The recent attack on the Colonial Pipeline. Russian and Chinese election meddling. The exotic and spectacular threats grab popular headlines, but it’s the everyday challenges that plague enterprise networks. Unpatched legacy systems, software long exploited by attackers, banned consumer applications, and more leave enterprises exposed to attack.
SASE Platform Gathers Networking and Security Information
Those were just some of the key findings emerging from our analysis of 850 enterprise networks in the Cato Networks SASE Threat Research Report. From January 1 till March 31, Cato used our global SASE platform to gather and analyze network flows from hundreds of enterprises worldwide. We captured the metadata of every traffic flow from every customer site, mobile user, and cloud resource connected to the Cato global private backbone was in a massive data warehouse. All totaled more than 200 billion network flows and 100 Terabytes of data per day were stored in the data warehouse.
With this massive repository, we gathered insights into which applications and security threats operate on enterprise networks. Network information was derived using Cato’s own internal tools. Data modeling was used to identify applications by unique traffic identifiers and then looked up in the Cato library of application signatures. Security information was derived by feeding network flow data into the Cato Threat Hunting System (CTHS), a proprietary machine learning platform that identifies threats through contextual network and security analysis. This highly efficient, automated platform eliminated more than 99% of the flows, leaving the Cato security team to analyze 181,000 high-risk flows. The result was 19,000 verified threats.
Key Findings Highlight Risks and Key Applications
Combining network flow data and accurate threat information provides a unique perspective into today’s enterprise networks. Read the report and learn:
- The most popular corporate applications on enterprise networks. Some applications, like Microsoft Office and Google, you will already know, but other applications that have been a source of significant vulnerabilities also lurk on many networks.
- Is video–sharing consuming your network bandwidth? A popular video–sharing platform was surprisingly common on enterprise networks, generating even more flows than Google Mail and LinkedIn.
- The most common exploits. The report identifies the most common Common Vulnerability and Exposures (CVEs); many were still found in essential enterprise software packages.
- The source of most threats. While the news focuses on Russia and China, most threats originate closer to home. “Blocking network traffic to and from ‘the usual suspects may not necessarily make your organization more secure,” says Etay Maor, our senior director of security strategy.
To learn more, check out the Cato Networks SASE Threat Research Report.