Cato CASB, part of the Cato SASE Cloud

Cato’s CASB solution is an integral service of the Cato SASE Cloud. This means enterprises using Cato can enable CASB with a mere flip of a switch. Since the enterprise network traffic is already processed by Cato’s SASE Cloud, adding the CASB functionality doesn’t require any client installations or network changes. Cato’s single-pass architecture ensures the CASB functionality adds minimal latency to the overall processing time. It also enriches the CASB with additional user, device, and application information to enable more insightful visibility and more granular access control rules.

Cato’s CASB enables enterprises a comprehensive view of their SaaS usage via a Shadow IT dashboard, which provides high-level statistics as well as application specific data. Application risk assessment is evaluated using Cato’s unique Application Credibility Engine (ACE) which collects information regarding the application’s purpose, publisher, security, and compliance. It then calculates a risk score which can be used to determine the most suitable access policy. Cato’s CASB supports highly granular access policies, enforced inline in real-time. This level of granularity will warrant an out-of-path API approach in many competing solutions.

Gain more insight into Cato’s CASB solution.

Stand-alone CASB solutions vs. Cato's SASE Cloud

Stand Alone CASB



Long and complicated

A CASB project requires network mapping and planning to ensure all use-cases are covered. The deployment process requires deployment of PAC files and agents. On average, a learning period of up to 2 months is needed before the solution becomes effective.

Fast and simple

No planning, network changes, deployments or configurations are needed to enable Cato’s CASB. Once enabled it becomes immediately functional with no additional learning period needed.

Inspection context breadth


A stand-alone CASB solution will typically be limited to its own internal insight.


Being part of a full SASE service, Cato’s CASB has a rich insight from other network and network security features when defining and enforcing SaaS usage.

Application coverage


Typically supports SaaS only with limited IaaS capability.


Full coverage of SaaS, IaaS and WAN use cases.

Inline enforcement granularity


Typically low in in-line mode. Higher granularity enforcement usually requires using APIs in out-of-band mode, which means no real-time prevention is possible.


Cato’s CASB enables highly granular rules in inline mode.

Cato Networks
recognized 12x
by Gartner

  • Gartner Market Guide for Managed SD-WAN Services
  • Gartner Market Guide for Virtual Private Networks
  • Gartner Market Guide for Zero Trust Network Access
  • Hype Cycle for Business Continuity Management and IT Resilience, 2021
  • Gartner Hype Cycle for Enterprise Networking, 2021
  • Gartner Hype Cycle for Cloud Security, 2021
  • Gartner Hype Cycle for Midsize Enterprises, 2021
  • Gartner Hype Cycle for Threat-Facing Technologies, 2019
  • Gartner Hype Cycle for Edge Computing, 2021
  • Gartner Hype Cycle for Network Security, 2021
  • Gartner Hype Cycle for Workplace Infrastructure and Operations, 2021
  • Gartner Hype Cycle for Cloud Computing, 2021

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose