Cato Intrusion Prevention System (IPS)

Cato IPS provides organizations with real-time protection against advanced threats and attacks that utilize known and unknown exploits. IPS protection applies to all traffic including Internet, WAN, and Cloud, preventing ransomware delivery and propagation and data theft.

Security Threats Dashboard IPS Management Page IPS Management Page IPS Management Configuration Geo Restriction Management Page Advanced Heuristics AI-managed TI

Cato IPS Capabilities

Phishing & Malware Protection with Real-Time AI/ML

Attackers often use techniques like Domain Squatting and Domain Generation Algorithms (DGAs) to evade reputation-based prevention tools. Cato’s IPS integrates complex AI/ML models in its real-time inspection engine to detect Domain Squatting and DGAs. Threats are identified using deep learning models and correlation of data points such as domain popularity, age, letter patterns and more. Brand impersonation is detected through analysis of webpage components such as favicon, images, and text.
Moving tools that were previously available only in post-mortem analysis into real-time prevention dramatically improves prevention efficacy and the enterprise security posture.

Security Threats Dashboard

Prevention of Ransomware Delivery, C&C and Propagation

A successful ransomware attack requires delivery of the ransomware, command and control (C&C) communication with the attacker, and propagation across the network for maximal impact.
Cato IPS has full visibility to both Internet and WAN traffic. It prevents malware delivery and C&C communication by blocking malicious files download, and access to domains and IP addresses associated with ransomware and malicious activity. Propagation across the WAN is prevented by detection and blocking of lateral movement patterns and indicators.
The comprehensive visibility of Cato IPS provides not just a reduction in ransomware exposure, but also minimizes the potential impact of a ransomware attack.

IPS Management Page

Rapid and Seamless Mitigation of Emerging Threats

Enterprises often struggle with the process, resources and time it takes to protect their networks from emerging CVEs. Cato IPS provides virtual patching to rapidly secure our customers’ networks when mitigation time is critical. Cato dedicated team of experts build, test and deploy new IPS rules in record time to quickly adapt to new CVEs without requiring any customer involvement. This “virtual patching” provides enterprises with the assurance that they are protected from high-risk emerging threats while they are updating and patching their impacted systems.

IPS Management Page

Cloud-scale Traffic Inspection

Leveraging the power of cloud-native architecture, Cato delivers an elastic and scalable IPS, allowing organizations to inspect all traffic, including TLS-encrypted traffic. Massive cloud compute resources eliminate the need to fine-tune signature sets or limit traffic sent to the IPS. All locations and users, including cloud infrastructure, branch locations, and remote users are protected with Cato’s IPS, eliminating the need to scale and upgrade FW/IPS appliances. With Cato, organizations no longer end up with an IPS that is only inspecting some traffic or use a limited set of signatures due to resource constraints.

IPS Management Configuration

Geo-Fencing for Attack Surface Reduction

One of the simplest methods of reducing your organization’s attack surface is to block countries that your organization has no business need to interact with. Cato’s IPS allows you to quickly block traffic of specific geographies (inbound, outbound, or both) with a single global policy that applies to all users and locations.

Geo Restriction Management Page

Purpose-built Heuristics Language Leverages SASE Convergence

Cato IPS uses heuristics to identify threats and attacks in real time. Heuristics are comprised of a set of conditions examined against real network traffic.
A part of Cato’s Single Pass Cloud Engine (SPACE), Cato IPS has visibility to data standalone IPS solutions cant consider including URL classification, app id, target risk score, target popularity, device fingerprint, user authentication, and more.
With a purpose-built heuristics language that is designed to leverage true SASE convergence, enterprises benefit from a robust prevention of threats in real-time.

Advanced Heuristics

Automated AI-Managed Threat Intelligence

Up-to-date threat intelligence is key to IPS efficacy against malware, phishing, and command and control (C&C) sites, and reduced friction caused by false positives. Cato IPS uses a purpose-built AI-based reputation system that autonomously aggregates and scores information from 250+ threat intelligence feeds. The system continuously maps and clears overlaps between feeds, measures threat records quality and relevancy, and simulates potential impact on real traffic. An updated and aggregated blacklist is automatically published to all Cato PoPs, ensuring up-to-date protection with near zero false positives and no customer involvement.

AI-managed TI

Cato Intrusion Prevention System Demo Video

Cato’s IPS provides protection for all locations and mobile users with a comprehensive set of signatures and no customer fine-tuning required. Additionally, organizations can leverage Cato IPS to increase their security posture by blocking newly registered domains, alerting on suspicious activity and through the use of a custom geo-restriction policy.

Les avantages stratégiques d’une véritable plate-forme SASE

Conçues à partir de zéro comme une véritable plate-forme SASE cloud-native, toutes les fonctionnalités de sécurité de Cato tirent parti de la distribution mondiale, de l’évolutivité massive, de la résilience avancée, de la gestion autonome du cycle de vie et du modèle de gestion cohérent de la plate-forme Cato.

 

 

Application cohérente des stratégies

Cato étend toutes les fonctionnalités de sécurité à l’échelle mondiale pour fournir une application cohérente des stratégies partout et à tous, des plus grands datacenters aux dispositifs d’un seul utilisateur.

 

 

Protection évolutive et résiliente

Cato s’adapte pour inspecter les flux de trafic multi-gigaoctets avec un déchiffrement TLS complet et à travers toutes les fonctionnalités de sécurité, tout en pouvant effectuer une reprise automatique en cas de défaillance des composants de service pour assurer une protection continue.

 

 

Gestion autonome du cycle de vie

Cato veille à ce que la plate-forme cloud SASE maintienne une posture de sécurité optimale, une disponibilité de service de 99,999 % et un traitement de sécurité à faible latence pour tous les utilisateurs et emplacements sans aucune implication du client.

 

 

Vue d’ensemble unifiée

Cato fournit un tableau de bord unique pour gérer de manière cohérente toutes les fonctionnalités de sécurité et de mise en réseau, y compris la configuration, l’analyse, le dépannage, ainsi que la détection des incidents et la réponse qui y est apportée. Le modèle de gestion unifiée facilite l’adoption de nouvelles fonctionnalités par le service IT et l’entreprise.

 

 

« Nous avons lancé un simulateur de failles et d’attaques sur Cato, les taux d’infection et les mouvements latéraux ont chuté tandis que les taux de détection ont grimpé en flèche. Ces facteurs ont été déterminants pour choisir Cato en tant que fournisseur de sécurité. »

Essayez Cato

La solution que les équipes IT attendaient.

Préparez-vous à être surpris !