more likely to perceive bandwidth limits as a problem than network engineering teams. In addition, IT governance and network operations teams were more likely to mention cloud outages as a problem and the largest companies reported latency issues as their biggest problem.
Only 38% of Enterprises Believe They’ve Been Successful with SD-WAN
How do enterprises perceive their success with SD-WAN? Only 38% believe they’ve been successful and nearly 50% report being somewhat successful. Perhaps this could be the result of the SD-WAN business and technology challenges they are facing - a skills gap (40.9%), lack of defined processes and best practices (40.9%), vendor issues (36.7%), implementation complexity (26.2%) and integrating with the existing security architecture and policies (24%).
Integrating SD-WAN with SSE
There are a few paths an organization can take on their way to SASE. 54% of surveyed enterprises prefer adding SSE to their SD-WAN solution. Nearly 31% prefer expanding SD-WAN capabilities to achieve SASE and the rest prefer adapting SASE all at once or are still evaluating. In addition, EMA found that a mature SD-WAN foundation helped make the transition to SASE a smoother experience.
Transitioning to SASE
EMA views SD-WAN as “the foundation of SASE, which appears to be the future of networking and security.” Yet, enterprises are still unsure about their path to SASE and how to achieve it. Per EMA, a firm SD-WAN foundation is key for a successful SASE transition, and organizations should strive to deploy a strong SASE solution.
To read the complete report, click here.
For as long as anyone can remember, organizations have had to balance 4 key areas when it comes to technology: security efficacy, cost, complexity, and...
Security Requires Speed For as long as anyone can remember, organizations have had to balance 4 key areas when it comes to technology: security efficacy, cost, complexity, and user experience. The emergence of SASE and SSE brings new hope to be able to deliver fully in each of these areas, eliminating compromise; but not all architectures are truly up to the task.
SASE represents the convergence of networking and security, with SSE being a stepping-stone to a complete single-vendor platform. The right architecture is essential to providing an experience that aligns with the expectations of modern workers while delivering effective security at scale. Here are a few things to consider when exploring SASE and SSE vendors:
PoP Presence
Marketing claims aside, you should consider how many unique geographic locations can provide all capabilities to your user base as well as how effective the organization has been at adding and scaling new PoPs. These PoPs should be hosted in top-tier data centers and not rely on the footprint of a public cloud provider.
[boxlink link="https://go.catonetworks.com/Frost-Sullivan-Award-Cato-SSE360_LP.html"] Cato Networks Recognized as Global SSE Product Leader | Download the Report [/boxlink]
Global Private Backbone
Cloud and mobile adoption are still on the rise but create challenges as users and apps are no longer in fixed locations. The public Internet routes traffic in favor of cost savings for the ISP without consideration for performance. While peering is also a key factor in achieving strong performance, a true global private backbone is critical to any SASE or SSE product and should provide value to both Internet-bound and WAN traffic. Customers should be able to control the routing of their traffic across this backbone to egress traffic as close to the destination as possible.
Network Optimization
QoS has been around for more than 20 years and is useful to ensure that critical applications have enough available bandwidth, but QoS does not do anything to improve performance beyond this. When evaluating a provider, look for networking optimization capabilities such as TCP proxy and packet-loss mitigation that will improve the overall user experience.
At Cato Networks, we were founded to deliver on the vision of a true SASE solution, converging networking and security to eliminate compromise and create simple, secure connectivity with performance. Recently we conducted a performance test for one of our customers comparing Cato’s SASE cloud to Zscaler Private Access and the results are impressive.
For the test, several files were transferred from the customer’s file share in London to an endpoint in Tokyo. Even for files only 100MB in size, the performance improvement is substantial. It’s also worth noting that ZPA doesn’t inspect traffic for threats, and despite Cato’s complete zero-trust approach to WAN traffic, with all inspection engines active, Cato’s SASE cloud was able to achieve up to a 317% improvement in performance.
SASE and SSE vendors deliver critical capabilities to organizations and should be carefully evaluated before adoption. While performance is one of many factors to consider, I urge IT and Security leaders not to make it the lowest priority. After all, users are doing their best to be productive and high-performers will naturally look for ways to bypass obstacles that are slowing them down. Just remember… fast is secure, secure is fast.
In November 2022, the TAG Heuer Porsche Formula E Team announced its partnership with Cato Networks, declaring Cato the team’s official SASE partner. Cato Networks...
The TAG Heuer Porsche Formula E Team & Cato Networks: The Story Behind the Partnership In November 2022, the TAG Heuer Porsche Formula E Team announced its partnership with Cato Networks, declaring Cato the team’s official SASE partner. Cato Networks provides the TAG Heuer Porsche Formula E Team with the connectivity and security they need to deliver superior on-track performance during the races.
According to Thomas Eue, Lead IT Product Manager of the TAG Heuer Porsche Formula E Team, “Cato is a real game changer for us. I would absolutely recommend Cato to other enterprises because it’s really simple to set up and the network is really getting faster now.”
In this blog post, we examine the challenges the TAG Heuer Porsche Formula E Team was dealing with before using SASE, why they chose Cato and how Cato’s SASE solution helps the TAG Heuer Porsche Formula E Team win races. You can read the entire case study this blog post is based on here.
The Challenge: Real-Time Data Transmission at Scale
During the ABB FIA Formula E World Championship races, the TAG Heuer Porsche Formula E Team relies on insights and instructions delivered in real-time to drivers from the team’s headquarters in Germany. These instructions are derived from live racing data, like tire temperature, battery depletion, timing data and videos of the driver. The accuracy and reliability of this process is critical to the team’s success.
However, it was challenging for the TAG Heuer Porsche Formula E Team to transmit live TV feeds, live intercom services and live communication across several different channels, since they were only provided 50Mbps of bandwidth.
In addition, the nature of the races requires the team to travel to each new racing site before each competition and set up the network. According to Friedemann Kurz, Head of IT at Porsche Motorsport, this is challenging because “Technologically we are not a hundred percent sure on what’s awaiting us in the different countries. So especially the latency of course by the pure physics, it’s changing a lot between countries.”
[boxlink link="https://catonetworks.easywebinar.live/registration-simplicity-at-speed"] Simplicity at Speed: How Cato’s SASE Drives the TAG Heuer Porsche Formula E Team’s Racing | Watch the Webinar [/boxlink]
The TAG Heuer Porsche Formula E Team’s Choice: Cato Networks’ SASE
The TAG Heuer Porsche Formula E Team chose Cato’s SASE, turning it into a cornerstone of their racing strategy. Cato’s global and optimized SASE solution connects the drivers, the garage and the HQ with a high-performing infrastructure. During the races, vital data is transmitted across Cato’s global private backbone for real-time analysis at the HQ and back to the drivers and on-site teams to boost driving performance.
According to Friedemann Kurz, Head of IT at Porsche Motorsport, “Cato Networks will allow us to focus on the critical decisions that make a difference on-track by lessening the administrative work to set up and manage our IT network infrastructure. Using the Cato SASE Cloud, we’re able to have the reliable and secure connectivity we need to have anywhere around the world, whether at a racetrack, during travel or at the research and development center in Weissach, the home of Porsche Motorsport.”
Cato Networks also ensures the connection is secure. “We have the most secure connection wherever we are – between all the racetracks, cloud applications and Porsche Motorsport in Weissach,” says Carlo Wiggers, Director of Team Management and Business Relations at Porsche Motorsport
To answer the deployment challenges, Cato Networks enables setting up a site in a mere five hours. “We are very well prepared and confident, as soon as the engineers arrive the services are ready to run,” comments Friedemann Kurz, Head of IT at Porsche Motorsport.
A Streamlined and High-Performing Solution
With Cato Networks’ technology, the team’s IT engineers and the Motorsport IT department, are reliably transmitting data in real-time. The HQ team, in turn, is able to analyze the data and make informed decisions instantly.
In the first week of usage, the team transferred more than 1.2 TB of data.
In the Cape Town race, for example:
1.45 TB of data were transmitted.
The round-trip-time from the race track to the HQ was stable at 80-100 milliseconds.
Packet loss was only 0.23% over the whole event.
“Every enterprise that has any similarity with what we are doing, acting worldwide, having various branches around the world can definitely benefit on all the solutions that Cato is providing,” concludes Friedemann Kurz, Head of IT at Porsche Motorsport
Learn more about the ABB FIA Formula E World Championship, how the TAG Heuer Porsche Formula E Team leverages Cato’s SASE and the joint values the two teams share by reading the complete case study, here.
Security leaders today are facing a number of challenges, including a rise in the number of breaches, a need to accommodate remote work and networking...
How to Be a Bold and Effective Security Leader Security leaders today are facing a number of challenges, including a rise in the number of breaches, a need to accommodate remote work and networking requirements to replace MPLS networks. In this new blog post, we share insights about this new reality by David Holmes, Senior Analyst at Forrester, as well as an in-depth explanation about the security stack that can help. You can watch the webinar this blog post is based on here.
3 Trends Impacting Networking and Security
Forrester identified three converging trends that are influencing the network and security industries: A growing number of cybersecurity breaches complemented by a security skills shortage, remote work as the new reality and MPLS connections being replaced by SD-WAN. Let’s delve into each one.
1A. Cybersecurity Breaches are on the Rise
According to Forrester, the number of cybersecurity breaches has grown significantly. In 2019, 52% of organizations they surveyed were breached at least once over a 12-month period. In 2020, the percentage jumped to 59%. In 2021 it was 63% and in 2022 it was a whopping 74%. Unfortunately, the actual percentage is probably higher since these numbers do not include organizations that do not know they were breached or have not admitted it.
1B. Security Skills Shortage has Real Impact
In addition, Forrester found that companies whose IT security challenges included finding employees with the right security skills tended to have more breaches annually. Nearly a quarter (23%) of organizations who pinpointed security skills shortage as one of their biggest IT challenges, were breached more than six times in the past 12 months.
2. Remote Work is Here to Stay
Forrester’s research concluded that the concept of working anywhere has been embraced by security leaders. Nowadays, 30% of a CSO’s time during working hours is spent working from home, compared to 2% before the COVID-19 pandemic. The percentage of work taking place at the corporate headquarters has been reduced from 49% to 21%. Non-security employees probably spent more work time at home than the surveyed CSOs.
Remote working means employees work from anywhere and their company data can also be anywhere, especially in the cloud. For architects, CSOs and CTOs, this means they have to build an architecture that take these new conditions into account. This requires adjustments in terms of security, the user experience, and more.
3. SD-WAN Adoption
Finally, according to Forrester, 74% of organizations are adopting or have already adopted SD-WAN, while only 10% have no plans at all. SD-WAN allows organizations to replace their private lines and eliminate the overhead and maintenance of connecting through local ISPs.
Point Solutions are Incompatible with the Hybrid Enterprise
This new reality requires new networking architectures. In legacy architectures, most users were in the office,using on-premises applications, remote user traffic was backhauled through the data center, where security policies were enforced through point solutions. This was a good solution at the time, but today with applications and users everywhere, this approach is no longer practical or productive.
But moving all point solutions to the cloud isn’t a good approach either. Let’s take a look at a typical organization’s security stack for the cloud:
SWG and CASB solutions secure user access to the internet and to cloud applications. They are usually provided through a built-in web proxy architecture, i.e they examine HTTP and HTTPS traffic.
ZTNA provides access to private applications. It is commonly delivered through a separate pre-app connector architecture, which is a type of virtual overlay.
NGFW and UTM solutions identify malicious traffic coming from non-users.
This stack constitutes a fragmented architecture that creates inconsistent policy engines, limited visibility for WAN security and unoptimized access to the Internet and Cloud Resources. The result is blind spots and complexity.
The Right Way: One Architecture for Total Visibility, Optimization and Control
The solution is to converge the entire security stack into one cloud function. Such a cloud security service will provide total visibility, optimization and control of all the traffic. It will ensure all traffic goes through the same security controls in a single, converged architecture for all edges, giving organizations the ability to enforce policies with one policy engine and one rule base.
A converged solution enables doing this in a holistic manner that covers all traffic (ports, protocols, IPs, sources and destinations), applications (Private, Public, Cloud and Web), security capabilities (FWaaS, IPS, NGFW, ZTNA, CASB, DLP) and directions (WAN, Internet, Cloud) for all users, IoT, apps and devices. In addition, traffic is optimized for global routing and acceleration across a global private backbone.
Cato SSE 360: Security Transformation in the Cloud
Cato SSE 360 is built from the ground up to behave that way. Cato SSE 360 is the security pillar of Cato’s SASE cloud, providing total visibility, optimization and control. Cato’s SSE 360 converges all SSE components into a global cloud service that includes SWG, CASB, DLP, FWaaS, while providing a global backbone for traffic optimization and acceleration.
The global reach of Cato SSE 360 (and SASE, see below) spans over more than 80 Pop locations across North America, Europe, Asia, Latin America, the Middle East and Africa. Each PoP location runs Cato's full security stack and network optimization capabilities. This ensures a short distance of under 25 milliseconds round trip time from any user and any business location. In addition, Cato is continuously adding more PoPs every quarter to expand coverage.
[boxlink link="https://catonetworks.easywebinar.live/registration-how-to-be-a-bold-and-effective-security-leader-during-times-of-economic-downturn"] How to Be A Bold and Effective Security Leader During Times of Economic Downturn | Watch the Webinar [/boxlink]
Cato SASE Cloud
SASE (Secure Access Service Edge) is the convergence of security and networking capabilities into a single cloud-native platform. Cato’s SASE cloud is the convergence of SSE 360 and SD-WAN across a private cloud network of PoPs. All PoPs are interconnected by a global private backbone that is built with redundant tier one providers, and this guarantees consistent and predictable global latency, jitter and packet loss, creating a reliable network.
All traffic runs through Cato’s Single Pass Cloud Engine (SPACE) that performs all networking and security processing in the cloud. SPACE consists of two parts:
A multi-gig packet processing engine
A real-time policy enforcement engine
SPACE is natively built to process multi-gig traffic flows from all enterprise edges, including branches, users devices and applications. It supports all ports and protocols and automatically extracts rich context from each flow, including the user identity, device posture, target applications and data files. Then, it finds the best route for the traffic and applies network optimization and acceleration to minimize round trip times. TLS decryption is applied as needed without any impact on the user experience.
Multiple security engines simultaneously and consistently enforce policies through SPACE. FWaaS, IPS, NGAM and SWG clooaborate to protect users against WAN and Internet-based advanced threats. In addition, ZTNA provides secure remote access, while CASB and DLP control access to risky cloud applications and prevent sensitive data loss. All these capabilities run on all the traffic at the same time to minimize security overhead and leverage the rich context of every packet.
Connectivity takes place through an IPSec tunnel and a Cato vSocket, turning the cloud data centers into an integral part of the network, and with no need to deploy virtual firewalls. Cato provides full visibility and control over all the incoming and outgoing traffic from cloud data centers.
For public cloud applications, no integration is required. Optimization, inspection and enforcement are inherently applied from any edge. Traffic is forwarded over the private backbone to the PoP that is closest to the cloud instance that is serving the business. This smart egress capability optimizes the user experience. Remote users can use the Cato client or a browser to securely connect to any application on-premise or in the cloud, from laptops, tablets and smartphones.
Cato offers full visibility and control via a single pane of glass and a flexible management model. Customers can opt for a fully managed service, co-management, or complete self-management of their deployments.
Best of all, transitioning from an SSE to full SASE only requires replacing the edges with Cato’s SD-WAN sockets.
How Cato SSE 360 Addresses 3 Common Use Cases
1. Securing the Hybrid Workforce
As Forrester identified, enterprises today need to seamlessly and securely connect the hybrid workforce wherever they are.
Cato SSE 360 seamlessly and securely connects the hybrid workforce no matter where they are, and ensures all policies are consistently enforced everywhere. This eliminates the need to backhaul the user’s traffic across the world to a data center VPN appliance. There is also no need to deploy global instances to achieve the same goal. This provides zero trust security with continuous verification, access control, threat prevention and sensitive data protection, wherever the users are.
2. Beyond User-to-Application Access
Security is required beyond users and applications. It must address all edges, including IoT devices and unmanaged endpoints. This is the difference between proxy architectures and network architectures.
The Cato SPACE architecture enables Cato to provide complete visibility and full traffic inspection. This includes:
End-to-end visibility across all edges: branches, data centers, users, and apps.
End to end threat prevention and sensitive data protection.
3. IT Infrastructure Consolidation
End-to-end visibility and control provides last mile resiliency and a single pane of glass for networking and security management. Cato also eliminates solution sprawl by eliminating point solutions and the need for patching, fixing and upgrading. Finally, Cato SASE Cloud is designed to provide a resilient, self-healing architecture that ensures connectivity and security.
Learn more about solutions for security leaders by watching the entire webinar, here.
SASE = SD-WAN + SSE. This simple equation has become a staple of SASE marketing and thought leadership. It identifies two elements that underpin SASE,...
SASE is not SD-WAN + SSE SASE = SD-WAN + SSE. This simple equation has become a staple of SASE marketing and thought leadership. It identifies two elements that underpin SASE, namely the network access technology (SD-WAN) and secure internet access (Security Service Edge (SSE)).
The problem with this equation is that it is simply wrong. Here is why.
The “East-West” WAN traffic visibility gap: SASE converges two separate disciplines: the Wide Area Network and Network Security. It requires that all WAN traffic will be inspected. However, SSE implementations typically secure “northbound” traffic to the Internet and have no visibility into WAN traffic that goes “east-west” (for example, between a branch and a datacenter). Therefore, legacy technologies like network firewalls are still needed to close the visibility and enforcement gap for that traffic.
The non-human traffic visibility gap: Most SSE implementations are built to secure user-to-cloud traffic. While an important use case, it doesn’t cover traffic between applications, services, devices, and other entities where installing agents or determining identities is impossible. Extending visibility and control to all traffic regardless of source and destination requires a separate network security solution.
The private application access (ZTNA) vs secure internet access (SIA) gap: SSE solutions are built to deliver SIA where there is no need to control the traffic end-to-end. A proxy would suffice to inspect traffic on its way to cloud applications and the Web. ZTNA introduces access to internal applications, which are not visible to the Internet, and were not necessarily accessed via Web protocols. This requires a different architecture (the “application connector”) where traffic goes through a cloud broker and is not inspected for threats. Extending inspection to all application traffic across all ports and protocols requires a separate network security solution.
What is missing from the equation? The answer is: a cloud network.
By embedding the security stack into a cloud network that connects all sources and destinations, all traffic that traverses the WAN is subject to inspection. The cloud network is what enables SASE to achieve 360 degrees visibility into traffic across all sources, destinations, ports, and protocols, anywhere in the world. This traffic is then inspected, without compromise, by all SSE engines across threat prevention and data security. This is what we call SSE 360.
[boxlink link="https://www.catonetworks.com/resources/sase-vs-sd-wan-whats-beyond-security/"] SASE vs SD-WAN: What’s Beyond Security | Download the eBook [/boxlink]
There are other major benefits to the cloud network. The SASE PoPs aren’t merely securing traffic to the Internet but are interconnected to create a global backbone. The cloud network can apply traffic optimization in real time including calculating the best global routes across PoPs, egressing traffic close to the target application instead of using the public Internet and applying acceleration algorithms to maximize end-to-end throughout. All, while securing all traffic against threats and data loss. SASE not only secures all traffic but also optimizes all traffic.
With SSE 360 embedded into a cloud network, the role of SD-WAN is to be the on-ramp to the cloud network for both physical and virtual locations. Likewise, ZTNA agents provide the on-ramp for individual users’ traffic. In both cases, the security and optimization capabilities are delivered through the cloud. This cloud-first/thin-edge holistic design is the SASE architecture enterprises had been waiting for.
Cloud networks are an essential pillar of SASE. They exist in certain SASE solutions that use the Internet, or a third-party cloud network such as are available through AWS, Azure, or Google. While these cloud networks provide global connectivity to the SASE solution, they are decoupled from the SSE layer and act as a “black box” where the optimizations of routing, traffic, application access, and the ability to reach any geographical region, are outside the control of the SASE solution provider. Having a cloud network, however, is preferred for the reasons mentioned than having no cloud network at all.
SASE needs an updated equation. SASE = SD-WAN + Cloud Network + SSE. Make sure you choose the right architecture on your way to full digital transformation.
Six months ago, the question, “Which is your preferred AI?” would have sounded ridiculous. Today, a day doesn’t go by without hearing about “ChatGPT” or...
Bard or ChatGPT: Cybercriminals Give Their Perspectives Six months ago, the question, “Which is your preferred AI?” would have sounded ridiculous. Today, a day doesn’t go by without hearing about “ChatGPT” or “Bard.” LLMs (Large Language Models) have been the main topic of discussions ever since the introduction of ChatGPT. So, which is the best LLM?
The answer may be found in a surprising source – the dark web. Threat actors have been debating and arguing as to which LLM best fits their specific needs.
Hallucinations: Are They Only Found on ChatGPT?
In our ChatGPT Masterclass we discussed the good, the bad, and the ugly of ChatGPT, looking into how both threat actors and security researchers can use it, but also at what are some of the issues that arise while using ChatGPT.
[boxlink link="https://catonetworks.easywebinar.live/registration-offensive-and-defensive-chatgpt"] Offensive and Defensive AI: Let’s chat(GPT) About It | Watch the Webinar [/boxlink]
Users of LLMs have quickly found out about “AI hallucinations” where the model will come up with wrong or made-up answers, sometimes for relatively simple questions. While the model answers very quickly and appears very confident in its answer, a simple search (or knowledge of the topic) will prove the model wrong.
What was initially perceived as the ultimate problem-solving wizard now faces skepticism in some of its applications, and threat actors have been talking about it as well. In a recent discussion in a Russian underground forum, a participant asked about the community’s preference when it comes to choosing between ChatGPT and Bard.
Good day, Gentlemen. I've become interested in hearing about Bard from someone who has done relatively deep testing on both of the most popular AI chatbot solutions - ChatGPT and Bard. Regarding ChatGPT, I have encountered its "blunders" and shortcomings myself more than once, but it would be very interesting to hear how Bard behaves in the sphere of coding, conversational training, text generation, whether it makes up answers, whether it really has an up-to-date database and other bonuses or negatives noticed during product testing.
The first reply claimed that Bard is better but has similar issues to ChatGPT:
Bard truly codes better than ChatGPT, even more complex things. However, it doesn't understand Russian. Bard also occasionally makes things up. Or it refuses to answer, saying, "I can't do this, after all, I'm a chatbot," but then when you restart it, it works fine. The bot is still partly raw.
The next participant in this discussion (let’s call him ‘W’), however, had a lot to say about the current capabilities of LLMs and their practical use.
All these artificial intelligences are still raw. I think in about 5 years it will be perfect to use them. As a de-facto standard. Bard also sometimes generates made-up nonsense and loses the essence of the conversation. I haven't observed such behavior with ChatGPT. But if I had to choose between Bard and GPT, I'd choose Bard. First of all, you can ask it questions non-stop, while ChatGPT has limits. Although maybe there are versions somewhere without limits. I don't know. I've interacted with ChatGPT version 3. I haven't tried version 4 yet. And the company seems to have canceled the fifth version. The advantages of Bard are that it gives, so to speak, what ChatGPT refuses to give, citing the law. I want to test the Chinese counterpart but I haven’t had the opportunity yet.
The member who provided the first reply in this conversation chimed in to make fun of some of the current views on ChatGPT:
The topic of coding on neural networks and the specifics of neural networks (as the theory and practice of AI and their creation and training) is extremely relevant now. You read some analysts and sometimes you're amazed at the nonsense they write about it all. I remember one wrote about how ChatGPT will replace Google and, supposedly, the neural network knows everything and it can be used as a Wikipedia. These theses are easily debunked by simply asking the bot a question, like who is this expert, and then the neural network either invents nonsense or refuses to answer this question citing ethics, and that's very funny.
This comment brought back ‘W’ to the discussion.
Partially true. In fact, Google itself plans to get rid of links in search results. There will be a page with a bot. This is a new type of information search, but they will not completely get rid of links, there will be a page where there will only be 10 links. I don't know if this is good or bad. Probably bad, if there will only be 10 of them in that search result. That is, there won't be the usual deep search.
For example, it's no longer interesting to use Google in its pure form. Bing has a cool search - a must-have. But sometimes I forget about it and use good old Google. Probably I would use Bing if it wasn't tied to an account, Windows, and the Edge browser. After all, I'm not always on Windows, it would be hell to adapt this to Linux.
+++ I have already encountered the fact that the neural network itself starts to make up nonsense.
Another member summarized it as he sees thing, in English:
Bard to search the web. ChatGPT to generate content. Both are very limited to write code from scratch. But, as wXXXX said, we must to wait some years to use it in our daily life.
In our next masterclass session Diana Kelley and I will dive into the different aspects of AI, how and why these “AI hallucinations” happen, what buyers of this technology need to ask vendors who claim to use LLMs as well the concerns raised in this discussion by cybercriminals.
I read with some surprise the interview with Zscaler’s CEO, Jay Chaudry, in CRN where he stated that the “network firewalls will go the way...
The Future of the Firewall is in the Cloud I read with some surprise the interview with Zscaler’s CEO, Jay Chaudry, in CRN where he stated that the “network firewalls will go the way of the mainframe,” that “the network is just plumbing” and that Zscaler proxy overlay architecture will replace it with its “application switchboard.”
Well, our joint history in network security teaches us a very different lesson. This is my take.
The first time I met Jay Chaudry was in an office space in Atlanta back in 1995. We were starting to build the Check Point partner network and Jay just started SecureIT, a reseller, service, and training business focused on our product.
Jay has always been a visionary. He bet that the Check Point network firewall would beat established firewall players like Raptor, Gauntlet TIS, and Sidewinder. Have you heard any of these names? I guess not. They were all proxy firewalls, which protected specific applications using per-application code and were the established market leaders at the time. Jay correctly understood that a more general-purpose firewall, the network firewall, would win that battle by embedding security directly into the network and applying inspection to all traffic, not just application traffic.
The network firewall was initially met with skepticism and only visionaries like Jay saw the future. But with the proliferation of protocols and applications, and the growing complexity of the security stack, it was clear that the network firewall was the winning approach. The proxy firewalls faded. Jay made the right bet building his business around the Check Point Network Firewall and used this success and his entrepreneurial spirit to launch Zscaler.
Zscaler offered a secure web gateway (SWG) as a service. It solved an urgent problem - users wanted direct internet access from anywhere without the need to backhaul to corporate VPN concentrators appliances or data center firewalls. With the public Internet being the underlying network, Zscaler only option was to build its solution as an overlay proxy.
Following SWG came the need for CASB, which used the same proxy architecture applied to SaaS applications. Lastly, ZTNA used the same approach to access private apps in datacenters. This progression created a multibillion-dollar security company. But, as these various products appeared on scene, so did complexity. Enterprises had to maintain their MPLS networks, SD-WANs, and network firewalls and layer on top of them the SWG, CASB, and ZTNA proxies.
[boxlink link="https://www.catonetworks.com/resources/migrating-your-datacenter-firewall-to-the-cloud/"] Migrating your Datacenter Firewall to the Cloud| Download the White Paper [/boxlink]
This complex reality was what Gur Shatz and I set out to change as we launched Cato Networks in 2015. We created the architecture and category that Gartner would later call SASE declaring it the future of wide-area networking and network security. The idea behind Cato is simple. Create a cloud service that converges the networking and network security capabilities provided by appliances and the ones delivered by proxies like SWG, CASB and ZTNA. The resulting cloud service will make these capabilities available through a single-pass architecture delivered elastically all over the world and to all edges – physical locations, cloud and physical data centers, remote users, IoT, etc. Much like an AWS for networking and security, Cato SASE enables enterprises to use these capabilities without owning the stack that delivers them. SASE enables each converged capability to contribute to the effectiveness of all the others. The network provides 360-degree visibility, which enables complete real-time context that drives real-time decisions and accurate detection and response.
Essentially, what Gur and I created was a brand-new form factor of the network firewall built for the cloud. I was lucky enough to create with Gil Shwed the first one: the software form factor that was Firewall-1. I was lucky enough to write the first check to Nir Zuk that created the second form factor of the converged NG-Firewall appliance at Palo Alto Networks. SASE and Cato’s implementation of it are the third form factor: the Secure Cloud Network.
Jay, firewalls are here to stay, just using a different form factor. It is Zscaler’s proxy approach that is going away. You knew better 28 years ago; you should know better now.
David Heinemeier Hansson lays out the economic case for why application providers should leave the cloud in a recently published blog post. It’s a powerful...
SASE Evaluation Tips: The Risk of Public Cloud’s High Costs on SASE Delivery David Heinemeier Hansson lays out the economic case for why application providers should leave the cloud in a recently published blog post. It's a powerful argument that needs to be heard by IT vendors and IT buyers, whether they are purchasing cloud applications or SASE services.
Hansson is the co-owner and CTO of 37Signals, which makes Basecamp, the project management software platform, and Hey, an email service. His "back of the napkin" analysis shows how 37Signals will save $1.5 million per year by moving from running its large-scale cloud software in the public cloud to running its cloud software on bare-metal hardware. If you haven't done so, I encourage you to read the analysis yourself.
Those numbers might seem incredible for those who've bought into the cloud hype. After all, the cloud was supposed to make things easier and save money. How's it possible that it would do just the opposite?
The cloud doesn't so much as reduce vendor costs as it allows vendors to get to market faster. They avoid the planning, deployment time, and investment associated with purchasing, shipping, and installing the hardware components, creating the redundancy plans, and the rest of what goes into building data centers worldwide. The cloud gives vendors the infrastructure from day one. Its elasticity relaxes rigorous compute planning, letting vendors overcome demand surges by spinning up more compute as necessary.
All of which, though, comes at a cost -- a rather large cost. Hansson realized that with planning, an experienced team could overcome the time to market and elements and elasticity requirements without the expenditures necessary for the cloud:
"…The main difference here is the lag time between needing new servers and seeing them online. It truly is incredible that you can spin up 100 powerful machines in the cloud in just a few minutes, but you also pay dearly for the privilege. And we just don't have such an unpredictable business as to warrant this premium. Given how much money we're saving owning our own hardware, we can afford to dramatically over-provision our server needs, and then when we need more, it still only takes a couple of weeks to show up.
The result: enormous capital savings (and other benefits).
From Productivity Software to Productive SASE Services
What Hansson says about application software holds for SASE platforms. A SASE platform requires PoPs worldwide. Those PoPs need servers with enough compute to work 24x7 under ordinary occasions and additional compute needed to accommodate spikes, failover, and other conditions.
It's a massive undertaking that takes time and planning. In the rush to meet the demand for SASE, though, many SASE players haven't had that time. They had no choice but to build out their SASE PoPs on public cloud infrastructure precisely because they were responding to the SASE market. Palo Alto Networks, for example, publicly announced their partnership with Google Cloud in 2022 for their ZTNA offering. Cisco announced its partnership with Google for global SD-WAN service. And they're not alone. With the purchasing of cloud infrastructure, those companies incur all the costs Hansson details.
[boxlink link="https://www.catonetworks.com/resources/inside-cato-networks-advanced-security-services/"] Inside Cato Networks Advanced Security Services | Download the White Paper [/boxlink]
Which brings us to Cato. Our founders started Cato in 2015, four years before SASE was even defined. We didn't respond to the SASE market; we invented it.
At the time, the leadership team, which I was fortunate enough to be part of, evaluated and deliberately avoided public cloud infrastructure as the basis for the Cato SASE Cloud. We understood the long-term economic problem of building our PoP infrastructure in the cloud. The team also realized that owning our infrastructure would bring other benefits, such as delivering Cato SASE Cloud into regions unserved by the public cloud providers.
Instead, we invested in building our PoPs on Cato-owned and operated infrastructure in tier-4 data centers across 80+ countries. Today, we continue with that philosophy and rely on our experienced operations team to ensure server supply to overcome supply chain problems.
High Costs Mean a Choice of Three Rotten Outcomes for Customers
Now, customers don't usually care about their vendors' cost structures. Well, at least not initially. But when a service isn't profitable because the COGS (cost of goods sold) is too high, there's only one of three outcomes, and none are particularly well-liked by customers. A company will go bankrupt, prices will grow to compensate for the loss, or service quality will drop.
Those outcomes are improbable if a vendor sells a service or product at a profit. The vendor may adjust prices to align with macroeconomics and inflation rates or decrease prices over time, sharing the economic benefit of large-scale operations with your customers. Or the vendor may evolve service capabilities and quality to meet customer needs better. Regardless, the vendor will likely be the long-term solution enterprise IT requires for networking or security solutions.
The Bottom Line Should Be Your Red Line
Using public clouds for large-scale cloud services allowed legacy vendors to jump into the then new SASE market and seemingly offer what any enterprise IT buyer wants – the established reputation of a large company with innovation that is SASE. It's a nice comforting story. It's also not true.
Building a SASE or application service on a cloud platform brings an excessively high COGS, as Hansson has pointed out. Eventually, that sort of deficit comes back to bite the company. Sure, a company may be able to hide its losses for a while. And, yes, if the company is large enough, like a Palo Alto Networks or Cisco, it's not likely to go out of business any time soon.
But if the service is too expensive to deliver, any vendor will try to make the service profitable – whether by increasing prices or decreasing service quality – and always at the customer's expense. Ignoring such a glaring risk when buying infrastructure and purchasing from a large vendor isn't "playing it safe." It's more like sticking your head in the lion's mouth. And we know how well that goes.
In the original Top Gun movie, Tom Cruise famously declared the words, “I feel the need! The need for speed!”. At Cato Networks, we also...
Cato’s 5 Gbps SASE Speed Record is Good News for Multicloud and Hybrid Cloud Deployments In the original Top Gun movie, Tom Cruise famously declared the words, “I feel the need! The need for speed!”. At Cato Networks, we also feel the need for speed, and while we’re not breaking the sound barrier at 30,000 feet, we did just break the SASE speed barrier (again!). (We’re also getting our taste for speed through our partnership with the TAG Heuer Porsche Formula E Team, where Cato’s services ensure that Porsche has a fast, reliable, and secure network that’s imperative for its on-track success.)
Earlier last month, we announced that Cato reached a new SASE throughput record, achieving 5 Gbps on a single encrypted tunnel with all security inspections fully enabled. This tops our previous milestone of up to 3 Gbps per tunnel.
The need for 5 Gbps is happening on the most intensive, heavily used network connections within the enterprise, such as connections to data centers, between clouds in multi-cloud deployments, or to clouds housing shared applications, databases, and data stores in hybrid clouds. Not all companies have the need for 5 Gbps connections, but for large organizations that do have that need, it can make a significant difference in performance.
Only a Cloud-Delivered SASE Solution Can Offer Such Performance
The improved throughput underscores the benefits of Cato’s single-vendor, cloud-native SASE architecture. We were able to nearly double the performance of the Cato Socket, Cato’s edge SD-WAN device, without requiring any hardware changes – or anything at all, for that matter – on the customer’s side.
This big leap in performance was made possible through significant improvements to the Cato Single Pass Processing Engine (SPACE) running across the global network of Cato PoPs. The Cato SPACE handles all routing, optimization, acceleration, decryption, and deep packet inspection processing and decisions. Putting this in “traditional” product category terms, a Cato SPACE includes the capabilities of global route optimization, WAN and cloud access acceleration, and security as a service with next-generation firewall, secure web gateway, next-gen anti-malware, and IPS.
[boxlink link="https://www.catonetworks.com/resources/single-pass-cloud-engine-the-key-to-unlocking-the-true-value-of-sase/"] Single Pass Cloud Engine: The Key to Unlocking the True Value of SASE | Download the White Paper [/boxlink]
These capabilities are the compute-intensive operations that normally degrade edge appliance performance—but Cato performs them in the cloud instead. All the security inspections and the bulk of the packet processing are conducted in parallel in the Cato PoP by the SPACE technology and not at the edge, like in appliance-based architectures. Cato Sockets are relatively simple with just enough intelligence to move traffic to the Cato PoP where the real magic happens.
The improvements enhanced Cato SPACE scalability, enabling the cloud architecture to take advantage of additional processing cores. By processing more traffic more efficiently, Cato SPACE can inspect and receive more traffic from the Cato Sockets. What’s more, all Cato PoPs run the exact same version of SPACE. Any existing customer using our X1700 Sockets – the version meant for data centers – will now automatically benefit from this performance update.
By contrast, competitors’ SASE solutions implemented as virtual machines in the cloud or modified web proxies remain limited to under 1 Gbps of throughput for a single encrypted tunnel, particularly when inspections are enabled. It’s just an added layer of complexity and risk that doesn’t exist in Cato’s solution.
New Cross-Connect Capabilities Enable High-Speed Cloud Networking Worldwide
Cato is also better supporting multicloud and hybrid cloud deployments by delivering 5 Gbps connections to other cloud providers. The new Cato cross-connect capability in our PoPs enables private, high-speed layer-2 connections between Cato and any other cloud provider connecting to the Equinix Cloud Exchange (ECX) or to Digital Reality. This is done by mapping a VLAN circuit from the customer’s Cato account to the customer’s tenant in the other cloud provider.
The new cross-connect enables a reliable and fast connection between our customers’ cloud instances and our PoPs that is entirely software-defined and doesn’t require any routers, IPsec configuration, or virtual sockets.
The high-speed cross-connect will be a real enabler for those enterprises with a multicloud or hybrid cloud environment, which, according to the Flexera 2023 State of the Cloud Report, is 87% of organizations. Companies need encrypted, secure high throughput between their clouds or to the central data centers in their hybrid deployments.
In addition, this new service provides legacy environments the ability to use the leading-edge network security measures of the Cato SASE platform. Enterprises with MPLS or third-party SD-WAN infrastructure can now leverage Cato’s SSE capabilities without changing their underlying networks.
Cato Engineers Put Innovation to Work
The new SASE throughput speed record and the cross-connect capabilities show that innovation never rests at Cato. (In fact, GigaOm did recognize Cato as an Outperformer “based on the speed of innovation compared to the industry in general.”) We’ll continue to look for ways to apply our innovative minds to further enhance our industry-leading single-vendor, cloud-native SASE solution.
Cloud adoption has exploded in recent years. Nearly all companies are using cloud solutions, and the vast majority having deployments spanning the platforms of multiple...
SASE and CASB Functions: A Dynamic Duo for Cloud Security Cloud adoption has exploded in recent years. Nearly all companies are using cloud solutions, and the vast majority having deployments spanning the platforms of multiple cloud service providers.
These complex cloud infrastructures can create significant usability and security challenges for an organization. If security settings are misconfigured, an organization’s cloud infrastructure, services and applications could be potentially vulnerable to exploitation.
Cloud security solutions are essential to managing the security risks associated with cloud adoption. Two of the most important security capabilities for the cloud are a cloud access security broker (CASB) and secure access service edge (SASE).
What is a Cloud Access Security Broker?
CASBs enforce an organization’s enterprise security policies when using cloud applications and service. These solutions can be deployed anywhere within an organization’s infrastructure, including on-prem data centers, a cloud service provider, or as part of a SASE deployment.
CASB is essential to the safe and secure use of cloud applications and services because they enable an organization to ensure that its enterprise security policies are enforced in the cloud. This capability not only enables the organization to more effectively protect applications in the cloud, but it’s also essential to ensuring that the organization’s cloud environment maintains compliance with applicable regulatory requirements.
