|
Listen to post:
Getting your Trinity Audio player ready...
|
More than just introducing XDR today, Cato announced the first XDR solution to be built on a SASE platform. Tapping the power of the platform dramatically improves XDR’s quality of insight and the ease of incident response, leading to faster incident remediation.
“The Cato platform gives us peace of mind,” says Shayne Green, an early adopter of Cato XDR and Head of security operations at CloudFactory. CloudFactory is a global outsourcer where Green and his team are responsible for ensuring the security of up to 8,000 remote analysts (“cloud workers” in CloudFactory parlance) worldwide. “When you have multiple services, each providing a particular component to serve the organization’s overall security needs, you risk duplicating functionality. The primary function of one service may overlap with the secondary function of another. This leads to inefficient service use. Monitoring across the services also becomes a headache, with manual processes often required due to inconsistent integration capabilities. To have a platform where all those capabilities are tightly converged together makes for a huge win,” says Green.
Why CloudFactory Deployed Cato XDR
Cato XDR is fed by the platform’s set of converged security and network sensors, 8x more native data sources than XDR solutions built on a vendor’s EPP solution alone. The platform also delivers a seamless interface for remediating incidents, including new Analyst Workbenches and proven incident response playbooks for fast incident response. From policy configuration to monitoring to threat management and incident detection, enterprises gain one seamless experience.
“Cato XDR gives us a clear picture of the security events and alerts,” says Green. “Trying to pick that apart through multiple platforms is head-scratching and massively resource intensive,” he says.
Before Cato, XDR would have been infeasible for CloudFactory. “We would need to have all the right sensors deployed for our sites and remote users across the globe. That would have been a costly exercise and very difficult to maintain. We would also have needed to ingest that data into a common datastore, normalize the data in a way that doesn’t degrade its quality, and only then could we begin to operate on the data. It would be a massive effort to do it right; Cato has given us all that instantly,” he says.
Cato XDR Streamlines CloudFactory’s Business Collaboration
With Cato XDR deployed, Green found information that proved helpful at an operational level. “We knew that some BitTorrent was running on our network, but Cato XDR showed us how much, summarizing all the information in one place and other types of threats. With the evidence consolidated on a screen, we can easily see the scale of an issue.
The new AI summary feature helps to automate a routine task. “We just snip-and-send the text describing the story for our internal teams to act on. The AI summary provides a very clear and simple articulation of the issue\finding. This saves us from manually formulating reports and evidence summaries.”
“Having a central presentation layer of our security services along with instant controls to remediate issues is of obvious benefit ” he says. “We can report on millions of daily events to show device and user activity, egress points, ISP details, application use, throughput rates, security threats and more. We can see performance pinch points, investigate anomalous traffic and application access, and respond accordingly. The power of the information and the way it is presented makes the investigations very simple. Through the workbench stories feature, we follow the breadcrumb trail through the verbose data sets all the way to a conclusion. It’s actually a fun feature to use and has provided powerful results – which is super useful across a distributed workforce.”
The Industry’s First SASE-based XDR Has Arrived | Download the eBook“Before Cato, we would often be scratching our heads trying to obtain meaningful information from multiple platforms and spending a lot of time doing it. The alternative would be very fragmented and sometimes fairly brittle due to the way sets of information would have to be stitched together. With Cato, we don’t have to do that. It’s maintained for us, and the information is on tap.”
The Platform: It’s More Than Just Technology
However, for Green, the notion of a platform extends far beyond the technical delivery of capabilities. “Having a single platform is a no-brainer for us. It’s not just the technology. It also gives us a single point of contact for our networking and security needs, and that’s incredibly important. Should we see the need for new features or enhancements, or if we have problems, we’re not pulled from pillar-to-post between providers. We have a one-stop shop at Cato,” says Green.
“What I like about the partnership with Cato is how they respond to our feedback,” he says. “There’s been several occasions where we’ve asked for functionality or service features to be added, and they have been. That’s fantastic because it strengthens the Cato platform, the partnership, and, most importantly, the service we can provide our clients.
To learn more about the CloudFactory story, read the original case study here.