Extended Detection and Response (XDR)

Cato XDR is the industry’s first SASE-based detection and response solution empowering security teams with granular and efficient threat investigation and remediation tools. Cato XDR’s AI and ML algorithms help identify threats in massive data lake, and surface them in a manageable way for analysis and resolution within the Cato Management Application.

Cato XDR Capabilities

See Through the Alert Fatigue of Threat Prevention Engines

Cato XDR aggregates block events generated by Cato real-time security engines, and groups them into a single Threat Prevention incident. These incidents help security teams to overcome alert fatigue, promptly detect a compromised device and take appropriate containment and remediation actions.

Detect and Remediate Evasive Security Threats

Cato XDR Threat Hunting incidents are created by Cato’s AI/ML engines. The threat hunting engine continuously scan the data lake for anomalous indicators of resident threats that were not blocked by the prevention layers. The Threat Hunting engine groups the various signals into a single incident for further investigation by the security analysts. In addition, ML algorithms suggest a risk score to each incident to help security teams prioritize threat investigation.

Investigate Suspicious User Activity with Anomaly Detection

Cato XDR integrates End-User Behavioral Analytics (EUBA) capabilities to identify unusual behavior that may indicate a malicious intent. Anomaly detection AI/ML engines compare user’s network activity with a precalculated baseline, and alert on suspicious deviations through the creation of Anomaly Detection incidents. Security teams are presented with detailed information and insights to efficiently investigate and determine if the reported incident is malicious or benign, and take action accordingly.

Speed-up Incident Investigation with Gen-AI and MITRE ATT&CK mapping

Cato XDR uses multiple AI technologies to enable efficient operations of security teams. Generative-AI is used in the Cato XDR incident ‘storyteller’, which seamlessly strings the data points of an incident to a threat narrative, crafting an easy-to-understand and simple-to-communicate summary.
To further assist in the threat and risk analysis, Cato XDR incidents map into specific MITRE ATT&CK TTPs (Tactics Techniques and Procedures), helping security teams accurately understand the attacker’s progress in the attack kill chain.

End-to-End Visibility and Control Delivers Fast Remediation

A common challenge with XDR solutions is that remediation actions are executed over disparate platforms.
Cato XDR is a native capability of the Cato SASE Cloud Platform, enabling security teams to remediate active threats all within the same solution. Firewall rules for endpoint and attack containment can be set in minutes, blocking malicious traffic to and from the internet, and preventing further malware distribution across the WAN. EPP scan can be triggered immediately, proactively cleaning endpoints that may be infected and compromised – all from one, single management application.

An Open XDR Powered by Highly-Trained and Proven AI/ML

Cato XDR is an open XDR solution that collects, into a single data lake, raw data from native sensors of the Cato SASE Cloud Platform enriched with events from external sensors such as 3rd party EDR solutions. Cato XDR uses advance AI and ML algorithms for threat hunting and anomaly detection. The algorithms are developed by ex-military security and data analysts, trained on petabytes of data and trillions of events, and already proven across tens of thousands of confirmed security incidents. Cato XDR enables SOC teams to cut threat dwell time and rapidly remediate security incidents.

Single Console for Threat Detection, Investigation and Response (TDIR)

Cato XDR provides SOC teams with a single console to manage the entire incident life cycle. The XDR dashboard inside Cato Management Application (CMA) presents all the incidents, their status, and their ML-calculated risk and priority. Individual incident investigation is one click away, with a common structure of data presentation for further analysis, enriched by AI-powered insights and recommendations. Remediation is done through the same interface, helping SOC teams to avoid switching between management consoles, improving efficiency, and reducing human error potential.

Industry’s Broadest Range of Native Sensors Delivers Better Detection and Faster Response

Cato XDR uses the security capabilities of the Cato SASE Cloud Platform as its’ native sensors. Data from the Cato NGFW, SWG, IPS, NGAM, DNS Security, CASB, DLP and RBI is stored in the Cato data lake, serving as a high-quality input to Cato XDR. As native sensor’s data is not reduced at the source, the Cato XDR AI/ML algorithms are significantly less likely to miss critical signals than AI/ML processing data from external sources. SOC teams benefit from unparalleled level of incident accuracy and data richness for investigation.

Improve Efficacy and Reduce False Positives with ML-powered, Cloud-scale Threat Intelligence

Cato XDR is enriched by more than 250 threat intelligent sources, yielding over 5 million records of valid IoCs. Cato uses a purpose-built cloud-scale ML platform to ingest threat intelligence feeds from hundreds of sources, process and examine each IoC record in them, and maintain an accurate and up-to-date blacklist and whitelist – without human involvement.
Cato empowers security teams with up-to-date threat intelligence data for efficient operation with near-zero false positives.

The Strategic Benefits of a True SASE Platform

Architected from the ground up as a true cloud-native SASE platform, all Cato's security capabilities, today and in the future, leverage the global distribution, massive scalability, advanced resiliency, autonomous life cycle management, and consistent management model of the Cato platform.

Consistent Policy
Enforcement 

Cato extends all security capabilities globally to deliver consistent policy enforcement everywhere and to everyone, from the largest datacenters and down to a single user device.

Scalable and Resilient Protection

Cato scales to inspect multi-gig traffic streams with full TLS decryption and across all security capabilities, and can automatically recover from service component failures to ensure continuous security protection.

Autonomous Life Cycle Management

Cato ensures the SASE cloud platform maintains optimal security posture, 99.999% service availability, and low-latency security processing for all users and locations without any customer involvement.

Single Pane of Glass

Cato provides a single pane of glass to consistently manage all security and networking capabilities including configuration, analytics, troubleshooting, and incident detection and response. Unified management model eases new capabilities adoption by IT and the business.

Recognized as a SASE Pioneer and Leader by Industry Analysts

Cato is the category creator of SASE. We didn't invent the name, but SASE is Cato's founding vision. Since 2015 we are continuously evolving and perfecting the only true SASE platform. Cato is fully committed to deliver on the promise of SASE: making secure and optimized access effortlessly available for everyone and everywhere.

Try Cato

The Solution that IT teams have been
waiting for. Prepare to be amazed!

Contact Us