CASB Functions and Features
In order to ensure enforcement of enterprise security policies in the cloud, CASB solutions must provide various features and capabilities, such as:
Visibility: Visibility is one of the core capabilities that any effective CASB solution should provide. CASB’s role as a policy enforcement engine means that it needs to provide administrators with visibility into their cloud environments to define granular security policies, and ensure they are effectively enforced. Also, CASB can help to detect unauthorized or misuse of cloud resources that fall outside of enterprise security policy and the management of the IT and security teams.
Access Controls: CASB solutions provide organizations with the ability to govern the usage of their cloud-based environments and services. This includes tailoring access controls to an employee’s role and needs as well as defining rules governing access, basing access decisions on the employee’s identity, location or other factors.
Threat Protection: CASB solutions perform behavioral analysis for cloud applications, identifying unusual activities that might indicate a malware infection or other potential risks. This behavioral monitoring enables security administrators to investigate and remediate these issues.
Compliance Enforcement: Many organizations are subject to common data protection regulations and standards. CASB will enforce enterprise security policies and regulatory compliance policies. A CASB solution should streamline the process of implementing required security controls, perform logging, and compliance reporting. Such reports can inform internal stakeholders and regulatory authorities of the organization’s compliance posture.
[boxlink link="https://www.catonetworks.com/resources/cato-casb-overview/"] Cato CASB overview | Download the White Paper [/boxlink]
How CASB works with SASE
CASB is a key element of SASE’s unified security stack, providing visibility, security, and control over cloud applications. SASE’s visibility into all traffic flows provides CASB with the access and control needed to fulfill its role. SASE provides secure, optimized access to enterprise and cloud applications and resources.
In the end, both CASB and SASE are crucial to an organization’s enterprise and cloud security posture. SASE provides the secure, high-performance network platform for the modern enterprise, while CASB ensures the safe and secure use of cloud applications and resources. Together they strengthen an organization’s overall security posture.
CASB Functions for Cloud Service Providers (CSPs)
CASB is a crucial component of a cloud security strategy. Without the visibility and policy enforcement it provides, an organization can’t effectively manage, secure, or maintain regulatory compliance in their cloud deployments. For this reason, some organizations may purchase CASB functionality as a standalone capability from their CSP.
For organizations whose cloud environment is solely within one cloud service provider, this may offer a workable solution. However, companies with multi-cloud environments may find that relying on CSP-provided CASB solutions creates visibility and management siloes, and increases the complexity of enforcing consistent security policies and access controls across an organization’s entire IT infrastructure.
CASB, SASE, and Cato Networks
Cato SASE Cloud includes advanced CASB functionality as part of its converged security software stack. Companies can monitor the use of all cloud applications, enforce enterprise security policies and access controls, assess risk, and ensure regulatory compliance. Cato’s CASB functionality also benefits from built-in advanced threat protection tools that provide an extra layer of defense against potential cyber threats. The Cato SASE Cloud is uniquely architected to secure multi-cloud deployments, making it easy for organization’s to maintain a safe and secure cloud security posture.
Cato SASE Cloud — Cato’s pioneering SASE solution converges networking and network security into a single cloud-native platform. Traffic flows across our global private backbone, ensuring reliable and predictable performance for an organization’s enterprise and cloud environments. The Cato SASE Cloud is the Digital Transformation Platform of the modern digital enterprise.
MITRE ATT&CK is a popular knowledge base that categorizes the Tactics, Techniques and Procedures (TTPs) used by adversaries in cyberattacks. Created by nonprofit organization MITRE,...
MITRE ATT&CK and How to Apply It to Your Organization MITRE ATT&CK is a popular knowledge base that categorizes the Tactics, Techniques and Procedures (TTPs) used by adversaries in cyberattacks. Created by nonprofit organization MITRE, MITRE ATT&CK equips security professionals with valuable insights to comprehend, detect, and counter cyber threats. In this blog post, we dive into the framework, explore different use cases for using it and discuss cross-community collaboration.
This blog post is based on episode 12 of Cato’s Cyber Security Masterclass, which you can watch here. The masterclass is led by Etay Maor, Sr. Director of Security Strategy at Cato. This episode hosted guests Bill Carter, system engineer at Cato, Ross Weisman, innovation lead at MITRE CTID.
Security Frameworks: A Short Into
MITRE ATT&CK is one of the most advanced security frameworks in use, but it is not the only one. Additional frameworks in use include:
The Lockheed Martin Cyber Kill Chain
One of the most foundational and venerable frameworks is the Lockheed Martin Cyber Kill Chain. The kill chain includes seven different stages spanning three category buckets. They are:
Preparation - Reconnaissance, Weaponization
Intrusion - Delivery, Exploitation, Installation
Breach - Command & Control (C&C), Action
This kill chain is widely-used across organizations due to its easy-to-understand, high-level approach.
The Diamond Model
Another popular model is the diamond model, The diamond model connects four aspects:
Adversary (a person or group)
Capability (malware, exploits)
Infrastructure (IP, domains)
Victim (person, network)
The advantage of the diamond model is that it encompasses the complexity and dimensionality of attacks, rather than attempting to analyze them in the kill chain’s linear form.
By combining the diamond model with the Lockheed Martin kill chain, security researchers can build an attack flow chain or activity graph:
The MITRE ATT&CK Framework
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a widely used knowledge base that describes and categorizes the tactics, techniques, and procedures (TTPs) employed by adversaries during cyberattacks. The MITRE ATT&CK framework was developed by MITRE, a nonprofit organization, And used by security professionals to understand, detect, and respond to cyber threats.
The framework covers a wide range of techniques, sub-techniques and tactics that are organized in a matrix. Tactics include Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, and more.
MITRE ATT&CK Framework Biases
The information in the MITRE ATT&CK framework is accumulated based on real-world observed behaviors. Therefore, when using the framework it’s important to acknowledge the potential biases.
Novelty Bias - New and interesting techniques or existing techniques that are used by new actors get reported, while run-of-the-mill techniques that are being used over and over again - do not.
Visibility Bias - Organizations publishing intel reports have visibility of certain techniques and not others, based on the way they collect data. In addition, techniques are viewed differently during and after incidents.
Producer Bias - Some organizations publish more reports than others, and the types of customers or visibility they have may not reflect the broader industry.
Victim Bias - Certain types of victim organizations may be more likely to report, or be reported on, than others.
Availability Bias - Techniques that easily come to mind are more likely to be reported on as report authors will include them more often.
[boxlink link="https://catonetworks.easywebinar.live/registration-the-best-defense-is-attack"] The Best Defense is ATT&CK: Applying MITRE ATT&CK to Your Organization | Watch the Webinar [/boxlink]
The Pyramid of Pain
The knowledge provided by the ATT&CK framework enables researchers to identify behaviors that could be indicative of an attack. This increases their chances of mitigating attacks, since behaviors are nearly impossible for attackers to hide. To explain this statement, let’s look at the Pyramid of Pain.
The Pyramid of Pain is a framework introduced by David Bianco for understanding and prioritizing indicators of compromise (IOCs). The pyramid illustrates the relative value of different types of IOCs based on the level of difficulty they pose for an adversary to change or obfuscate. Security professionals can use the Pyramid of Pain to detect a compromise in their systems.
Each pyramid layer represents a different type of IOC:
1. Indicators at the bottom layer are easy, and even trivial, for adversaries to modify or evade. These include basic indicators such as file hashes, IP addresses and domain names. While these indicators can help detect attacks, they are not considered robust indicators, since adversaries can easily change them.
2. Moving up the pyramid, the middle layers include artifacts that are harder for adversaries to modify, such as mutexes, file names, and specific error codes. These indicators often require modification of the adversary's tools or techniques, which can be time-consuming and risky.
3. At the top of the pyramid are the most difficult indicators for adversaries to change: tools, adversary behavior and techniques.These indicators are highly valuable for security defenders since they require significant effort and time for adversaries to alter their behavior, making them more reliable and persistent indicators of compromise. These are also the types of IoCs the MITRE ATT&CK framework focuses on.
How Defenders Can Use MITRE ATT&CK
With the MITRE ATT&CK framework, security researchers can delve into different procedures, analyze them and gain information they need. The framework’s matrix structure enables researchers to choose the level of depth they want. A helpful tool for leveraging the MITRE ATT&CK Framework is the MITRE ATT&CK Navigator. With the navigator, researchers can easily explore and visualize defensive coverage, security planning, technique frequency, and more.
The MITRE ATT&CK framework can be used by security professionals for a variety of use cases. These include threat intelligence, detection and analytics, simulations, and assessment and engineering. In addition, the framework can help security professionals start an internal organization discussion about detection and mitigation capabilities.
Here are a few examples of potential use cases.
Threat Actor Analysis
Security professionals can use the framework to gain and provide information about threat actors. For example, if a C-level manager asks about a breach or threat actor, researchers can investigate and extract the relevant information from the framework at a high level.
At a deeper level, if a researcher needs to understand how to protect against a certain threat actor, or wants to learn which threat actors use certain techniques, they can drill down into the matrix. The provided information will help them learn how the technique is executed, which tools are employed, and more. This helps expand the researchers’ knowledge by introducing them to additional operational modes of attackers.
Multiple Threat Actor Analysis
In addition to researching specific actors, the MITRE ATT&CK framework can be used for analyzing multiple threat actors. For example, during times of geo-political crisis, the framework can be used to identify common tactics used by nation-state actors.
Here’s what a visualized multiple threat actor analysis could look like, showing the techniques used by different actors in red and yellow, and overlaps in green.
Gap Analysis
Another use case is analyzing existing gaps in defenses. By analyzing defenses and attack techniques, defenders can identify, visualize and sort which threats the organization is more vulnerable to.
This is what it could look like, with colors used to indicate priority.
Atomic Testing
The framework can also be used for testing. Atomic Red Team is an open source library of tests mapped to the MITRE ATT&CK framework. These tests can help identify and mitigate coverage gaps.
Looking Forward Together: The MITRE CTID (Center for Threat-Informed Defense)
The MITRE CTID (Center for Threat-Informed Defense) is a privately funded R&D center that collaborates with private sector organizations and nonprofits. Their goal is to change the game by pooling resources, conducting more incident responding and less incident reacting. This mission is based on John Lambert’s idea that as long as defenders think in lists, rather than graphs, attackers will win.
One of the key projects around this motion is “Attack Flow”. Attack Flow aims to overcome the challenge oftracing adversary behaviors atomically. They claim that this makes it harder to understand adversary attacks and build effective defenses.
Attack Flow operates by creating a language and associated tools that describe flows of ATT&CK techniques and combining those flows into patterns of behavior. As a result, defenders and leaders can better understand how adversaries operate. Then, they can compose atomic techniques into attacks to better understand the defensive posture.
Here’s what it looks like:
Based on the such attack flows, defenders can answer questions like:
What have adversaries been doing?
How are adversaries changing?
Then, they can capture, share and analyze patterns of attack.
Ultimately, they will be able to answer the million(s) dollar questions:
What is the next most likely thing they will do?
What have we missed?
The community is invited to participate in CTID activities and contribute to the shared knowledge. You can contact them on LinkedIn or walk up to their booth at conferences, like at RSA.
To watch the entire masterclass and see how the MITRE ATT&CK framework is incorporated into Cato’s solution, click here.
We just introduced what we believe is a unique application of real-time, deep learning (DL) algorithms to network prevention. The announcement is hardly our foray...
Enhancing Security and Asset Management with AI/ML in Cato Networks’ SASE Product We just introduced what we believe is a unique application of real-time, deep learning (DL) algorithms to network prevention. The announcement is hardly our foray into artificial intelligence (AI) and machine learning (ML). The technologies have long played a pivotal role in augmenting Cato's SASE security and networking capabilities, enabling advanced threat prevention and efficient asset management. Let's take a closer look.
What is Artificial Intelligence (AI), Machine Learning (ML), and Deep Learning (DL)?
Before diving into the details of Cato's approach to AI, ML, and DL, let's provide some context around the technologies. AI is the overarching concept of creating machines that can perform tasks typically requiring human intelligence, such as learning, reasoning, problem-solving, understanding natural language, and perception. One example of AI applications is in healthcare, where AI-powered systems can assist doctors in diagnosing diseases or recommending personalized treatment plans.
ML is a subset of AI that focuses on developing algorithms to learn from and make predictions based on data. These algorithms identify patterns and relationships within datasets, allowing a system to make data-driven decisions without explicit programming. An example of an ML application is in finance, where algorithms are used for credit scoring, fraud detection, and algorithmic trading to optimize investment strategy and risk management.
Deep Learning (DL) is a subset of ML, employing artificial neural networks to process data and mimic the human brain's decision-making capabilities. These networks consist of multiple interconnected layers capable of extracting higher-level features and patterns from vast amounts of data. A popular use of DL is seen in self-driving vehicles, where complex image recognition algorithms allow the vehicle to detect and respond appropriately to traffic signs, pedestrians, and other obstacles to ensure safe driving.
Overcoming Challenges in Implementing AI/ML for Real-time Network Security Monitoring
Implementing DL and ML for Cato customers presents several challenges. Cato handles and monitors terabytes of customer network traffic daily. Processing that much data requires a tremendous amount of compute capacity. Falsely flagging network activity as an attack could materially impact our customer's operations so our algorithms must be incredibly accurate. Additionally, we can't interfere with our user's experience, leaving just milliseconds to perform real-time inference.
Cato tackles these challenges by running our DL and ML algorithms on Cato's cloud infrastructure. Being able to run in the cloud enables us to use the cloud's ubiquitous compute and storage capacity. In addition, we've taken advantage of cloud infrastructure advancements, such as AWS SageMaker. SageMaker is a cloud-based platform that provides a comprehensive set of tools and services for building, training, and deploying machine learning models at scale. Finally, Cato's data lake provides a rich data set, converging networking metadata with security information, to better train our algorithms.
With these technologies, we have successfully deployed and optimized our ML algorithms, meticulously reducing the risks associated with false flagging network activity and ensuring real-time inference. The Cato algorithms monitor network traffic in real-time while maintaining low false positive rates and high detection rates.
How Cato Uses Deep Learning to Enhance Threat Detection and Prevention
Using DL techniques, Cato harnesses the power of artificial intelligence to amplify the effectiveness of threat detection and prevention, thereby fortifying network security and safeguarding users against diverse and evolving cyber risks. DL is used in many different ways in Cato SASE Cloud.
For example, we use DL for DNS protection by integrating deep learning models within Cato IPS to detect Command and Control (C2) communication originating from Domain Generation Algorithm (DGA) domains, the essence of our launch today, and DNS tunneling. By running these models inline on enormous amounts of network traffic, Cato Networks can effectively identify and mitigate threats associated with malicious communication channels, preventing real-time unauthorized access and data breaches in milliseconds.
[boxlink link="https://www.catonetworks.com/resources/eliminate-threat-intelligence-false-positives-with-sase/"] Eliminate Threat Intelligence False Positives with SASE | Download the eBook [/boxlink]
We stop phishing attempts through text and image analysis by detecting flows to known brands with low reputations and newly registered websites associated with phishing attempts. By training models on vast datasets of brand information and visual content, Cato Networks can swiftly identify potential phishing sites, protecting users from falling victim to fraudulent schemes that exploit their trust in reputable brands.
We also prioritize incidents for enhanced security with machine learning. Cato identifies attack patterns using aggregations on customer network activity and the classical ML Random Forest algorithm, enabling security analysts to focus on high-priority incidents based on the model score.
The prioritization model considers client group characteristics, time-related metrics, MITRE ATT&CK framework flags, server IP geolocation, and network features. By evaluating these varied factors, the model boosts incident response efficiency, streamlining the process, and ensures clients' networks' security and resilience against emerging threats.
Finally, we leverage ML and clustering for enhanced threat prediction. Cato harnesses the power of collective intelligence to predict the risk and type of threat of new incidents. We employ advanced ML techniques, such as clustering and Naive Bayes-like algorithms, on previously handled security incidents. This data-driven approach using forensics-based distance metrics between events enables us to identify similarities among incidents. We can then identify new incidents with similar networking attributes to predict risk and threat accurately.
How Cato Uses AI and ML in Asset Visibility and Risk Assessment
In addition to using ML for threat detection and prevention, we also tap AI and ML for identifying and assessing the risk of assets connecting to Cato. Understanding the operating system and device types is critical to that risk assessment, as it allows organizations to gain insights into the asset landscape and enforce tailored security policies based on each asset's unique characteristics and vulnerabilities.
Cato assesses the risk of a device by inspecting traffic coming from client device applications and software. This approach operates on all devices connected to the network. By contrast, relying on client-side applications is only effective for known supported devices. By leveraging powerful AI/ML algorithms, Cato continuously monitors device behavior and identifies potential vulnerabilities associated with outdated software versions and risky applications.
For OS Type Detection, Cato's AI/ML capabilities accurately identify the operating system type of agentless devices connected to the network. This information provides valuable insights into the security posture of individual devices and enables organizations to enforce appropriate security policies tailored to different operating systems, strengthening overall network security.
Cato Will Continue to Expand its ML/AI Usage
Cato will continue looking at ways of tapping ML and AI to simplify security and improve its effectiveness. Keep an eye on this blog as we publish new findings.
In a recent poll we conducted, two thirds of respondents shared they were unaware of the MITRE ATT&CK Framework or were only beginning to understand...
How Security Teams can Leverage MITRE ATT&CK and How Cato Networks’ SASE can Help In a recent poll we conducted, two thirds of respondents shared they were unaware of the MITRE ATT&CK Framework or were only beginning to understand what it can provide. When used correctly, MITRE ATT&CK can significantly help organizations bolster their security posture. In this blog post, we explain how security teams can leverage MITRE ATT&CK and how Cato Networks’ SASE can help.
What is the MITRE ATT&CK Framework?
The MITRE ATT&CK framework is a globally recognized knowledge base and model that details the tactics and techniques used by adversaries during cyber attacks. While no security framework can claim to be comprehensive and exhaustive, what distinguishes the MITRE ATT&CK framework is its basis in real-world observations of threat behaviors, as opposed to a list of indicators of compromise that can be easily evaded by sophisticated entities. The framework is also regularly updated and expanded as new attack techniques emerge. Therefore, it can be applied by security professionals to improve their security posture and defense strategies.
[boxlink link="https://catonetworks.easywebinar.live/registration-the-best-defense-is-attack"] The Best Defense is ATT&CK: Applying MITRE ATT&CK to Your Organization | Watch the Webinar [/boxlink]
How Can a TTP Framework Improve an Organization’s Security Posture?
Threat actors typically execute along known patterns of behavior. These are referred to as:
Tactics - Why are they doing what they do
Techniques - How are they carrying out what they do
Procedures - What tools or actions are they performing
These are commonly abbreviated as “TTPs”.
By utilizing collected information at each of these levels, organizations can emulate these behaviors against their environment to identify where gaps in security monitoring allow the attack flow to continue unimpeded. By bridging those gaps, they can bolster their security posture.
Which Security Teams Should Use MITRE ATT&CK?
Organizations often engage in red team (offensive) and blue team (defensive) exercises to bolster their security posture. These exercises can often become unnecessarily adversarial and even counterproductive due to a lack of information sharing and the competitive nature of security resources.
Utilizing the ATT&CK framework, organizations can create purple teams that work on both the offensive and defensive sides of security exercises with simultaneous, rapid sharing of information. This will help the organization make well-informed recommendations for their security policies.
MITRE ATT&CK and Cato Networks SASE
Cato Networks’ SASE solution is unique in providing a converged, shared-context security platform that is tightly associated with the MITRE ATT&CK framework. This deep awareness, backed by a powerful team of threat and data analysts, provides a security platform tied to real-world threat intelligence. The result is that even small security teams are able to focus on setting effective security policy and performing advanced threat research and operational assessments of security awareness and response, rather than spending excessive time managing numerous appliances and integrating multiple context-blind service chains.
Successfully Identifying operating systems in organizations has become a crucial part of network security and asset management products. With this information, IT and security departments...
IoT has an identity problem. Here’s how to solve it Successfully Identifying operating systems in organizations has become a crucial part of network security and asset management products. With this information, IT and security departments can gain greater visibility and control over their network. When a software agent is installed on a host, this task becomes trivial. However, several OS types, mainly for embedded and IoT devices, are unmanaged or aren’t suitable to run an agent.
Fortunately, identification can also be done with a much more passive method, that doesn’t require installation of software on endpoint devices and works for most OS types. This method, called passive OS fingerprinting, involves matching uniquely identifying patterns in the network traffic a host produces, and classifying it accordingly. In most cases, these patterns are evaluated on a single network packet, rather than a sequence of flows between a client host and a server.
There exist several protocols, from different network layers that can be used for OS fingerprinting. In this post we will cover those that are most commonly used today. Figure 1 displays these protocols, based on the Open Systems Interconnection (OSI) model. As a rule of thumb, protocols at the lower levels of the OSI stack provide better reliability with lower granularity compared to those on the upper levels of stack, and vice versa.
Figure 1: Different network protocols for OS identification based on the OSI model
Starting from the bottom of the stack, at the data link layer, exists the medium access control (MAC) protocol. Over this protocol, a unique physical identifier, called the MAC address, is allocated to the network interface card (NIC) of each network device. The address, which is hardcoded into the device at manufacturing, is composed of 12 hexadecimal digits, which are commonly represented as 6 pairs divided by hyphens. From these hexadecimal digits, the leftmost six represent the manufacturer's unique identifier, while the rightmost six represent the serial number of the NIC. In the context of OS identification, using the manufacturer's unique identifier, we can infer the type of device running in the network, and in some cases, even the OS.
In Figure 2, we see a packet capture from a MacBook laptop communicating over Ethernet. The 6 leftmost digits of the source MAC address are 88:66:5a, and affiliated with “Apple, Inc.” manufacturer.
Figure 2: an “Apple, Inc.” MAC address in the data link layer of a packet capture
Moving up the stack, at the network and transport layers, is a much more granular source of information, the TCP/IP stack. Fingerprinting based on TCP/IP information stems from the fact that the TCP and IP protocols have certain parameters, from the header segment of the packet, that are left up for implementation, and most OSes select unique values for these parameters.
[boxlink link="https://www.catonetworks.com/resources/cato-networks-sase-threat-research-report/"] Cato Networks SASE Threat Research Report H2/2022 | Download the Report [/boxlink]
Some of the most commonly used today for identification are initial time to live (TTL), Windows Size, “Don't Fragment” flag, and TCP options (values and order). In Figure 3 and Figure 4, we can see a packet capture of a MacBook laptop initiating a TCP connection to a remote server. For each outgoing packet, The IP header includes a combination of flags and an initial TTL value that is common for MacOS hosts, as well as the first “SYN” packet of the TCP handshake with the Windows Size value and the set of TCP options. The combination of these values is sufficient to identify this host as a MacOS.
Figure 3: Different header values from the IP protocol in the network layer
Figure 4: Different header values from the TCP protocol in the transport layer
At the upper most level of the stack, in the application layer, several different protocols can be used for identification. While providing a high level of granularity, that often indicates not only the OS type but also the exact version or distribution, some of the indicators in these protocols are open to user configuration, and therefore, provide lower reliability.
Perhaps the most common protocol in the application level used for OS identification is HTTP. Applications communicating over the web often add a User-Agent field in the HTTP headers, which allows network peers to identify the application, OS, and underlying device of the client.
In Figure 5, we can see a packet capture of an HTTP connection from a browser. After the TCP handshake, the first HTTP request to the server contains a User-Agent field which identifies the client as a Firefox browser, running on a Windows 7 OS.
Figure 5: Detecting a Windows 7 OS from the User-Agent field in the HTTP headers
However, the User-Agent field, is not the only OS indicator that can be found over the HTTP protocol. While being completely nontransparent to the end-user, most OSes have a unique implementation of connectivity tests that automatically run when the host connects to a public network. A good example for this scenario is Microsoft’s Network Connectivity Status Indicator (NCSI). The NCSI is an internet connection awareness protocol used in Microsoft's Windows OSes. It is composed of a sequence of specifically crafted DNS and HTTP requests and responses that help indicate if the host is located behind a captive portal or a proxy server. In Figure 6, we can see a packet capture of a Windows host performing a connectivity test based on the NCSI protocol. After a TCP handshake is conducted, an HTTP GET request is sent to http://www.msftncsi.com/ncsi.txt.
Figure 6: Windows host running a connectivity test based on the NCSI protocol
The last protocol we will cover in the application layer, is DHCP. The DHCP protocol, used for IP assignment over the network. Overall, this process is composed of 4 steps: Discovery, Offer, Request and Acknowledge (DORA). In these exchanges, several granular OS indicators are provided in the DHCP options of the message. In Figure 7, we can see a packet capture of a client host (192.168.1.111) that is broadcasting DHCP messages over the LAN and receiving replies from a DHCP server (192.168.1.1). The first DHCP Inform message, contains the DHCP option number 60 (vendor class identifier) with the value of “MSFT 5.0”, associated with a Microsoft Windows client. In addition, the DHCP option number 55 (parameter request list) contains a sequence of values that is common for Windows OSes. Combined with the order of the DHCP options themselves, these indicators are sufficient to identify this host as a Windows OS.
Figure 7: Using DHCP options for OS identification
Wrapping up
In this post, we’ve introduced the task of OS identification from network traffic and covered some of the most commonly used protocols these days. While some protocols provide better accuracy than others, there is no 'silver bullet' for this task, and we’ve seen the tradeoff between granularity and reliability with the different options. Rather than fingerprinting based on a single protocol, you might consider a multi-protocol approach. For example, an HTTP User-Agent combined with lower-level TCP options fingerprint.
A new critical vulnerability (CVE-2023-34362) has been published by Progress Software in its file transfer application, MOVEit Transfer. A SQL Injection vulnerability was discovered in...
Cato Protects Against MOVEit vulnerability (CVE-2023-34362) A new critical vulnerability (CVE-2023-34362) has been published by Progress Software in its file transfer application, MOVEit Transfer. A SQL Injection vulnerability was discovered in MOVEit enabling unauthenticated access to MOVEit’s Transfer database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements
Currently, Cato Research Labs is aware of exploitation attempts of CVE-2023-34362 as an initial access vector used by the CLOP ransomware group to gain access to the MOVEit Transfer MFT solution and deliver a web shell ("Human2.aspx") tailored specifically to this product. While details about the web shell have surfaced in the last few days as well as several suspected endpoints involved, the actual SQLi payload and specific details of the injection point have not been made public.
[boxlink link="https://www.catonetworks.com/resources/cato-networks-sase-threat-research-report/"] Cato Networks SASE Threat Research Report H2/2022 | Download the Report [/boxlink]
Cato’s Response
Cato has deployed signatures across the Cato Cloud to prevent uploading or interacting with the web shell. The detect-to-protect time was 3 days and 6 hours for all Cato-connected users worldwide. Furthermore, Cato recommends restricting public access to MOVEit instances only to users protected by Cato security – whether behind a Cato Socket or remote users running the Cato Client.
Currently, Cato Research Labs has found evidence for opportunistic scanners attempting to scan public facing servers for the presence of the web shell (rather than actually exploiting the vulnerability). Scanning public facing servers is a common practice for opportunistic actors, riding the tail of a zero-day campaign.
Cato continues to monitor for further details regarding this CVE and will update our security protections accordingly. Check out the Cato Networks CVE mitigation page where we update regularly.
Corporate networks are rapidly becoming more complex and distributed. With the growth of cloud computing, remote work, mobile and Internet of Things (IoT), companies have...
5 Best Practices for Implementing Secure and Effective SD-WAN Corporate networks are rapidly becoming more complex and distributed. With the growth of cloud computing, remote work, mobile and Internet of Things (IoT), companies have users and IT assets everywhere, requiring connectivity.
Software-defined WAN (SD-WAN) provides the ability to implement a secure, high-performance corporate WAN on top of existing networks. However, SD-WAN infrastructures must be carefully designed and implemented to provide full value to the organization.
SD-WAN Best Practices
A poorly implemented SD-WAN poses significant risk to the organization. When designing and deploying SD-WAN, consider the following SD-WAN best practices.
Position SD-WAN Devices to Support Users
SD-WAN provides secure, optimized network routing between various locations. Often, organizations will deploy SD-WAN routers at their branch locations and near their cloud edge.
SD-WAN is also beneficial for remote workers. To ensure the solution provides the most optimal network connectivity, the SD-WAN solution must be deployed to maximize the performance of remote workers. This means minimizing the distance of remote traffic to the SD-WAN edge.
Use High-Quality Network Connectivity
SD-WAN is designed to improve network performance and reliability by intelligently routing traffic over different network connections, including broadband Internet, multi-protocol label switching (MPLS), and mobile networks. When traffic is sent to the SD-WAN device, it selects the most optimal path based on network conditions.
However, SD-WAN’s ability to enhance network performance and reliability is limited by the network connection at its disposal. If the available connection is inherently unreliable — like broadband Internet — then SD-WAN can do little to fix this problem. To maximize the value of an SD-WAN investment, it is essential to utlize a network connection that offers the desired level of performance, latency, and reliability.
Design for Scalability
Corporate bandwidth requirements are continuously increasing, and SD-WAN should be scalable to support current and future network requirements. Deploying SD-WAN using dedicated hardware limits the scalability of the solution and mandates upgrades or additional hardware in the future. Instead, companies should use an SD-WAN solution that takes advantage of cloud scalability to grow with the needs of the organization.
Integrate Security with Networking
SD-WAN is a networking solution, not a security solution. While it may securely and intelligently route traffic to its destination, it performs none of the advanced security inspection and policy enforcement needed to protect the organization and its employees against advanced cybersecurity threats.
For this reason, SD-WAN must be deployed together with network security. With the growth of remote work and the cloud, companies can’t rely on traffic flowing through the defenses at the network perimeter, and backhauling traffic defeats the purpose of deploying SD-WAN. A secure SD-WAN deployment is one that implements strong security with networking.
[boxlink link="https://www.catonetworks.com/resources/sase-vs-sd-wan-whats-beyond-security/"] SASE vs SD-WAN: What’s Beyond Security | Download the eBook [/boxlink]
Consider an Integrated Solution
Often, a company’s approach to implementing vital networking and security solutions is to deploy point solutions that provide the desired capabilities. However, this commonly results in a sprawling IT architecture that is difficult and expensive to monitor, operate, and manage.
Taking this approach to implementing a secure SD-WAN deployment can exacerbate this problem. Since each SD-WAN device must be supported by a full security stack, the end result is deploying and operating several solutions at each location.
SASE (Secure Access Service Edge) provides a solution for this problem. SASE integrates SD-WAN capabilities with a full network security suite delivered as a cloud-based security service. With SD-WAN, an organization can implement and secure its WAN infrastructure with minimal cost and operational overhead.
Implementing Secure, Usable SD-WAN with Cato SASE Cloud
Organizations can achieve the full benefits of SD-WAN only by designing and deploying it correctly.Doing so will avoid poor network performance, reduced security, and negative user experiences.
Cato SASE Cloud provides SD-WAN functionality designed in accordance with SD-WAN best practices and offers the following benefits to organizations:
Global Reach: Cato SASE Cloud is a globally-distributed network of over 80 PoP locations. This allows remote workers to access the corporate WAN with minimal latency.
Optimized Networking: Cato SASE Cloud is connected through a network of dedicated Tier-1 carrier links. These connections provide greater network performance and resiliency than an SD-WAN solution running over the public Internet.
Converged Security: As a SASE solution, Cato SASE Cloud converges SD-WAN with a full network security stack. This convergence offers advanced threat protection without compromising network performance or user experience.
Cloud-Based Deployment: Cato SASE Cloud is deployed as a global network of PoPs connected by a global private backbone. As a result, it can offer greater scalability, availability, and resiliency than on-site, appliance-based solutions.
Managed SD-WAN: Cato SASE Cloud is available as a Managed SD-WAN service. This removes the responsibility for configuring, managing, and updating your SD-WAN deployment.
SD-WAN helps improve network performance, but it also introduces potential security risks. The Cato SASE Cloud solves this by converging SD-WAN and network security into a single software stack built upon a network of PoPs and connected by a global private backbone. Learn more about how implementing SD-WAN and SASE with Cato SASE Cloud can optimize your organization’s network performance and security.
Many organizations are in the midst of rapid digital transformation. In the past few years, numerous new and promising technologies have emerged and matured, promising...
Digital Transformation Is a Major Driver of Network Transformation Many organizations are in the midst of rapid digital transformation. In the past few years, numerous new and promising technologies have emerged and matured, promising significant benefits. For example, many organizations are rapidly adopting cloud computing, and the growing maturity of Internet of Things (IoT) devices has the potential to unlock new operational efficiencies.
At the same time, many organizations are changing the way that they do business, expanding support for remote and hybrid work policies. This also has impacts on companies’ IT architectures as organizations adapt to offer secure remote access to support a growing work-from-anywhere (WFA) workforce.
New Solutions Have New Network Requirements
As digital transformation initiatives change how companies do business, corporate networks and IT architectures need to adapt to effectively and securely support the evolving business.
Digital Transformation is driving new network requirements including the following:
Remote Access: One of the biggest impacts of Digital Transformation is the growing need for secure remote access to corporate applications and systems. Remote workers need the ability to securely access corporate networks, and everyone requires secure connectivity to Cloud and Software as a Service (SaaS) solutions.
Network Scalability: The expansion of corporate IT architectures to incorporate new technologies drives a need for more network bandwidth. Networking and security technologies must scale to meet growing demand.
Platform Agnosticism: As companies deploy a wider range of endpoints and technology solutions, implementing and enforcing consistent, effective policies require a solution that works for any device and from anywhere.
Decentralized Security: Historically, companies have taken a perimeter-focused approach to network security. As digital transformation dissolves this perimeter, organizations need network security solutions that provide service everywhere their users are.
[boxlink link="https://www.catonetworks.com/resources/the-business-case-for-wan-transformation-with-cato-cloud/"] The Business Case for WAN Transformation with Cato Cloud | Download the eBook [/boxlink]
Developing a Network Transformation Strategy
A network transformation strategy should be designed to meet the new and evolving requirements driven by digital transformation.
Some of the key factors to consider when designing and implementing a network transformation strategy include:
Accessibility: Digital transformation initiatives commonly make corporate networks more distributed as remote users, cloud applications, and mobile devices connect to corporate resources from everywhere. A network designed to support the modern digital business must provide high-performance, secure access wherever users and applications are.
Scalability: As companies deploy new technologies, their bandwidth requirements continue to grow. Networking and security solutions must be designed and implemented to easily scale to keep pace with the evolving business needs.
Performance: Cloud applications are performance-sensitive, and inefficient networking will impact performance and user productivity. A network transformation project should ensure traffic is intelligently routed over the corporate WAN via high-performance, reliable network connectivity.
Security: As users and applications move off-premise, they dissolve the network perimeter where, traditionally, companies have focused their security protection. Network transformation projects should include decentralized network security to ensure inspection and policy enforcement occurs closest the user or application.
Reaching Network Transformation Goals with Cato SASE Cloud
Companies undertaking digital transformation initiatives should look for network and security technologies designed for the modern, distributed enterprise.
SASE (Secure Access Service Edge) solutions offer various features designed to support digital and network transformation, including:
Software-Defined WAN (SD-WAN): SD-WAN optimally routes network traffic over the corporate WAN. By monitoring link health and offering application-aware routing, SD-WAN optimizes the performance and reliability of the corporate WAN.
Cloud-Based Deployment: SASE solutions are deployed in the cloud. This removes geographic limitations and enables them to leverage cloud scalability and flexibility.
Integrated Security: SASE combines SD-WAN and network security into a single software stack. This enables traffic to be inspected, apply networking and security policies in a single pass, and then routed to its destination.
Consist Policy Enforcement: SASE’s global cloud architecture ensures network and security policies are consistently enforced no matter where the users and applications are.
Cato SASE Cloud is a managed SASE platform that offers enterprise-grade security and optimized network routing over a global network of redundant Tier-1 carrierlinks. Learn more about how Cato SASE Cloud can help your organization meet its digital transformation goals.
ChatGPT is all the rage these days. Its ability to magically produce coherent and typically well-written, essay-length answers to (almost) any question is simply mind-blowing....
ChatGPT and Cato: Get Fish, Not Tackles ChatGPT is all the rage these days. Its ability to magically produce coherent and typically well-written, essay-length answers to (almost) any question is simply mind-blowing. Like any marketing department on the planet, we wanted to “latch onto the news." How can we connect Cato and ChatGPT?
Our head of demand generation, Merav Keren, made an interesting comparison between ChatGPT and Google Search. In a nutshell, Google gives you the tools to craft your own answer, ChatGPT gives you the outcome you seek, which is the answer itself. ChatGPT provides the fish, Google Search provides the tackles.
How does this new paradigm translate into SASE, networking, and security? We have discussed at length the topic of outcomes vs tools. The emergence of ChatGPT is an opportunity to revisit this topic.
Historically, networking and network security solutions provided tools for engineers to design and build their own “solutions” to achieve a business outcome. In the pre-cloud era, the two alternatives on the table were Do-it-Yourself or pay someone else to Do-it-for-You). The tools approach was heavily dependent on budget, people, and skills to design, deploy, manage, and adjust the tools comprising the solution to make sure they continuously deliver the business outcome.
Early attempts to build a “self-driving” infrastructure to sustain desired outcomes didn’t take off. For example, intent-based networking was created to enable engineers to state a desired business outcome and let the “network” implement low-level policies to achieve it. Other attempts like SD-WAN fared better because the scope of desired outcomes was more limited and the infrastructure more uniform and coherent.
[boxlink link="https://www.catonetworks.com/resources/outcomes-vs-tools-why-sase-is-the-right-strategic-choice-vs-legacy-appliances/?utm_medium=blog_top_cta&utm_campaign=features_vs_outcomes"] The Pitfalls of SASE Vendor Selection: Features vs. Strategic Outcomes | Download the White Paper [/boxlink]
Thinking about IT infrastructure as enabling business outcomes became even more elusive as complexity grew with the emergence of digital transformation. Cloud migration and hybrid cloud, SaaS usage proliferation, growing use of remote access, and the expansion of attack surface to IoT have strained the traditional approach of IT solution engineering of applying new tools to address new requirements.
In this age of skills and resource scarcity, IT needs to acquire “outcomes” not mere “tools.”
There is an important distinction here between legacy and modern outcome delivery. Legacy outcome delivery is typically associated with service providers. They use tools to engineer a solution for customers, and then use manpower to maintain and adapt the solution to deliver an agreed upon outcome. To ensure they meet the committed outcomes, customers demand and get SLAs backed by penalties. This business structure silently acknowledges the fact that a service provider is fundamentally using the “same” headcount to achieve an outcome without any fundamental advantage over the customer’s IT. Penalties serve to motivate the service provider to deploy sufficient resources to deliver what the customer is paying for.
Modern outcome delivery is built on cloud native service platforms. It is built with a software platform that can adapt to changes and emerging requirements with minimal human touch. Most engineering goes into enhancing platform capabilities not managing it to specific customer needs.
