New Cato Networks SASE Report Identifies Age-Old Threats Lurking on Enterprise Networks

Etay Maor
May 25, 2021

The recent attack on the Colonial Pipeline. Russian and Chinese election meddling. The exotic and spectacular threats grab popular headlinesbut it’s the everyday challenges that plague enterprise networks. Unpatched legacy systems, software long exploited by attackers, banned consumer applications, and more leave enterprises exposed to attack.  

SASE Platform Gathers Networking and Security Information 

Those were just some of the key findings emerging from our analysis of 850 enterprise networks in the Cato Networks SASE Threat Research Report. From January 1 till March 31, Cato used our global SASE platform to gather and analyze network flows from hundreds of enterprises worldwide.  We captured the metadata of every traffic flow from every customer site, mobile user, and cloud resource connected to the Cato global private backbone was in a massive data warehouse All totaled more than 200 billion network flows and 100 Terabytes of data per day were stored in the data warehouse.  

With this massive repository, we gathered insights into which applications and security threats operate on enterprise networks. Network information was derived using Cato’s own internal tools. Data modeling was used to identify applications by unique traffic identifiers and then looked up in the Cato library of application signatures. Security information was derived by feeding network flow data into the Cato Threat Hunting System (CTHS), a proprietary machine learning platform that identifies threats through contextual network and security analysis. This highly efficient, automated platform eliminated more than 99% of the flowsleaving the Cato security team to analyze 181,000 high-risk flows. The result was 19,000 verified threats 

Key Findings Highlight Risks and Key Applications 

Combining network flow data and accurate threat information provides a unique perspective into today’s enterprise networks. Read the report and learn:  

  • The most popular corporate applicationon enterprise networks.  Some applications, like Microsoft Office and Google, you will already know, but other applications that have been source of significant vulnerabilities also lurk on many networks. 
  • Is videosharing consuming your network bandwidthA popular videosharing platform was surprisingly common on enterprise networks, generating even more flows than Google Mail and LinkedIn.  
  • The most common exploits. The report identifies the most common Common Vulnerability and Exposures (CVEs); many were still found in essential enterprise software packages.  
  • The source of most threatsWhile the news focuses on Russia and China, most threats originate closer to home. Blocking network traffic to and from ‘the usual suspects may not necessarily make your organization more secure,” says Etay Maor, our senior director of security strategy. 

To learn more, check out the Cato Networks SASE Threat Research Report.

 

 

Etay Maor

Etay Maor is the Senior Director of Security Strategy at Cato Networks and an industry-recognized cybersecurity researcher. Previously, Etay was the Chief Security Officer for IntSights, where he led strategic cybersecurity research and security services. Etay has also held senior security positions at IBM, where he created and led breach response training and security research, and RSA Security’s Cyber Threats Research Labs, where he managed malware research and intelligence teams. Etay is an adjunct professor at Boston College and is part of Call for Paper (CFP) committees for the RSA Conference and QuBits Conference. He holds a BA in Computer Science and a MA in Counter-Terrorism and Cyber-Terrorism.