Advanced Threat Protection
Advanced threat protection delivered as a cloud service for adaptive and agile defense
Advanced Threat Protection is the collection of network security and related defenses deployed to address current and emerging threats. Often, it’s not the advanced nature of the threat that’s the real risk, but rather IT having to face the daunting task of maintaining complex infrastructure as the basis of providing protection to users. Following simple best practices like network segmentation, keeping software up to date, monitoring and detecting unauthorized cloud usage (Shadow IT), and deploying multi-factor authentication – to name a few – represent a real hurdle for IT facing significant skill shortages.
Advanced Threat Protection in the form of a self-maintaining cloud service, is essential for effective security. Customers should expect up-to-date, scalable and optimized infrastructure as the starting point in evaluating Advanced Threat Protection capabilities.
The Cato Solution: Cloud-native Advanced Threat Protection
Cato provides a full Security-as-a-Service stack, with Next Generation Firewall (NGFW), Secure Web Gateway (SWG), Next Generation Antimalware (NGAM), and Intrusion Prevention System (IPS) integrated into its cloud network. Cato Cloud is a proven Secure Access Service Edge (SASE) platform, built on a global private backbone of 65+ PoPs. Cato Cloud aggregates all enterprise traffic across datacenters, branches, remote users and cloud infrastructure into the cloud. It then applies multiple security engines to enforce a comprehensive security policy on both WAN- and Internet-bound traffic, and all users, both fixed and mobile.
Cato PoPs inspect TLS-encrypted traffic in the Cato Cloud, so there’s no scaling constraints or additional latency. Cato Research Lab analyzes cloud network traffic patterns to looks for anomalies and possible network attacks and adapts protections as needed.
Benefits
Built-in network segmentation
The cloud network is segmented by default preventing access between network resources, unless specifically permitted.
Advanced malware protection
Cato inspects all access to websites for malicious domains (phishing and malware delivery sites), as well as WAN and Internet traffic for malicious files.
Intrusion prevention
Cato performs Deep Packet Inspection (DPI) on all traffic for indicators of compromised or malicious patterns. Protocol validation, known CVEs, flagged domains, IPs, and advanced behavioral analysis are seamlessly performed in Cato Cloud.
Network anomaly detection
Cato enforces application aware policies across all network resources. DPI is used to look for attack patterns within internal and external network activity.
Rapid threat adaptation
Cato leverages the unprecedented visibility into traffic to detect network anomalies and emerging threats. This enables quick adaptation of Advanced Threat Protection to protect all customers.
Cross-domain event correlation
Cato looks at network activity across multiple domains to identify complex attack patterns in real time.
High Availability
Cato Sockets automatically configure themselves for high availability (HA) when deployed on the same segment. There’s no additional, recurring charge for HA capability. Redundancy is also applied, where the branch is automatically connected to an available Cato PoP for continuous protection. In the event of a blackout or brownout, Cato Sockets automatically failover between lines, using predefined policies to prioritize access.
Unrestricted scalability and self-maintaining service
With the elastic nature of Cato PoPs and large compute power, Cato ensures traffic automatically routes to the nearest available PoP. Cato inspects any traffic mix (encrypted and unencrypted) and ensures capacity is available to provide subscribed services. Without the need to size, upgrade, patch or refresh appliances, customers are relieved of the ongoing grunt work of keeping their network security up-to-date against emerging threats and evolving business needs.