This is where Cato Networks shines. Once a customer onboards into Cato, our platform is designed to continuously deliver “a secure and optimal access for everyone and everywhere” outcome without the customer having to do anything to sustain that outcome. The Cato SASE Cloud combines extreme automation, artificial intelligence, and machine learning to adapt to infrastructure disruptions, geographical expansion, capacity changes, user-base mobility, and emerging threats. While highly skilled engineers enhance the platform capabilities to seamlessly detect and respond to these changes, they do not get involved in the platform decision making process that is largely self-driving. Simply put, much of the customer experience lifecycle with Cato is fully and truly automated and embodies massive investment in outcome-driven infrastructure that is fully owned by Cato.
What this means is that any customer that onboards into Cato immediately experiences the networking and security outcomes typical of a Fortune 100 enterprise, in the same way an average content writer could deliver better and faster outcomes when assisted by the outcome driven ChatGPT.
If you want a fresh supply of fish coming your way as “Cato Outcomes”, take us for a test drive. Tackles are included, yet optional.
Most modern companies are highly reliant on their IT infrastructure for day-day business, with employees relying on numerous on-prem and cloud-based software solutions for their...
Why Network Visibility is Essential for Your Organization Most modern companies are highly reliant on their IT infrastructure for day-day business, with employees relying on numerous on-prem and cloud-based software solutions for their daily activities.
However, for many companies, the network can be something of a black box. As long as data gets from point A to point B and applications continue to function, everything is assumed to be okay. However, the network can be a rich source of data about the state of the business. By monitoring network traffic flows, organizations can extract intelligence regarding their IT architectural design and security that can enhance IT efforts and inform business-level decision making and strategic investment.
What Type of Data Can Network Monitoring Provide?
Companies commonly achieve visibility into data flowing through the network via in-line monitoring solutions or network taps.
With access to the network data, an organization can perform analysis at different levels of granularity. One option is to analyze network data at a high-level to extract the source, destination, and protocols to baseline the network behavior patterns.
Alternatively, an organization can dig deeper into the network packet payload to determine if it contains malware or other malicious content that places the organization at risk.
Use Cases for Network Visibility
Comprehensive network visibility provides significant benefits to network and security teams alike, and both can take advantage of this to improve network analysis, performance, and security.
[boxlink link="https://www.catonetworks.com/resources/achieving-zero-trust-maturity-with-cato-sse-360/"] Achieving Zero Trust Maturity with Cato SSE 360 | Download the White Paper [/boxlink]
Advanced Threat Detection
Advanced threat detection solutions, such as a next-generation firewall (NGFW) or intrusion prevention system (IPS), commonly rely upon network traffic analysis. They inspect traffic flows for indicators of compromise (IoCs) such as malware or known malicious domains. Based on its analysis, the NGFW or IPS can generate an alert for security personnel or take action itself to block the malicious traffic flow from reaching its intended destination.
Zero Trust Security
Zero Trust is based on the principle of least privilege. Devices, applications, and users are granted access to corporate resources based on a variety of criteria including identity, device posture, geo-location, time-of-day, etc., and is constantly validated for fitness to remain on the network. Comprehensive network visibility is essential for implementing tighter security, including Zero Trust, and without it, organizations remain at extreme risk.
Traffic Filtering
Companies commonly implement traffic filtering to prevent employees from visiting dangerous or inappropriate websites and to block malicious traffic flow. These traffic filters rely on the ability to inspect the packet contents and block it appropriately.
However, this protection is commonly limited to the network perimeter where organizations typically inspect and filter traffic. With full network visibility, an organization is able to protect all of its office and remote employees.
Data Loss Prevention
Data loss prevention (DLP) is a vital component of a corporate data security program since it can help identify and block the exfiltration of sensitive business data. DLP solutions work by inspecting network traffic for specific information like file types and data types associated with sensitive data, or potential compliance violations, and then applying policies to prevent data leakage. This is only achievable with enhanced network visibility.
Connected Device Visibility
Many companies lack full visibility into the devices connected to their networks. This lack of visibility can introduce significant security risks as unknown or unmanaged devices may have unpatched vulnerabilities and security misconfigurations that place them and the corporate network at risk. Network traffic analysis can help companies to gain visibility into these connected devices. By monitoring network traffic, an organization can map the devices, and identify unknown and unmanaged devices.
Anomalous Traffic Detection
Network monitoring allows organizations to identify common traffic patterns and potential traffic anomalies. These anomalies could point to issues with corporate systems or a potential cyberattack. Unusual traffic flow could be an indication of lateral movement by an attacker, communication to a command and control server, or attempted data exfiltration.
Network Usage Monitoring and Mapping
Understanding common network traffic patterns can also help inform an organization’s strategic planning. For example, understanding an application’s traffic and usage patterns could highlight unknown bandwidth requirements and help the organization’s cloud migration strategy to ensure maximum performance with minimal latency.
Enhancing Network Visibility with Cato SASE Cloud
To achieve network visibility, companies need strategically deployed solutions that can monitor and collect data on all traffic flowing over the corporate network. As remote work and cloud adoption make networks more distributed, this becomes more difficult to achieve.
SASE (Secure Access Service Edge) provides a means for companies to achieve network visibility across the corporate WAN. The Cato SASE Cloud converges SD-WAN and security capabilities, allowing all WAN traffic to flow across a global private backbone. This in-depth visibility allows all network and security traffic to be inspected, and all policies applied at the ingress PoP closest to the user or application. This ensures that policy enforcement is consistent across the corporate network.
The Cato SASE Cloud is a managed SASE solution that provides comprehensive network visibility and security for a high-performance, global WAN. Learn more about how Cato SASE Cloud can help improve your organization’s network visibility, security, and performance.
Trust is a serious issue facing enterprise architectures today. Legacy architectures are designed on implicit trust, which makes them vulnerable to modern-day attacks. A Zero...
Achieving Zero Trust Maturity with Cato SSE 360 Trust is a serious issue facing enterprise architectures today. Legacy architectures are designed on implicit trust, which makes them vulnerable to modern-day attacks. A Zero Trust approach to security can remedy this risk, but transitioning isn’t always easy or inexpensive. CISA, the US government’s Cybersecurity and Infrastructure Security Agency, suggests a five-pillar model to help guide organizations to zero trust maturity.
In this blog post, we discuss how Cato SSE 360 helps facilitate Zero Trust Maturity based on CISA’s model. To read a more in-depth and detailed review, read the white paper this blog post is based on, here.
What is Zero Trust?
Today’s Work-From-Anywhere (WFA) environment requires a paradigm shift away from the traditional perimeter-centric security model, which is based on implicit trust. But in modern architectures, there are no traditional perimeters and the threats are everywhere.
A Zero Trust Architecture replaces implicit trust with a per-session-based (explicit trust) model. This ensures adherence to key Zero Trust principles: secure communications from anywhere, dynamic policy access to resources, continuous monitoring and validation, segmentation, least privilege access and contextual automation.
[boxlink link="https://www.catonetworks.com/resources/achieving-zero-trust-maturity-with-cato-sse-360/"] Achieving Zero Trust Maturity with Cato SSE 360 | Download the White Paper [/boxlink]
CISA Zero Trust Maturity and Cato SSE 360
Zero trust is a journey and the path to zero trust maturity is an incremental one. CISA’s Zero Trust Maturity Model helps enterprises measure this journey based on five pillars: Identity, Devices, Networks, Applications and Data.
Let’s examine the Cato SSE 360 approach to these.
Pillar 1 - Identity
The core of Zero Trust is ensuring user credentials are correctly and continuously verified, before granting access to resources. Cato SSE 360 leverages IdPs to enforce strict user identity criteria. Using TLS, identity and context are imported over LDAP or provisioned automatically via SCIM, and authorized users are continuously re-evaluated.
Pillar 2 - Devices
With zero trust, device risk is managed through Compliance Monitoring and Data Access Management. Validation includes all managed devices, IoT, mobile, servers, BYOD and other network devices. Cato SSE 360 combines Client Connectivity and Device Posture capabilities with 360-degree threat protection techniques to protect users, devices and resources. Cato has in-depth contextual awareness of users and devices for determining client connectivity criteria and device suitability for network access.
Pillar 3: Network/Environment
To achieve the zero trust principles of Network Segmentation, Threat Protection and Encryption, a new, dynamic architecture is required. Cato SSE 360 provides such a dynamic security architecture and the network infrastructure to achieve these principles. Cato delivers 360-degree security with FWaaS, IPS, SWG, CASB, DLP and NextGen Anti-Malware, while enforcing Zero Trust policies at the cloud edge. In addition, Cato SSE 360 enables micro-segmentation, provides modern encryption, and uses AI and Machine Learning to extend threat protection.
Pillar 4: Application Workloads
Wherever enterprise and cloud applications reside, the CISA Maturity Model dictates they receive Access Authorization, Threat Protection, and Accessibility. Cato SSE 360 ensures consistent access policy enforcement, regardless of the application location, user and device identity, or access method. Cato also provides threat hunting capabilities to extend security by identifying hidden threats to critical applications.
Pillar 5 - Data
To protect data, access needs to be provided on the least privileged basis and data needs to be encrypted. Cato SSE 360 inspects and evaluates users and devices for risk. In addition, advanced threat protection for data is enabled with tools like CASB, IPS, NextGen Anti-malware, FWaaS and DLP.
Cross-pillar Mapping
Cato SSE 360 neatly wraps around the CISA model, delivering visibility, analytics and automation across all pillars to facilitate dynamic policy changes and enforcement, and enriched contextual data for accelerated threat response.
Zero Trust Maturity with Cato
Cato SSE 360 facilitates zero trust with a cloud-native architecture that places user and device identity with global consistency at the center of its protection model. Cato SSE 360 controls and protects access to sites, mobile users, devices and enterprise and cloud resources, in compliance with Zero Trust principles. As a result, Cato’s approach to Zero Trust makes achieving Zero Trust Maturity easier for the modern enterprise.
To learn more, read the white paper.
Last year, we launched Cato DLP to great success. It was the first DLP engine that could protect data across all enterprise applications without the...
Updated Cato DLP Engine Brings Customization, Sensitivity Labels, and More Last year, we launched Cato DLP to great success. It was the first DLP engine that could protect data across all enterprise applications without the need for complex, cumbersome DLP rules. Since then, we have been improving the DLP engine and adding key capabilities, including user-defined data types for increased control and integration with Microsoft Information Protection (MIP) to immediately apply sensitivity labels to your DLP policy. Let's take a closer look.
User Defined Data Types
Cato provides over 300 pre-defined out-of-the-box data types and categories for typical scenarios of DLP policies. However, sometimes organizations require the ability to create custom-defined data types to match specific data inspections that are not covered by the pre-defined types.
To customize content inspection for your DLP policies, you can now define keywords, dictionaries, and regular expressions. Regular expressions allow for more accurate detection and prevention of data loss incidents, without impacting legitimate business operations. For example, you can use regular expressions to detect specific data patterns, such as email addresses with a string containing the keywords "Bank Account Number" and an 8-to-17-digit number.
Cato DLP configuration screen showing customized data types to meet individual requirements.
MIP Sensitivity Labels
In addition, we recently added the support for MIP as another user defined data type. MIP offers sensitivity labels that enable organizations to classify their data based on their sensitivity level. The MIP classification system allows for greater control over how data is accessed, shared, and used within the organization.
[boxlink link="https://www.catonetworks.com/resources/protect-your-sensitive-data-and-ensure-regulatory-compliance-with-catos-dlp/"] Protect Your Sensitive Data and Ensure Regulatory Compliance with Cato’s DLP | Download the White Paper [/boxlink]
By using sensitivity labels, organizations can ensure that sensitive data is only accessed by authorized personnel, while still enabling productivity and collaboration. After integrating Sensitivity Labels and adding them to a Content Profile, the DLP engine immediately enforces them for relevant traffic. For better policy granularity, create separate DLP rules to manage content access for different users and groups based on MIP labels.
For instance, a law firm that classified all their documents with MIP labels, can easily reuse the label in the Cato DLP policy to only allow senior partners to access certain documents.
MIP Sensitivity Labels are now supported in Cato DLP
Cato: Advanced Protection Everywhere – In an Instant
With the changes, Cato DLP brings advanced content inspection capabilities that combine data inspection with contextual information based on the full range of Cato’s Networking and Security engines. This unique approach provides greater accuracy and reduces false positives, resulting in a more efficient and effective DLP solution.
But, of course, the real distinction of Cato DLP is that it’s part of the Cato SASE Cloud platform. As a global cloud-native platform, Cato SASE Cloud brings DLP along with FWaaS, SWG, ZTNA, CASB, RBI, and more to remote users and locations everywhere in just a few clicks. Click to learn more about Cato SASE Cloud and about SASE.
Today Cato Networks announced the addition of the Cato RBI to our Cato SASE Cloud platform. It is an exciting day for us and for...
Q&A Chat with Eyal Webber-Zvik on Cato RBI Today Cato Networks announced the addition of the Cato RBI to our Cato SASE Cloud platform. It is an exciting day for us and for our customers. Why? Because Cato’s cloud-native, security stack just got better, and without any added complexity.
I sat down with Eyal Webber-Zvik, Vice President of Product Marketing and Strategic Alliances at Cato Networks, and asked him to provide his perspective on what is Cato RBI and what this means for Cato’s customers.
Why should enterprises care about RBI?
Enterprises need to care because with new websites popping up every day, they face a dilemma between the security risk of allowing employees to access uncategorized sites and the productivity and frustration impact of preventing this. With Cato RBI now integrated into our Cato SASE Cloud platform, we are giving enterprise IT teams the best of both worlds: productivity and security.
What is Cato RBI and why do enterprises need it?
Cato RBI is a security function that protects against malicious websites by running browser activity remotely from the user’s device, separating it from the web content. Cato RBI sends a safe version of the page to the device so that malicious code cannot reach it, without affecting the user experience.
Enterprises need Cato RBI to protect employees from malicious websites that are not yet blacklisted as such. When employees do reach unknown and malicious sites, Cato RBI protects the business by preventing code from running in their browsers. Cato RBI protects from human error while also saving users from the frustration of being blocked from unknown websites.
How does Cato RBI work?
An isolated browser session is set up, remote from the user’s device, which connects to the website and loads the content. Safe-rendered content is then streamed to the users’ browsers. Malicious code does not run on the user’s device and user interaction can be limited, for example, to prevent downloads.
Some solutions require that every browsing session uses RBI, but it is better invoked, when necessary, for example by a policy that is triggered when a user tries to visit an uncategorized website.
Cato RBI gives IT administrators a new option for uncategorized websites. Alongside “Block” and “Prompt,” they can now choose “Isolate.” Configuration of Cato RBI can be done in less than one minute by a customer’s IT administrator.
What if an enterprise already uses SWG, CASB, Firewall, IPS and/or anti-malware? Why do they need Cato RBI?
These solutions protect against a wide range of threats, but Cato RBI adds another important layer of protection specifically against web- and browser-based threats, such as phishing, cookie stealing, and drive-by downloads. Since Cato RBI prevents code from reaching devices, it will help protect a business against:
New attacks that are not documented.
New malicious sites that are not categorized.
User error, such as clicking on the link in a phishing email.
Cato RBI gives enterprises more peace of mind. It may allow organizations to operate a more relaxed policy on access to unknown websites, which is less intrusive and frustrating for users, who in turn will raise fewer tickets with their IT team.
What types of cyber threats does Cato RBI protect against?
Cato RBI provides protection against a wide range of browser-based attacks such as unintended downloads of malware and ransomware, malicious ads, cross-site scripting or XSS, browser vulnerabilities, malicious and exploited plug-ins, and phishing attacks.
What are the benefits of Cato RBI for enterprises and users?
There are five immediate benefits when using Cato RBI. They are:
To make web access safer by isolating malicious content from user devices.
To prevent your data from being stolen by making it more difficult for attackers to compromise user devices.
To protect against phishing email, ransomware, and malware attacks, by neutralizing the content in the target websites.
To defend against zero-day threats by isolating users from malicious websites that are new and not yet categorized.
To make users more productive by allowing them to visit websites even though they are not yet known to be safe.
Does Cato collaborate with other companies to offer Cato RBI?
Yes. We partner with Authentic8, a world leader in the field of RBI. Authentic8 is chosen by hundreds of government agencies and commercial enterprises and offers products that meet the needs of the most regulated organizations in the world. Authentic8’s RBI engine is cloud-native and globally available, and the integration into our Cato SASE Cloud is seamless and completely transparent.
Follow the links to learn more about Cato RBI, and about our SASE solution.
An enterprise network strategy helps organizations maximize connectivity between end-user devices and applications so they can achieve positive business outcomes. But not all organizations know...
The Enterprise Network Cookbook An enterprise network strategy helps organizations maximize connectivity between end-user devices and applications so they can achieve positive business outcomes. But not all organizations know how to build a comprehensive enterprise network strategy on their own.
A new report by Gartner guides Infrastructure & Operations (I&O) leaders in creating a dynamic enterprise network strategy that connects business strategy to implementation and migration plans. In this blog post, we bring attention to the main highlights of their recommendations. You can read the entire “Enterprise Network Cookbook", complimentary from Cato, here.
Strategy Structure
Executive Summary - Communicates the summary to senior management. It should include the different stakeholder roles and the expected business outcomes. It is recommended to write this last.
Business Baseline - A summary of the top-level business strategy, the desired business outcomes and business transformation initiatives. The baseline should also cover potential benefits and risks and explain how to overcome challenges.
Campus and Branch Baselines - The organization’s guiding principles for campuses and branches. For example, wireless first, IoT segmentation, or network automation.
WAN Edge Baselines - Principles for the WAN edge, like redundant connectivity design or optimization of WAN for cloud applications.
Data Center and Cloud Networking Baselines - Cloud and data center principles. It is recommended to properly emphasize the importance of the data center and ensure automation by default.
[boxlink link="https://www.catonetworks.com/resources/7-compelling-reasons-why-analysts-recommend-sase/"] 7 Compelling Reasons Why Analysts Recommend SASE | Download the Report [/boxlink]
Gartner’s Cookbook includes two sections of brainstorming and discussions when determining the main principles that will drive the enterprise networking strategy:
Services Strategy Brainstorming - The strategy that determines how security and management applications are consumed, both on-premises and from the cloud. This section should cover a variety of use cases, including infrastructure as a service, platform as a service and SaaS, a hybrid IT operating model, which applications remain on-premises, etc.
Financial Considerations - The financial implications of the enterprise network on corporate financial models. This section includes considerations like cost transparency, visibility, budgeting, asset depreciation predictability and funding sources.
Gartner also details what they consider the most important section of the enterprise network strategy:
Inventory - In this section, list the inventory of the equipment and how it is deployed for the purpose of discovering each item and ensuring it is part of the enterprise network. Make sure to detail the component’s location, vendor, cost, use case requirements, integrations, etc. If you have too many components, focus on the core network.
The enterprise network strategy needs to align with existing strategies so it doesn’t reinvent or contradict them. It should align with:
Security - Including security principles, responsibilities, and compliance
Organizational and Staffing Issues - Enterprise networking will change staffing and HR requirements, since the new strategy will require different skill sets.
Migration Strategy - A strategy for replacing legacy technologies. The strategy should take into consideration functionality, contract and service level agreements. Both technical and business factors should be present in the migration strategy.
Next Steps
Now that you’ve answered the “what” and “why” questions, you can move on to the implementation plan, i.e the “how” and the “when”. But even if you’ve already started implementation, developing a network strategy document can help you continue to implement in a more effective way that addresses your organizational needs. Therefore, it is recommended to create a network strategy plan, no matter how far into the implementation you are.
Read more details from Gartner here.
Remote or hybrid work have become the de facto standard for many companies, post-pandemic, as more employees demand more flexible workplace policies. Therefore, organizations looking...
Ensuring Secure, Scalable, and Sustainable Remote Access for the Hybrid Workforce Remote or hybrid work have become the de facto standard for many companies, post-pandemic, as more employees demand more flexible workplace policies. Therefore, organizations looking to support hybrid work will require a long-term strategy that ensures their infrastructure is equipped to securely facilitate this new flexible work environment.
Remote Work Creates New Security Needs
The corporate workforce has, historically, been tethered to office configurations that made it easier to provide secure access to corporate applications. Traditional perimeter-based network security solutions would inspect and filter traffic before it passed through the network boundary. However, this has become much more complex because the age of the hybrid workforce dictates that we rethink this approach to ensure we provide the strongest possible protection against cyber threats for remote and office workers.
While security threats present the modern enterprise with numerous challenges, the more specific challenges associated with remote work include the following:
Secure Remote Access: Remote workers accessing corporate networks and applications over untrusted, public networks place themselves and the company at greater risk of cyber threats. These employees require reliable, secure remote access to ensure network connectivity to a remote site. Additionally, this secure connectivity, along with advanced threat defense ensures protection for allusers, applications and service against potential cyber threats.
Cloud Security: A significant amount of remote worker traffic goes to cloud-based business applications. Backhauling this traffic through corporate networks for inspection and policy enforcement is inefficient and impacts network performance and user experience.
Secure Internet Access: Direct Internet access is a common expectation for remote workers. However, this deprives employees of enterprise security protections, and backhauling through the corporate data center adversely impacts network performance and user experience.
Advanced Threat Protection: Companies commonly have next-generation firewalls (NGFWs) and other advanced threat protection solutions deployed at the network perimeter. Without these protections, remote employees are more at risk of cyber threats.
[boxlink link="https://www.catonetworks.com/resources/why-remote-access-should-be-a-collaboration-between-network-security/"] Why remote access should be a collaboration between network & security | Download the White Paper [/boxlink]
Key Requirements for Remote Work Security
The rise of remote work and the cloud has rendered traditional, perimeter-focused security solutions obsolete. If a significant percentage of an organization’s users and IT assets sit outside of the protected network, then defending that perimeter provides the organization with limited protection against cyber threats.
As hybrid work becomesthe de facto standard for business, organizations will require a purpose-built infrastructure designed to offer high-performance secure remote access, and advance threat protection.
Key solution requirements will include:
Geographic Reach: Hybrid workers require secure and consistent anytime, anywhere access, so remote access solutions must ensure that a company can protect its remote employees while providing consistent security and performance no matter where they are.
Direct Routing: Backhauling remote traffic to the corporate data center for inspection adds latency and dramatically impacts network performance and the user experience. Security policies for remote workers must be easily applied and enforced while maintaining a great user experience.
Consistent Security: Consistent security and policy enforcement across the entire enteprise, including the remote workforce is a must.
Resiliency: Remote work is commonly a component of an organization’s business continuity plan, enabling business to continue if normal operations are disrupted. A security solution for remote workers should maintain operations despite any network interruptions.
SASE and SSE Provides Secure Network Connections to Remote Sites
Secure Access Service Edge (SASE) is a cloud-based solution that converges network and network security, and enables companies to implement strong, consistent security for their entire workforce. This combination ensures that corporate network traffic undergoes security inspection en route to its destination with minimal performance impact. Additionally, a cloud-based deployment enhances the availability, scalability, and resiliency of an organization’s security architecture while delivering consistent policy enforcement.
Securing the Remote Workforce with Cato SASE Cloud
The Cato SASE Cloud is the convergence of networking and security into a single software stack and is built upon a global private backbone that provides network performance and availability guaranteed by a 99.999% SLA. With the Cato SASE Cloud, remote workers gain secure access to corporate applications and services along with advanced threat protection. Additionally, Cato’s global network of SASE PoPs ensures that companies have security policy enforcement without compromising on network performance.
The evolution of the hybrid workforce is dictating that organizations rethink their remote access strategies. Learn more about how Cato SASE Cloud can help your organization adapt to its evolving networking and security requirements.
Windstream Enterprise recently announced the arrival of North America’s first and only comprehensive managed Security Service Edge (SSE) solution, powered by Cato Networks—offering sophisticated and...
A sit down with Windstream Enterprise CTO on Security Service Edge Windstream Enterprise recently announced the arrival of North America's first and only comprehensive managed Security Service Edge (SSE) solution, powered by Cato Networks—offering sophisticated and cloud-native security capabilities that can be rapidly implemented on almost any network for near-immediate ironclad protection. In the spirit of partnership, we sat down with Art Nichols, CTO of Windstream, to share insights into this SSE announcement and what this partnership brings to light.
Why did you decide to roll out SSE?
We are excited to expand upon our single-vendor security offerings with the launch of this single-vendor cloud-native SSE solution, powered by Cato Networks. This SSE architecture delivers near immediate and cost-effective ways for clients to protect their network, and the users and resources attached to it. It also supports the expanded remote access to cloud-based applications that customers and employees alike must utilize.
By rolling out SSE to our customers, our ultimate goal is to provide them with a seamless journey towards improving their organization's security posture. Most IT leaders are aware that in this era of constant digital change, businesses must make room for greater cloud migration, rising remote work demands and new security threats. SSE will help futureproof their network security by migrating away from outdated and disjointed security solutions that are limited in their ability to support customer and employee needs for greater use of cloud resources.
[boxlink link="https://www.catonetworks.com/resources/cato-sse-360-finally-sse-with-total-visibility-and-control/"] Cato SSE 360: Finally, SSE with Total Visibility and Control | Download the White Paper [/boxlink]
Why did you choose Cato's SSE platform?
Partnering with Cato Networks was no doubt the right decision for Windstream Enterprise. While we considered multiple technology partners, Cato's solution was the only fully unified cloud-native solution. This architecture enables businesses to eliminate point solutions and on-premises devices by integrating the best available security components into their existing network environments without disruption. This partnership allowed us to enter the Secure Access Service Edge (SASE) and SSE market fast and be a key part of it as security needs continue to rapidly evolve.
Cato Networks is different from the competition because it was built to be a cloud-native SASE solution. As such, Cato's technology offers a better customer experience with greater visibility across the platform, as well as artificial intelligence that can swiftly evaluate all security layers and provide a faster resolution to security breaches and vulnerabilities.
Partnering with Cato has given us quite a competitive edge—and it's not just about the technology (although it's a big part of it); we feel that we get the unique opportunity to partner with the inventor of a true 360-degree SASE platform. Cato's SSE solution pairs perfectly with our professional services and market-leading service portfolio—backed by our industry-first service guarantees and our dedicated team of cybersecurity experts. We could not be more pleased with this partnership and look forward to what the future will bring.
You're already offering SASE, powered by Cato Networks. How will this be different?
SSE is a subset to SASE, which is meant to describe the convergence of cloud security functions. SASE takes a broader and more holistic approach to secure and optimized access by addressing both optimization of the user experience and securing all access and traffic against threats, attacks, and data loss.
What we've announced has similarities with a SASE solution in almost every way, but unlike SASE, an SSE solution can by overlayed onto any existing network, such as a SD-WAN, allowing it to be deployed near-immediately to secure all endpoints, users and applications. Because of this, SSE brings an added level of simplicity in that no network changes are required to implement this security framework.
What is driving the demand for solutions like SSE and SASE?
Gartner has predicted that "By 2025, 80% of organizations seeking to procure SSE-related security services will purchase a consolidated SSE solution, rather than stand-alone cloud access security broker, secure web gateway and ZTNA offerings, up from 15% in 2021." These means there are many enterprises that are, or soon will be, searching for a comprehensive SSE solution. And since security for networks, applications and data continues to be a top concern for most C-level and IT executives, there are several reasons backing the strong demand for SSE and SASE:
Cybercriminals are becoming incredibly sophisticated in the ever-expanding threat landscape, and data breaches come with high price tags that can damage brand reputations and wallets.
Legacy networks were built around physical locations that don't scale easily. because they are premises based. Premises-based disjointed point solutions from multiple vendors often require manual maintenance.
With more applications moving to the cloud, SSE is a cloud-native framework specifically built for modern work environments (hybrid and remote). It delivers a self-maintaining service that continuously enhances all its components, resulting in reduced IT overhead and allowing enterprises to shift focus to business-critical activities. It also no longer makes sense for businesses to backhaul internet traffic though data center firewalls.
What can customers gain from a managed SSE solution?
SSE is a proven way to improve an organization's security posture by establishing a global fabric that connects all edges into a unified security platform and enables consistent policy enforcement. By choosing a managed SSE solution, you get near-instant protection on any network—integrating the best available cloud-native security components from Cato Networks into your existing network environment without any disruption. Customers gain this ironclad security architecture that seamlessly implements zero trust access, ensuring that all users only have access to company-authorized applications and relentlessly defends against anomalies, cyberthreats and sensitive data loss. And with Windstream Enterprise as your managed service provider for Cato's SSE technology, you get complete visibility via our WE Connect portal, along with the opportunity to integrate this view with additional Windstream solutions, such as OfficeSuite UC® for voice and collaboration and SD-WAN for network connectivity and access management. That means one single interface to control all your IT managed services—backed by industry-first service guarantees—to create real help you succeed in your businesses, on your terms.
Not to mention, we will act as an extension of your security team—so, not only do you seamlessly integrate these security components into one comprehensive offering, but you can rely on one trusted partner to deliver it all, with white glove support from our dedicated team of Cybersecurity Operations Center (CSOC) experts. This goes along way for organizations who are looking to increase their cybersecurity investments, while also adhering to the limitations posed by the ongoing IT skills gap that is leading to shrinking IT and Security teams.
To learn more about SSE from Windstream Enterprise, powered by Cato Networks technology, visit windstreamenterprise.com/sse
Most SSE solutions can support moving branch security to the cloud. But only a few can securely cloudify the datacenter firewall. This is because datacenter...
Which SSE Can Replace the Physical Datacenter Firewalls? Most SSE solutions can support moving branch security to the cloud. But only a few can securely cloudify the datacenter firewall. This is because datacenter firewalls don’t just address the need for secure Internet access, which is the main SSE capability. Rather, these firewalls are also used for securing WAN access, datacenter LAN segmentation and ensuring reliability and high availability to network traffic.
In this blog post, we explore which capabilities a datacenter firewall-replacing SSE needs to have. To read a more in-depth explanation about each capability, go to the eBook this blog post is based on.
Replacing the Datacenter Firewall: SSE Criteria
An SSE solution that can replace the datacenter firewall should provide the following capabilities:
1. Secure Access to the Internet
SSE needs to secure access to the internet. This is done by analyzing and protecting all internet-bound traffic, including remote user traffic, based on rules IT sets between network entities. In addition, SSE will include an SWG for monitoring and controlling access to websites. Finally, SSE will have built-in threat prevention, including anti-malware and IPS capabilities as a service.
2. Secure Access From the Internet
While many SSE solutions use proxy architectures to secure outbound Internet traffic, SSE solutions that can replace the datacenter firewall are built from the ground up with an NGFW architecture. This enables them to secure traffic directed at datacenter applications and also direct traffic to the right server and applications within the WAN.
[boxlink link="https://www.catonetworks.com/resources/which-sse-can-replace-the-physical-datacenter-firewalls/"] Which SSE Can Replace the Physical Datacenter Firewalls? | Download the White Paper [/boxlink]
3. Secure WAN Access
A WAN firewall controls whether traffic is allowed or blocked between organizational entities. The SSE-based WAN firewall can also leverage user awareness capabilities and advanced threat prevention.
4. Secure LAN Access
SSE should secure VLAN traffic using access control and threat prevention engines. This must be done at the nearest SSE PoP to avoid latency. There also needs to be an option to route the traffic via an on-premise edge appliance.
In addition to these capabilities, SSE needs to have visibility into the entire network. The visibility enables protecting WAN traffic and remote users accessing internal applications and the governance of applications, ports and protocols.
Cato’s SSE 360 solution, built on a cloud-native architecture, secures traffic to all edges and provides full network visibility and control. Cato’s SSE 360 deliveres all the functionality a datacenter firewall provides, including NGFW, SWG, advanced threat protection and managed threat detection and response.
To learn more, read the eBook “Which SSE Can Replace the Physical Datacenter Firewalls”, right here.
Supply chain attacks are one of the top concerns for any organization as they exploit (no pun intended) the inherited trust between organizations. Recent examples...
The 3CX Supply Chain Attack – Exploiting an Ancient Vulnerability Supply chain attacks are one of the top concerns for any organization as they exploit (no pun intended) the inherited trust between organizations. Recent examples of similar attacks include SolarWinds and Kaseya. On March 29th, a new supply chain attack was identified targeting 3CX, a VoIP IPXS developer, with North Korean nation-state actors as the likely perpetrators.
What makes the 3CX attack so devastating is the exploitation of a 10-year-old Microsoft vulnerability (CVE-2013-3900) that makes executables appear to be legitimately signed by Microsoft while, in fact, they are being used to distribute malware. This is not the first time this vulnerability has been exploited; earlier this year, the same tactic was used in the Zloader infection campaign. In the 3CX case, the two “signed” malicious DLLs were used to connect to a C&C (Command and Control) server and ultimately connect to a GitHub repository and download an information stealing malware that targets sensitive data users type into their browser.
[boxlink link="https://www.catonetworks.com/resources/cato-networks-sase-threat-research-report/"] Cato Networks SASE Threat Research Report H2/2022 | Download the Report [/boxlink]
The Cato Networks security group responded to this threat immediately. Customers whose systems were communicating with the second-stage payload server were contacted and informed of which devices were compromised. All domains and IPs associated with the campaign were blocked to limit any exposure to this threat.
Cato’s approach to such threats is one of multiple choke points, ensuring the threat is detected, mitigated, and prevented along its entire attack path. This can only be done by leveraging the private cloud backbone in which each PoP has the entire security stack sharing and contextualizing data for each network flow. Cato’s mitigation of the 3CX threat includes:
Malicious domains are tagged as such and are blocked. The firewall rule for blocking malicious domains is enabled by default.
IPS (Intrusion Prevention System) – Payload servers were added to the domain blocklist, this is complimentary to the firewall rules and is not dependent on them being enabled.
Anti-malware – All 3CX associated trojans are blocked
MDR (Managed Detection and Response) – the MDR team continues to monitor customer systems for any suspicious activities.
Cato Networks security group will continue to monitor this threat as it develops. For a detailed technical analysis of the attack see Cyble’s blog.
The world of cybersecurity is a never-ending battle, with malicious actors constantly devising new ways to exploit vulnerabilities and infiltrate networks. One such threat, causing...
The Evolution of Qakbot: How Cato Networks Adapts to the Latest Threats The world of cybersecurity is a never-ending battle, with malicious actors constantly devising new ways to exploit vulnerabilities and infiltrate networks. One such threat, causing headaches for security teams for over a decade, is the Qakbot Trojan, also known as Qbot. Qakbot has been used in malicious campaigns since 2007, and despite many attempts to stamp it out, continues to evolve and adapt in an attempt to evade detection.
Recently, the Cato Networks Threat Research team analyzed several new variants of Qakbot that exhibited advanced capabilities and evasive techniques to avoid detection and quickly built and deployed protection for the additional changes into the Cato Networks IPS. In this analysis, Cato Networks Research Team exposes the tactics, techniques, and procedures (TTPs) of the latest Qakbot variant and explores its potential impact on enterprises and organizations if left alone.
Why Now?
During the COVID-19 pandemic, an eruption of cyberattacks occurred, including significant growth of attacks involving ransomware. As part of this surge, Qakbot’s threat actor adapted and paired with other adversaries to carry out ferocious multi-stage attacks with significant consequences.
Qakbot is sophisticated info-stealing malware, notorious as a banking trojan, and is often used to steal financial information and conduct fraudulent financial transactions. Pursuing even larger gains, in the last few years, Qakbot targets have shifted from retail users to businesses and organizations.
As recent versions of Qakbot emerge, they present new infection techniques to both avoid detection and maintain persistence on the infected systems. Qakbot’s latest design updates, and additionally complex multi-stage infection processes, enable it to evade detection using most traditional security software detection techniques, and pose a significant and ongoing threat to unprotected businesses and organizations.
How Do the Latest Versions of Qakbot Work?
The first stage of the Qakbot infection process begins when a user clicks on a link inside a malicious email attachment. In the latest Qakbot versions, the malicious file attachments are typically ZIP, OneNote or WSF files (a file type used by the Microsoft Windows Script Host.). Zip, OneNote and WSF files are commonly used by malicious actors as they make it easier to evade the Mark of the Web (MOTW). MOTW is a security mechanism implemented by Microsoft to detect and block files with macros (such as Excel files) that were downloaded from the internet and may be compromised. By using file types that do not receive MOTW, Qakbot attachments are more likely to evade detection and blocking.
When the user opens the WSF or OneNote file and clicks the embedded link, Qakbot covertly launches a series of commands, allowing the malware to infect the system and take additional measures to evade detection.
[boxlink link="https://www.catonetworks.com/resources/cato-networks-sase-threat-research-report/"] Cato Networks SASE Threat Research Report H2/2022 | Download the Report [/boxlink]
Malicious files are cloaked as innocuous files by abusing Living Off the Land Binaries (LOLBins) and by imitating commonly used file types, such as Adobe Cloud files, to stay hidden. LOLBins are legitimate binaries or executables found in the Windows operating system that are also used by attackers to carry out malicious activities. These binaries are typically present on most Windows machines and are legitimately used for system maintenance and administration tasks but can easily be abused to execute malicious code or achieve persistence on compromised systems. Attackers commonly make use of LOLBins because they are present on most Windows systems and are typically on the allow list of common security software, making them more difficult to detect and block. Examples of common LOLBins include cmd.exe, powershell.exe, rundll32.exe and regsvr32.exe.
After the initial infection stage is complete, Qakbot expands its footprint on the infected system and eventually uses encrypted communication with Qakbot command and control (C2) servers to further conceal its activities and evade detection.
An example of a shared malicious PDF attachment instructing the victim to execute the bundled .wsf file
Let’s explore four different recent Qakbot infection scenarios to learn exactly how they operate.
Scenario 1: Malicious email with an embedded .hta file, hidden within a OneNote file attachment, leading to multi-stage infection process:
From the malicious email, the user (victim), is led to click a malicious link hidden inside a legitimate looking OneNote file attachment. After clicking the link, the infection chain begins.The malicious link is in actuality, an embedded .hta file, executed when the link is clicked. The .hta file includes a VBscript code used to deliver the Qakbot payload and infect the device. Windows uses MSHTA.exe to execute .hta files. Typically, MSHTA.exe is used legitimately to execute HTML applications, and that is why this process usually evades detection as being malicious.
Embedded malicious .hta file using VBScript to execute commands on the operating system
After the .hta file is initiated, it executes curl.exe to force download an infected dll file from a remote C2 Qakbot server. The Qakbot payload is disguised as an image file to evade detection during the download process. Curl is another normally legitimate tool, used for transferring data over the internet.
De-obfuscated code from the .hta file showing the execution of curl.exe and the Qakbot payload
The .hta file then executes the Qakbot dll file using rundll32.exe.Rundll32.exe is another normally legitimate Windows application used to run DLL files. In this scenario, executing rundll32.exe allows the malicious DLL file, disguised as an image, to be successfully loaded into the system, undetected.
Example of Qakbot’s infection chain
Loaded onto the system successfully, Qakbot then hides itself by spawning a new process of wermgr.exe and injecting its code into it. Wermgr.exe is a legitimate Windows Event Log application. Masquerading as a legitimate process enables the malware to run in the background and avoid detection by most common anti-virus software.
Scenario 2: Like Scenario 1, but in this variation, a malicious email with an embedded .cmd file is hidden within a OneNote file attachment, leading to a multi-stage infection process.
