Cato XDR: A SASE-based Approach to Threat Detection and Response

Listen to post:
Getting your Trinity Audio player ready...

Security Analysts Need Better Tools 

Security analysts continue to face an ever-evolving threat landscape, and their traditional approaches are proving to be quite limited.  They continue to be overrun with security alerts, and their SIEMs often fail to properly correlate all relevant data, leaving them more exposed to cyber threats.  These analysts require a more effective method to understand threats faster and reduce security risks in their environment.   

Extended Detection and Response (XDR) was introduced to improve security operations and eliminate these risks.  XDR is a comprehensive cybersecurity solution that goes beyond traditional security tools.  It was designed to provide a more holistic approach to threat detection and response across multiple IT environments. However, standard XDR tools have a data quality issue because to process threat data, it must be normalized into a structure the XDR understands.  This often results in incomplete or reduced data, and this inconsistency makes threats harder to detect.  

SASE-based XDR  

Cato Networks realized that XDR needed to evolve.  It needed to overcome the data-quality limitations of current XDR solutions to produce cleaner data for more accurate threat detection.  To achieve this, the way XDR ingested and processed data needed to change, and it would start with the platform.  This next evolution of XDR would be built into a SASE platform to enable a more comprehensive approach to security operations.  

SASE-based XDR is a completely different approach to security operations and overcomes the limitations of standard XDR solutions. Built-in native sensors overcome the data quality issues to produce high-quality data that requires no integration or normalization. Captured data through these sensors are populated into a single data lake and this allows AI/ML algorithms to train on this data to create quality XDR incidents. 

Cato Networks SASE Threat Research Report H2/2022 | Download the Report

AI/ML in SASE-based XDR 

AI/ML serves an important role in SASE-based XDR, with advanced algorithms providing more accuracy in correlation and detection engines.  Advanced ML models train on petabytes of data and trillions of events from a single data lake.  Data populated through the native sensors requires no integration or normalization and no need for data reduction.  The AI/ML is trained on this raw data to eliminate missed detections and false positives, and this results in high-quality threat incidents.   

SASE-based XDR Threat Incidents 

SASE-based XDR detects and acts on various types of cyber threats.  Every threat in the management console is considered an incident that presents a narrative of a threat from its inception until its final resolution.  These incidents are presented in the Dashboard, providing a roadmap for security analysts to understand the detected threats.  SASE-based XDR generates three types of incidents:  

  1. Threat Prevention – Correlates Block event signals that were generated from prevention engines, such as IPS.   
  1. Threat Hunting – Detects elusive threats that do not have signatures by correlating various network signals using ML and advanced heuristics.  
  1. Anomaly Detection – Detects unusual suspicious usage patterns over time using advanced statistical models and UEBA (User and Entity Behavior Analytics).  

Threat Intelligence for SASE-based XDR 

SASE-based XDR contains a reputation assessment system to eliminate false positives.  This system uses machine learning and AI to correlate readily available networking and security information and ingests millions of IoCs from 250+ threat intelligence sources.  It scores them using real-time network intelligence gathered by ML models.   

Threat intelligence enrichment strengthens SASE-based XDR by increasing the quality of data that is consumed by the XDR engine, thus increasing the accuracy of the XDR incidents.  Security teams are now better equipped to investigate their incidents and remediate cyber threats in their environment.   

Cato XDR: The Game-Changer 

Cato XDR is the industry’s first SASE-based XDR solution that eases the burden of security teams and brings a 360-degree approach to security operations.  It uses advanced AI/ML algorithms for increased accuracy in XDR’s correlation and detection engines to create XDR stories.  It also uses a reputation assessment engine for threat intelligence to score threat sources and identify and eliminate false positives. 

Cato XDR also overcomes the data quality issue of standard XDR solutions.  The Key to this is native sensors that are built into the SASE platform.  These high-quality sensors produce quality metadata that requires no integration or normalization.  This metadata is populated into our massive data lake, and Machine Learning algorithms train on this to map the threat landscape. 

Cato XDR is a true game-changer that presents a cleaner path to more efficient security operations.  With XDR and security built into the platform, the results are cleaner and more accurate detection, leading to faster, more efficient investigation and remediation. 

For more details, read more about XDR here

Related Topics