From the malicious email, the user (victim), is led to click the malicious link hidden inside a legitimate OneNote file attachment. After clicking the link, Qakbot begins the infection chain.The malicious link is in actuality, an embedded .cmd file, and executes when the link is clicked. Windows uses CMD.exe to execute the .cmd file. CMD.exe is a legitimate command-line interpreter, used to execute commands in Windows operating systems. Being a LOLBin, this process is usually abused to evade detection.
.cmd file content
The .cmd file invokes PowerShell to force download an encrypted payload from a remote Qakbot C2 server.PowerShell is a powerful scripting language built into Windows operating systems and is typically used for task automation.
Decoded base64 string from the .cmd script
The downloaded payload dll file is executed using Rundll32.exe, with the same purpose as in the previous scenario.
Loaded onto the system successfully, Qakbot then hides itself by spawning a new process of wermgr.exe and injecting its code into it.
Scenario 3: Malicious email with a Zip attachment bundling a .WSF (Windows Script File) file.
In this variation, a malicious email with an infected WSF file is hidden within a Zip attachment designed to mimic an Adobe Cloud certificate. The Zip file often has a legitimate-looking name and is specifically designed to trick the user (victim) into thinking the attachment is safe and harmless.
From the malicious email, the user (victim), is led to open the attachment and extract the files it bundles. Inside the Zip there are 3 files: .WSF, PDF and TXT. The PDF and TXT are decoy files, leading the user to click and open the .WSF file, initiating the infection chain.Typically, .WSF files contain a sequence of legitimate commands executed by Windows Script Host. In this case, the WSF file contains a script that executes the next stage of the Qakbot infection process.
Obfuscated malicious JavaScript hidden inside the .WSF file padded to look like a certificate
An obfuscated script (written in JavaScript), within the malicious .WSF file initiates force download of the payload from a Qakbot C2 server.
The obfuscated script executes the Qakbot dll using Rundll32.exe.
Loaded onto the system successfully, Qakbot moves to hide itself, spawning a new wermgr.exe process and injecting its code into it.
Scenario 4: Malicious email with .html attachment using the HTML Smuggling techniqueHTML Smuggling is a technique that allows threat actors to smuggle malicious binary code into a system by cloaking the malicious binary within an innocuous looking .html attachment.
From the malicious email, the user (victim), is led to open the innocuous looking .html attachment containing the hidden binary. In some cases, the .html file arrives within a ZIP archive file, adding an additional step to the complexity of the attack.
Once opened, the .html file delivers a malicious, password-protected, .ZIP archive file stored within the code of the attachment. The file password is provided in the .html file.
Malicious .html file – fooling the victim into opening the password-protected .ZIP file
Inside, the .ZIP archive file, a malicious .img file is bundled.IMG are binary files that store raw disk images of floppy disks, hard drives, or optical discs. IMG and ISO files are commonly used legitimately to install large software. In the case of Qakbot, once the IMG file is loaded, it mounts itself as a drive and exposes its contents.
The malicious .img file actually bundles several other files, including a .LNK (Windows shortcut file) file. Executing the .LNK file initiates the complex infection chain using the other files within the mounted .img file.
During the infection chain, a malicious .WSF file is executed, invoking PowerShell to force download an encrypted payload (the Qakbot dll) from a remote Qakbot C2 server. PowerShell is a powerful scripting language built into Windows operating systems and is typically used for task automation.
Request to download Qakbot’s dll from the C2 server using PowerShell
The .WSF script then executes the Qakbot dll using Rundll32.exe.
Loaded onto the system successfully, Qakbot moves to hide itself, spawning a new wermgr.exe process and injecting its code into it.
Potential Damage
After Qakbot infects a system, the malware evaluates and performs reconnaissance on the infected environment. If the environment is worthwhile, Qakbot downloads additional tools, such as Cobalt Strike or Brute Ratel frameworks. These frameworks are commercially used by Red Teams for penetration testing purposes.
Unfortunately, leaked versions of many penetration testing frameworks have also found their way to the open market and are abused by threat actors. Using these tools, threat actors perform advanced post-exploitation actions, including privilege escalation, and lateral movement.
Eventually, the greatest threat posed by Qakbot and similar families of malware is ransomware. In some of the most recent attacks, Qakbot has been observed delivering BlackBasta ransomware. BlackBasta is a notoriously effective ransomware variant, used to successfully attack many businesses throughout the US and Europe. BlackBasta uses the double extortion technique, where an attacker demands a ransom payment to restore the victim’s access to their own encrypted files and/or data and threatens to sell the user or organizational data on the Darknet if the ransom is not paid.
Cato Networks internal security team dashboard displays a suspected attempt to exfiltrate data
How Cato Protects You Against Qakbot
Qakbot, like other malware, is constantly evolving and being updated with new methods and attempts at infection and infiltration. Making sure your current threat detection solution can detect and block these types of changes to malware threats as quickly as possible is critical to your ongoing organizational security. Cato Networks IPS (Intrusion Prevention System) was immediately updated with the latest changes to Qakbot in order to block the malware from communicating with its C2 servers.Cato’s Security Research team uses advanced tools and strategies to detect, analyze and build robust protection against the latest threats. The following dashboard view is part of an arsenal of tools used by the Cato Research Team and shows auto-detection of a suspected Qakbot attack and blocking by Cato IPS from any additional communication between the malware and its C2 servers.
Cato Networks internal security team dashboard displaying detection and blockage of outbound Qakbot communication
It has never been clearer that no company can expect to fight the constant evolution of malware and malicious attacks without help from the experts. Cato’s Security Research team remains committed to continuously monitoring and updating our solutions to protect your organization against the latest threats. Utilizing the Cato Networks solution, enjoy an enhanced overall security posture, safeguard against the ever-evolving threat of malware, and confidently prioritize what truly matters - your business.To learn more about how Cato protects against Qakbot and similar threats and intrusions and how you can mitigate security risks for your organization, check out our articles on intrusion prevention, security services, and managed threat detection and response.
Indicators of compromise (IOCs)
Scenario #1
352a220498b886fae5cd1fe1d034fe1cebca7c6d75c00015aca1541d19edbfdf - .zip
5c7e841005731a225bfb4fa118492afed843ba9b26b4f3d5e1f81b410fa17c6d - .zip
002fe00bc429877ee2a786a1d40b80250fd66e341729c5718fc66f759387c88c - .one
d1361ebb34e9a0be33666f04f62aa11574c9c551479a831688bcfb3baaadc71c - .one
9e8187a1117845ee4806c390bfa15d6f4aaca6462c809842e86bc79341aec6a7 - .one
145e9558ad6396b5eed9b9630213a64cc809318025627a27b14f01cfcf644170 - .hta
baf1aef91fe1be5d34e1fc17ed54ea4f7516300c7b82ebf55e33b794c5dc697f - .hta
Scenario #2
1b553c8b161fd589ead6deb81fdbd98a71f6137b6e260c1faa4e1280b8bd5c40 - .one
e1f606cc13e9d4bc4b6a2526eaa74314f5f4f67cea8c63263bc6864303537e5f - .one
06a3089354da2b407776ad956ff505770c94581811d4c00bc6735665136663a7 - .cmd
5d03803300c3221b1233cdc01cbd45cfcc53dc8a87fba37e705d7fac2c615f21 - .cmd
Scenario #3
1b3b1a86a4344b79d495b80a18399bb0d9f877095029bb9ead2fcc7664e9e89c - .zip
523ea1b66f8d3732494257c17519197e4ed7cf71a2598a88b4f6d78911ad4a84 - .zip
fe7c6af8a14af582c3f81749652b9c1ea6c0c002bb181c9ffb154eae609e6458 - .wsf
6d544064dbf1c5bb9385f51b15e72d3221eded81ac63f87a968062277aeee548 - .wsf
Scenario #4
3c8591624333b401712943bc811c481b0eaa5a4209b2ec99b36c981da7c25b89 - .html
8c36814c55fa69115f693543f6b84a33161825d68d98e824a40b70940c3d1366 - .html
2af19508eebe28b9253fd3fafefbbd9176f6065b2b9c6e6b140b3ea8c605ebe8 - .html
040953397363bad87357a024eab5ba416c94b1532b32e9b7839df83601a636f4 - .html
42bd614f7452b3b40ffcad859eae95079f1548070980cab4890440d08390bd29 - .zip
08a1f7177852dd863397e3b3cfc0d79e2f576293fbb9414f23f1660345f71ccc – .zip
0d2ad33586c6434bd30f09252f311b638bab903db008d237e9995bfda9309d3a - .zip
878f3ccb51f103e00a283a1b44bb83c715b8f47a7bab55532a00df5c685a0b1d - .zip
B087012cc7a352a538312351d3c22bb1098c5b64107c8dca18645320e58fd92f - .img
Qakbot payload
d6e499b57fdf28047d778c1c76a5eb41a03a67e45dd6d8e85e45bac785f64d42
6decda40aeeccbcb423bcf2b34cf19840e127ebfeb9d79022a891b1f2e1518c3
e99726f967f112c939e4584350a707f1a3885c1218aafa0f234c4c30da8ba2af
5d299faf12920231edc38deb26531725c6b942830fbcf9d43a73e5921e81ae5c
acf5b8a5042df551a5fe973710b111d3ef167af759b28c6f06a8aad1c9717f3d
442420af4fc55164f5390ec68847bba4ae81d74534727975f47b7dd9d6dbdbe7
ff0730a8693c2dea990402e8f5ba3f9a9c61df76602bc6d076ddbc3034d473c0
bcfd65e3f0bf614bb5397bf8d4ae578650bba6af6530ca3b7bba2080f327fdb0
A new critical vulnerability impacting Microsoft Outlook (CVE-2023-23397) was recently published by Microsoft. The CVE is particularly concerning as no user involvement is required by...
Cato Protects Against CVE-2023-23397 Exploits A new critical vulnerability impacting Microsoft Outlook (CVE-2023-23397) was recently published by Microsoft. The CVE is particularly concerning as no user involvement is required by the exploit. Once a user receives a malicious calendar invite, the attacker can gain a user’s Active Directory credentials.
Microsoft has released a security update that can be found here. Cato Research strongly encourages updating all relevant systems as proof-of-concept exploits have already appeared online. Until all systems have been updated, Cato customers can rest easy. By default, any Cato-connected endpoint – remote user, site, or any other type of user – is protected from the attacks exploiting the CVE.
What is CVE-2023-23397 and How Does it Work?
CVE-2023-23397 is a critical vulnerability in the Outlook client. An attacker can craft a .MSG file as a e form of a calendar invite that triggers an authentication attempt over the SMB protocol to an attacker-controlled endpoint without any user interaction. (.MSG is the file format used to represent Outlook elements, such email messages, appointments, contacts, and tasks.)
In case the SMB authentication attempt is done using NTLM, the Outlook client will send the attacker a Net-NTLM hash along with the username and domain name. This enables an attacker to perform an offline dictionary-based attack on the hash. The result: revealing the user's password and username that can then be used to authenticate and attack exposed services that rely on active directory credentials.
[boxlink link="https://www.catonetworks.com/resources/cato-networks-sase-threat-research-report/"] Cato Networks SASE Threat Research Report H2/2022 | Download the Report [/boxlink]
What is Cato’s Mitigation?
Right upon the exploitation disclosure, Cato’s Security Research team began investigating the CVE. Cato IPS does not inspect the Outlook .MSG elements as that would be out of scope for an IPS system. But the CVE does require an outbound SMB session to exfiltrate data and, by default, Cato’s firewall implements a deny rule, blocking outbound SMB traffic. Only SMB sessions terminating at known, trusted servers should be allowed.
Our team continues to review a dedicated IPS signature to be enforced globally for this threat. It will ensure that potential information leakage, such as the one presented by this CVE, is prevented regardless of their firewall configuration. With hybrid Active Directory setups that extend AD identities to the cloud and may utilize SMB, careful review of the data is required to avoid causing false positives introduced by legitimate usage. Further notice will be provided to Cato customers in forthcoming Release Notes.
Many enterprises today are exploring the benefits of Secure Access Service Edge (SASE). SASE is a modern networking and security solution for enterprises that converges...
Are You Trapped in the Upside-Down World of Networking and Security? Many enterprises today are exploring the benefits of Secure Access Service Edge (SASE). SASE is a modern networking and security solution for enterprises that converges SD-WAN and network security solutions like NGFW, IPS, and NGAM. SASE provides a single, unified and cloud-native network and security service that is adapted to current and future technology and business needs.
Despite the availability and increasing of SASE, some enterprises still maintain legacy appliances for their networking and security needs. Such businesses are trapped in an upside-down world that operates in technology silos and requires countless IT resources to deploy, manage, and maintain.
In this blog post, we will compare old-fashioned point solutions from the upside-down world to Cato’s modern SASE Cloud. We’ll examine the following five characteristics:
Network Devices
High Availability
Security Updates
The Hardware Refresh Cycle
TLS Inspection
To read more about each characteristic, you’re welcome to read the eBook SASE vs. the Upside Down World of Networking and Security this blog post is based on.
Characteristic #1: Network Devices
Let’s first compare network devices. Network devices are the physical appliances that enable connectivity and security in the network.
Network Devices in the Upside-down World:
Heavy duty
High touch
Difficult to maintain and monitor
Logistical and supply chain issues
Complex installation
Cato Socket in the SASE World:
Lightweight
Simple to use
Modern UX
No supply chain issues
Zero-touch deployment
Characteristic #2: High Availability
Next, let’s look at high availability. High availability is about ensuring the network is always accessible, regardless of outages, natural disasters, misconfigurations, or any other unforeseen event.
High Availability in the Upside-down World:
Costly to buy redundant hardware
Complex configurations
Scalability is limited to box capacity
Requires hours of management and troubleshooting
Prone to configuration errors
High Availability in SASE World:
Cost-effective
A frictionless process
Rapid deployment
Multi-layered redundancy
Highly scalable
Simplicity that reduces risk
[boxlink link="https://www.catonetworks.com/resources/sase-vs-the-upside-down-world-of-networking-and-security/"] SASE vs. the Upside Down World of Networking and Security | Download the eBook [/boxlink]
Characteristic #3: Security Updates
No comparison would be complete without addressing security. With so many cyberthreats, security is an integral part of any enterprise IT strategy. But IT’s task list is filled to the brim with multiple competing priorities. How can businesses ensure security tasks aren’t pushed to the bottom of the list?
Security Updates in the Upside-down World:
Cumbersome and complex
Time-consuming
Disruptive to the business
Requires manual intervention for “automated” tasks
Higher risk of failure
Security Updates in SSE 360 World:
100% automated
Hourly automatic updates from 250+ security feeds
Transparent to the user
Minimal false positives
IT and security have time to work on other business-critical projects
Characteristic #4: Hardware Refresh Cycle
When hardware becomes obsolete or can no longer satisfy technology or capacity requirements, it needs to be evaluated and upgraded. Otherwise, productivity will be impacted, security will be compromised, and business objectives will not be met. The Hardware Refresh Cycle in the Upside-down World:
A slow, time-consuming process
Dependent on the global supply chain
Can be blocked by budgets or politics
Requires extra IT resources
The Hardware Refresh Cycle in SASE World:
A one time process - SASE scales, is continuously updated and suitable for multiple use cases
Easily adopt new features
Unlimited on-demand scalability
Flexible, cost-effective pricing models and easy to demonstrate ROI
Reduces administrative overhead
Characteristic #5: TLS Inspection
Finally, TLS inspection prevents hackers from performing reconnaissance or progressing laterally by decrypting traffic, inspecting it and then re-encrypting it.
TLS Inspection in the Upside-down World:
Scoping, acquiring, deploying and configuring more hardware
Backhauling traffic for firewall inspection
Time-consuming
Increased certificate management
Requires higher throughput
TLS Inspection in SSE 360 World:
Wire speed performance
Consistent TLS inspection
Quick and easy setup
Simple deployment at scale
Minimal resources required
Getting Out of the Upside-Down World
With SASE, enterprises can ensure they are never trapped in an upside-down world of cumbersome legacy appliances. SASE provides business agility, on-demand scalability, and 360-degree security along with simplified management and maintenance for IT and security teams. The cloud-native SASE architecture connects and secures all resources and edges, anywhere in the world, based on identity-driven access.
To read more about the differences between legacy appliances and SASE (and how to rescue yourself) read the eBook SASE vs. the Upside Down World of Networking and Security.
Corporate IT infrastructure has become crucial to the success of the modern business. Disruption in the availability of corporate applications and services will impact employee...
The Value of Network Redundancy Corporate IT infrastructure has become crucial to the success of the modern business. Disruption in the availability of corporate applications and services will impact employee productivity and business profitability.
Companies are responsible for the resiliency of their own IT systems and this includes ensuring the constant availability of critical business applications for employees, customers, and partners. Network outages are possible; however, how rapidly the network recovers with minimal disruption to the business is what matters most.
Network redundancy is designed to limit the risk of a network outage halting business operations. Building resiliency and redundancy into the corporate network enables an organization to rapidly recover and maintain operations.
Impact of Network Redundancy
Network redundancy is designed to ensure that no single point of failure exists within an organization’s network infrastructure. This benefits the modern business in numerous ways:
Security: Network outages occur, and the impact can be measured in numerous ways, including the network security impact. Network outages caused by DDOS or other such attacks will have a significant impact on day-day business operations, affecting branch and remote workers, thus impacting some of their enterprise security protection. Such incidents are also used to launch stealth attacks on critical business systems to further damage business operations. Network redundancy improves security by providing alternate routes for impacted network traffic, thus reducing the chances of experiencing outages that place business resources and the network at risk.
Performance: If an organization is dependent on a single network link or carrier, then its network performance is only as good as that carrier’s network. If the provider suffers an outage or degraded performance, so does the company. Network redundancy can enable an organization to optimize its use of multiple network carriers to avoid outages or degraded service.
Reliability: The primary purpose of network redundancy is to eliminate single points of failure that can cause outages or degraded performance. Redundancy improves resiliency by limiting the potential impact if a system or service goes down.
How Redundancy in Cato’s Architecture Works
The Cato SASE Cloud is composed of a global network of points of presence (PoPs) that are connected via multiple Tier-1 network providers. When traffic enters the Cato SASE Cloud, a PoP performs security inspection, applies all policies, and optimally routes the traffic to the PoP nearest its destination.
The design of the Cato SASE Cloud provides multiple layers of redundancy to ensure consistent service availability. As a result, it is highly resilient against several types of failures, including:
Carrier Outage: The Cato SASE Cloud was designed using multiple tier-1 carriers to connect its PoPs and provide reliable, high-performance network connectivity. If a carrier’s service begins to degrade, the PoPs will automatically detect this and failover to an alternate carrier to maintain optimal performance and availability.
InterPoP Outage: The Cato SASE Cloud is composed of a network of PoPs in 75+ global locations. If a PoP experiences an outage, all services running inside this PoP will automatically failover to the nearest available PoP, and all traffic to that PoP will automatically reroute to the nearest available PoP.
Intra-PoP Outage: A PoP consists of a collection of Cato Single Pass Cloud Engines (SPACE) that powers the global, scalable, and highly resilient Cato SASE Cloud. Multiple SPACE instances run inside of multiple high powered compute nodes inside each PoP. If one SPACE instance fails, it will failover to another instance within the same compute node. If a compute node fails, all SPACE instances will failover to another compute node inside the same PoP.
Cato Sockets: Each Cato Socket has multiple WAN ports and can run in active/active/active mode. When deployed as redundant hardware, a socket’s traffic will failover to the redundant socket if it fails. And, in the event the Cato SASE Cloud experiences an unlikely complete outage, , Cato sockets can provide direct WAN connectivity over the public Internet.
Network outages can have a dramatic impact on an organization’s ability to conduct normal business. Cato’s network design protects against potentially catastrophic outages of the Cato SASE Cloud network.
[boxlink link="https://www.catonetworks.com/resources/how-to-best-optimize-global-access-to-cloud-applications/"] How to Best Optimize Global Access to Cloud Applications | Download the eBook [/boxlink]
The Advantage of Cato’s Network Redundancy
Network redundancy is a significant consideration when comparing network options. Often, it was one of the main selling points for older network technologies like multi-protocol label switching (MPLS) and software-defined WAN (SD-WAN) solutions.
MPLS, SD-WAN, and the Cato SASE Cloud all achieve network resiliency in different ways.
MPLS: MPLS is known for its middle-mile resiliency and redundancy since traffic flows through the MPLS provider’s internal systems. However, the cost of MPLS circuits often makes redundant circuits for last-mile coverage cost-prohibitive.
SD-WAN: SD-WAN solutions are designed to optimally route traffic over the public Internet to provide improved performance and reliability at a fraction of the cost of MPLS. However, these solutions are limited by the performance and resiliency of the public Internet, making it challenging for them to meet the same SLAs as an MPLS solution.
Cato SASE Cloud: The Cato SASE Cloud provides high middle-mile performance and resiliency via a global network of PoPs with built-in redundancy and traffic optimization, and connected via tier-1 carriers. Cato Sockets have multiple WAN ports in active/active/active mode, allowing customers to connect multiple last-mile service providers, allowing them to implement inexpensive last-mile redundancy.
The Cato SASE Cloud offers better overall network resiliency than MPLS and SD-WAN, and it accomplishes this at a fraction of the price of MPLS.
Improve Company Productivity and Security with Cato
Corporate networks are rapidly expanding and becoming more dynamic. As more companies allow hybrid working options, they need to ensure that these employees have a reliable, secure, high-performance network experience no matter where they are connecting from.
The Cato SASE Cloud is a converged, cloud-native, global connected architecture that provides high-performance network connectivity with built-in multi-layer redundancy for all users, devices, and applications. This protects organizations against crippling network outages and ensures predictable network availability with a 99.999% SLA.
Building a highly resilient and redundant corporate network helps to improve company productivity and security. Learn more about SASE and about enhancing your organization’s network resiliency by requesting a free demo of the Cato SASE Cloud today.
SASE (Secure Access Service Edge) is a new architecture that converges networking and security into cloud-native, globally available service offerings. Security inspection and policy enforcement...
Integrated vs. Converged SASE: Which One Ensures an Optimal Security Posture? SASE (Secure Access Service Edge) is a new architecture that converges networking and security into cloud-native, globally available service offerings. Security inspection and policy enforcement is performed at the cloud edge, instead of backhauling all traffic to a centralized data center for inspection. This enables organizations to strengthen their security posture while ensuring high performance, scalability and a good user experience.
Unfortunately, many vendors attempt to market loosely integrated products and partnerships as SASE. they find the fastest way to enter the SASE market is to virtualize existing hardware-based products and deploy them into public cloud providers (AWS, Azure, GCP). and then enhance them with additional capabilities.
So, which approach is best? In this blog post we explore the two options, converged and integrated, and the differences between them. To learn more about which SASE vendor you should choose you can read the whitepaper this blog post is based on: “Integrated vs. Converged SASE: Why it Matters When Ensuring an Optimal Security Posture”.
Why Do Some SASE Vendors Offer an Integrated SASE Solution?
Integrating siloed point solutions is the fast track to entering the SASE market. But this type of solution is full of drawbacks. These include:
Increased Complexity - Integrated solutions add management layers, which reduces agility. Integration does not deliver the required SASE capabilities and requires more effort and risk from the customer. This is the opposite of what Gartner envisioned SASE to be.
Poor Performance - SASE solutions that rely on integration can’t provide a single-pass architecture. Single Pass is critical for SASE’s promise of high performance because all engines process and simultaneously applies policies to traffic flows at the cloud edge. Integrated solutions do not have this single-pass architecture, so they are vulnerable to higher latency issues.
Limited Vendor Control - Some vendors with an incomplete SASE solution will partner with other technology vendors to build their offerings. This means each vendor only controls and supports their product, and customers subsequently are left with multiple security technologies to deploy and manage. Because of the numerous risks this creates, including security blind spots, customers will not enjoy the full promise of SASE.
Security Gaps - Technology integration increases the chance of security events being ignored or overlooked. Because each product in an integrated architecture is configured to inspect certain activities within traffic flows, they view it in its own context. This leads to insufficient sharing of all necessary context, thus leaving networks exposed to security gaps.
Lack of Full Visibility - Integrated offerings tend to rely on multiple consoles and sources that prevent accurate correlation of network and security traffic flows and events. Because of this, customers do not have full visibility and context of these flows and will not have the same level of control that a converged SASE solution has.
What are the Benefits of Converged SASE?
Converged SASE is built from the ground up to deliver both security and networking capabilities. This benefits the customer in the following areas:
Rapid Deployment - Integrated solutions have longer deployments since they have multiple consoles and multiple policies that require extensive manual effort from the customer and this risks policy mismatches or other errors during the deployment. A converged architecture, on the other hand, simplifies deployments with a single management application for configuration and a single policy for all customer sites. This makes the deployment less complex, allowing quick and easy implementation.
Decreased Overhead - Converged SASE provides a single management application for management and reporting that decreases administrative overhead and simplifies investigation and troubleshooting.
Low Latency - A true single-pass architecture decreases latency by ensuring all security engines simultaneously inspects and applies policies on all traffic once at the cloud edge before forwarding on to its destination.
Cloud-Native Possibilities - Solutions that are born in the cloud are purpose-built for scalability, agility, flexibility, resilience and global performance. This is unlike cloud-delivered solutions that are virtual machines based on appliance-based products that are deployed in public cloud provider data centers,
No Hybrid or On-Premises Deployments - SASE was defined by Gartner as being delivered from a cloud-native platform. Vendors that offer hybrid or on-premises options are not cloud-native and customers should proceed with caution and remember the core requirements of SASE when considering those options.
[boxlink link="https://www.catonetworks.com/resources/integrated-vs-converged-sase-why-it-matters-when-ensuring-an-optimal-security-posture/"] Integrated vs. Converged SASE: Why it Matters When Ensuring an Optimal Security Posture | Download the White Paper [/boxlink]
Integrated vs. Converged SASE
Which type of solution is best for modern enterprises? Here are the main functionalities offered by each type of solution:
Integrated SASE:
SD-WAN from partners
Multiple management consoles
Require VM deployment
Require tunnel configuration
Hosted in the public cloud
Separate authentication flows for security and access
Require SIEM for network and security event correlation
Hybrid deployment
Networking, security and remote access products are separate
Requires multiple products
Different PoPs offer different capabilities
Converged SASE:
Native SD-WAN
A single management application
Full mesh connectivity
Optional use of IPSEC tunnels
Optional export to SIEM
Better collaboration among converged technologies
Holistic security protections
All PoPs are fully capable
There is consistent policy enforcement
Which Vendor Should You Choose?
There is are fundamental differences in SASE capabilities between an integrated and a converged platform. This includes their ability to eliminate MPLS, simplify and optimize remote access, enable easy cloud migration, and securing branch and mobile users. SASE solutions are designed to address numerous customer use cases and solve multiple problems, and it is important for customers to conduct a thorough evaluation of both approaches to ensure their chosen platform meets their current and future business and technology needs.
Read more about how to choose a SASE vendor from the whitepaper.
We recently issued the Cato Networks SASE Threat Research Report, which highlights cyber threats and trends based on more than 1.3 trillion flows that passed...
Cato Analyzes the Dominant Sources of Threats in 2H2022 Research Report We recently issued the Cato Networks SASE Threat Research Report, which highlights cyber threats and trends based on more than 1.3 trillion flows that passed through the Cato SASE Cloud network during the second half of 2022. The report highlights the most popular vulnerabilities that threat actors attempted to exploit, and the growing use of consumer applications that may present a risk to the enterprise.
Cato Scans a Vast Trove of Data to Hunt for Threats
One of the first observations in the report was the sheer scale of our data repository. Cato’s convergence of networking and security provides unique visibility on a global scale into both legitimate enterprise network usage and the malicious activity aimed at enterprise networks. This includes hostile network scans, exploitation attempts, and malware communication to C&C servers.
Like many security vendors, we collect information from threat intelligence feeds and other security resources. But as a networking provider, we’re also able enrich our understanding of security events with network flow data often unavailable to security professionals. During 2022, Cato’s data repository was fed by more than 2.1 trillion network flows traversing or our global private backbone or about a 20% growth in flows each quarter.
Security events, threats, and incidents also grew in proportion to the number of network flows. In the second half of 2022, the Cato Threat Hunting System (CTHS) detected 87 billion security events across the entire Cato Cloud. A security event is any network flow that triggers one of Cato’s many security controls.
[boxlink link="https://www.catonetworks.com/resources/eliminate-threat-intelligence-false-positives-with-sase/"] Eliminate Threat Intelligence False Positives with SASE | Download the eBook [/boxlink]
CTHS is a natural extension of Cato Cloud security services. It is comprised of a set of algorithms and procedures developed by Cato Research Labs that dramatically reduces the time to detect threats across enterprise networks. CTHS is not only incredibly accurate but also requires no additional infrastructure on a customer’s network.
CTHS concluded there were 600,000 threats, or high-risk flows, based on machine learning and data correlation. Of these, 71,000 were actual incidents, or verified security threats.
Cato Identifies the Top Threats and Exploit Attempts on the Network
Over the years, Cato has been tracking the top threats on the network and the trends haven’t changed much. The top five threat types in the current research report are (1) Network Scan, at 31.2 billion events, (2) Reputation, at 4.7 billion events, (3) Policy Violation, at 1.3 billion events, (4) Web Application Attack, at 623 million events, and (5) Vulnerability Scan, with 482 million events.
Other types of threats worth noting include Remote Code Execution (92 million), Crypto Mining (56 million), and Malware (55 million). Remote Code Execution events and Malware events both increased over the previous reporting period, but Crypto Mining events decreased. This latter fact may be due to the recent decline in the cryptocurrency business itself following the collapse of the FTX exchange.
The most-used cloud apps in the reporting period were from Microsoft, Google, Apple, Amazon (AWS), and Meta (Facebook). Many consumer-oriented applications were also in use, including YouTube, TikTok, Spotify, Tor, Mega, and BitTorrent. The latter three apps are known to be used frequently for malicious activities and pose a potential risk to enterprise networks.
The Log4j vulnerability (CVE-2022-44228) is a relatively recent discovery that is estimated to have affected nearly a third of all web servers in the world. Thus, it’s no surprise that it continues to dominate exploitation attempts with 65 million events across the Cato Cloud network. What is surprising is that two older vulnerabilities continue to make the top five list for exploit attempts. One is CVE-2017-9841, a remote code execution bug from 2017, and the other is CVE-2009-2445, a 14-year old vulnerability affecting certain popular web servers.
Cato also tracks network flows associated with MITRE ATT&CK techniques. Network based scanning and remote system discovery lead the list with 22.6 billion flows and 17 billion flows, respectively. The top five most-used techniques targeting enterprises are Phishing, Phishing for Information, Scanning, Remote System Discovery, and Exploit Public-facing Application. Knowing which attack techniques are most often seen on the network can help organizations tighten their defenses where it is most needed.
For more detailed information, read the Cato Networks SASE Threat Research Report for the second half of 2022.
Unsolved Remote Access Challenges Continue to Propel SASE in 2023, Finds New Cato Survey By all accounts, 2023 is expected to see strong growth in...
Unsolved Remote Access Challenges Continue to Propel SASE in 2023, Finds New Cato Survey Unsolved Remote Access Challenges Continue to Propel SASE in 2023, Finds New Cato Survey
By all accounts, 2023 is expected to see strong growth in the SASE market. Gartner has already predicted in The Top 5 Trends in Enterprise Networking and Why They Matter: A Gartner Trend Insight Report (subscription required) that by 2025, 50% of SD-WAN purchases will be part of a single vendor SASE offering, up from less than 10% in 2021. And in a recent audience poll at Gartner’s I&O Cloud conference, audience members were asked which of the five technologies were they most likely to invest in, 31% indicated SASE, making number two overall just behind Universal ZTNA (at 34%).
And Gartner isn’t the only one expecting SASE to perform well this year. Dell’Oro expects the SASE market to reach $8 billion in 2023. The drivers for this activity? The need for security everywhere particularly driven by hybrid work. “The internet is now a logical extension of the corporate network, and the need for security is as great as ever,” Dell’Oro Research Director Mauricio Sanchez told SDxCentral.
We couldn’t agree more. We just finished surveying more than 1661 IT leaders around 2023 SASE drivers for adoption. The survey gathered insight into their experiences with SASE and, for those who have not yet deployed SASE, the IT challenges confronting them moving forward.
What’s so striking when you look the data is the role remote access plays. More than half (51%) of respondents who have not yet adopted any kind SASE point to enabling remote access from anywhere as their number one challenge. The same is true for “Adopt zero trust security posture for all access.”
Why Remote Access VPNs Are Not the Answer for Hybrid Work
There are any number of reasons for why enterprises are looking at replacing legacy remote access solutions. “Traditional approaches anchored only to on-premises solutions at the corporate internet gateway no longer work in the new ‘anywhere, anytime, with any device’ environment that the pandemic accelerated, SDxCentral quoted Sanchez.”
[boxlink link="https://www.catonetworks.com/resources/have-it-the-old-way-or-enjoy-the-sase-way/"] Have it the Old Way or Enjoy the SASE Way | Download the White Paper [/boxlink]
More specifically, legacy VPNs suffer from five key problems:
Scaling and capacity Issues. VPN servers have a limited amount of capacity, as more users connect, performance degrades, and the user experience suffers. To increase VPN server capacity, IT must deploy new appliances or upgrade existing ones. Security and performance optimization challenges requires additional appliances to be purchased, deployed, and integrated, which only increases network complexity.
Lack of granular security controls. Generally, point solutions restrict access at the network-level. Once a user authenticates, they have network access to everything on the same subnet. This lack of granular security and visibility creates a significant risk and leaves gaps in network visibility.
Poor performance. All too often, remote users complain about their sluggishness of corporate application when access remotely. Part of that is an architecture issue, particularly when traffic needs to brought back to an inspection point, adding latency to the session. VPN traffic is also susceptible to the unpredictability and latency of Internet routing.
Rotten user experience. Remote users struggle with connecting using legacy VPN software. Too many parameters have to be configured to connect properly. Where once this might have been tolerated by a small subset of remote users, it becomes a very different story when the entire workforce operates remotely.
Growing security risk. VPN infrastructure itself has all too frequently been the target of attack. A brief search in the MITRE CVE database for “VPN Server” shows 622 CVE records. VPN servers showed so many security vulnerabilities that CERT warned that many VPN devices were storing session cookies improperly.
It shouldn’t be surprising to learn, then, that when we asked IT leaders further down the SASE adoption curve as to what triggered their SASE transformation project, “remote access VPN refresh” was the most common response (46%)
SASE: The Answer to the Hybrid Work Challenge
SASE answers those challenges by enabling work to occur anywhere, securely and efficiently. As part of a SASE platform, remote access benefits from the scaling of a cloud-native architecture. There’s no need to add server resources to accommodate of users who suddenly need remote access. “Deployment was quick. In a matter of 30 minutes, we configured the Cato mobile solution with single-sign-on (SSO) based on our Azure AD,” says Edo Nakdimon, senior IT manager at Geosyntec Consultants, who had more than 1200 users configured for remote access in less than an hour with the Cato SASE Cloud.
Zero-trust is just part of the SSE pillar of a single-vendor SASE platform, giving IT granular control over remote user resource access. Security is improved by eliminating the VPN servers so frequently and object of attack. And remote user performance improves by inspecting traffic in the PoP right near the user’s location and then sending traffic out to other location across the SASE platform’s global optimized backbone not the unpredictable Internet.
No wonder those IT leaders who did adopt SASE, indicated they were able to address the remote access challenge. When asked, “As a SASE user what are the key benefits you got from SASE?” “Enable Remote Access from Anywhere” as the highest ranked benefit (57% of respondents) followed by “Adopt zero trust security posture for all access” at 47% of respondents.
All of which makes remote access a “quick win” for anyone looking to deploy SASE.
Industry 4.0 is revolutionizing the manufacturing industry as we are witnessing numerous innovative technologies such as AI, IoT, and Robotic Process Automation (RPA) helping manufacturers...
SASE in Manufacturing: Overcoming Security and Connectivity Challenges Industry 4.0 is revolutionizing the manufacturing industry as we are witnessing numerous innovative technologies such as AI, IoT, and Robotic Process Automation (RPA) helping manufacturers enhance their supply chain, logistics and production lines. While we see these operations evolving into smart factories, the industry still faces challenges that could adversely impact its ability to realize the full potential of Industry 4.0.
Manufacturing Digital Transformation Challenges
Digital Transformation introduces a number of challenges to the manufacturing industry. These include:
Cybersecurity vulnerabilities - The manufacturing industry is especially vulnerable to cyberattacks. Legacy manufacturing systems were not designed to defend against modern-day cyber attacks. Their legacy architecture makes it difficult to remain current on software patches and fixes, and this exposes them to increased risk of security breaches. Additionally, lacking proper visibility and control of all traffic flows makes it virtually impossible to have a rapid response and remediation of threats to the environment.
Lack of flexible, scalable and reliable architectures - Manufacturers require a flexible, scalable and reliable architecture that can easily and cost-effectively scale as the business grows. This is something that MPLS does not provide because it cannot support the cloud evolution that the manufacturing industry is experiencing. Additionally, global expansion is a major challenge due to the cost and complexity of turning up new sites, especially in locations where MPLS is not easy for carriers to offer and support. And while some may deploy SD-WAN to overcome this, it is not suitable for global use cases, something the industry demands.
Cloud Performance - MPLS makes connecting directly to 3rd party SaaS applications impossible for 2 key reasons: MPLS is a point-to-point technology, whereas SaaS traffic flows between cloud providers, so it is not feasible for cloud use; and, SaaS apps like Microsoft 365, FactoryTalk, SAP and others, require high-performance internet access, and this is something MPLS does not provide.
Complicated tool management - Maintaining and monitoring multiple MPLS connections, telecom vendors, and legacy tools is extremely complicated, frustrating and prone to errors. This becomes even more challenging when integrating technology from acquisitions.
Global disconnect - Most manufacturers have global operations, with their HQ, production, engineering, suppliers and sales dispersed across the globe. All these users need secure, high-performance local, remote and global access to enable the business to run, which is hard to deliver over MPLS.
[boxlink link="https://www.catonetworks.com/resources/firsthand-perspectives-from-5-manufacturing-it-leaders-about-their-sase-experience/"] Firsthand Perspectives from 5 Manufacturing IT Leaders about their SASE Experience | Download the eBook [/boxlink]
The Solution to Manufacturing Challenges: SASE
SASE (Secure Access Service Edge) is an innovative approach to networking and security that converges these technologies into a single, global, cloud-native service that enables enhanced security, consistent policy enforcement, and faster threat response times. With SASE, manufacturers can overcome the above mentioned challenges that plagues many factories during their digital transformation journey.
To support this journey, manufacturers need a new solution: SASE. With SASE, enterprise networking and security technologies are converged into a single cloud-native software stack and delivered over a global backbone where all capabilities operate in unison. SASE allows manufacturers to reduce the risk of cybersecurity breaches while delivering reliable, low latency, global access to applications and systems. The following capabilities are crucial for SASE to deliver on its promise:
A Single Network Architecture
SASE, having its own global backbone, enables authorized users, locations, clouds and applications to reliably and consistently connect at anytime and from anywhere in the world.
High Performance
The SASE cloud enables IT teams to instantly scale, optimize and enhance the network according to business requirements, and this ensures reliable and predictable performance for applications and a rich experience for all users.
Cloud Data Architecture
SASE optimizes traffic and routes it along the best path to its destinateion based on WAN optimization and dynamic routing policies. This ensures low latency cloud access for all users.
Baked-in Security
SASE strengthens the security posture by providing all required security capabilities including Zero Trust Network Access (ZTNA), firewall-as-a-service (FWaaS), cloud-access security broker (CASB), DLP and secure web gateway (SWG).
Holistic Protection
ZTNA in SASE ensures only authenticated and authorized users and devices gain access to critical enterprise business applications. To further extend security protection and coverage, Managed Detection and Response (MDR) is also available.
Consistent Access for Mobile Users and Suppliers
All authorized users receive consistent access, performance, and security no matter where they are.
What’s Next for Manufacturers?
SASE allows manufacturers to focus their time and resources on key business initiatives such as global expansion and enhancing factory operations instead of worrying about IT and security. This allows them to do what they do best, while maintaining peace of mind that their network and security needs are covered.
To learn more about SASE and manufacturing, listen to the podcast episode “How to implement SASE in manufacturing: A discussion with PlayPower”.
February 20, 2023
5m read
Many organizations struggle with an array of security point products that create security gaps, alert overload, and inconsistent policy configuration and enforcement challenges. As a...
February 20, 2023
5m read
Security Convergence in the Cloud: Protect More, Worry Less Many organizations struggle with an array of security point products that create security gaps, alert overload, and inconsistent policy configuration and enforcement challenges. As a result, many companies realize the benefit of moving toward an enhanced security platform that combines multiple security technologies into a single solution.
There are two approaches to achieve this:
Integration: The security platform is built by connecting together several existing solutions to achieve the desired functionality.
Convergence: The security platform is built from the ground up, with a single software stack that natively integrates all of the desired security functionality.
Convergence and integration can both be used to build a security platform. However, the two approaches work very differently and produce different results.
Where Security Integration Falls Short
Integration is a common approach to building security platforms because a vendor may already have the required pieces in its product suite. By cobbling them together into a single offering, they build something that appears to solve the problems that companies face.
However, security platforms developed via integration have several common flaws, including:
Policy Mismatches: Individual security tools are designed to solve specific problems. By definition, policy mismatches can exist between these tools in an integrated security platform, so they may not work properly.
Blind Spots: Individual security tools don’t view traffic flow in the same context, so a security incident captured by one tool may not trigger on another tool. Further, these tools do not effectively share a similar context of traffic flow. This causes coverage blind sports which leave organizations exposed and at risk for cyber attacks.
Decreased Efficiency: Integrated security tools are built of solutions with a defined set of features. Cobbling multiple tools together may create inefficiencies where multiple tools perform the same function.
False Alarms: Context is essential to differentiate between true threats and false positives. An array of tools that all look at threats independently and then share information may generate false positives that a holistic platform would not.
Interoperability Challenges: Existing tools have different code bases and policy constructs that may create challenges when trying to integrate multiple tools. These challenges can impact security coverage, security enforcement consistency, and architecture scalability, just to name a few.
Integration can build an all-in-one security solution. However, these platforms are much more likely to have significant issues that won’t exist in a converged solution.
Cloud-Native Convergence is the Key to Improved Security
Cloud migration has a significant impact on corporate IT architecture and security. Cloud adoption increases the distribution and scalability of IT infrastructure and makes IT environments more complex. As a result, it is more difficult to secure these environments, especially when users are distributed as well. So, security convergence is essential for security teams to keep pace with their responsibilities.
[boxlink link="https://www.catonetworks.com/resources/achieving-zero-trust-maturity-with-cato-sse-360/"] Achieving Zero Trust Maturity with Cato SSE 360 | Download the White Paper [/boxlink]
As corporate IT architecture expands to the cloud, an on-prem, perimeter-focused security architecture no longer makes sense. Optimizing network performance without compromising security requires moving security to where users and IT assets are: The cloud. Corporate systems hosted in the cloud take advantage of cloud scalability, which also places strain on their security infrastructure. As a result, corporate security must be not only cloud-delivered but cloud-native. This allows security to scale with the growth of the business.
Corporate environments are changing rapidly, and these changes make security more complex. Converged, cloud-native solutions are the key to improving the security of all aspects of an organization’s IT architecture.
Security Convergence with Cato SSE 360
Cato has long been committed to improving security through cloud-native convergence. Cato’s SASE Cloud and SSE 360 are cloud-native solutions that offer a range of converged security functions, including Cloud Access Security Broker (CASB), Cloud Secure Web Gateway (SWG), Firewall-as-a-Service (FWaaS), Intrusion Prevention Systems (IPS), and Zero-Trust Network Access (ZTNA).
Cato SSE 360’s converged security offers a range of benefits for organizations, including:
Improved Security Collaboration: As a converged security solution, Cato SSE 360’s security functions were designed to operate collectively. This means better collaboration between security technologies, which leads to tighter security coverage and improved outcomes.
Context Sharing: Different security technologies offer different insights for threat detection and classification. A converged security solution like Cato SSE 360 can share context more effectively because each technology has the same context, captured from the same traffic flow. This dramatically improves threat detection and response.
Faster Threat Response: Security convergence improves the quality of security data and enables SOC analysts to investigate and respond to incidents from a single solution. As a result, they can more quickly identify and remediate potential threats.
Reduced Blind Spots: Cato SSE 360 was designed as a single, converged security software stack from the beginning. This dramatically reduces blind spots when compared to solutions built from several integrated, standalone products.
More Efficient Operations: A converged security solution is more efficient because it eliminates redundant technologies. Additionally, it makes security operations centers (SOCs) more efficient by providing fewer, higher-quality alerts and enabling SOC analysts to more efficiently analyze and respond to potential threats.
360-Degree Security Coverage: Cato SSE 360 offers 360-degree security visibility and coverage.
Configurable Security: As a Security-as-a-Service (SECaaS) solution, Cato SSE 360 provides the right amount of security when an organization needs it. Cloud scalability enables rapid expansion to address increase in capacity requirements as the company grows.
Defending the Modern Enterprise with Cato SSE 360
Cato SSE 360 protects the modern enterprise from cyber threats by offering the most comprehensive network security solution in a converged, cloud-native architecture. To learn more about how Cato SSE 360 can help improve your organization’s security, sign up for a free demo today.
February 16, 2023
5m read
Ransomware continues to be a prime cyber threat to organizations of all sizes. One thesis for this is that these attacks are easier and less...
February 16, 2023
5m read
A SASE Approach to Enterprise Ransomware Protection Ransomware continues to be a prime cyber threat to organizations of all sizes. One thesis for this is that these attacks are easier and less expensive to execute than ever before, while offering very high rates of return for cybercriminals. Since the 2017 WannaCry epidemic, the ransomware industry has evolved through several stages, including:
Large-Scale Campaigns: Ransomware attacks like WannaCry were designed to infect as many systems as possible. Each infection would demand a relatively small ransom, trying to make a profit via quantity over quality.
Targeted Attacks: Over time, ransomware campaigns have evolved to be extremely targeted attacks against particular organizations. In-depth research allows cybercriminals to identify how to maximize their profits for each infection.
Ransomware as a Service (RaaS): RaaS gangs distribute copies of their malware to affiliates for a cut of the profits of successful infections. This model increased the number of companies infected with high-quality ransomware.
Double Extortion: Double extortion ransomware both steals and encrypts sensitive and valuable data on an infected system. The threat of a data leak is used to increase the probability of a ransom payment.
Triple Extortion: Triple extortion expanded the impact of a ransomware attack from the infected organization to its customers. The ransomware operators demand payments from multiple organizations whose data is affected by the attack.
Ransomware has proven to be a highly effective and profitable cyber threat. Cybercriminals will continue to innovate and build on their success to improve attack profitability and the probability of ransom payments.
Common Attack Methods for Ransomware Attacks
Cybercriminals use various methods to deploy and execute ransomware, and the following are a small sample of the most common:
Vulnerability Exploits: Unpatched vulnerabilities are a very common method for delivering ransomware. By exploiting these vulnerabilities, cybercriminals can plant and execute the malware on a vulnerable system.
Phishing: Phishing attacks use social engineering to trick users into downloading and executing malware on their devices. The ransomware can be attached to the message or located on a phishing site indicated by a malicious link.
Compromised Credentials: User credentials can be guessed, compromised by phishing, or breached in other ways. Cybercriminals can use these credentials with the remote desktop protocol (RDP) or virtual private networks (VPNs) to access and deploy malware on systems.
Malicious Downloads: Phishing sites may offer ransomware files for download. These files could masquerade as legitimate software or exploit vulnerabilities in the user’s browser to download and execute themselves.
Stages of a Ransomware Attack
Ransomware follows many of the same steps as other types of malware. The main stages in an attack include the following:
Initial Infection: A ransomware attack starts with the malware gaining access to a target system. This can be accomplished via a variety of methods, such as phishing or the use of compromised credentials.
Command and Control: Once the ransomware achieves execution, it establishes a command and control (C2) channel with its operator. This allows the ransomware to send data to and receive instructions from its operator.
Lateral Movement: Ransomware rarely immediately lands on a device containing the high-value data that it plans to encrypt. After gaining a foothold on a corporate network, the malware will perform discovery and move laterally to gain the access and privileges needed to encrypt valuable and sensitive data.
Data Theft and Encryption: Once it gains the required access, the malware will begin encrypting data and deleting backups. It may also exfiltrate copies of the data to its operator via its C2 channel.
Ransom Note: Once data encryption has been completed, the malware will reveal its presence on the system by publishing a ransom note. If the ransom is then paid and the decryption key is provided, the ransomware would decrypt all of the files that were encrypted.
[boxlink link="https://www.catonetworks.com/resources/ransomware-is-on-the-rise-catos-security-as-a-service-can-help/"] Ransomware is on the Rise – Cato’s Security as a Service can help | Download the eBook [/boxlink]
Ransomware Prevention Strategies
Once data theft and encryption have begun, an organization’s ransomware remediation options are limited. However, companies can take steps to reduce the probability of a ransomware infection, including the following:
Vulnerability Management: Regular vulnerability scanning and patching can help to close the security gaps exploited to deliver ransomware. Additionally, Web Application and API Protection (WAAP) solutions can block the attempted exploitation of unpatched vulnerabilities.
Email Security: Another common method of delivering ransomware and other malware is phishing. Email security solutions can identify and block messages containing malicious attachments or links to phishing pages.
Multi-Factor Authentication (MFA): Compromised credentials can be used to access corporate systems and deliver malware via remote access solutions. Deploying strong MFA increases the difficulty of using compromised credentials.
Web Security: Ransomware can be downloaded intentionally or unintentionally from malicious sites. A secure web gateway (SWG) can block browsing to dangerous sites and malicious downloads.
Endpoint Security: Ransomware is malware that runs and encrypts files on an infected endpoint. Endpoint security solutions can identify and remediate ransomware infections.
Cato’s Approach to Enterprise Ransomware Protection
Using machine learning algorithms and the deep network insight of the Cato SASE Cloud, we’re able to detect and prevent the spread of ransomware across networks without having to deploy endpoint agents. Infected machines are identified and immediately isolated for remediation.
Cato has a rich multilayered malware mitigation strategy of disrupting attacks across the MITRE ATT&CK framework. Cato’s antimalware engine prevents the distribution of malware in general. Cato IPS detects anomalous behaviors used throughout the cyber kill chain. Cato also uses IPS and NextGen Anti-Malware to detect and prevent MITRE ATT&CK techniques used by common ransomware groups, which spot the attack before the impact phase. And, as part of this strategy, Cato security researchers follow the techniques used by ransomware groups, updating Cato’s defenses, and protecting enterprises against exploitation of known vulnerabilities in record time.
We use heuristic algorithms specifically designed to detect and interrupt ransomware. The machine-learning heuristic algorithms inspect live SMB traffic flows for a combination of network attributes including:
Blocking the delivery of known malware files.
Detecting command and control traffic and attempts at lateral movement.
Identifying access attempts for remote drives and folders.
Monitoring time intervals, such as encrypting drives in seconds.
Cato Networks provides detection and mitigation of ransomware attacks without deploying agents on endpoints. Learn more about Cato’s network-based ransomware protection.
February 16, 2023
3m read
SASE adoption requires business and technological planning. By properly preparing for the transition, you will be able to successfully move your business-critical networking and security...
February 16, 2023
3m read
6 Steps to SASE Adoption SASE adoption requires business and technological planning. By properly preparing for the transition, you will be able to successfully move your business-critical networking and security capabilities to a vendor-delivered service. You will also have the answers to any board and leadership questions.
What does a good SASE adoption plan look like? Below we list six steps that will take you from start to finish. By following them, you can ensure a frictionless transition. (Please note that some of these steps can be executed simultaneously). For more details about each step and how to execute them, read our complete guide, here.
Step 1: Preparation
The first step is to understand what problems you are trying to solve. Do you want to eliminate appliances? Migrate from MPLS to secure SD-WAN? Maybe you need to secure your hybrid cloud or multi-cloud? By determining your drivers you will be able to prioritize functions, allocate the required budget and evaluate vendors and architectures. Once you have your list of use cases, map out which capabilities you need for each one. This will help you identify the right vendor for you, since capabilities vary among them.
Finally, determine your required security coverage. It is recommended to choose a vendor with NGFW, SWG and NextGen anti-malware capabilities. Additional capabilities that will improve your security posture are IPS, DLP, CASB and zero-day/polymorphic threat prevention.
[boxlink link="https://www.catonetworks.com/resources/how-to-adopt-sase-in-6-easy-steps/"] How to Adopt SASE in 6 Easy Steps | Download this eBook [/boxlink]
Step 2: Planning and Timeline
Once your use cases and required capabilities are mapped out, you can create a plan for implementing them. Adjust the plan to realistic timelines. Make sure to include considerations like contractual obligations, national holidays, how quickly you wish to deploy and the geographical dispersion of your network.
Step 3: RFI/RFP
Now that the groundwork is set, you can start evaluating vendors. Prepare an RFI or RFP that will help you determine which SASE provider provides the capabilities you need and at the cost you need.
Step 4: Budget and Board Approval
After planning, it’s also time to get leadership approval for the project. Be sure to include a complete business case that maps technical capabilities to drivers and cost savings. You can also add quantifiable metrics that are relevant to your specific business context.
Step 5: PoC
After slimming down your vendor list to one or two recommended ones, you can move forward with a proof of concept. Formulate a clear proof of concept plan in advance, to set clear expectations with vendors. It’s recommended to cap the PoC timeline at thirty days.
Make sure your PoC has the capabilities and the presence that matter to you, including geographical locations, performance and optimization, security coverage and platform cohesiveness.
Step 6: Implementation
You made it! You can now move forward with your front-runner vendor and complete the purchase process. Plan the implementation together with them, since you two are partners now, working together for future success.
Ready to Get Started?
SASE has eliminated the need to perform expensive, time-consuming hardware refreshes, while also ensuring seamless performance, feature enhancements and daily security updates. To learn more about how to get started, review the entire SASE adoption plan, here.
February 14, 2023
9m read
Introduction Since Gartner introduced the Secure Access Service Edge (SASE) category in 2019, interest from enterprises has grown substantially. SASE transforms enterprise IT through the...
February 14, 2023
9m read
Strategic Roadmap to SASE Introduction
Since Gartner introduced the Secure Access Service Edge (SASE) category in 2019, interest from enterprises has grown substantially. SASE transforms enterprise IT through the convergence of enterprise networking and network security into a single, cloud-native, service. It aims to optimize security posture, enable zero-trust access from anywhere, and reduce costs and complexity. Given its potential impact, SASE is becoming a strategic project for many organizations.
However, the widespread availability of SASE offering from different vendors and managed services providers is causing a great deal of confusion. Organizations are challenged to compare SASE feature sets and solutions and combine offering from multiple vendors - resulting in complex architectures that lead to incomplete service offerings that don’t meet needs and expectations.
Adopting SASE is an IT strategy targeted to accompany and enable rapid growth and digital transformation, not a tactic selection of a point product. As such, making the right selection is more critical than ever.
During the “2022 Strategic Roadmap to SASE” webinar, Gartner Research Vice President Neil Macdonald and Cato Networks CMO Yishay Yovel, discussed multiple aspects of SASE but most importantly reiterated the fundamental principles and expected benefits that are the basis of why SASE was introduced back in 2019.
[boxlink link="https://www.catonetworks.com/resources/inside-look-life-before-and-after-deploying-sase/?utm_medium=blog_top_cta&utm_campaign=before_and_after_sase"] An Inside Look: Life Before and After Deploying a SASE Service | Whitepaper [/boxlink]
Several questions were raised during the webinar; the most interesting and relevant ones are answered below. They cover the following areas:
What business and technical benefits does SASE provide?
When and how should you initiate your SASE project?
How can you deploy SASE gradually into your existing infrastructure?
How do different SASE architectures impact the expected business outcomes?
We hope these Q&A will be able to clear up some of the confusion around SASE and SSE and help organizations make the right decisions when selecting a SASE provider.
Questions
SASE market overview
1. Will SSE be replacing SASE in the short term?
No, SSE is just a stop in the journey to SASE. Today, some organizations are not yet ready to fully transition to SASE for various reasons, but they are ready to adopt SSE because they recognize the benefits in adopting cloud-delivered security services such as SWG, CASB, and ZTNA to protect their offices and remote users when accessing the public Internet. The final step in the journey will be to combine the SSE capabilities with the cloud-delivered connectivity and control services such as SD-WAN and FWaaS to complement Internet security and provide the best performances and protection when accessing corporate assets.
2. Why is the security industry generally so fragmented, and will it consolidate or splinter more in the next 5 years?
The trend is clearly towards vendor consolidation. Organizations of all sizes are looking to simplify their infrastructure and operations to become more agile. They are favoring vendors that can combine multiple security and networking functionalities in a single platform, rather than best of breed solutions. This is confirmed by a recent Gartner survey that showed that 75% of organizations are pursuing security vendor consolidation and rising to 90% by Year End 2022. That’s a stunning increase if we compare to just 29% back in 2020.
3. What are the upcoming changes in SASE that experts foresee?
SASE is calling for vendor consolidation. Gartner, in its latest report "Market Guide for Single-Vendor SASE", has explicitly restated the need to unify all SASE capabilities into ideally one single vendor or at best into two vendors that must be fully integrated. We expect a limited list of vendors to stand out in the SASE market leadership and we expect companies to accelerate their initiatives towards network and security cloud-based services to reduce infrastructure complexity, optimize their CAPEX and OPEX and better control security across all their data, users and applications.
4. What techniques work best on informing senior leadership; assisting them with understanding, approving, and adopting a SASE technology?
When talking to senior leadsership about the value of SASE, put the emphasis on the benefits that a SASE approach brings to companies in their digital transformation journey:
Simplicity - by reducing infrastructure complexity
Productivity - by providing an improved and consistent user experience
Efficiency - by reducing the overall infrastructure budget
Agility - shifting network and security skills from managing boxes to policies supporting the digital workplace
SASE Migration and adoption
5. What pre-requisites and steps are needed to transition successfully to a sustainable SASE?
Break down the organizational silos – network and security teams must work in concert in the name of speed, agility and reduction of complexity
Choose a SASE vendor that meets the SASE architectural requirements (cloud-native, converged, global & support for all edges)
Map future HW and SW refresh to the SASE vendor capabilities
Plan the transition project to start with low-risk areas to minimize friction
6. What components of SASE will be important in the SMB market now and in the next 5 years? ZTNA? CASB? SD-WAN? SMB?
Aside from the specific SASE features (which of course are important and depend on the specific business case), SMBs, probably more than any other organization, will look to adopt SASE solutions that provide the following characteristics and benefits:
Operational simplicity
High automation
Flexibility
Reliability
These characteristics are typically delivered by cloud-native SASE vendors that offer an "As-a-Service" approach to networking and security.
7. Do you have a blueprint or reference architecture for an 80% cloud, 20% on-prem environment with multiple SaaS applications?
Regarding the 80/20 split, this is just marketing. Every enterprise is different, and so is every vendor. At Cato, we believe we should deliver as much as we can from the cloud and as little as we can from on-prem. Our 1500+ customers agree with us.
Cato SASE vs other SASE solutions
8. Which are the main benefits of the Cato SASE solution compared to a managed SASE offered by a Telco?
A Telco managed SASE service is normally a conglomeration of point solutions wrapped around a telco managed blanket. Some customers may consider this "black-box" approach but be wary of the following:
They can't move as fast as a modern digital business requires. Everything is managed through tickets, and involves multiple staff members due to the complexity of the underlying solutions architecture
They can't offer a future-proof solution. They are dependent on their vendors' roadmap, and usually are last to apply updates and enhancements due to the complexity and risk of downtime.
The bottom line is that, unless they manage a real SASE architecture underneath, they are simply not the right fit for the needs of modern, digital enterprises.
9. How is Cato SASE a better value than Netskope SASE?
Enterprises today are looking to consolidate services as much as possible realizing it will improve simplicity, agility, efficiency, and productivity. Netskope offers one point product (SWG+CASB) focused on internet and cloud security, another point product (NPA) focused on ZTNA, and they recently acquired a very small SD-WAN company (Infiot) for their SD-WAN technology.
While Cato and Netskope share the common vision of a SASE solution delivered as a Service from the cloud, the main difference is in the architecture design. While the Cato architecture has been built from the ground up with a converged approach with networking and security services delivered from a single home-grown software stack, Netskope started as a CASB/DLP solution and has later expanded its services portfolio by integrating multiple point solutions together because of several acquisitions, the last one being a small SDWAN provider called Infiot acquired in August 2022. Stitching point solutions together, even if done in the cloud, still poses questions on how these services can seamlessly scale and how much time it will take, for example, to get the SD-WAN technology fully integrated in the Netskope product suite, or to lift their FWaaS engine to an acceptable level to protect the East-West traffic.
In essence, whilst Netskope has a strong SSE proposition, their complete SASE offering is still not fully baked.
If you are looking for simplicity, agility, efficiency, and productivity today, and not in 2-3 years, Cato is the best solution.
10. What incentive would a business have to switch from Fortinet to SASE via Cato?
Improved productivity - Cato can help you optimize application performance and user experience. The Cato SASE Cloud has a global private backbone which minimizes the exposure of network traffic to the unpredictable and unreliable internet
Improved efficiency - By moving from on-premise appliances to a cloud-native solution, procurement, management, and maintenance cost are dramatically reduced. Team members are freed to focus on business needs and outcomes instead of maintenance and support.
Improved agility - Whether tomorrow’s need will be additional security capabilities, business expansion, cloud migration or a new balance between office and remote work, a cloud-native network and security infrastructure allows you to meet new business requirements much faster than appliance-based infrastructure that mandates complex planning, sizing, procurement, deployment, integration, and maintenance.
Cato SASE business value
11. How will SASE have an impact on our existing infrastructure?
SASE has many capabilities that can augment your existing infrastructure today and replace it tomorrow to make your infrastructure more agile, secure, and efficient. For example, you can use a global private backbone to augment SD-WAN with a reliable global transport. You can offload internet security from your resource-constrained on-prem firewalls to an unlimited cloud-delivered security. You can also enable more users to work from remote without adding more VPN servers and without compromising on security or productivity.
12. Are you able to advise on any effort that Cato may have invested in reassuring potential Financial Service customers that the solution meets regulatory requirements?
Cato customers, including those from the financial services sector, all rely on us for their mission critical network and network security. To get their trust, we work continuously to make sure our enterprise network and our cloud service adhere to the highest security standards such as ISO, SOC, GDPR and others. Please see here for more details.
13. Are there any statistics or case studies that show typical cost savings achieved through migration from legacy networks and security to the Cato SASE solution?
Cato commissioned Forrester to run a survey across Cato Networks customers to quantify the benefits these customers have achieved in adopting the Cato SASE solution. The Total Economic Impact (TEI) report shows a stunning ROI of more than 240% when looking at the following benefits:
Reduced operation and maintenance
Reduced time to configure
Retired legacy systems (on-prem FW, SD-WAN)
The TEI document can be downloaded from here.
Cato SASE capabilities
14. Is it possible to implement the SASE architecture in countries such as: Spain, Italy, Colombia, Chile, Mexico and Venezuela?
If the SASE architecture is cloud-native, there are no limits to where it can be implemented. The implementation and availability are the responsibility of the SASE vendor. As a customer, you should focus on making sure there are SASE PoPs available withing 25ms round trip time from your users, branches, and datacenters. Cato’s SASE backbone consists of more than 75 POPs around the world with presence in all five continents, including China. New POPs are added on a quarterly basis to guarantee our customers a guaranteed minimum latency. More information can be found here.
15. Is Cato able to connect to other Next-gen firewalls through an IPsec / VPN tunnel?
Cato allows third party devices to connect to the Cato SASE cloud by means of an IPsec tunnel. A potential use case could be to leverage an existing NGFW for East-West traffic in the local premises and use the Cato Cloud to provide secure internet connectivity and East-West traffic protection for geographical sites.
16. Is it possible to interconnect two components of SASE from different vendors (e.g., Cato SASE to Cisco Viptela SD-WAN)?
Cato allows third party devices to connect to the Cato SASE cloud by means of an IPsec tunnel. Third party SDWAN devices will provide reliable connectivity to the Cato SASE cloud, once the traffic lands into one of our POPs, Cato handles security and middle-mile connectivity via the Cato private backbone.
17. How is security as a service, which is part of SASE, received by customers who have stringent compliance requirements like PCI-DSS / HIPPA etc.?
Organizations that are planning to migrate their network and security stack to the cloud must ensure they’re partnering with trusted providers who maintain the necessary levels of safeguarding and discipline of their own service security. The enterprise must evaluate the SASE vendor and make sure they adhere to the highest industry standards. Cato SASE services have received ISO27000, GDPR, SOC1, SOC2, SOC3 certifications. And with the Cato CASB solution, enterprises can configure their application control policies so that only applications which are compliant with PCI-DSS and/or HIPAA are authorized.
An old vulnerability has recently been making waves in the world of cybersecurity, and that is the catchily named CVE-2021-21974. The ransomware attack that exploits...
The Resurrection of CVE-2021-21974: The Ransomware Attack on VMware ESXI Hypervisors that Doesn’t Seem to Go Away An old vulnerability has recently been making waves in the world of cybersecurity, and that is the catchily named CVE-2021-21974. The ransomware attack that exploits a vulnerability in VMware ESXi hypervisors, has reportedly hit over 500 machines this past weekend. Shodan data indicates that many servers were initially hosted in the OVHcloud, but the blast radius appears to be constantly expanding.
So serious is the outbreak that it has gained the attention of CERT-FR (the French government center for monitoring, alerting and responding to computer attacks), which has issued an advisory warning of the vulnerability. This is the first advisory of 2023, only proceeded by a Fortinet SSL-VPN issue which was announced in December 2022.
But the biggest problem is that the CVE was originally issued two years ago when researchers at Trend Micro discovered and reported the vulnerability to VMware! That’s two years where organizations didn’t patch and upgrade their servers to mitigate against this vulnerability.
Why is CVE-2021-21974 a concern?
The researchers discovered that vCenter Server, the centralized management platform for VMware, was susceptible to an attacker executing arbitrary code with privileged levels of access. The vCenter Server is the beating heart of a company’s virtual infrastructure. It’s the place where administrators go to manage virtual machines, networks, storage, and more.
By exploiting this vulnerability, an attacker could potentially gain access to sensitive information, disrupt operations, and cause significant damage to an organization's virtual infrastructure. While VMware took steps to address this exploit, it required manual intervention on behalf of administrators to install and deploy the fix.
How does this exploit work, and how can you stay protected?
This exploit follows the traditional hallmarks of the ransomware attack chain. Let’s walk through what that looks like for enterprises with and without Cato:
Step 1) Initial access
Without Cato:
Legacy networks provide users with access to the complete network. As such, attackers have a wide range of attack vectors to gain initial access to the network and then to move laterally and attack the VMware vCenter Server. Vectors include phishing attacks, network intrusion, or exploitation of another vulnerability.
With Cato:
Cato implements a zero-trust access model, which restricts a user’s resource access and decreases the attack surfaces. It’s no longer sufficient for attackers to gain initial access to the network. They must gain access to a user or machine with access to vCenter vServer. Cato’s ZTNA includes constant device and user assessment, user access control and posture checks to ensure that initial access is not possible. If someone attempts to click on a phishing link, Cato’s SWG and FWaaS can detect, block, and log this connection – ensuring that your perimeter always remains secure.
Step 2) Exploitation
Without Cato:
The attacker exploits the vulnerability in the vCenter Server by sending a specially crafted request to the server. This request contains malicious code that the attacker wants to execute on the vCenter Server. Sometimes this is done via vulnerability chaining (using one vulnerability to expose another), while other times you just focus on a single exploit.
With Cato:
Should an attacker gain access to a machine with access to the vCenter vServer, exploiting the vulnerability will still be impossible. Our security engines, including our IPS, identify and block the malicious code before the server can even be compromised. To be clear, even though the server has not yet been patched and, in theory, would be vulnerable, Cato mitigates the attack surface area without you having to do anything. And, yes, Cato does protect against CVE-2021-21974. We have for years.
Step 3) Code execution:
Without Cato:
Upon receiving the request, the vCenter Server processes the request, which then causes the malicious code to be executed on the server. This allows the attacker to execute arbitrary code with the privileges of the vCenter Server
With Cato:
This phase is bypassed, as we have blocked the attacker from gaining access to the network, as well as blocking any malicious traffic. In the rogue event that a machine was compromised with ransomware while not being protected by Cato, our converged security solutions would prevent the lateral movement of malware throughout your network (north/south and east/west) while also providing an insight into this risk within the Cato Management Application.
Step 4) Data theft or disruption
Without Cato:
The attacker can now access sensitive information stored on the vCenter Server or disrupt operations within the virtual infrastructure. The attacker could potentially steal sensitive information, disrupt virtual machines, deploy ransomware or even completely shut down the virtual infrastructure.
With Cato:
Information is secure as Cato has stopped every step of the attack lifecycle prior to this stage. However, if someone has compromised a device in a way that hasn’t been caught, Cato’s DLP capabilities will prevent exfiltration and theft of sensitive information.
[boxlink link="https://www.catonetworks.com/rapid-cve-mitigation/"] Rapid CVE Mitigation by Cato Security Research | See Selected Critical CVEs [/boxlink]
What’s your choice?
This CVE is one of thousands which appear in the cybersecurity landscape every week, against hundreds of vendors. If you’re a network or security practitioner who’s responsible for managing a large stack of servers, which option would you choose to ensure your network doesn’t get breached?
Do you want to spend a large portion of your life chasing patches and securing vulnerabilities, deploying packages and making sure every hole of your leaking ship has been plugged?
Or should you adopt a converged stance for networking and security, and allow Cato Networks to protect you at each step of the attack cycle with minimal involvement required?
I know which option I would want....
To learn more about CVE-2021-21974 and other goodies, check out this episode of CyberTalk, our video series dedicated to raising cybersecurity awareness everywhere.
With the increased of cloud adoption has come an expansion of the corporate digital attack surface. Cyber criminals are constantly evolving their tools and techniques,...
The Future of Network Security: Cybersecurity Predictions for 2023 & Beyond With the increased of cloud adoption has come an expansion of the corporate digital attack surface. Cyber criminals are constantly evolving their tools and techniques, creating new threats, and pushing organizations to the brink.
As new trends emerge in both cyber attacks and defenses every year, we have decided to list our predictions for the top network security trends of 2023 and beyond.
#1. Zero Trust Becomes the Starting Point for Security
The goal of zero trust is to eliminate the main culprits of data breaches and other security incidents: implicit trust and excessive permissions. These play a major role in many cyberattacks as cyber criminals gain access to an organization’s network and systems, and expand that reach to exploit resources. Eliminating blind trust and limiting access with the least priviliges necessary to maintain productivity, makes this harder for an attacker to achieve.
Zero trust has gained more momentum in recent years and have become a realistic security focus. An effective zero trust strategy defines granular policies, enforces appropriate access permissions, and delivers more granular control of users on your network.
An effective Zero Trust strategy will protect organizations against many cyber threats, but it is far from a comprehensive solution. Ideally, companies will start with zero trust and then add additional controls to build a fully mature security program. Zero Trust is a journey, so having the right strategy will help smooth and expedite this journey, allowing it to move from a security goal to a security reality.
#2. Security Simplification Picks Up Steam
Every organization’s IT infrastructure and cybersecurity threat landscape is different; however, most companies will face similar challenges. Cyber criminals are more adept at targeting and exploiting weaknesses in networks and applications. SOC analysts suffer from alert overload due to high volumes of false positives. And the expansion of complex, multi-cloud environments introduce new security challenges and increased attack vectors.
Addressing these threats with an array of standalone products is unproductive, unscalable and is an ineffective approach to network security. As a result, companies will increasingly adopt security platforms that offer a converged set of security capabilities in a single architecture, enabling security teams to more effectively secure and protect complex infrastructures.
#3. Faster Adoption of SASE
Digital Transformation is forcing corporate networks to more rapidly evolve away from the complex, inflexible architectures of the past. Cloud adoption, work from anywhere (WFA), BYOD policies, and mobile devices are all making the corporate networking environment more complex and challenging to manage, optimize, secure and scale. Additionally, legacy perimeter-based security architectures have become unsustainable, forcing organizations to decide between reliable network connectivity and complete in-depth security.
As a result, companies will more quickly adopt solutions designed specifically for these modern networks. Such modern networks require a converged, cloud-delivered architecture that is reliable and resilient and grows as their business grows; This can only be achieved with Secure Access Service Edge (SASE).
#4. Expansion of Targeted Ransomware Attacks
Ransomware has proven to be an extremely profitable enterprise for cyber criminals. The secrets sauce of ransomware success is the in-depth research on attack targets - identifying the best attack vector, the most valued resources to attack, and the maximum amount a victim might be willing to pay. So considering that some countries are already in recession and many organizations are pressing to optimmize costs to remain profitable, cyber criminals will identify the weaker, more vulnerable targets and push them to the edge.
In recent years, we have seen healthcare, financial service, and more recently, manufacturing as prime targets for ransomware attacks. We expect to see these and more as attacks expand, exponentially, in 2023 and beyond.
[boxlink link="https://www.catonetworks.com/resources/sase-vs-the-upside-down-world-of-networking-and-security/"] SASE vs. the Upside Down World of Networking and Security | Download the eBook [/boxlink]
#5. Growing Importance of API Security
Modern applications are designed around APIs, and as such, application security practices depend, tremendously, on API security practices. APIs are designed to allow other programs to automatically request or submit data or perform other actions.
The design of APIs makes them an ideal target for certain types of automated attacks such as credential stuffing, vulnerability scanning, distributed denial-of-service (DDoS) attacks, and others. As cybercriminals increasingly target these APIs, implementing defenses against API-specific attack vectors becomes more crucial for business success.
#6. IoT Will See More Cyberattacks
Internet of Things (IoT) devices are experiencing tremendous growth. The expansion of 5G networks provides fast, high-performance network connectivity, making it possible to deploy these devices everywhere. As these devices mature, they will increasingly be used to collect, process, and store sensitive business data.
However, these devices, while increasingly valuable to many organizations, are at high risk for attack or compromise. A huge threat to IoT devices is that they are always available, making them ideal targets continuous attacks. Often, these devices have weak passwords, unpatched vulnerabilities, and other security issues. As they are increasingly deployed on corporate networks and entrusted with sensitive and valuable data, cyberattacks against them will continue to increase.
#7. Cyberattacks Will Increasingly Become Uninsurable
Cybersecurity insurance is one of the primary ways that organizations manage cybersecurity risk. For some it has also become their default cybersecurity strategy. When these companies suffer a ransomware attack, they expect their insurance provider to pay all costs, including the ransom and the costs of recovery and notifications.
However, the surge in expensive ransomware attacks has caused some insurance providers to explore options in their coverage schemes. This includes placing more requirements on customers to demonstrate improved cyber defenses and compliance with security standards as conditions for acquiring and maintaining an insurance policy. The end result may be limiting coverage parameters, and if attacks continue to grow more common and expensive — which they likely will — eliminating coverage all together.
#8. Cyber Resilience Becomes an Executive Priority
Cybercriminals are increasingly moving toward attacks focused on business disruption. Ransomware attacks deny access to critical company resources. Other notable attacks render corporate systems inaccessible to legitimate users. As a result, companies are compromised as cybercriminals threaten their ability to operate and maintain profitability.
The growing threat of cyberattacks to the business will make cyber resilience a priority for C-level executives. If cyberattacks can bring down the business, investing in preventive solutions that can manage or mitigate these risks makes good strategic and financial sense.
What These Predictions Mean for Enterprises
In 2023, the evolution of the cybersecurity landscape will drive the evolution of corporate security platforms. Legacy security architectures will need to be replaced with solutions designed for the modern, more dynamic IT architecture and rapidly evolving cyber threats.
The Cato SASE Cloud and SSE 360 solutions helps companies implement security architectures that offer holistic, 360-degree protections against the latest cyber threats. To learn how Cato can help your organization improve its network performance and security, sign up for a demo today.
Today we announced that Cato Networks was named a “Leader” and “Outperformer” by GigaOm in the analyst firm’s Radar for SD-WAN Report. This is our...
Cato SASE Cloud’s “Innovation” and “Platform Play” Earn “Leader” and “Outperformer” Status in GigaOm SD-WAN Radar Report Today we announced that Cato Networks was named a “Leader” and “Outperformer” by GigaOm in the analyst firm’s Radar for SD-WAN Report. This is our first year to be included in the report and already we shot to the top of the leader’s circle, underscoring the strength and maturity of Cato SD-WAN and showing the importance of considering SD-WAN as part of a broader SASE offering.
The report evaluates 20 notable SD-WAN vendors, including Cisco, Fortinet, Versa Networks, Juniper, Palo Alto, VMware, and others. Of all these SD-WAN providers, Cato Networks is the only one rated as Exceptional in all the key criteria considered to be differentiators among the providers as well as the primary features for customers to consider as they compare solutions.
Figure 2: Only Cato scored “Exceptional” across every one of GigaOm’s Key Criteria
GigaOm: Cato’s SD-WAN Is “Easier to Maintain and Scale”
The report highlights Cato’s unique cloud-based approach to delivering SD-WAN as a real differentiator that makes a software-defined wide area network easier to maintain and scale for business needs.
“Cato SASE Cloud is a converged cloud-native, single-pass platform connecting end-to-end enterprise network resources within a secure global service managed via a single pane of glass,” says the report. “By moving processing into the cloud using thin edge Cato Sockets, Cato SASE Cloud is easier to maintain and scale than competitive solutions, with new capabilities instantly available. Leveraging an expanding global SLA-backed network of over 75 PoPs, Cato is the only SD-WAN vendor currently bundling a global private backbone with its SD-WAN. Moreover, Cato offers both a standalone SD-WAN solution and a security service edge solution – Cato SSE 360 – for securing third-party SD-WAN devices.”
[boxlink link="https://www.catonetworks.com/resources/gigaoms-evaluation-guide-for-technology-decision-makers/?utm_source=blog&utm_medium=top_cta&utm_campaign=gigaom_report"] GigaOm’s Evaluation Guide for Technology Decision Makers | Report [/boxlink]
Cato Is a Strong “Platform Play” with “Innovation”
The report places Cato as the only vendor with a strong “Platform Play” and “Innovation” in features. According to the report, “Positioning in the Platform Play quadrant indicates that the vendor has a fully integrated solution – usually built from the ground up – at the functional level.” The report additionally recognizes Cato as an Outperformer “based on the speed of innovation compared to the industry in general.” GigaOm calls Cato “a vendor to watch” for its innovation.
Read the GigaOm report for yourself to see why Cato SASE Cloud is the leader of the SD-WAN pack.
The manufacturing industry is constantly evolving. The revolution known as Industry 4.0 is introducing new technologies and innovations that are accelerating digitization and improving efficiency...
How SASE is Transforming the Manufacturing Industry The manufacturing industry is constantly evolving. The revolution known as Industry 4.0 is introducing new technologies and innovations that are accelerating digitization and improving efficiency and productivity. One of these new innovations technologies is SASE (Secure Access Service Edge).
What is SASE?
SASE is an enterprise networking and security category that converges network and security technologies into a single, cloud-native service. Converged functionalities include SD-WAN, Zero Trust Network Access (ZTNA), firewall-as-a-service (FWaaS), cloud-access security broker (CASB), DLP and secure web gateway (SWG).
SASE reduces the risk of cybersecurity breaches and enables global access to applications and systems. It also provides enterprises and plants with the ability to remove the cost and overhead incurred when maintaining complex and fragmented infrastructure made of point solutions. As a result, SASE is gaining momentum across multiple industries, including manufacturing.
[boxlink link="https://catonetworks.easywebinar.live/registration-sase-value-and-promise-in-manufacturing"] SASE’s Value in Manufacturing | Go to Webinar [/boxlink]
How Manufacturers Benefit from SASE
Manufacturers can replace their legacy networking solutions, like MPLS, with SASE, to benefit from the capabilities SASE provides. Main benefits include:
Global connectivity: SASE provides the ability to securely connect tens of thousands of employees across dozens of plants around the globe to SaaS and on-premises applications. SASE can connect any network: the internet, MPLS, cellular networks and more.
Remote access: SASE supports the shift of workers to home offices by enabling a hybrid work environment.
Cloud connectivity: SASE enables users to access any production applications that migrated from on-prem to the cloud, while still supporting on-premises infrastructure.
Flexibility: SASE provides the infrastructure that enables producing innovative new products and reinventing outdated manufacturing processes.
Speed and performance: SASE enables manufacturers to increase bandwidth. Some manufacturers have been able to achieve 3x their previous WAN bandwidth.
Cost reduction: Some manufacturers have saved up to 30% annually by transitioning to SASE. In addition, SASE frees up employees to focus more on strategic projects that can benefit the business.
Smooth transition: SASE can be deployed quickly which makes the process nearly hassle-free.
Improved user experience and collaboration: SASE improves employee satisfaction and productivity by enhancing connectivity speed and performance.
Enhanced security: SASE enables faster detection, identification, response and remediation of cybersecurity incidents.
Spotlight: O-I Glass
O-I Glass, an Ohio-based glass bottles manufacturer, deployed Cato’s SASE Cloud solution as a replacement to their previous MPLS solution. By transitioning to SASE, O-I Glass was able to provide faster, more secure and higher performing access to their 25,000 employees spread across 70 plants in 19 countries. SASE also supports their employees’ secure connectivity when they work from home. The transition itself took six months and the estimated cost savings are 20% to 30% compared to their previous solutions.
By implementing SASE, O-I Glass was also able to deploy innovative methods for improving the manufacturing process. They introduced HoloLens, the Microsoft augmented reality/mixed reality system. These headsets are helping their engineers collaborate. When wearing them, engineers located in different continents can see what the other is seeing, without requiring trans-atlantic flights. Before SASE, their infrastructure could not support such use. In addition, SASE supports their future plans for a modular glass production line as well as plans for plant maintenance and training.
To learn more about SASE and manufacturing, listen to the podcast episode “How to implement SASE in manufacturing: A discussion with PlayPower”.
Your SSE project is coming up. As an IT professional, you will soon need to organize the requirements for your enterprise’s security transformation journey. To...
The SSE RFP/RFI Template (or how to evaluate SSE Vendors) Your SSE project is coming up. As an IT professional, you will soon need to organize the requirements for your enterprise's security transformation journey. To assist with this task, we’ve created a complimentary RFP template for your use. This template will help you ensure your current and future security threats are addressed and that your key business objectives are met.
The RFP template comprises four sections:
Business and IT overview: Your business, project objectives, geographies, network resources, security stack, and more.
Solution architecture: The architectural elements of the solution, how they operate, where they are situated, scaling abilities, failure resolution capabilities, and more.
Solution capabilities: The functionalities provided by the solution.
Support and services: The vendor’s support structure and available managed services.
You can find the complete template, with more details and guidance, here.
Please note, the template covers core SSE requirements alongside extended capabilities like FWaaS, NGAM, IPS and global private backbone. These additions will give you flexibility to expand into these projects in the future. So, let’s examine each one of these sections briefly.
[boxlink link="https://www.catonetworks.com/resources/ensuring-success-with-sse-rfp-rfi-template/"] SEE RFI/RFP Made Easy | Get the Template [/boxlink]
Business and IT Overview
In this section, you will describe your company, including elements like your business and technical goals, other strategic IT projects you are managing, the project scope, your current security architecture and technologies, datacenters geographies, your cloud providers, and more.
This section is intended to provide the vendor context about your business. Therefore, it is recommended to elaborate as much as you can.
Solution Architecture
This section allows the vendor to describe the solution’s architecture and how its services are delivered. In addition, you will get answers to questions about the solution’s architecture strategy. For example, what is their approach to consolidating security capabilities? How is high availability and resiliency provided? How easy is it to scale? These are a few of the many questions this section will help answer.
Solution Capabilities
This section requires the vendor to describe their SSE security capabilities. These include SWG, ZTNA CASB and DLP, and security management analytics and reporting. Additional requested information can include advanced threat prevention, threat detection and response, east-west security, policy management and enforcement, and non-web port traffic protection.
Support and Services
This section will enable you to understand the vendor’s support and managed services. You will get answers to support availability, SLAs, professional services and managed services options.
In addition to these four sections, the template also provides a fifth section about future expansion options. This forward-looking section helps you understand how easy it will be to transition to SASE, if required. From our experience, for many organizations this is the next step after basic SSE. This section will provide you with information about the migration process, configuration complexity, which technologies are required, and more.
How to Use the RFP Template
The RFP template can help choose the right SSE vendor for your current and future network security needs. To review and start using the entire template, click here.
Ever since Secure Access Service Edge (SASE) was adopted by every significant networking provider and network security vendor, IT leaders have been waiting for a...
Gartner’s Market Guide to Single-Vendor SASE Offerings: The Closest Thing You’ll Get to a SASE Magic Quadrant Ever since Secure Access Service Edge (SASE) was adopted by every significant networking provider and network security vendor, IT leaders have been waiting for a Gartner SASE Magic Quadrant.
And for good reason.
The industry has seen widely different approaches to what’s being marketed as SASE. Some companies partnered with each other to offer a joint solution with slightly integrated products. For example, Zscaler and any number of SD-WAN partners. Others simply rebranded their existing solutions as SASE. Think VMware SD-WAN (previously VeloCloud) turning into VMware SASE.
Market consolidation has brought together still other companies with disparate services requiring years’ worth of integration. As an example, consider HPE, Aruba and Silver Peak and the integration work ahead of them to make a cohesive SASE product. Meanwhile, we at Cato Networks chose a different path: to build a fully converged, global networking and security solution from the ground up. Gartner calls this “single-vendor SASE.”
A SASE Magic Quadrant would clear up the confusion in the industry and separate the leaders from losers. But while Gartner may not yet be ready to issue a SASE Magic Quadrant, the firm has issued the next best thing -- Market Guide for Single-Vendor SASE. The report takes a close look at the SASE market and specifically at single-vendor SASE.
The Single-Vendor SASE Market is Projected to Grow Substantially
Gartner defines a single-vendor SASE offering as one that delivers converged network and security as-a-service capabilities using a cloud-centric architecture. Cato is the prototypical single-vendor SASE leader. Example services that are part of a single-vendor SASE offering are SD-WAN, SWG, FWaaS, ZTNA, and CASB. All of those service, and this is key, are fully converged together in the underlying architecture, service delivery, and management interface. They truly are one cloud service, which is what separate single-vendor SASE from other approaches.
These converged services might also be the full roster of capabilities for the newest single-vendor SASE entries but they are only the starting point for Cato. In addition to those services, Cato also offers a global private backbone, data loss prevention (DLP), rapid CVE mitigation, managed threat detection and response, SaaS optimization, UC and UCaaS optimization, and a range of other capabilities.
According to Gartner, there should be rapid growth in single-vendor SASE implementation in the next few years. While only 10% of deployments were single-vendor SASE solution last year, Gartner expects a third of all new SASE deployments by 2025 to be single-vendor. By the same timeframe, half the new SD-WAN purchases will be part of a single-vendor SASE offering.
The market’s growth is largely being driven by the desire for simplicity by reducing the number of deployed solutions and vendors. Of course, reducing complexity while still offering enterprise-class capabilities is something Cato has been delivering for years.
[boxlink link="https://www.catonetworks.com/resources/gartner-market-guide-for-single-vendor-sase/?utm_medium=blog_top_cta&utm_campaign=gartner_single_vendor_sase"] Gartner® Market Guide for Single-Vendor SASE | Report [/boxlink]
Cato Was Ahead of Its Time in This “Adolescent” Market
“A single-vendor SASE must own or directly control (OEM, not service chain with a partner) each of the capabilities in the core category,” according to the report authors. A “well-architected” solution must have all services fully integrated, a single unified management plane and a single security policy, a unified and scalable software-based architecture, and flexibility and ease of use. The report lists core functional requirements in each of the areas of secure web gateway, cloud access security broker, zero trust network access, and software-defined WAN.
Gartner points out that there are several vendors in the “adolescent” industry that meet the analyst firm’s minimum requirements. There are more, still, that come close but aren’t quite there with their offerings.
Because single-vendor SASE brings together networking and security into one solution with many functions, Gartner recommends that a joint team of network professionals and security experts be appointed to evaluate the solutions based on the organization’s foremost needs.
Single-Vendor SASE Has Lots of Benefits
The benefits of single-vendor SASE are many. Gartner cites the following as reasons to go this route for a SASE solution:
An improved security posture for the organization – This is based on reduced complexity of the various security functions, a single policy enforced everywhere, and a smaller attack surface.
Better use of network and security staff – Deployment times are reduced, fewer skills and resources are needed to manage a unified platform, a single policy is applied throughout the various security functions, and redundant activities go away.
Improved experiences for users and system administrators – Performance issues such as latency and jitter are easier to tame or eliminate, it’s easier to diagnose issues end-to-end, and there is a single repository for logs and other event data.
Of course, implementing such a solution can have its challenges as well—like how to deal with organizational siloes, and what to do about existing IT investments. Global coverage can be an issue for the early-stage vendors. Fortunately, Cato has extensive coverage with 75+ PoPs around the world today. Gartner says solution maturity can be an issue, but that’s mainly a problem for the neophyte vendors. With more than 8 years in the single-vendor SASE business behind us, Cato is one of – if not the – most mature vendor in the market.
Gartner Offers Recommendations
As with all Gartner guides, the research firm has recommendations pertaining to strategy and planning, evaluation, and deployment:
Establish a cross-functional team including people from both networking and security to increase the potential for a successful implementation.
Evaluate single-vendor SASE against the backdrop of multi-vendor and managed offerings to determine which method would provide the most flexibility.
“Choose single-vendor SASE offerings that provide single-pass scanning, single unified console and data lake covering all functions to improve user experience and staff efficacy.” (Spoiler alert: Cato provides all of these things.)
Do a Proof of Concept project with real locations and real users to see how well an offering can meet your needs. (Cato is happy to set you up with a PoC today.)
If you are looking for the most mature and feature-rich single-vendor SASE offering with the largest number of worldwide PoPs, look no further than Cato Networks. Request a demo at https://www.catonetworks.com/contact-us/.
The face of the modern corporate network is changing rapidly. Digital transformation initiatives, cloud adoption, remote work, and other factors all have a significant impact...
Remote Access VPNs are a Short-Term Solution The face of the modern corporate network is changing rapidly. Digital transformation initiatives, cloud adoption, remote work, and other factors all have a significant impact on where corporate IT assets are located and how corporate networks are used.
Companies looking to provide secure remote access to their off-site employees have largely chosen to expand their existing virtual private network (VPN) deployments. However, this is a short-term solution to the problems of the increasingly distributed enterprise. VPNs are ill-suited to meeting modern business needs and will only become less so in the future. It’s time for a change.
Secure Remote Access Has Become Business-Critical
Until a few years ago, most or all of an organization’s employees worked almost exclusively from the office. As a result, many corporate security infrastructures were perimeter-focused, working to protect employees and systems inside the office from external threats.
However, remote work has become normalized in recent years. Companies have been slowly shifting toward supporting remote work for some time now, and the pandemic accelerated this shift. Even as some companies try to pull workers back to the office, a higher percentage of employees are working remotely, at least part-time, than before the pandemic.
The ability to support remote work has become a critical capability for modern business. The popularity of remote work has made remote or hybrid work programs important for attracting and retaining talent. Additionally, a remote work program can also be a key component of a business continuity and disaster recovery (BC/DR) strategy as employees can work remotely in response to power or Internet outages, extreme weather, or public health crises.
[boxlink link="https://www.catonetworks.com/resources/why-remote-access-should-be-a-collaboration-between-network-security/"] Why remote access should be a collaboration between network & security | White Paper [/boxlink]
A Remote Access VPN Doesn’t Meet the Needs of the Modern Enterprise
A central component of an organization’s remote work program is secure remote network access. Employees need to be able to access corporate networks, resources, and data without fear of eavesdropping or other cyber threats. Historically, many organizations have relied upon VPNs to provide secure remote access. VPNs provide an encrypted connection between two points, securing traffic between a remote user’s computer and the VPN server on the corporate network. The problem is, however, that VPNs don’t meet the business needs of the modern enterprise.
Some of their shortcomings include:
Lack of Scalability: In general, corporate VPN deployments were designed for occasional usage by a small percentage of an organization’s workforce. Continuous usage by a larger group — as many organizations experienced during the height of the pandemic — results in significantly degraded performance and can render VPN deployments unusable for employees.
Performance Degradation: VPNs are point-to-point solutions, meaning that they are often designed to connect remote employees to the headquarters network. With the growth of cloud computing and the distributed enterprise, this can result in inefficient network routing and increased latency.
Nothing but Basic Security: VPNs are designed solely to provide an encrypted connection between a remote employee and the headquarters network. They offer no access control or other security functions to ensure that the traffic they carry is benign or to implement zero-trust access controls.
VPNs are intended to allow employees to securely do their jobs from outside the office. Yet their limitations mean that they offer neither productivity nor security.
VPNs struggle to meet the needs of the modern enterprise, and corporate IT architectures and business needs are rapidly evolving. As a result, the impact of VPNs on business operations will only grow more pronounced in the future.
Some key business operations that will be inhibited by VPNs include:
Regulatory Compliance: Companies are subject to various regulations, and these regulations are periodically updated to reflect updates to the cyber threat landscape and available security solutions. When zero trust and more robust threat monitoring and prevention capabilities become required by law, VPNs will be unable to provide them.
Mobile Support: The use of mobile devices for business purposes has grown dramatically in recent years. VPN deployments designed for desktops and laptops often have lower usability and performance for mobile users.
Cyber Risk Management: The remote workforce is an easy target compared to applications secured behind advanced firewalls and threat prevention tools. Enterprises cannot rely on VPNs to secure remote users, and are required to apply means to minimize risk and exposure to advanced attacks originating from remote user’s devices.
Moving Beyond the VPN
A remote access VPN is a thing of the past. It is a tool designed to implement a connectivity model that no longer works for the modern organization. While VPNs have significant limitations and challenges today, these issues will only be exacerbated over time as networks, threats, and compliance requirements evolve. Switching away from legacy technology today will improve an organization’s security posture in the future.
Secure Access Service Edge (SASE) and Security Service Edge (SSE) solutions with integrated zero trust network access (ZTNA) provide all of the secure remote access capabilities VPN lacks. It is a solution designed for the modern, distributed enterprise that converges a full stack of enterprise network security capabilities. SASE/SSE offers all of the benefits of a VPN and more with none of the drawbacks. Learn more about how Cato SASE Cloud — the world’s first SASE platform — can help you modernize your organization’s secure remote access capabilities by signing up for a free demo today.
Properly implemented, a zero trust architecture provides much more granular and effective security than legacy security models. However, this is only true if a zero...
You’ll Need Zero Trust, But You Won’t Get It with a VPN Properly implemented, a zero trust architecture provides much more granular and effective security than legacy security models. However, this is only true if a zero trust initiative is supported with the right tools. Legacy solutions, such as virtual private networks (VPNs), lack the capabilities necessary to implement a zero trust security strategy.
Zero Trust Security is the Future
Castle-and-moat security models were common in the past, but they are ineffective at protecting the modern network. Some of the primary limitations of perimeter-focused security models include:
Dissolving Perimeters: Legacy security models attempt to secure a perimeter that encapsulates all of an organization’s IT assets. However, with growing cloud adoption, this perimeter would need to enclose the entire Internet, making it ineffective for security.
Insider Threats: A perimeter-focused security model lacks visibility into anything inside of the corporate network perimeter. Insider threats — such as attackers that breach an organization’s defenses, supply chain vulnerabilities, and malicious users — are all invisible to perimeter-based defenses.
Trusted Outsiders: Castle-and-moat security assumes that everyone inside the perimeter is trusted, while outsiders are untrusted. However, the growth of remote work means that companies need to find ways to account for trusted users outside of the perimeter, forcing the use of insecure and unscalable VPNs.
The zero trust security model was designed to address the limitations of these legacy security models. Under the zero trust model, all access requests are evaluated independently against least privilege access controls. If a user successfully authenticates, their session is monitored for suspicious or risky activity, enabling potential threats to be shut down early.
94% of companies are in the process of implementing zero trust, making it one of the most common cybersecurity initiatives. Some of the drivers of zero-trust include:
Corporate Security: Data breaches and ransomware infections are common, and, in many cases, are enabled by the remote access solutions (VPNs, RDP, etc.) used to implement perimeter-based security. Zero trust promises to reduce the probability and impact of these security incidents, decreasing enterprise security risk.
Regulatory Compliance: The zero trust security model aligns well with regulators’ goals to protect sensitive information. Implementing zero trust is best practice for compliance now and may be mandatory in future updates of regulations.
Incident Investigation: A zero trust security system tracks all access requests on the corporate network. This audit trail is invaluable when investigating a security incident or demonstrating regulatory compliance.
Greater Visibility: Zero trust’s stronger access control provides granular visibility into access requests. In addition to security applications, this data can also provide insight into how corporate IT assets are being used and inform infrastructure design and investment.
Zero trust overcomes the problems of legacy, perimeter-focused security models. As corporate IT environments expand, cyber threats mature, and regulatory requirements become stricter, it will be a vital part of a mature security policy.
[boxlink link="https://www.catonetworks.com/resources/why-remote-access-should-be-a-collaboration-between-network-security/?utm_medium=blog_top_cta&utm_campaign=remote_access_whitepaper"] Why remote access should be a collaboration between network & security | White Paper [/boxlink]
A VPN Can’t Provide Zero Trust
The rise of remote and hybrid work has made secure remote access a vital capability for many organizations. VPNs are a well-established remote access solution, and many organizations turned to them to support their remote employees.
However, while VPNs offer employees secure remote access to the corporate network, they fail to provide crucial capabilities for a zero trust deployment. Some of the ways in which VPNs fall short include:
Access Management: VPNs are designed to provide an authenticated user with full access to the corporate network, simply creating an encrypted tunnel from the user’s machine to the VPN endpoint. Without built-in access controls, VPNs cannot enforce zero trust’s least privilege access policies.
Integrated Security: VPNs have no built-in security capabilities, meaning that traffic must be routed through a full security stack en route to its destination. With corporate assets scattered on-prem and in the cloud, this usually results in traffic being routed to a central location for inspection, increasing network latency.
Optimized Routing: VPNs are point-to-point solutions, which limit the routes that traffic can take and can cause significant latency due to suboptimal routing. This may cause security controls to be bypassed or disabled in favor of improved network performance.
Two of the foundational concepts of zero trust security are access control and monitoring for security issues during an authenticated user’s session. VPNs provide neither of these key capabilities, and their performance and scalability limitations mean that users may attempt to evade or bypass defenses to improve performance and productivity. While zero trust is rapidly becoming essential for corporate cybersecurity, VPNs are ill-suited to implementing a zero trust architecture.
Achieving Zero Trust with SSE and SASE
These two essential capabilities of zero trust — access control and session security monitoring — are the reason why Security Service Edge (SSE) and Secure Access Service Edge (SASE) are ideal for implementing a corporate zero trust program. SASE solutions include zero trust network access (ZTNA) functionality, which provides the ability to enforce least privilege access controls across the corporate WAN.
Alongside ZTNA, SSE and SASE solutions also offer a range of key security functions, including Firewall as a Service (FWaaS), an intrusion prevention system (IPS), a secure web gateway (SWG), and a cloud access security broker (CASB). Converging security functions with access control makes SASE an all-in-one solution for zero trust.
SASE’s design can also eliminate the network performance impacts of security. Deployed as a cloud-native solution on a global network of points of presence (PoPs), SASE can inspect traffic at the nearest PoP before optimally routing it to its destination. Cloud-native design ensures that converged security has the resources required to perform vital security functions without incurring latency.
Cato provides the world’s most robust single-vendor SASE platform, converging Cato SD-WAN and a cloud-native security service edge, Cato SSE 360, including ZTNA, SWG, CASB/DLP, and FWaaS into a global cloud service. With over 75 PoPs worldwide, Cato optimizes and secures application access for all users and locations, and is easily managed from a single pane of glass. Learn more about how Cato SASE Cloud can support your organization’s zero trust security goals by signing up for a free demo today.
Secure remote access is a common need for the modern enterprise. While employees almost exclusively worked from the office in the past, this has changed...
4 Ways Where Remote Access VPNs Fall Short Secure remote access is a common need for the modern enterprise. While employees almost exclusively worked from the office in the past, this has changed in recent years. The pandemic and the globalization of the workforce means that organizations may have users connecting and working from all over the world, and these remote users need secure remote access to corporate networks and other resources.
Historically, virtual private networks (VPNs) were the only available solution, and this familiarity has driven many organizations to expand their existing VPN infrastructure as the need for secure remote access has grown. However, VPNs are network solutions that were designed for corporate networks and security models that no longer exist, and cannot provide secure, high-performance network access to a workforce that requires a more modern remote access solution.
Let’s take a closer look at how remote access VPNs fall short:
1. Lack of built-in security/access management
VPNs are designed to provide secure remote access to corporate networks or IT resources. This includes creating an encrypted VPN tunnel between two endpoints — such as a remote employee’s computer and a VPN server on the corporate network — for business traffic to travel over.
While VPNs can protect against eavesdroppers, that’s about all that they can do. They include no built-in access management or security controls beyond requiring a username and password at logon. Protecting the corporate network against any threats that come over the VPN connection — such as those from an infected computer or a compromised user account — or implementing a zero-trust security policy requires additional security solutions deployed behind the VPN endpoint.
2. Geographic constraints
VPNs are designed to connect two points with an encrypted tunnel that network traffic can flow over. Securing corporate network traffic along its entire route requires VPN connections along each leg of that route. Corporate IT environments are becoming more distributed with the growth of cloud computing, remote sites, Internet of Things (IoT) devices, and business use of mobile devices. Securing access to all of the corporate WAN often creates tradeoffs between network performance and security.
VPNs’ lack of built-in security means that security solutions must be deployed behind each VPN server, making it more difficult to directly link every potential traffic source and destination. Instead, many organizations backhaul traffic to the headquarters network for inspection, degrading performance and increasing latency.
[boxlink link="https://www.catonetworks.com/resources/why-remote-access-should-be-a-collaboration-between-network-security/?utm_medium=blog_top_cta&utm_campaign=remote_access_whitepaper"] Why remote access should be a collaboration between network & security | White Paper [/boxlink]
3. Inefficient routing
The point-to-point nature of VPN connections means that a VPN connection can only provide secure access to a single location. For example, a user may be able to connect directly and securely to the corporate WAN.
However, corporate networks are increasingly distributed with infrastructure in on-prem data centers and scattered across multi-cloud environments. As a result, VPNs either force users to have VPNs configured for multiple different locations or to accept inefficient network routing that passes through a single VPN terminus en route to their intended destination.
4. Excessive trust in endpoint security
The goal of a VPN is to protect remote users’ network traffic from being intercepted or eavesdropped upon en route to its destination. VPNs don’t inspect the traffic that they carry or perform any access control beyond basic user authentication. As a result, VPNs are overly trusting in the security of the endpoints that they connect.
Some of the threats that VPNs provide no protection against include:
Infected Devices: If a remote employee’s device is compromised with malware, the malware can send traffic over the device’s VPN connection as well. This could allow an attacker to bypass security restrictions and gain access to corporate networks.
BYOD Devices: The rise of remote work has resulted in increased use of personally owned devices for business purposes. These devices can connect to corporate IT assets via VPNs and may be infected with malware or non-compliant with corporate security policies.
Compromised Accounts: VPNs only implement access control in the form of user authentication when setting up a VPN session. If an attacker has compromised a user’s authentication credentials (password, etc.), they can log in as that user and connect to corporate IT assets.
VPNs only secure the connection over which two endpoints are communicating. They’re overly trusting of the endpoints involved in the communication, which can result in malware infections or other threats to corporate assets.
Building Secure Remote Access for the Modern Enterprise
VPNs have significant limitations in terms of their performance, usability, and security. While these issues may have been manageable in the past, rapidly evolving corporate networks make them an increasingly unsuitable solution for secure remote access. Relying on legacy remote access VPNs forces companies to make choices between network performance and security.
Organizations looking to modernize their IT infrastructure to better support remote and hybrid work schedules need to replace their VPNs. Secure Access Service Edge (SASE) provides the capabilities that they need, eliminating the limitations of VPNs and providing numerous additional benefits.
With SASE, companies can move security to the network edge, enabling network optimization without sacrificing security. To learn more about how a cutting-edge SASE solution can enhance an organization’s remote access infrastructure, sign up for a free demo of Cato SASE Cloud, the world’s first global SASE platform, today.
December 28, 2022
7m read
Making the Paradigm Shift A paradigm shift away from traditional network and security architectures towards a more flexible and highly scalable cloud-native SASE Cloud architecture...
December 28, 2022
7m read
A CxO’s Guide: Tough Questions to Ask When Moving to SASE Making the Paradigm Shift
A paradigm shift away from traditional network and security architectures towards a more flexible and highly scalable cloud-native SASE Cloud architecture can be stomach-churning for many CxOs today. However, taking a holistic view of the drivers of this shift will help put things into perspective. Realizing desired outcomes like the reallocation of resources to more strategic initiatives, agility, speed, and scalability can bring about child-like anticipation of how this new world of SASE will feel.
Before CxOs achieve technology nirvana, however, they must take a few logical steps, and asking tough questions to understand the problem statements and desired outcomes is an important part of this. To better frame this picture, we’ve discussed this with a few of our customers to understand their thought processes during their SASE journey.
Define The Problem Statement
Organizations arrive at SASE decisions from different vectors. For some, it’s as easy as upgrading their WAN connectivity and adding better security. For others, it is exploiting a refresh cycle to explore “what’s next”. Whatever the drivers, understanding the true problems is essential for proper outcomes.
A simple problem statement might be, “Our network is a mess, so we need a different approach to this refresh cycle. Do we have the talent to pull it off?” This identifies two problems to solve: network performance and reliability, and the skillset deficit. Another problem statement might be, “Our current tools are too expensive to maintain, and we need more value for the money we spend.” This implies that managing network and security tools, equals more time spent on mundane support tasks than strategic projects.
While these statements are rather generic, they are no less real-world for most CxOs. Identifying the true problem statement can be exhaustive; however, this is the first step toward understanding the right questions to ask.
“The steep learning curve on our firewalls meant we were not getting value on the high costs we were paying. We needed a simpler, well-designed solution that our teams could more easily learn and manage.”
~ Joel Lee, CIO @ an Asia-Based Construction Firm
Ask The Tough Questions
Determining which questions are relevant enough to influence a buying decision and asking them can also be exhausting. Not all tough questions are relevant questions, and vice versa. Additionally, all questions must derive from the problem statements specific to your business situation. The following were the top questions our CxOs tend to ask:
1. Does this fit our use cases, and what do we need to validate?
“What problems are we trying to solve, and how should we approach this?” By asking this question of their teams, CxOs are basically asking what is not working, why it’s not working, and what success looks like when it is working. On the surface, it seems easy to answer; however, when digging deeper, many organizations find this to be a daunting question because the answer is sometimes a moving target and is almost always subjective.
2. Do we have the right skills?
When moving to a 100% cloud-delivered SASE solution, it is logical to question the level of cloud expertise required. However, a major relief for CxOs is realizing that their teams could easily be trained for a SASE Cloud solution. Additionally, they realize their teams have more time to expand other technical skills that benefit the broader organization. This allowed them to re-frame the question to, “what additional skills can we learn to build a more agile and dynamic IT organization?”
3. SD-WAN makes sense, but SASE? How will all security services be delivered without an on-prem device? What are the penalties/risks if done solely in the cloud?
Traditional appliances fit nicely inside the IT happy place – an on-prem appliance with all configurations close by. So, can we really move all policy enforcement to the cloud? Can a single security policy really give us in-depth threat protection? These questions try to make sense of SASE, highlighted by a fear of the architectural unknown. However, existing complexity is why these CxOs wanted to inject sanity and simplification into their operations. Security-as-a-Service delivered as part of a SASE Cloud made sense for them, knowing they get the right amount of security when needed.
4. What will the deployment journey be like, and how simple will it be?
Traditional infrastructure deployments require appliances everywhere, months and months of deployment and troubleshooting, multiple configurations, and various other risks that may not align with business objectives. This is a common mindset when pursuing SASE, and CxOs want to understand the overall logistics – “Will our network routing be the same? Will our current network settings be obsolete? Where will security sit? How will segmentation work? Is it compatible with my clouds, and how will they connect? Who supports this and how?” This is just a tiny subset of items to understand, intending to set proper expectations.
5. What are the quantitative and qualitative compromises?
CxOs need to understand how to prioritize and find compromises where needed. Traditional costs often exceed the monetary value and can veer into architecture and resource value. So, an effective approach proposed was using the 80/20 rule on compromises – what are my must-have, should-have, and could-have items or features? Answering this begins with knowing where the 80/20 split is. For example, if the solution solves 80% of your problems and leaves 20% unsolved, what is the must-have, should-have, and could-have of the remaining 20%?
How do you determine which is which?
How would you solve the must-haves differently inside the same architecture?
How will you adapt if an architectural could-have unexpectedly evolves into a must-have?
6. How do we get buy-in from the board?
SASE is just as much a strategic conversation as it is an architectural one. How a CxO approaches this – what technical and business use cases they map to, and their risk-mitigation strategy – will determine their overall level of success. So, gaining board-level buy-in was a critical part of their process. There were various resources that helped with these conversations, including ROI models. CxOs can also consult our blog, Talk SASE To Your Board, as another valuable resource that may assist in these conversations.
“What does this convergence look like, and how do we align architecturally to this new model?”
~ Head of IT Infrastructure @ a Global Financial Services Firm
Mitigate Internal Resistance
Any new project that requires a major paradigm shift will generate resistance from business and IT teams. Surprisingly, our panel experienced very little resistance when presenting SASE to their teams. Each anticipated potential resistance to budgets, architecture change, resource allocations, etc. They determined what could and could not be done within those constraints and addressed them far in advance. This helped mitigate any potential resistance and allowed them to ease all concerns about their decision.
[boxlink link="https://www.catonetworks.com/news/cato-has-been-recognized-as-representative-vendor-in-2022-gartner-market-guide-for-single-vendor-sase/?utm_medium=blog_top_cta&utm_campaign=gartner_market_guide_news"] Cato Networks Has Been Recognized as a Representative Vendor in the 2022 Gartner® Market Guide for Single-Vendor SASE | Read now [/boxlink]
What Other CxOs Can Learn
Transitioning to SASE requires time and planning, like any other architecture project. Keys to making this successful include understanding your problem statement, identifying your outcomes, and learning from your peers. This last point is key because SASE projects, while relatively new, are becoming more mainstream, and the following advice should make any SASE journey much smoother.
Planning Your Project
Have a clear vision and seek upfront input from business and technical teams
Have a clear understanding of your “as-is” and “to-be” architecture
Don’t jump on the bandwagon – know your requirements and desired outcomes
Conduct Thorough Research
Do a detailed analysis of the problem, then do your market research
Understand Gartner’s hype cycle, roadmaps, predictions, etc.
Never stop researching solutions until your goals are finalized
You may discover something you needed that you did not realize - extended value
Evaluate The Solution and Vendor
Develop a scoring mechanism to evaluate vendor technology and performance
Understand your compliance requirements (NIST, PCI-DSS, ISO, GDPR, etc.) and how the solution will enable this
Examine their approach to delivering your outcomes, and pay attention to onboarding, training, and ongoing support
Be Confident in Your Decision
Don’t focus solely on costs
Examine the true value of the solution
Understand the extended costs of each solution – SLAs, ongoing maintenance, patching, fixing, scalability, refresh cycles, etc.
Be honest with yourself and your vendor and remain focused on your outcomes.
This approach benefitted our CxOs and guided them toward the Cato SASE Cloud solution.
“Know what you want to achieve upfront, then stay focused but flexible. Pay attention to skills and capacity requirements.”
~ Stuart Hebron, Group CIO, Tes
Make the SASE Decision
SASE is the ultimate business and technology transformation, and embarking upon this journey is an important step that every decision-maker will, understandably, have questions about. Are we compromising on anything? What risks might we face? Do we have the right skill set internally? Is it financially feasible? These are just a few of the key questions CxOs will pose when pursuing SASE. Asking them will provoke critical thinking and more holistic planning that includes all elements of IT and the broader organization. In the end, asking these questions will lead you to the obvious conclusion – a digital transformation platform like the Cato SASE Cloud solution is the best approach to prepare you for continuous business transformation without limitations.
For more advice on deciding which solution is right for your organization, please read this article on evaluating SASE capabilities.
December 27, 2022
5m read
Technological innovation, an evolving threat landscape, and other factors mean that the security needs of tomorrow may be very different from those of yesterday. However,...
December 27, 2022
5m read
Designing the Corporate WAN for the Security Needs of Tomorrow Technological innovation, an evolving threat landscape, and other factors mean that the security needs of tomorrow may be very different from those of yesterday. However, many organizations are still reliant on security models and solutions designed for IT architectures that are rapidly becoming extinct. Keeping pace with digital transformation and protecting against cyber threats requires a new approach to security and security architecture capable of supporting it.
Cybersecurity is Only Going to Get More Complicated
In many organizations, security teams are understaffed and overwhelmed by their current responsibilities. However, the challenge of securing organizations against cyber threats will only grow more difficult and complex. Some of the main contributors to these challenges include:
Evolving Networks: Corporate networks have grown and evolved rapidly in recent years with the adoption of cloud computing, remote work, and Internet of Things (IoT) and mobile devices. As technology continues to evolve, corporate IT networks will continue to grow larger and more diverse, making them more difficult to monitor, manage, and secure.
Sophisticated Threats: The cyber threat landscape is changing rapidly as demonstrated by the evolution of the ransomware threat and the emergence of a cybercrime service economy. Security teams must develop and deploy defenses against the latest attacks faster than attackers can circumvent them.
Regulatory Requirements: The enactment of the EU’s GDPR kicked off a wave of new data privacy laws, complicating the regulatory landscape. As laws are created and updated, security teams must take action to demonstrate that they are in compliance with the latest requirements.
Complex Policies: Changes in corporate networks, work models, and cyber threats drive the evolution of more complex corporate IT policies. For example, the introduction of bring your own device (BYOD) policies makes it necessary for security teams to enforce these policies and ensure that devices not owned by the company do not place it at risk.
Security teams can’t scale to keep up with their growing responsibilities, especially since a cyber skills gap means that many are already understaffed. Protecting the growing enterprise from the security threats of tomorrow requires a more manageable and maintainable security strategy.
[boxlink link="https://catonetworks.easywebinar.live/registration-101?utm_medium=blog_top_cta&utm_campaign=future_of_security_webinar"] The Future of Security: Do All Roads Lead to SASE? | Webinar [/boxlink]
Zero Trust Is a Core Pillar for Balancing Business and Security Needs
A corporate security policy should complement, not conflict with an organization’s business needs. Corporate security programs should be designed to support business processes and goals such as:
Remote Access: Employees need remote access to corporate resources, but the company needs to ensure that this remote access does not create additional risk to the organization. Corporate security programs should provide secure, high-performance remote access to corporate resources.
Access Management: Access management is essential to managing corporate security risk and maintaining regulatory compliance. Access control policies should allow legitimate users efficient access to corporate resources while preventing unauthorized access.
Compliance: Companies must be able to achieve and demonstrate compliance with a growing array of regulations. This includes global network visibility and security controls that meet regulatory requirements.
A zero trust security architecture provides a logical balance between security and business needs. With zero trust, access is granted to corporate assets on a case-by-case basis with decisions made based on least privilege access principles. This ensures that legitimate users have the access needed to do their jobs while minimizing the impact of compromised accounts and other intrusions. Additionally, authenticated users’ sessions should be monitored and terminated if risky or malicious activity is detected.
However, a zero trust security strategy is only useful if it can be enforced consistently across an organization’s entire corporate WAN without compromising network performance. Traditional, perimeter-focused security strategies — depending on virtual private networks (VPNs) and security appliances — force choices between network performance and security.
Zero Trust Security Requires a Strong, Stable Foundation
The effectiveness of a zero trust architecture depends on the solutions that it is built on. Zero trust must consistently apply access controls and security policies across the entire corporate WAN. If a weak point exists in an organization’s defenses, an attacker can use it as an entry point to gain access to corporate resources.
Implementing consistent security protections across the enterprise can be a significant challenge. The modern corporate WAN is composed of a variety of environments, including on-prem and cloud-based deployments, as well as IoT and mobile devices alongside traditional computers. These varying environments and endpoints affect the security solutions that can be deployed, which can result in a security architecture that suffers from visibility and enforcement gaps and complex management and maintenance.
However, while endpoints may differ across the corporate WAN, the network is mostly consistent regardless of environment. Deploying access management and security controls at the network level makes consistent enforcement of zero trust access controls and security policies possible.
Security Service Edge (SSE) and Secure Access Service Edge (SASE) provide an ideal foundation for a zero trust architecture. They converge zero trust network access (ZTNA) — which offers the access management that zero trust requires — with the tools needed to secure legitimate users’ sessions, including Firewall as a Service (FWaaS), an intrusion prevention system (IPS), a secure web gateway (SWG), and a cloud access security broker (CASB). In SASE solutions, these security functions are combined with built-in network optimization technologies to apply zero trust access controls and enterprise-grade security protection before routing traffic on to where it needs to go.
Cato provides the world’s most robust single-vendor SASE platform, converging Cato SD-WAN and a cloud-native security service edge, Cato SSE 360, including ZTNA, SWG, CASB/DLP, and FWaaS into a global cloud service. With over 75 PoPs worldwide, Cato optimizes and secures application access for all users and locations, and is easily managed from a single pane of glass. Learn more about how Cato SASE Cloud can help your organization to build a zero trust architecture that grows with the organization by signing up for a free demo today.
December 22, 2022
4m read
While zero trust promises reduced exposure to security incidents and data breaches, as well as simplified compliance with regulatory requirements, deploying a zero trust architecture...
December 22, 2022
4m read
A True Zero Trust Architecture Requires Security Integration While zero trust promises reduced exposure to security incidents and data breaches, as well as simplified compliance with regulatory requirements, deploying a zero trust architecture is not as simple as implementing least privilege access controls and replacing legacy virtual private networks (VPNs) with zero trust network access (ZTNA). Effective zero trust security acknowledges that strict access controls will not block all threats and takes steps to manage the security risks of authenticated users.
An integrated security architecture that goes beyond ZTNA is essential for effective zero trust security.
Zero Trust is About More Than Access Controls
Zero trust is a model intended to address the security risks associated with the legacy, perimeter-focused security model. Under this model, insiders — connected directly or via a VPN — are granted unrestricted access to corporate networks, systems, and applications.
Due to the limitations of VPNs, the focus of zero trust discussions is often on controlling users’ access to corporate resources. By strongly authenticating users and implementing the principle of least privilege and granting users only the access and permissions that are required for their roles, access management can significantly decrease an organization’s security risks.
However, strong user authentication and access control are not enough for zero trust. While zero trust can ensure that only legitimate, authenticated users have access to corporate resources, these users can still pose a threat due to malice, negligence, or compromised devices. Additionally, attackers may target an organization through attack vectors not associated with user accounts, such as exploiting a vulnerable web application. Effective zero trust architectures must have controls in place to address the threats not mitigated by strong access control.
Microsegmentation Limits Corporate Security Risks
Network segmentation is not a new concept. The legacy castle-and-moat security model is designed to segment an organization’s internal, private network from the public Internet. By forcing all traffic crossing this border to flow through network firewalls and other security solutions, organizations prevent some threats from ever reaching their systems.
Microsegmentation is designed to manage the potential damage caused by threats that manage to bypass perimeter-based defenses and gain access to an organization’s internal network. By breaking the enterprise network into multiple small networks, microsegmentation makes it more difficult for a threat to move laterally through an organization’s systems.
The primary goal of zero trust security is to limit the probability and impact of security incidents, but these breaches will still happen. Microsegmentation reduces the impact of these breaches by limiting the systems, applications, and data that an attacker can access without crossing additional security boundaries and subjecting their actions to further inspection.
Microsegmentation Needs More Than Just ZTNA
For many organizations, ZTNA is the cornerstone of their zero trust security strategy. By replacing legacy, insecure VPNs with ZTNA, an organization gains the ability to enforce least-privilege access controls and dramatically reduce the probability and impact of cybersecurity incidents.
However, while ZTNA is an invaluable solution for zero trust security, it’s not enough on its own. ZTNA provides the access controls needed for zero trust, but additional solutions are needed to implement microsegmentation effectively. In addition to ZTNA’s access controls, companies also need to be able to inspect network traffic and block potential threats from crossing network boundaries.
True zero trust security requires multiple solutions, not only ZTNA but also a network firewall and advanced threat prevention capabilities. Ideally, these solutions should be integrated together into a single solution, providing an organization with comprehensive security visibility and management without the complexity and network performance impacts of a sprawl of disparate standalone security solutions.
[boxlink link="https://catonetworks.easywebinar.live/registration-85?utm_medium=blog_top_cta&utm_campaign=using_sase_for_ztna_webinar"] Using SASE For ZTNA: The Future of Post-Covid 19 IT Architecture | Webinar [/boxlink]
SSE and SASE Enable Effective Zero Trust Security
Security Service Edge (SSE) and Secure Access Service Edge (SASE) are the ideal solution for implementing a corporate zero trust program.
SSE and SASE converge ZTNA, Firewall as a Service (FWaaS), and Advanced Threat Prevention capabilities — including an Intrusion Prevention System (IPS) and Next-Generation Anti-Malware (NGAM) within a single solution. Additionally, as a cloud-native security platform, SSE or SASE can be deployed near an organization’s users and devices, minimizing network performance impacts while providing consistent security visibility and policy enforcement across the corporate WAN.
Cato provides the world’s most robust single-vendor SASE platform, converging Cato SD-WAN and a cloud-native security service edge, Cato SSE 360, including ZTNA, SWG, CASB/DLP, and FWaaS into a global cloud service. With over 75 PoPs worldwide, Cato optimizes and secures application access for all users and locations, and is easily managed from a single pane of glass. Learn more about implementing an effective zero trust security program with Cato SASE Cloud by signing up for a free demo today.
December 20, 2022
3m read
A new vulnerability underscores the need for virtual patching. The vulnerability, found in FortiOS, would allow a Remote Code Execution (RCE) attack on multiple firewall...
December 20, 2022
3m read
New Critical Vulnerability Underscores the Need for Virtual Patching A new vulnerability underscores the need for virtual patching. The vulnerability, found in FortiOS, would allow a Remote Code Execution (RCE) attack on multiple firewall products as well as FortiGate SSL VPN. The vulnerability has reportedly already been exploited by threat actors. Fortinet has issued a patch for this vulnerability.
The vulnerability, which was initially reported on December 9th, received a score of 9.3 (Critical) and Fortinet has confirmed at least one instance of it being exploited.
Any vulnerability in a system is a potential entry point for a threat actor and must be immediately patched, especially critical vulnerabilities like this one. Threat actors have been known to quickly utilize such vulnerabilities and exploit unpatched systems, while in many cases systems remain unpatched for a very long time giving even the slower-paced adversaries opportunities to exploit them. Vulnerabilities such as Log4j, which coincidently is “celebrating” its one-year birthday, are still being used by different adversaries to target unpatched systems to gain access into networks. Why? Because patching is so hard.
[boxlink link="https://www.catonetworks.com/rapid-cve-mitigation/?utm_medium=blog_top_cta&utm_campaign=rapid_cve_mitigation"] Rapid CVE Mitigation | Cato Security Research [/boxlink]
The Need for Virtual Patching
Having to identify, connect (or physically go to), patch, and test multiple boxes in multiple locations every time a new vulnerability is discovered is no small feat. Organizations need to perform this process very quickly whenever a new vulnerability is discovered as threat actors move quickly on such opportunities.
In addition, adversaries do not shy away from utilizing old vulnerabilities that still work. Log4j is one example but not the only. CISA addressed this in their “Top Routinely Exploited Vulnerabilities” alert, writing, “CISA, ACSC, the NCSC, and FBI assess that public and private organizations worldwide remain vulnerable to compromise from the exploitation of these CVEs. Malicious cyber actors will most likely continue to use older known vulnerabilities, such as CVE-2017-11882 affecting Microsoft Office, as long as they remain effective and systems remain unpatched. Adversaries’ use of known vulnerabilities complicates attribution, reduces costs, and minimizes risk because they are not investing in developing a zero-day exploit for their exclusive use, which they risk losing if it becomes known.“
The solution to this problem is a cloud-based security architecture that allows for virtual patching. Virtual patching is defined by OWASP as “A security policy enforcement layer which prevents the exploitation of a known vulnerability. The virtual patch works since the security enforcement layer analyzes transactions and intercepts attacks in transit, so malicious traffic never reaches the web application. The resulting impact of a virtual patch is that, while the actual source code of the application itself has not been modified, the exploitation attempt does not succeed.”
Only a cloud-based security solution eliminates the need to patch box-by-box and effectively enables a “mitigate-once-protect-everywhere" patching strategy.
December 15, 2022
4m read
SASE (Secure Access Service Edge) is an enterprise networking and security service that converges SD-WAN with multiple security functions – including FWaaS, CASB, DLP, SWG,...
December 15, 2022
4m read
An Inside Look at Life Before and After Deploying SASE SASE (Secure Access Service Edge) is an enterprise networking and security service that converges SD-WAN with multiple security functions - including FWaaS, CASB, DLP, SWG, and ZTNA - into a converged, cloud-native service that is manageable, optimized, secure and easy to use.But what does life after SASE really look like when implemented in an enterprise? To find out, we interviewed Ben De Laat, Head of IT Security at BrandLoyalty, who implemented Cato’s SASE Cloud, together with trusted Cato Partner and IPknowledge’s Managing Director, Steven de Graaf, who assisted with the implementation. This blog post is an abridged version of their insights. For a more detailed account of their experiences, you can read the full eBook, here: “Life after deploying SASE”.
SASE Migration Use Cases
First, let’s start our SASE journey by understanding when is the best time to transition to SASE? It’s strongly recommended to consider a migration to SASE when:
MPLS contracts are up for renewal and can be replaced with a more secure and higher performing alternative at a lower cost.
Employees are working at multiple global locations and require a secure and frictionless solution.
IT is managing complex networking environments and need a simple-to-use, high-performing and secure substitute.
The workforce is employed remotely or in a hybrid manner and needs a scalable and secure solution to connect all employees, but without backhauling and based on least-privileged access.
Your SASE Migration Plan
The operational migration to SASE is quick and efficient, sometimes requiring only weeks from start to finish! To accommodate and complement this quick shift, it is recommended to prepare a well thought out plan that can help evangelize the transition internally, monitor it and track success. We recommend such a migration plan include:
The strategic business value - How SASE will enable employees to focus on their core responsibilities, instead of them having to spend time and become frustrated when dealing with the effects of misconfigured firewalls or URL filters that are blocking valid websites.
The technological value - How SASE’s converged architecture and single software stack will eliminate IT and IS overhead and hassle, ensure optimized connectivity and provide an optimal security posture.
The financial value - How SASE will reduce the annual costs of networking and security, coupled with the value to the business.
[boxlink link="https://www.catonetworks.com/resources/inside-look-life-before-and-after-deploying-sase/?utm_medium=blog_top_cta&utm_campaign=before_and_after_sase"] An Inside Look: Life Before and After Deploying a SASE Service | Whitepaper [/boxlink]
Life After SASE: What’s New?
What can IT leaders, security professionals and business leaders expect once they’ve migrated to a SASE service? Here are six new SASE-driven organizational achievements that will make you throw your hands in the air and wonder why you didn’t migrate to SASE sooner.
Newfound Network VisibilitySASE’s convergence of end-to-end networking and security provides newfound visibility into the network. Rather than having network and security information split between discrete tools and services, IT has a single pane of glass with visibility into the entire network. All security and networking events are stored in a common database, mapped onto a single timeline. With one timeline for networking and security, IT can troubleshoot problems faster, spot anomalies quicker, and enable better operational monitoring.
An Optimal Security PostureSASE provides insights into which systems and services are being used by employees and third parties and their vulnerabilities. If necessary, this information can also help IT identify system replacements and eliminate shadow IT.
Better IT Services for the Business and for UsersSASE’s seamless, unified service displaces point solutions in a robust and reliable manner. This new architecture enables IT to monitor operational activity so they can optimize line provisioning. In addition, with SASE replacing the grunt work, IT teams have more time to work on strategic business initiatives.
Seamless Remote Work UnlockedSASE replaces high latency VPNs. Instead, traffic is routed over a global private backbone and monitored for threats. The result is high-performance and secure connectivity for all users, everywhere.
Optimized Connectivity and PerformanceSASE optimizes performance and the user experience by throughput maximization, providing increased and cost-effective bandwidth by routing traffic on a cloud-native, global, private backbone with multiple internet access links and active-active configurations.
Peace of MindWith SASE, both end-user and IT and IS can focus their efforts on fulflling business-critical initiatives. No more operational overhead, fretting over updates and lack of visibility into metrics and performance.Are you ready to get started with SASE? Read more about what the transition to SASE looks like in our new eBook “Life after deploying SASE”.
December 13, 2022
8m read
If you're a Security professional looking to become a CISO, then you've come to the right place. This five-step guide is your plan of action...
December 13, 2022
8m read
The 5-Step Action Plan to Becoming CISO The Path to Becoming CISO Isn't Always Linear
There isn’t one definitive path to becoming a CISO.
Don’t be discouraged if your career path isn’t listed above or isn’t “typical.” If your end goal is to become a CISO, then you’ve come to the right place. Keep reading for a comprehensive action plan which will guide you from your current role in IT, IS or Cybersecurity and on the path to becoming a world-class CISO.
Step 1:
Becoming a CISO is About Changing Your Focus
The Difference Between IS, IT or Cybersecurity Roles and a CISO Role: Tactical vs. Strategic
Making The Shift from Security Engineer to Future CISO
The most common mistake that security engineers make when looking to become CISO is focus. To be successful as a security engineer the focus is on problem hunting. As a top-tier security professional, you must be the best at identifying and fixing vulnerabilities others can’t see.
How to Think and Act Like a Future CISO
While security engineers identify problems, CISOs translate the problems that security engineers find into solutions for C-suite, the CEO and the board. To be successful in the CISO role, you must be able to transition from problem-solver to a solution-oriented mindset.
A common mistake when transitioning to CISO is by leading with what’s most familiar – and selling your technical competency. While understanding the tech is crucial when interfacing with the security team, it’s not the skillset you must leverage when speaking with C-suite and boards. C-suite and boards care about solutions – not problems. They must feel confident that you understand the business with complete clarity, can identify cyber solutions, and translate them in terms of business risks, profit and loss. To be successful in securing your new role, focus on leveraging cyber as a business enabler to help the business reach its targeted growth projections.
The Skillset Necessary to Become a CISO
Translate technical requirements into business requirements
Brief executives, VPS, C-level, investors and the board
Understand the business you’re in on a granular level(The company, its goals, competitors, yearly revenue generated, revenue projections, threats competitors are facing, etc.)
Excellent communication: Send effective emails and give impactful presentations
Balance the risk between functionality and security by running risk assessments
Focus on increasing revenue and profitability in the organization
Focus on a solution-oriented mindset, not an identification mindset
[boxlink link="https://www.catonetworks.com/resources/cato-sse-360-finally-sse-with-total-visibility-and-control/?utm_source=blog&utm_medium=top_cta&utm_campaign_sse360"] Cato SSE 360: Finally, SSE with Total Visibility and Control | Whitepaper [/boxlink]
Step 2:
Getting Clear on the CISO Role: So, What Does a CISO Actually Do?
Learn The CISO’s Role and Responsibilities (R&R)
The CISO is essentially a translator between the security engineering team and C-suite.
Step 3:
Set Yourself Up for Success in the Role: Measure What Matters
What you measure in your role will ultimately determine your career success. Too often CISOs set themselves up for failure by playing a zero-sum security game.
This means any security incident = CISO gets fired = No one wins
But successful CISOs know that cybersecurity is a delicate balancing act between ensuring security and functionality.
100% security means 0 functionality, and vice versa
Strategic CISOs understand this and set themselves up for success by working with the CEO and board to minimize exposure and establish realistic KPIs of success.
Establishing Your Metrics of Success in the CISO Role
What makes CIOs so successful in their role?
A single metric of success: 5 9s.
This allows CIOs to focus on the R&R necessary to achieve this goal.
Suggested CISO KPI & KPI Setting Process
Run an analysis to see how many attempted attacks take place weekly at the organization, to establish a benchmark.
Provide an executive report with weekly attack attempt metrics (i.e., 300.)
Create a proposed benchmark of success: i.e., preventing 98% of attacks.
Get management signoff on your proposed KPIs.
Provide weekly reports to executives with defined attack metrics: attempted weekly attacks + prevented.(Ensuring security incidents are promptly reported to C-suite and board.)
Adjust KPIs as necessary and receive management signoff.
Step 4
Mind the Gap: Bridge Your Current Technical and Business Gaps
Recommended Technical Education
GIAC / GSEC Security Essentials
CISSP (Certified Information Systems Security Professionals)
OR CISM (Certified Information Security Manager) CertificationOR CISA (Certified Information System Auditor) Certification
SASE (Secure Access Service Edge) Certification
SSE (Security Service Edge) Certification
Recommended Technical Experience
At least 3-5 years in IS, Cybersecurity, Networking or IT with a strong security focus
Recommended Business Education
An MBA or equivalent business degree, or relevant business experience
CPA or accounting courses
Recommended Business Experience
Approximately 3-5 years of business experience
Business Operations, Business Management, SOC Manager, or roles that demonstrate your business, management and leadership acumen
Recommended Understanding Of:
Industry security standards including NIST, ISO, SANS, COBIT, CERT, HIPAA.
Current data privacy regulations, e.g., GDPR, CCPA and any regional standards.
Step 5:
How to Get a CISO Job with Limited or No Previous Experience
It’s the age-old dilemma – how do I get a job without relevant experience? And how to I get relevant experience without a job?
Take On a Virtual CISO Role at a Friend or Family Member’s Small Business
Offer 3 hours of virtual CISO service a week.
In exchange, ask for 3 recommendations a month and to service as a positive reference.
Can you receive mentorship from an existing CISO?
Do friends, family or former colleagues know any CISOs you can connect with? Start there.
Reach out on LinkedIn to CISOs and invite them to coffee or dinner.Ask them if you can meet up and receive mentorship over dinner once a month (they pick the location, and you pay.)
Remember: It’s a numbers game. Don’t get discouraged after a few “no's” or a lack of responses.
Getting Your First CISO Job: Your Action Plan for Career Success
Applying For Jobs
Your resume has one and only one goal – to get you the interview.Week 1:
Send out 20 resumes for CISO jobs with your existing resume
How many respond and request interviews (within 2 weeks)?
If you get under a 50-70% success rate, you need to revise your resume.
Your goal is to repeat this process until you get a minimum of 10 positive responses for every batch of 20 resumes you send out (giving recruiters 1.5 - 2 weeks to respond.) Be ready to adapt and adjust your resume as many times as necessary (using the defined process above,) until you hit your benchmarks of success.
Revising your Resume for Success
If you’re not hitting a 50-70% interview rate on your resume, it’s time to revise your resume.But what do you change?
The Most Common Mistakes Found on CISO Resumes (Don’t Fall into a Trap)Your resume should not only highlight your technical abilities but your business acumen.Review the strategic skills highlighted earlier and emphasize those (in addition to any other relevant educational, professional, or career achievements.)
Have you briefed executives and boards?
Have you given effective presentations?
Have you created risk management programs and aligned the entire organization?
Do you lead an online forum on Cybersecurity best practices?
Think of ways to highlight your business and leadership savvy, not just your de facto technical abilities.
The Interview Rounds
The CISO interview process is generally between 5-7 interview rounds.
Remember:The goal of your first interview is only to receive a second interview. The goal of your second interview is to receive a third interview, and so on. Be prepared for interviews with legal, finance, the CEO, CIO, HR, and more.
You’ve Got This: The Road to Landing Your First CISO Role
Abraham Lincoln once said, “the best way to predict the future is to create it.” And we hope this guide gives you a running start towards your new and exciting future as a CISO. We believe in you and your future success. Good luck! And feel free to forward this guide to a friend or colleague who’s hunting for a new CISO role, if you feel it’s been helpful.
Life After Landing the Coveted CISO Role
Congrats! You’ve Been Hired as a CISO
You did it. You’ve landed your first CISO role. We couldn’t be prouder of the hard work and dedication that it took to get you to this point. Before you begin in your new role, here are a few best practices to guide you on your way to career success.
Ensuring Your Success in the CISO Role: Things to Keep in Mind
After speaking with 1000s of CISOs since 2016, it’s important to keep the following in mind:
Your Network Security Architecture Will Determine Your Focus and Impact
No matter the organization or the scope, your CISO role is dependent on meeting if not exceeding your promised KPIs. So, you’ll need to decide, do you want a reactive or a proactive security team? Do you want your team to spend their time hunting and patching security vulnerabilities and mitigating disparate security policies? Or devoted to achieving your larger, revenue-generating missions through cybersecurity? Accordingly, you’ll need to ensure that your network security architecture minimizes your enterprise’s attack surface, so you and your team can devote your attention accordingly.
To achieve this, your team must have full visibility and control of all WAN, cloud, and internet traffic so they can work on fulfilling your business objectives through cybersecurity. Otherwise, your function will revert to tactical, instead of focusing on serving as a business enabler through cybersecurity.
Cato SSE 360 = SSE + Total Visibility and Control
Disjointed security point solutions overload resource constrained security teams, impacting security posture, and increasing overall risk due to configuration errors. Traditional SSE (Security Service Edge) convergence mitigates these challenges but offers limited visibility and control that only extends to the Internet, public cloud applications, and select internal applications. Thus, leaving WAN traffic uninspected and unoptimized. And an SSE platform that isn’t part of single-vendor SASE can’t extend convergence to SD-WAN to complete the SASE transformation journey.
Cato Networks’ SSE 360 service will allow you to solve this. SSE 360 optimizes and secures all traffic, to all WAN, cloud, and internet application resources, and across all ports and protocols. For more information about Cato’s entire suite of converged, network security, please be sure to read our SSE 360 Whitepaper. Complete with configurable security policies that meet the needs of any enterprise IS team, see why Cato SSE 360 is different from traditional SSE vendors.
December 12, 2022
4m read
Gartner has just issued a press release announcing its Top Trends Impacting Infrastructure and Operations for 2023. Among the six trends that will have significant...
December 12, 2022
4m read
Gartner Names Top I&O Trends for 2023 Gartner has just issued a press release announcing its Top Trends Impacting Infrastructure and Operations for 2023. Among the six trends that will have significant impact over the next 12 to 18 months Gartner named the Secure Access Service Edge (SASE), sustainable technology, and heated skills competition.
Below is a discussion of these trends and how they are interrelated.
Secure Access Service Edge (SASE) was created by Gartner in 2019 and has repeatedly been highlighted as a transformative category. According to Gartner’s press release, “SASE is a single-vendor product that is sold as an integrative service which enables digital transformation. Practically, SASE enables secure, optimal, and resilient access by any user, in any location, to any application. This basic requirement had been fulfilled for years by a collection of point solutions for network security, remote access, and network optimization, and more recently with cloud security and zero trust network access. However, the complexity involved in delivering optimal and secure global access at the scale, speed, and consistency demanded by the business requires a new approach.
Gartner’s SASE proposes a new global, cloud-delivered service that enables secure and optimal access everywhere in the world. Says Gartner analyst Jeffrey Hewitt: “I&O teams implementing SASE should prioritize single-vendor solutions and an integrated approach.” SASE’s innovation is the re-architecture of IT networking and network security to enable IT to support the demands of the digital business.
[boxlink link="https://www.catonetworks.com/resources/inside-look-life-before-and-after-deploying-sase/?utm_medium=blog_top_cta&utm_campaign=before_and_after_sase"] An Inside Look: Life Before and After Deploying a SASE Service | Whitepaper [/boxlink]
This is the tricky part about SASE: while the capabilities, also offered by legacy point solutions, are not new, the platform architecture is brand new. To deliver scalable, resilient, and global secure access that is also agile and fast, SASE must live in the cloud as a single holistic platform.
SASE architecture also has a direct impact on the competition for skills. When built from the ground up as a coherent and converged solution delivered as a service, SASE is both self-maintaining and self-healing. A cloud-native SASE platform delivered “as a service” offloads the infrastructure maintenance tasks, from the IT staff. Simply put, a smaller IT team can run a complex networking and network security infrastructure when supported by a cloud-native SASE provider, such as Cato Networks. The SASE provider maintains optimal security posture against emerging threats, seamlessly upgrades the platform with new capabilities, and reduces the time to detect, troubleshoot and fix problems. Using the right SASE platform, customers will also alleviate the pressure to acquire the right skills to support and maintain individual point solutions, and the resources needed to “keep the lights on” by maintaining a fragmented infrastructure in perfect alignment and optimal posture.
Beyond skills, SASE also has a positive impact on technology sustainability. Cloud-native SASE service eliminates a wide array of edge appliances including routers, firewalls, WAN optimizers and more. By moving the heavy lifting of security inspection and traffic optimization to the cloud, network edge footprint and processing requirements will decline, reducing the power consumption, cooling requirements, and environmental impact of edge appliance disposition.
The road to simpler, faster, and secure access starts with a cloud-native, converged, single vendor SASE. Customers can expect better user experience, improved security posture, agile support of strategic business initiatives, and a lower environmental impact.
In one artificially cold evening, I invited myself to an intimate fireside chat with my new BFF, ChatGPT, who I now call CG in short. ...
Fireside Chat About Network Security With ChatGPT (AI) In one artificially cold evening, I invited myself to an intimate fireside chat with my new BFF, ChatGPT, who I now call CG in short.
Being a new artificial intelligence open to help humans as myself understand the universe we live in, I wanted to pick its brain (or should it be brains, in plural?) about a topic close to my heart.
I opened asking:
Can I ask you a few questions about network security?
And CG answered:
Sure, I would be happy to help with any questions you have about network security. As a large language model trained by OpenAI, I have been trained on a wide range of text and I can generate human-like responses based on the input that I receive
I asked:
What are the common components in network security?
CG knew it right away:
There are several common elements that are often found in network security, including:
Firewalls: These are devices or software programs that control incoming and outgoing network traffic based on predetermined security rules.
Encryption: This is the process of encoding data so that it can be transmitted securely and only accessed by authorized users.
Access control: This refers to the policies and procedures that regulate who or what is allowed to access specific network resources.
Intrusion detection and prevention: These are systems that monitor network traffic for signs of malicious activity and take action to prevent or respond to attacks.
Virtual Private Networks (VPNs): These are networks that use encryption and other security measures to create a secure connection over a public network, such as the internet.
Security patches and updates: Regularly applying security patches and updates to network devices and software is essential for closing vulnerabilities and keeping networks secure.
[boxlink link="https://catonetworks.easywebinar.live/registration-enhancing-your-enterprise-network-security-strategy?utm_medium=blog_top_cta&utm_campaign=enhancing_network_security_webinar"] Enhancing Your Enterprise Network Security Strategy | Webinar [/boxlink]
With all those components traditionally being on-premises, I asked:
What are the limitations of on-premises security products?
CG seemed to know exactly where I was going with this:
The limitations of on-premises security products can vary depending on the specific product and the context in which it is used. However, some common limitations of on-premises security products include:
High upfront cost: On-premises security products often require a significant upfront investment, including the cost of hardware, software, and installation. This can be a barrier for organizations with limited budgets.
Limited scalability: On-premises security products are typically designed for a specific number of users or devices, and adding additional users or devices can be challenging and costly. This can make it difficult for organizations to keep pace with growing needs.
Dependence on local infrastructure: On-premises security products are typically installed and operated on the organization's own servers and networks, which can create dependencies on local infrastructure. If there are problems with the local infrastructure, it can affect the availability and performance of the security product.
Maintenance and support: On-premises security products require ongoing maintenance and support, which can be time-consuming and costly. Organizations may need to hire specialized staff or contract with third-party service providers to provide this support.
Limited flexibility and agility: On-premises security products are often inflexible and can be slow to adapt to changing needs and requirements. This can make it difficult for organizations to respond quickly to new threats or opportunities.
Overall, the limitations of on-premises security products can make them less suitable for organizations that need to scale quickly, are constrained by budgets, or require high levels of flexibility and agility.
I wanted to know a bit more, so asked:
What about remote users? Where does ZTNA fit in here?
As you can imagine, CG is never caught off guard:
Remote users are individuals who access a network or its resources from outside the organization's physical location. In terms of network security, remote users present unique challenges, as they are often accessing the network over a public network such as the internet, which can be vulnerable to attacks.
One way to address these security challenges is through the use of a Zero Trust Network Architecture (ZTNA), which is a network security model that assumes that all users, regardless of location, are untrusted until they have been authenticated and authorized. With ZTNA, access to network resources is strictly controlled and only granted on a need-to-access basis. This approach can help to protect against a wide range of security threats, including those posed by remote users.
CG was starting to complain that I was asking too many questions too quickly, so I felt it was time to wrap it up with one final question:
Can you explain what is SASE and why it is important to digital enterprises?
CG was kind (and wise), and answered me this:
SASE, or Secure Access Service Edge, is a new approach to networking and security that is gaining popularity in the digital enterprise world. It is important because it combines networking and security functions into a single, cloud-based service, which offers several advantages over traditional networking and security approaches.
One of the key benefits of SASE is that it allows organizations to connect users and devices securely to any application or service, no matter where they are located. This means that employees can access the resources they need to do their job, even if they are working remotely or on-the-go. This can help improve productivity and enable organizations to support a remote and mobile workforce.
Another advantage of SASE is that it provides a more flexible and scalable approach to networking and security. Traditional networking and security solutions are often complex and inflexible, making it difficult for organizations to adapt to changing business needs. With SASE, organizations can easily add or remove users and devices, and scale their network and security capabilities up or down as needed.
Finally, SASE can help organizations reduce their networking and security costs. Because SASE is delivered as a cloud-based service, organizations don't have to invest in expensive hardware and software to set up and manage their networking and security infrastructure. This can help organizations save money and reduce the burden on their IT teams.
Overall, SASE is important to digital enterprises because it offers a more flexible, scalable, and cost-effective approach to networking and security.
I am not sure what the future holds for AI and for humanity, and whether there’s a place on earth for both of us, but for now, chatting with an AI is just fun.
Thank you, CG (https://chat.openai.com/)
As companies look to reduce corporate risk, protect against data breaches and other incidents, and maintain regulatory compliance, a zero trust security strategy provides significant...
Cloud-Based Security is Well-Suited for Zero Trust Architectures As companies look to reduce corporate risk, protect against data breaches and other incidents, and maintain regulatory compliance, a zero trust security strategy provides significant advantages when compared to legacy models.
However, zero trust is only effective if it is enforced and supported by strong security solutions. For most organizations, cloud-based solutions are the only means of supporting a secure, high-performance, and scalable zero trust architecture.
Effective Zero-Trust is Resource-Intensive
The zero trust security model was designed to address the inadequacies of traditional, castle-and-moat security. Under this legacy security model, all insiders are implicitly trusted and granted unrestricted access to corporate assets, while traffic crossing the boundary of the corporate network is considered suspect and subject to inspection. As cloud adoption and remote work become more common and cyber threat actors grow more sophisticated, this model is increasingly ineffective.
Zero trust security says that no one, internal or external, should be implicitly trusted. Instead, requests for access to corporate resources are considered on a case-by-case basis. Additionally, access controls are defined based on the principle of least privilege, minimizing access and limiting the potential impact of a compromised account.
However, while zero trust provides much better security than legacy models, it comes at the cost of additional resource consumption. Unlike virtual private networks (VPNs) used by the legacy security models, zero-trust network access (ZTNA) solutions must evaluate each access request against role-based access controls and other criteria. Additionally, authenticated users are monitored throughout their session for potential threats or risky actions, and these sessions are terminated as needed.
As corporate networks grow and traffic volumes expand, network security resource requirements increase as well. Without the right infrastructure, applying robust protections to growing networks without sacrificing network performance can be difficult.
[boxlink link="https://catonetworks.easywebinar.live/registration-enhancing-your-enterprise-network-security-strategy?utm_medium=blog_top_cta&utm_campaign=enhancing_network_security_webinar"] Enhancing Your Enterprise Network Security Strategy | Webinar [/boxlink]
Why Zero Trust Should Be Built In the Cloud
Historically, corporate security architectures have been deployed on-prem as part of a castle-and-moat security model. However, in the modern network, this increasingly causes network latency and performance degradation as traffic is backhauled to a central location for inspection.
As organizations work to implement zero-trust security across their entire IT infrastructures, security architectures should move to the cloud. Cloud-native security solutions provide numerous benefits. Including:
Asset Locations Agnostic: Companies are increasingly moving applications and data storage to the cloud, and the adoption of Software as a Service (SaaS) solutions contributes to this trend. Deploying security in the cloud means that it is close to where an organization’s applications and data are located, reducing the network latency and performance impacts of security inspection.
Greater Scalability: Cloud-native ZTNA solutions have the ability to scale to meet demand. Like microservices, additional instances can be deployed or allocated as needed to handle growing traffic volumes or computationally intensive security inspection.
Global Reach: As companies embrace remote or hybrid work models, employees may spend part or all of their time outside of the office. A ZTNA solution deployed as part of a global network can minimize latency impacts on user requests by bringing security near the network edge.
As corporate networks grow larger and more distributed, security must be scalable and not geographically constrained by the location of an organization’s on-prem infrastructure. Cloud-based — and more specifically cloud-native — security is essential to implementing effective zero-trust security without sacrificing network performance and employee productivity.
Implementing Zero Trust with SSE and SASE
A globally distributed, cloud-native ZTNA solution can meet the access control requirements of a corporate zero trust security program. However, effective zero trust is more than simply implementing least privilege access controls for all access requests. Once a user has authenticated, their entire session should be monitored for suspicious or malicious activities that could place the organization at risk.
To accomplish this, an organization requires additional security capabilities, such as a next-generation firewall (NGFW), an intrusion prevention system (IPS), a secure web gateway (SWG), and a cloud access security broker (CASB). Hosting these capabilities on-prem eliminates the benefits of cloud-based ZTNA as it forces traffic to be backhauled for security inspection and imposes the same scalability limitations of on-prem appliances. Effective zero trust requires a fully cloud-native network security stack.
Security Service Edge (SSE) and Secure Access Service Edge (SASE) are ideally suited to implementing zero trust security for the growing corporate WAN. SSE and SASE solutions integrate ZTNA functionality with a full network security stack, including Firewall as a Service (FWaaS), IPS, SWG, and CASB. SASE goes a step further, incorporating SD-WAN and network optimization capabilities as well. Deployed as a global, cloud-native solution, SSE and SASE implement a scalable, high-performance zero trust architecture.
Cato provides the world’s most robust single-vendor SASE platform, converging Cato SD-WAN and a cloud-native security service edge, Cato SSE 360, including ZTNA, SWG, CASB/DLP, and FWaaS into a global cloud service. With over 75 PoPs worldwide, Cato optimizes and secures application access for all users and locations, and is easily managed from a single pane of glass. Learn more about how Cato SASE Cloud makes building a zero trust security architecture that grows with the business easy by signing up for a free demo today.
Computers have become a core component of the modern company. Many employees spend most or all of their workdays on them, interacting with a variety...
Your Employees Need High-Performance, Secure Internet Access (and Aren’t Getting It) Computers have become a core component of the modern company. Many employees spend most or all of their workdays on them, interacting with a variety of different pieces of software. To do their jobs, employees need high-performance, secure access to corporate networks and IT assets. This is true whether an employee is working from the office or from off-site.
As remote and hybrid work schedules become more common, companies are deploying secure remote access solutions, such as virtual private networks (VPNs) to support them. However, this often means making tradeoffs between the performance of remote workers’ network connectivity and its security.
High-Performance Internet Access is Essential for the Modern Business
In the past, most of an organization’s employees worked on-site. This meant that they were connected directly to the headquarters network and protected by its perimeter-based security solutions. However, in recent years, a growing percentage of an organization’s employees are working from outside the office. Companies have adopted remote and hybrid work policies in response to the COVID-19 pandemic and to take advantage of the global workforce. At the same time, corporate IT assets are increasingly moving to the cloud. Software as a Service (SaaS) and cloud-native applications can offer improved performance, availability, and scalability for an organization’s employees and customers.
As a result of these shifts, the corporate LAN is becoming increasingly irrelevant as it hosts a diminishing percentage of an organization’s IT assets. However, the headquarters network is also where an organization’s security solutions are located and where the traffic is routed. Remote workers need high-performance network access to corporate networks and resources. Yet the design of many modern corporate networks means that this is not always a reality.
[boxlink link="https://www.catonetworks.com/resources/why-remote-access-should-be-a-collaboration-between-network-security/?utm_medium=blog_top_cta&utm_campaign=remote_access_collab"] Why remote access should be a collaboration between network & security | Whitepaper [/boxlink]
Where Legacy Secure Remote Access Falls Short
With a growing percentage of corporate workforces working on remote or hybrid schedules, a secure remote access VPN is essential. In many cases, companies are reliant on VPNs to provide this capability. Legacy VPN solutions are simply not designed to meet the needs of the modern enterprise.
Some of the primary ways in which they fall short include:
Inefficient Routing: Remote access VPNs are designed to route remote workers’ traffic to a VPN server, which is typically located on the corporate headquarters network. However, with a growing percentage of companies’ IT assets not located on-prem, this creates inefficient routing that degrades network performance and increases latency.
Inadequate Security: From a security perspective, all that a VPN does is provide an encrypted tunnel over which traffic is sent between the remote worker and the corporate network. Protecting against cyber threats and implementing a zero-trust security policy requires additional solutions alongside or instead of the VPN servers, which increases the cost and complexity of an organization’s IT infrastructure and limits its scalability.
VPNs were designed to implement a perimeter-focused security model where most of an organization’s IT assets were located on the headquarters network and needed to be protected against external threats. But this security model is no longer effective.
As a result, employees and companies are suffering from poor network performance in their remote access solutions as they try to use legacy secure remote access solutions to implement an outdated security model for a network architecture that no longer exists.
Choosing Both Performance and Security
VPNs’ design and lack of built-in security forces a tradeoff between network performance and security. Routing remote workers’ network traffic through the headquarters network for security inspection creates inefficient routes and network latency for remote users and cloud-based assets. Allowing remote users to connect directly to cloud-based assets, which provides the network performance that companies need, bypasses perimeter-based security stacks and leaves the organization at risk due to VPNs’ lack of built-in security.
Avoiding the tradeoff between network performance and security requires replacing legacy VPNs with a modern remote access solution. Secure Access Service Edge (SASE) provides numerous benefits over VPNs, including:
Cloud-Native Design: SASE solutions are deployed on globally distributed points of presence (PoPs). This allows them to be deployed geographically near an organization’s IT assets, reducing network latency, and enables them to take full advantage of the benefits of the cloud, such as scalability and availability.
Zero-Trust Access Control: SASE solutions integrate secure remote access capabilities in the form of zero-trust network access (ZTNA). This allows them to implement zero-trust access controls for remote users, a capability that VPNs do not share.
Integrated Security: SASE solutions combine ZTNA with a full network security stack and network optimization capabilities. Integrating security solutions with ZTNA eliminates the need for standalone security solutions alongside a VPN endpoint and enables direct connectivity to cloud-based assets without backhauling traffic to an on-prem security architecture or sacrificing security for network performance.
Corporate networks and business needs are evolving, and VPNs are not keeping up. Cato SASE Cloud, the world’s most mature single-vendor SASE platform, provides companies with the ability to support their remote workers with high-performance, secure network access. Learn more about improving the performance and security of your corporate WAN by signing up for a free demo of Cato SASE Cloud today.
November 29, 2022
5m read
Cybersecurity is all about risk management. Companies are faced with numerous, diverse cyber threats, and the job of the corporate security team is to minimize...
November 29, 2022
5m read
SASE is the Right Choice for Cyber Risk Management Cybersecurity is all about risk management. Companies are faced with numerous, diverse cyber threats, and the job of the corporate security team is to minimize the risk of a data breach, ransomware infection, or other costly and damaging security incident.
Cybersecurity tools and solutions are designed to help companies to achieve this goal of managing enterprise security risk. Of the many options out there, Secure Access Service Edge (SASE) is ideally suited to supporting all aspects of a corporate cyber risk management program.
Companies Face Significant Cyber Risks
Cybersecurity has become a top-of-mind concern for most businesses. Data breaches and ransomware attacks occur on a regular basis, often with price tags in the millions of dollars. Avoiding these incidents is essential to the profitability and survival of the business. With the growth of automated attacks and an “as a Service” cybercrime economy, the bar to entry into the cybercrime space has fallen. As cybercrime groups grow more numerous and sophisticated, any organization can be the target of a devastating attack.
Risk treatment strategies
Companies facing growing levels of cybersecurity risk need to take steps to manage these risks. In general, companies have four tools for risk treatment strategies: mitigation, transference, avoidance, and acceptance.
#1. Mitigation
Risk treatment by mitigation focuses on reducing the risk to the organization by implementing security controls. For cybersecurity risks, this could include patching vulnerable systems or deploying threat prevention capabilities that can identify and block attempted attacks before they reach vulnerable systems.
SASE solutions are ideally suited to threat mitigation due to their global reach and convergence of many security functions — including a next-generation firewall (NGFW), intrusion prevention system (IPS), cloud access security broker (CASB), zero-trust network access (ZTNA), and more — within a single solution. By consistently enforcing security policies and blocking attacks across the entire corporate WAN, SASE dramatically reduces an organization’s cybersecurity risk.
[boxlink link="https://catonetworks.easywebinar.live/registration-enhancing-your-enterprise-network-security-strategy?utm_medium=blog_top_cta&utm_campaign=enhancing_network_security_webinar"] Enhancing Your Enterprise Network Security Strategy | Webinar [/boxlink]
#2. Transference
Transference involves handing over responsibility for managing risk to a third-party provider. A common form of risk transference is taking out an insurance policy. In the event that an organization experiences a risk event — such as a cyberattack — the insurance provider takes on most or all of the cost of remediating the issue and restoring normal operations.
As a managed service, SASE can be useful for risk transference because much of the responsibility for implementing a strong security program is the responsibility of the service provider, rather than the organization. For example, maintaining the security stack — a process that can require in-depth network understanding and security expertise — is outsourced with the Firewall as a Service (FWaaS) capabilities of managed SASE deployments.
By enabling an organization to implement a mature security program and improving corporate security visibility and threat prevention, managed SASE makes it easier for organizations to get cybersecurity insurance. This is especially important with the rising risk of ransomware attacks, as insurance providers are implementing increasingly stringent security requirements for organizations to take out security policies.
#3. Avoidance
In some cases, cybersecurity risks that an organization may face are avoidable. For example, if a particular vulnerability poses a significant risk to an organization’s security, the choice to stop using the vulnerable component eliminates the risk to the organization. Avoidance-based risk treatment strategies can be highly effective, but they can come with opportunity costs if a secure alternative is not available for a vulnerable component.
SASE supports risk avoidance by offering a secure alternative to legacy network security solutions. Historically, many organizations have relied on a castle-and-moat security model supported by virtual private networks (VPNs) and similar solutions. However, these models have significant shortcomings, not least the rapid dissolution of the network perimeter as companies adopt cloud computing, remote work, Internet of Things (IoT), and mobile devices.
SASE solutions help to avoid the risks associated with legacy, castle-and-moat security models by supporting granular application-based protection. With zero-trust network access (ZTNA) built into SASE solutions, organizations can avoid the security risks associated with legacy VPNs, such as poor access management.
#4. Acceptance
Completely eliminating all risk is impossible, and, in some cases, the return on investment of additional risk treatment may be too low to be profitable. Companies need to determine the level of risk that they are willing to accept — their “risk appetite” — and use other risk treatment methods (mitigation, transference, and avoidance) to reduce their risk down to that level.
Ensuring that accepted cyber risk is within an organization’s risk appetite requires comprehensive visibility into an organization’s IT infrastructure and the risks associated with it. SASE provides global visibility into activities on the corporate WAN, and built-in security solutions enable an organization to gauge their exposure to various cyber threats and take action to manage them (via firewall security rules, CASB policies, and other controls) or intelligently accept them.
Cybersecurity Risk Management with Cato
Cato provides the world’s most robust single-vendor SASE platform, converging Cato SD-WAN and a cloud-native security service edge, Cato SSE 360, including ZTNA, SWG, CASB/DLP, and FWaaS into a global cloud service. With over 75 PoPs worldwide, Cato optimizes and secures application access for all users and locations, and is easily managed from a single pane of glass. Learn more about how your organization can manage its cyber risk exposure by signing up for a free demo of Cato SASE Cloud today.
November 24, 2022
5m read
Regulatory compliance is a major concern for many organizations. The risks and costs of non-compliance are numerous, including brand damage, regulatory penalties, and even the...
November 24, 2022
5m read
Addressing Regulatory Compliance Challenges for the Distributed Enterprise Regulatory compliance is a major concern for many organizations. The risks and costs of non-compliance are numerous, including brand damage, regulatory penalties, and even the inability to perform business-critical activities, such as processing payment card data.
Digital transformation and the evolution of the regulatory landscape can pose significant compliance challenges for organizations. In most cases, the legacy security technologies designed for primarily on-prem, castle-and-moat security models are no longer enough for security. Maintaining regulatory compliance in the face of digital transformation requires security solutions designed for modern IT environments.
Companies Face Significant Compliance Challenges
Every company is subject to several regulations. Common examples include employer laws, privacy regulations (such as the GDPR), and financial regulations (such as SOX). While this has been true for some time, the complexity of achieving and maintaining regulatory compliance has grown significantly in recent years. Two of the major contributors are the changing regulatory landscape and the expansion of corporate IT networks.
An Evolving Regulatory Landscape
Within the last few years, the regulatory landscape has grown increasingly complex. Companies have long been subject to regulations such as the Payment Card Industry Data Security Standard (PCI DSS, which protects the data of payment card holders, and the Health Insurance Portability and Accessibility Act (HIPAA), a US regulation for protected health information (PHI).
However, the enactment of the General Data Protection Regulation (GDPR) within the EU has set off a surge in new data privacy laws. The GDPR defined many new rights for data subjects, and laws based upon it, such as the California Consumer Privacy Act (CCPA) and its update the California Privacy Rights Act (CPRA), implement these and other rights to varying degrees.
The patchwork of new regulations makes it more difficult for companies to achieve, maintain, and demonstrate compliance. At the same time, existing regulations, such as PCI DSS, are undergoing updates to keep up with evolving data security threats and IT infrastructure.
The Increasingly Distributed Enterprise
Regulatory compliance has also been complicated by the growing distribution of the modern enterprise. The move to cloud computing means that companies may not know where their sensitive data — potentially covered under various regulations — is being stored and processed. The growth of remote work means that employees may be downloading and processing user records in jurisdictions with different data privacy laws.
Some regulations, such as the GDPR, prohibit the transfer of constituents’ data outside of countries with “adequate” data privacy laws, a requirement that might be violated by the use of cloud computing and support for remote work. Companies may also struggle to ensure that mandatory security controls are in place for data stored on devices and infrastructure outside of their control.
It is much harder to maintain compliance with digital transformations: data is all over the place (or the world) and so are users. The way to overcome this is to use a solution that ensures that the organization has global network visibility and the ability to enforce corporate policy across its entire IT infrastructure.
[boxlink link="https://www.catonetworks.com/resources/why-remote-access-should-be-a-collaboration-between-network-security/?utm_medium=blog_top_cta&utm_campaign=remote_access_collab"] Why remote access should be a collaboration between network & security | Whitepaper [/boxlink]
Legacy Remote Access Technology No Longer Works
Historically, companies have implemented a perimeter-focused security model. Initially, this ensured that traffic moving between the corporate network and the public Internet was inspected and secured. As companies expanded to the cloud and remote work, network traffic between remote sites was backhauled to a central location for inspection and enforcement before being routed to its destination.
Correctly implemented, this model may give an organization the visibility and control that it requires for compliance. However, it does so at the cost of network performance and scalability. As corporate networks expand, a growing volume of traffic must pass through the central inspection point.
Growing traffic volumes place additional strain on network and security solutions and add to the network latency impacts on cloud-based software and remote users. Additionally, as virtual private networks (VPNs), the solutions used to implement these castle-and-moat designs, lack any built-in access controls or security capabilities, centralized security architectures require multiple standalone solutions, making them complex and expensive to scale to meet demand.
Maintaining Regulatory Compliance Despite Enterprise Expansion
The limitations of VPNs and legacy security architectures have inspired the zero trust security movement. Implementing a zero trust security model at scale requires solutions capable of enforcing access controls across an organization’s entire IT infrastructure without sacrificing network performance or visibility.
The right way to accomplish this is with a zero trust architecture that is cloud-native and globally available. Cloud-native security solutions can acquire additional resources as needed, allowing them to scale with the business and growing traffic volumes. Additionally, cloud-native security services are available everywhere that an organization’s users and data are, decreasing the performance impacts of regulatory compliance and security.
With the right zero trust architecture, there is no need to compromise or balance between business growth and regulatory compliance. Strong, scalable security meets regulatory requirements, and global visibility and automated data collection and report generation simplify regulatory compliance. Security Service Edge (SSE) and Secure Access Service Edge (SASE) provide the zero trust security architecture that enterprises need to achieve regulatory compliance. By converging networking and network security functionality into a cloud-native solution, SASE moves security tools needed for dynamic regulatory compliance to the cloud.Cato provides the world’s most robust single-vendor SASE platform, converging Cato SD-WAN and a cloud-native security service edge, Cato SSE 360, including ZTNA, SWG, CASB/DLP, and FWaaS into a global cloud service. With over 75 PoPs worldwide, Cato optimizes and secures application access for all users and locations, and is easily managed from a single pane of glass. Learn more about simplifying network security and regulatory compliance with Cato SASE Cloud by signing up for a free demo today.
November 21, 2022
6m read
Amit Spitzer, Cato Networks’ CISO, shares his tried and true methods for succeeding as a CISO, while simultaneously balancing both security needs and business requirements....
November 21, 2022
6m read
How to Become a Successful CISO: Advice from Amit Spitzer, Cato Networks’ CISO Amit Spitzer, Cato Networks’ CISO, shares his tried and true methods for succeeding as a CISO, while simultaneously balancing both security needs and business requirements.
After more than 15 years in security and IT, I can honestly recommend the CISO position to security or IT professionals who are looking for a demanding, yet satisfying, position. Whether you’re implementing a new technology that will help mitigate zero-day attacks or consulting the board about the security impact of an M&A, there’s rarely a dull moment in the life of a CISO. In this post, I have put together my top tips for being a successful and effective CISO, based on my own experience. I hope you find it helpful on your own career path. For a tactical and hands-on guide to becoming CISO, take a look at our blog post, “The 5-Step Action Plan to Becoming CISO”.
Before You Begin: Why Do You Want to Become a CISO?
The first step to becoming a CISO is getting clear on why you want to become one. Whether you’re planning to be a CISO at a disruptive technological company or a paper manufacturing facility, the underlying role and responsibilities of the CISO are ultimately the same: protecting the organization from bad actors who are trying to get their hands on sensitive data. If reading this description got your heart beating faster, then security is the right domain for you. Within security, the difference between a C-level security professional (a CISO) and other security professionals is the vision. A CISO envisions how she or he will impact the company’s goals and milestones, contribute to the company’s interests and protect its assets. While this keeps many a CISO up at night, it is also exciting and exhilarating, since you are involved in major company milestones, like IPOs. Are you ready to actively participate in these types of business activities? If the answer is ‘yes’, you’re in the right CISO mindset.
[boxlink link="https://catonetworks.easywebinar.live/registration-94?utm_medium=blog_top_cta&utm_campaign=ciso_perspective_masterclass"] A CISO’s Perspective on Security | Cybersecurity Master Class: Episode 5 [/boxlink]
Starting Your CISO Journey: Taking a Hands-On Approach
In the past, CISOs from legacy enterprises focused on building the organization. This first generation of CISOs was not involved in technologies. Instead, they set the stage for today’s CISOs, who are in the trenches and taking a hands-on technical approach, while also contributing to business-related goals, like their predecessors.
Such deep technological experience is gained by building yourself from the bottom-up. While a CISO is a C-level position, a good CISO will still be passionate about learning and understanding technologies. This means learning all the specifics of threats and risks and how to mitigate them. You know you’ve succeeded when you’re able to swap out all members of your team.
At the same time, a good CISO also needs to be involved in business aspects like growth, revenue, quarterly sales, etc.
Maintaining the Balancing Act Between Security and Functionality
The built-in challenge between Security and Business departments revolves around how to ensure an apt layer of security while maintaining business operational agility. Let’s face it, there is no ideal solution or global truth for answering this challenge. If the pendulum swings too far in one direction, either business or security, the risks will be too high or the business won’t be able to function, and the board might as well close the company.
In the past, the “block everything” approach was commonly implemented by companies. First generation CISOs piled up security solutions that blocked any technology or traffic that could potentially be a risk. But in a fast-growing startup that needs to be agile, this approach could quickly become the kiss of death to the business.
Instead, it is best to understand that there is no security without sales and there are no sales without security. A CISO and the security teams are here to serve the business and be growth enablers. This means understanding that every security decision made can impact the company and its development processes and therefore needs to be taken carefully.
When making decisions, I recommend building a decision tree that displays various routes of decision-making and their business outcome. Let’s think of an extreme example. If a CISO needs to determine whether or not to approve Zoom, some of the negative business outcomes of prohibiting Zoom could be:
Impacting internal communicationHindering communication with external entities: customers, vendors, partners, etc.Spending more IT resources on finding and procuring a different communication solutionTaking up employee resources for implementing and training on the new communication solution
On the other hand, the responsibility for understanding the risks of new technologies and tools is the CISO’s domain. When implementing a solution, don’t settle on visibility through advanced monitoring capabilities. You and your team need to be able to track incidents and mitigate them before they become breaches with a significant blast radius.
Goal-setting, Roadmap Creation and KPI Planning
A CISO’s goals and KPIs are derived from their main mission: protecting the organization from threat actors who are attempting to access the company’s assets. This means different things in different organizations, which makes it hard to create a global benchmark for CISOs.
For example, a KPI in one company could be to reduce the percentage of clicks on phishing emails from 5% to 3%. But in another, phishing emails are not a prominent attack vector, so such a KPI would not be considered a high priority.
I recommend you build and approve your CISO goals, roadmap and KPIs with your leadership team and board. This serves two purposes. First, ensuring that these metrics are aligned with business needs. Second, evangelizing the CISO’s role and responsibilities, and therefore creating a higher chance for you to succeed.
Tips for Getting Hired as a First-time CISO
Finding a first-time CISO role can take some time. Here’s how to make yourself stand out with recruiters and CEOs who are reviewing your CV, comparing you to other applicants or considering you for a first-time role:
Become an expert - Specialize in a security or organizational aspect and make yourself the go-to person for that field. This could be a certain application or how a practice is implemented in an organization. This becomes a strong driver for organizations to hire you and want to include you in their organization.Build confidence in your abilities - Create a sense of trust in your abilities to handle various situations, in your technological capabilities and of your business acumen. By doing so, you will be the person who is handed opportunities when they arise.Combine technology and business capabilities - Build up your business experience by taking a business-oriented approach. Don’t be afraid to hop on customer calls, answer customer questions and participate in cross-departmental brainstorming sessions where commercial questions are discussed. You can also become involved with marketing and sales processes to help them streamline their processes.
Take projects from idea to execution - Find an idea that can help the business and bring it to execution. This includes research, building rapport with colleagues, resource allocation and project management. Comprehensive project management will not only show off your leadership skills, it will also help you hone your combination of technological and business capabilities, to help you build yourself up for the role.
Next Steps for Future CISOs of Tomorrow
Your CISO journey might not be the same as your colleagues’, or it might be a textbook career path from security professional to CISO. Either way, your unique characteristics as a CISO are what will make you stand out, not how you got there. By being enthusiastic about what you do, finding creative ways to solve problems and constantly maintaining an understanding of tech and business growth, you will be able to lead security and make the best decisions for your company, which is the real indicator of success.
November 17, 2022
3m read
As security professionals, we are inundated with news stories and articles about cyber attacks and breached companies. Sometimes, attacks become newsworthy because of the attacked...
November 17, 2022
3m read
The 3 Worst Breaches of 2022 That You Should Know About (That Didn’t Get Much Press or Attention) As security professionals, we are inundated with news stories and articles about cyber attacks and breached companies. Sometimes, attacks become newsworthy because of the attacked company, for example when it's a notable enterprise. Other times, the attack technique was so unique, that it deserves a headline of its own.
In this blog post, we take a different approach. Instead of naming and shaming, we will review three of the worst breaches and attacker tactics and techniques of 2022 that might have gone by unnoticed, and use them as a way to learn how to better protect ourselves.
This blog post is based on episode #9 of the Cato Networks cybersecurity Master Class (“The 3 Worst Breaches of 2022 That You Probably Haven’t Heard Of”). The Master Class is taught by Etay Maor, Sr. Director of Security Strategy at Cato Networks and an industry recognized cyber security researcher and keynote speaker. You can watch all the episodes of the Master Class, here.
Attack #1: Ransomware: The Sequel
Ransomware as a service is a type of attack in which the ransomware software and infrastructure are leased out to the attackers. In this first case, the threat actors used ransomware as a service to breach the victim’s network. They were able to exploit third-party credentials to gain initial access, progress laterally and ransom the company, all within mere minutes. The swiftness of this attack is unusual. In many cases, attackers stay in the networks for weeks and months before demanding the ransom.
So, how did attackers manage to ransom a company in minutes, with no need for discovery and weeks of lateral movement?
Watch the Master Class to learn more about the history of ransomware, ransomware negotiation and various types of ransomware attacks.
[boxlink link="https://catonetworks.easywebinar.live/registration-the-3-worst-breaches-of-2022?utm_medium=blog_top_cta&utm_campaign=3_worst_breaches_webinar"] The 3 Worst Breaches of 2022 (That You Probably Haven’t Heard Of) | Webinar [/boxlink]
Attack #2: Critical Infrastructure: Sabotaging Radiation Alert Networks
Attacks on critical infrastructure are becoming more common and more dangerous. Breaches of water supply plants, sewage systems and other such infrastructures could put millions of residents at risk of a human crisis. These infrastructures are also becoming more vulnerable, with tools like Shodan and Censys that enable finding vulnerabilities fairly easily.Let Etay Maor take you on a deep dive into ICS (Industrial Control Systems). Why are attacks moving from IT to OT (Operational Technology)? And, in the Master Class, we discuss security solutions for protecting critical infrastructure, like zero trust and SASE.
Attack #3: Ransomware (That Could Have Been Prevented)
The third attack is also a ransomware attack. This time, it consisted of a three steps approach of infiltration, lateral progression over the network, and exfiltration. You’ll learn the ins and outs of this attack, including who the victim is and why their point security solutions were not able to block this attack.Etay Maor conducts a full breach analysis, taking us from a “single-point-of-failure” mindset to a holistic and contextual approach that requires securing multiple choke points.To learn more about each of these three attacks, what to expect in 2022-2023 and how a converged security solution can assist in preventing similar attacks in the future, watch the Master Class.
November 14, 2022
5m read
Zero-day attacks are a growing threat to corporate cybersecurity. Instead of reusing existing malware and attack campaigns that are easily detected by legacy security solutions,...
November 14, 2022
5m read
Effective Zero-Day Threat Management Requires Cloud-Based Security Zero-day attacks are a growing threat to corporate cybersecurity. Instead of reusing existing malware and attack campaigns that are easily detected by legacy security solutions, cyber threat actors tune their malware to each campaign or even each target within an organization.
These zero-day attacks are more difficult and expensive to detect, creating strain on corporate security architectures. This is especially true as the growth of corporate IT infrastructures generates increasing volumes of network traffic that must be inspected and secured. Managing cyber risk to corporate IT systems requires security solutions that can scale to meet growing demand.
Zero-Day Threats Are Harder to Detect
Historically, antivirus and other threat detection technologies used signature-based detection to identify malware and other malicious content. After a new threat was identified, a signature was built based on its unique features and added to the signature library. All future content would be compared to this signature, and, if it matched, would be identified as a threat and remediated.
This approach to threat detection requires limited resources and can be highly effective at identifying known threats. However, a signature must first exist for threats to be identified. The growth of zero-day attacks leaves signature-based detection blind to many threats and creates a delay between the emergence of a new threat and solutions’ ability to identify it.
Other approaches to threat detection can identify novel and zero-day threats. For example, anomaly detection identifies deviations from normal behavior that could point to either benign errors or attempted attacks. Behavioral analysis monitors the actions of user accounts, applications, and devices for risky or malicious behaviors that pose a threat to a system.
These forms of threat detection have the ability to provide much more robust protection to an organization’s systems against novel and evolving threats. However, this improved detection comes at a price. In general, anomaly and behavioral detection consume more processing power and require access to larger datasets than traditional, signature-based detection systems. Also, non-signature detection systems have the potential for false positive detections, creating additional alerts for security personnel to sort through.
[boxlink link="https://catonetworks.easywebinar.live/registration-enhancing-your-enterprise-network-security-strategy?utm_medium=blog_top_cta&utm_campaign=enhancing_network_security_webinar"] Enhancing Your Enterprise Network Security Strategy | Webinar [/boxlink]
Legacy Firewall Security Solutions Can’t Keep Up
Zero-day threat detection is essential for protecting against modern cyber threats, but it is also resource-intensive. As traffic volumes increase, the additional work required to identify novel threats can put strain on an organization’s network security architecture.
This is especially true for organizations that rely on legacy next-generation firewalls (NGFWs). Firewall security solutions deployed within an organization’s on-prem data center have limited scalability. If traffic volumes exceed the compute capabilities of an appliance-based solution or software running on a server, then the organization needs to acquire and deploy additional hardware to secure the traffic without compromising network performance. This is especially true if TLS decryption is required for inspection of encrypted traffic as this can exhaust an appliance’s compute capacity.
As the cyber threat landscape evolves, organizations will need to identify and respond to more numerous and sophisticated cyber threats, which increases the resource requirements of cyber threat detection. With legacy, appliance-based solutions deployed on-prem, companies are already forced to choose between properly protecting their environments against cyber threats and the performance of their corporate networks.
Cloud-based Security is Essential for Modern Threat Management
One of the main limitations of security solutions is that effectively inspecting and securing network traffic is computationally expensive. With limited resources, TLS decryption and in-depth inspection of network traffic can cause performance issues, especially as corporate networks and their traffic bandwidth increase.
The best way for companies to keep pace with the growing resource requirements of security is to take advantage of cloud scalability and adaptability. Cloud-native security solutions can expand the resources that they consume as needed to cope with growing network traffic volumes and the associated cost of security inspection and threat detection and response.
Secure Access Service Edge (SASE) solutions take full advantage of the benefits of the cloud to optimize corporate network security. SASE solutions converge many network and security functions into a single solution, eliminating the redundancy and waste of standalone solutions. Additionally, as cloud-native solutions, SASE solutions elastically scale to meet growing network traffic volumes or the resource requirements of expensive security operations.
In addition to solving the problem of the resource consumption of security functions, SASE solutions also provide numerous other benefits, including:
Greater Visibility: SASE solutions integrate traffic inspection and threat detection across the entire corporate WAN and not only the internet. This provides improved security visibility and additional context regarding cyber threats.
Improved Threat Detection: SASE solutions can also leverage this increased visibility — as well as threat intelligence data — to more accurately identify threats to the organization. Security integration also means that threat response activities can be coordinated across the corporate WAN, providing better protection against distributed attacks.
Enhanced Network Performance: SASE solutions are globally distributed and integrate network optimization functions as well as security features. Traffic can be inspected and secured at the nearest SASE point of presence before being optimally routed to its destination.
Cato provides the world’s most robust single-vendor SASE platform, converging Cato SD-WAN and a cloud-native security service edge, Cato SSE 360, including ZTNA, SWG, CASB/DLP, and FWaaS into a global cloud service. With over 75 PoPs worldwide, Cato optimizes and secures application access for all users and locations, and is easily managed from a single pane of glass. Learn more about how Cato SASE Cloud’s threat detection capabilities can help protect your organization against zero-day threats with a free demo.
November 10, 2022
4m read
Ever since the 1990s, IT has been dominated by appliance-centric architecture. But in 2015, Cato revolutionized this paradigm by envisioning networking and security delivered as...
November 10, 2022
4m read
SASE Vendor Selection: Should You Focus on Outcomes or Tools? Ever since the 1990s, IT has been dominated by appliance-centric architecture. But in 2015, Cato revolutionized this paradigm by envisioning networking and security delivered as a converged, cloud-native service. This evolution was not unlike the massive shift created by AWS’s global cloud service, which provided a new kind of infrastructure that supported scalability, resiliency, elasticity, security, connectivity and global distribution (and more).
While AWS is not necessarily the cheapest option, businesses today still choose AWS (or Azure, Google Cloud and other public cloud providers) so they can focus their IT teams on business critical projects and strategic initiatives, instead of requiring them to maintain and manage infrastructure. In other words, AWS became an extension of the IT team, turning it into a business enabler.
Cato is following a similar path. The Cato SASE Cloud provides high performance routing and security inspection of enterprise network traffic. To ensure high availability and maximal security posture, the Cato SASE cloud is optimized and maintained by our professionals from DevOps, networking and security. As a result, Cato too is an extension of the IT team, while owning the outcome: a secure and resilient infrastructure. This blog post compares Cato SASE to legacy applications while demonstrating the strategic business value of Cato. A more in-depth comparison can be found in the whitepaper which this blog post is based on. Click here to read it.
Cato SASE Cloud vs. Legacy Appliances
How is the value of Cato justified? While legacy appliances are tools, Cato SASE Cloud is built for outcomes: highly available, scalable and secure connectivity for everyone, everywhere.
Cato ensures:
Disruption-free capacity handlingNo infrastructure maintenance24x7 NOC24x7 SOC24x7 Support
Tools on the other hand create:
Complexity when deploying and planning capacity A capacity vs. usage tradeoffDifficulties maintaining the security postureAn extended attack surface of appliancesLimited support effectiveness and limited customer environment access
[boxlink link="https://www.catonetworks.com/resources/outcomes-vs-tools-why-sase-is-the-right-strategic-choice-vs-legacy-appliances/?utm_medium=blog_top_cta&utm_campaign=features_vs_outcomes"] The Pitfalls of SASE Vendor Selection: Features vs. Strategic Outcomes | Whitepaper [/boxlink]
Cloud-Delivered vs. Appliance-Delivered Features
Features differ in their deployment, management, scalability, and effectiveness. Let’s look at some examples of these differences through the lens of managed vs. standalone features and adaptable vs. rigid features.
Managed vs. Standalone Features
Managed - Cato’s IPS is always in a fully optimized security posture. We evaluate threats and vulnerabilities, develop mitigations and deploy only after ensuring performance isn’t negatively impacted.
Standalone - An IPS from an appliance vendor requires the IT team to deploy, assess the deployment impact on performance and ensure all appliances are kept up-to-date. Consequently, these teams are in “detect mode” instead of “prevent mode”.
Adaptable vs. Rigid Features
Adaptable - Cato’s cloud-native architectures make inspection capabilities available whenever there are new loads or new requirements, at any scale or location, and seamlessly.
Standalone - When locations and capacity are constrained, it’s the customer’s responsibility to predict future inspection capabilities. As a result, new branches, users and applications turn into business disruptors, instead of driving growth.
Conclusion
“DIY” is a good solution in some cases, but not for enterprises looking to achieve agile and flexible networking and security infrastructure. The required infrastructure expertise coupled with the lack of IT resources make DIY unsustainable in the long haul. Instead, a new partnership model with technology-as-a-service providers is required. This partnership can help organizations achieve the outcomes they need to drive their business and achieve their strategic goals.
Read more from the whitepaper “The Pitfalls of SASE Vendor Selection: Features vs. Strategic Outcomes”, for a closer look.
In the new digital world, we’re no longer restricted by borders and can innovate with our colleagues and partners all over the world. ABB FIA...
Driving Into Action: Our New Partnership with the TAG Heuer Porsche Formula E Team In the new digital world, we’re no longer restricted by borders and can innovate with our colleagues and partners all over the world. ABB FIA Formula E World Championship has been growing year-on-year and has become the testing ground for the latest innovations not only for Motorsport, but the automotive industry as a whole. So, I am thrilled to announce that today we are launching a partnership with the TAG Heuer Porsche Formula E Team as its official SASE partner.
Porsche has a rich racing history dating back to the 1950s. In Formula E’s sixth season, Porsche made its long-awaited return to top-flight single-seater racing and has continued to make positive strides over the past three years. Last season saw the team secure their first race win in Formula E with an impressive 1-2 finish in Mexico City.
At Cato, we pride ourselves on helping our customers collaborate securely from anywhere on the globe by eliminating the complexities of point solutions and delivering secure network architecture through the power of a single-vendor SASE cloud platform. Global motorsport competitions are often labeled as traveling circuses, as they assemble, race, pack up, and move on to the next country on a weekly and monthly basis. The nature of the Formula E racing season, along with the team’s extensive use of technologies and data, has meant that cloud-native networking and security infrastructure have become a cornerstone of the team’s strategy.
Click here to enlarge the image
The decisions that the TAG Heuer Porsche team makes are comparable to those of any business organization. When you need to analyze every data point from tire temperatures to battery depletion in real-time and the team’s HQ is located on the other side of the world, it’s vital the team can make split second decisions to make a difference on track.
These decisions are informed by vast datasets that the team has collected throughout each Formula E event and the car’s extensive development. These data-informed insights are critical for the team’s on-track performance and must be taken in a way that minimizes security and operational risks as well as optimal application and data access.
Cato will play an important role helping the TAG Heuer Porsche Formula E team to optimize operations and provide secure access to the network and SaaS applications all season long. We are excited and optimistic about the season and working together to… WIN!
“Join us by supporting the TAG Heuer Porsche Formula E Team when Formula E Season 9 kicks off in Mexico City on January 14th and stay tuned for more details on the partnership in the coming weeks.”
Find out more about the TAG Heuer Porsche Formula E team here: https://motorsports.porsche.com/international/en/category/formulae
The new high severity vulnerabilities in OpenSSL — CVE-2022-3602 (Remote Code Execution) and CVE-2022-3786 (Denial of Service) – were disclosed this week. What is OpenSSL?...
The OpenSSL Vulnerability: A Cato Networks Labs Update The new high severity vulnerabilities in OpenSSL -- CVE-2022-3602 (Remote Code Execution) and CVE-2022-3786 (Denial of Service) – were disclosed this week.
What is OpenSSL?
OpenSSL is a popular open-source cryptography library that enables secured communications over the Internet in part through the generation of public/private keys and use of SSL and TLS protocols.
What Are the Vulnerabilities?
The vulnerabilities were found in OpenSSL versions 3.0.0. to 3.0.6. They occur after certificate verification and then only after unlikely conditions are met either signing of a malicious certificate by a certificate authority (CA) or after an application continues verifying a certificate despite failing to identify a trusted issuer.
[boxlink link="https://www.catonetworks.com/sase-quarterly-threat-research-reports/?utm_source=blog&utm_medium=top_cta&utm_campaign=q_reports"] SASE Quarterly Threat Research Reports | Go to Reports [/boxlink]
With CVE-2022-3602, a buffer overrun can be triggered in X.509 certificate verification, enabling an attacker to craft a malicious email address to overflow four attacker-controlled bytes on the stack, which could result in a crash, causing a Denial of Service (DoS), or remote code execution (RCE). With CVE-2022-3786, a buffer overrun can also be triggered in X.509 certificate verification, but specifically in name constraint checking. Again, the attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the “.” Character (decimal 46) on the stack, resulting in a crash causing a DoS. (Read the OpenSSL Security Advisory here for detailed information about the attacks.)
What’s the Impact on Cato SASE Cloud? None.
While Cato does use OpenSSL neither vulnerability impacts our infrastructure. Neither our cloud assets, the Cato Socket or the Cato Client use a vulnerable version of OpenSSL.
What Actions is Cato Taking?
Cato Networks Research Labs is investigating the unlikely case of exploitation attempts and considering adding new IPS signatures to block them. Currently, we have not seen incidents or published reports of exploitation attempts in the wild.
What Actions Should I Expect from Other Tech Vendors?
The attack is severe enough that all vendors should upgrade affected appliances and software. You can see a list of affected software here. While patching and protecting users at Cato can happen instantly, such as with Log4j, that’s not the case with all solutions. Expect exploits of the OpenSSL vulnerabilities to linger as we saw with Log4j.
Cato Networks Research Labs will continue to monitor the situation and update accordingly.
Although managing on-premises servers may be costly and time-consuming, businesses at least have some control when it comes to patching say, a newly discovered exploit...
How To Identify a Trusted Cloud Provider: The Essential Security Certifications and Practices You Should Look For Although managing on-premises servers may be costly and time-consuming, businesses at least have some control when it comes to patching say, a newly discovered exploit or stopping a zero-day attack. Not so with the cloud. Cloud-based estates are at the mercy of cloud service providers to apply relevant patches and maintain the security of the infrastructure that they’re using.
That’s why it’s so important for organizations to ensure they’re partnering with trusted cloud providers, who can be relied upon to maintain an appropriate level of safeguarding and discipline when it comes to their security. And one of the most important ways they can establish the trustworthiness of a vendor is by seeking out those who have obtained relevant certifications.
SOC 1 and 2: Ever Popular and Important
There are several key accreditations that IT vendors and service providers can attain in order to demonstrate their competency in various areas, such as data privacy or information security.
One of the most frequently requested certifications by customers when delivering due diligence are SOC 1 and SOC 2 Type 2 standards established by the American Institute of CPAs (AICPA).
SOC 1 helps organizations examine and report on their internal controls relevant to their customer's financial statements. At the same time, SOC 2 focuses on controls relevant to the security, availability, processing, integrity, confidentiality, and privacy of customer's data. Cato is annually audited by a 3d party to ensure procedures and practices are followed and never neglected.
[boxlink link="https://www.catonetworks.com/resources/casb-demo/?utm_medium=blog_top_cta&utm_campaign=cato_demo_controlling_cloud"] Controlling Cloud Usage IT with Cato CASB | Cato Demo [/boxlink]
The ISO Family Is Well Known for Good Reason
The ISO27000 family of certifications is among the most popular and well-known. These certifications are independently verified and internationally recognised and are often regularly updated to reflect current best practices. When comparing cloud providers, IT leaders should look for those that adhere to a variety of well-known industry standards relevant to their business globally. Another recommendation is to focus not only on general security certifications, but also on cloud security and privacy protection as they become a prerequisite for doing business.
Cato Networks, for example, holds many certifications within this family, such as ISO27001, which sets out the specification for an information security management system (ISMS). This includes policies, goals and objectives, statement of applicability (SOA), roles and responsibilities (R&R), risk assessment, and treatment methods. This is one of the most well-known and requested certifications internationally, creating a “security first” approach in the organizational culture.
Achieving ISO27001 certification is often the first step on a vendor’s journey and is a prerequisite for earning further related accreditations. ISO27017 – also held by Cato – is one of the security standard’s extensions for cloud service providers, and addresses access control, cryptography, physical and environmental security, information lifecycle management, and other controls in the cloud. ISO27017 can help win new business as many organizations now worry about cloud security and want to ensure their assets are protected wherever they are stored or processed.
ISO27701 and ISO27018, meanwhile, are data privacy extensions that demonstrate that Cato has met the guidelines for implementing measures to protect Personally Identifiable Information (PII). ISO27701 focuses on establishing, implementing, and maintaining privacy information management system (PIMS), managing privacy risks related to PII, and helps to comply with GDPR and other data protection regulations. ISO27018 focuses on PII protection in the cloud and offers guidance on implementing privacy by design.
In order to achieve ISO27701 and ISO27018 extensions, organizations like Cato must follow the most comprehensive data controls delivered by an internationally recognized standard, which makes it easier for Cato and its solutions to provide assurances about their security and data protection practices. Cloud vendors should be constantly updating and adding to the library of certifications that they’ve achieved in order to demonstrate a deepening of their skills, and a continued commitment to their customers’ safety.
These certifications – as well as the many others held by reputable cloud providers such as Cato – are useful in proving a firm commitment to high standards of security and privacy. They can also play a valuable role in ensuring compliance with key regulatory frameworks, including the European GDPR, and the California Consumer Privacy Act – which is vital for supporting clients who are bound by these laws.
What to Consider Beyond Certifications
Certifications only tell part of the security story, however. In addition to accreditations, the actions of a company – as well as its attitudes and approaches to compliance - can also indicate whether a provider is serious about security. Along with recognizing the need for certification, and the important role that compliance plays in the business, organizations must continually evolve in their implementation, maintenance, and monitoring of compliance issues. This is why Cato is constantly investing in new capabilities, tools, and approaches which are needed to demonstrate accurate, deep, and real-time compliance with the security and privacy standards it adheres to.
For instance, while more traditional development life cycles places security and compliance testing as one of the final stages a solution would go through prior to deployment, Cato follows the ‘Shift Left’ approach. This concept, first popularised within the DevOps community, involves injecting processes such as testing and security into an earlier phase of project development, in order to identify potential problems more quickly and easily.
Another tactic borrowed from the world of DevOps is the adoption of data-driven decision-making. Instead of relying on data reflecting a specific point in time to conduct compliance audits, real-time data from live systems now allows for continuous monitoring and comparison with security standard. This provides a much more in-depth picture of compliance posture, as opposed to the high-level gaps revealed by more static methodologies.
In-depth, accurate data is also used much more heavily in risk models, which are now created using quantitative rather than qualitative analysis. This gives much better visibility of genuine risk factors and their potential impact, without relying on subjective perceptions. This reflects the broader change in attitudes towards compliance across the industry; where previously compliance tasks would have been handled by technical personnel and consultants, organizations will now often have entire teams dedicated to compliance, including representatives from GRC departments and the DPO’s office, which maintain ownership of related issues on a continuous basis.
Certifications are Essential for Building a Trusted Relationship
The relationship between a cloud service provider and their customer depends on trust. Ensuring that the right certifications are in place to demonstrate an ability to support the full range of client needs is an essential part of building and maintaining that trust. A robust certification and compliance posture is more than ever an essential part of security - and it can also create opportunities and win business worldwide if well managed and updated.
As businesses grow, they should take pains to ensure that their cloud provider – and the maturity of their certifications – is growing along with them. The commitment and expertise that these accreditations signify are invaluable for organizations as they scale and bespeak a partner that’s willing to go the distance. Remember: security is a marathon, not a sprint.
The cybersecurity industry is well known for its buzzwords. Every year, a new word, phrase, or acronym emerges to describe the latest and greatest tool...
If You Want a True Security Platform, You Need SASE The cybersecurity industry is well known for its buzzwords. Every year, a new word, phrase, or acronym emerges to des
