Extended Detection and Response (XDR)

Cato XDR is the industry’s first SASE-based detection and response solution empowering security teams with granular and efficient threat investigation and remediation tools. Cato XDR’s AI and ML algorithms help identify threats in massive data lake, and surface them in a manageable way for analysis and resolution within the Cato Management Application.

XDR Stories Workbench - Threat Prevention Story XDR Stories Workbench - Threat Hunting Stories XDR Stories Workbench - Anomaly Story XDR Stories Workbench - Generative AI and MITRE ATT&CK Tagging XDR Stories Workbench - Endpoint Protection XDR Stories Workbench - 3rd Party EDR Integration Single Console for Threat Detection, Investigation and Response (TDIR) Broadest Range of Native Sensors Reduce False Positives with Cloud-Scale Threat Intelligence

Cato XDR Capabilities

See Through the Alert Fatigue of Threat Prevention Engines

Cato XDR aggregates block events generated by Cato real-time security engines, and groups them into a single Threat Prevention incident. These incidents help security teams to overcome alert fatigue, promptly detect a compromised device and take appropriate containment and remediation actions.

XDR Stories Workbench - Threat Prevention Story

Detect and Remediate Evasive Security Threats

Cato XDR Threat Hunting incidents are created by Cato’s AI/ML engines. The threat hunting engine continuously scan the data lake for anomalous indicators of resident threats that were not blocked by the prevention layers. The Threat Hunting engine groups the various signals into a single incident for further investigation by the security analysts. In addition, ML algorithms suggest a risk score to each incident to help security teams prioritize threat investigation.

XDR Stories Workbench - Threat Hunting Stories

Investigate Suspicious User Activity with Anomaly Detection

Cato XDR integrates End-User Behavioral Analytics (EUBA) capabilities to identify unusual behavior that may indicate a malicious intent. Anomaly detection AI/ML engines compare user’s network activity with a precalculated baseline, and alert on suspicious deviations through the creation of Anomaly Detection incidents. Security teams are presented with detailed information and insights to efficiently investigate and determine if the reported incident is malicious or benign, and take action accordingly.

XDR Stories Workbench - Anomaly Story

Speed-up Incident Investigation with Gen-AI and MITRE ATT&CK mapping

Cato XDR uses multiple AI technologies to enable efficient operations of security teams. Generative-AI is used in the Cato XDR incident ‘storyteller’, which seamlessly strings the data points of an incident to a threat narrative, crafting an easy-to-understand and simple-to-communicate summary.
To further assist in the threat and risk analysis, Cato XDR incidents map into specific MITRE ATT&CK TTPs (Tactics Techniques and Procedures), helping security teams accurately understand the attacker’s progress in the attack kill chain.

XDR Stories Workbench - Generative AI and MITRE ATT&CK Tagging

End-to-End Visibility and Control Delivers Fast Remediation

A common challenge with XDR solutions is that remediation actions are executed over disparate platforms.
Cato XDR is a native capability of the Cato SASE Cloud Platform, enabling security teams to remediate active threats all within the same solution. Firewall rules for endpoint and attack containment can be set in minutes, blocking malicious traffic to and from the internet, and preventing further malware distribution across the WAN. EPP scan can be triggered immediately, proactively cleaning endpoints that may be infected and compromised – all from one, single management application.

XDR Stories Workbench - Endpoint Protection

An Open XDR Powered by Highly-Trained and Proven AI/ML

Cato XDR is an open XDR solution that collects, into a single data lake, raw data from native sensors of the Cato SASE Cloud Platform enriched with events from external sensors such as 3rd party EDR solutions. Cato XDR uses advance AI and ML algorithms for threat hunting and anomaly detection. The algorithms are developed by ex-military security and data analysts, trained on petabytes of data and trillions of events, and already proven across tens of thousands of confirmed security incidents. Cato XDR enables SOC teams to cut threat dwell time and rapidly remediate security incidents.

XDR Stories Workbench - 3rd Party EDR Integration

Single Console for Threat Detection, Investigation and Response (TDIR)

Cato XDR provides SOC teams with a single console to manage the entire incident life cycle. The XDR dashboard inside Cato Management Application (CMA) presents all the incidents, their status, and their ML-calculated risk and priority. Individual incident investigation is one click away, with a common structure of data presentation for further analysis, enriched by AI-powered insights and recommendations. Remediation is done through the same interface, helping SOC teams to avoid switching between management consoles, improving efficiency, and reducing human error potential.

Single Console for Threat Detection, Investigation and Response (TDIR)

Industry’s Broadest Range of Native Sensors Delivers Better Detection and Faster Response

Cato XDR uses the security capabilities of the Cato SASE Cloud Platform as its’ native sensors. Data from the Cato NGFW, SWG, IPS, NGAM, DNS Security, CASB, DLP and RBI is stored in the Cato data lake, serving as a high-quality input to Cato XDR. As native sensor’s data is not reduced at the source, the Cato XDR AI/ML algorithms are significantly less likely to miss critical signals than AI/ML processing data from external sources. SOC teams benefit from unparalleled level of incident accuracy and data richness for investigation.

Broadest Range of Native Sensors

Improve Efficacy and Reduce False Positives with ML-powered, Cloud-scale Threat Intelligence

Cato XDR is enriched by more than 250 threat intelligent sources, yielding over 5 million records of valid IoCs. Cato uses a purpose-built cloud-scale ML platform to ingest threat intelligence feeds from hundreds of sources, process and examine each IoC record in them, and maintain an accurate and up-to-date blacklist and whitelist – without human involvement.
Cato empowers security teams with up-to-date threat intelligence data for efficient operation with near-zero false positives.

Reduce False Positives with Cloud-Scale Threat Intelligence

Extended Detection and Response Video Demo

Cato XDR is a SASE-based detection and response solution empowering security teams with efficient threat investigation and remediation. AI algorithms help identify threat indicators in a massive data lake, surfacing them for manageable analysis and resolution within the single console.

I vantaggi strategici di una vera piattaforma SASE

Concepite da zero come caratteristiche di una vera e propria piattaforma SASE nativa del cloud, tutte le funzionalità di sicurezza di Cato sfruttano (e continueranno a sfruttare) la distribuzione globale, l’enorme scalabilità, la resilienza avanzata, la gestione autonoma del ciclo di vita e il modello di gestione coerente della piattaforma Cato.

 

Applicazione coerente delle policy di sicurezza

Cato estende tutte le funzionalità di sicurezza a livello globale per assicurare un utilizzo coerente delle policy ovunque e per chiunque, dai data center più strutturati al dispositivo di un singolo utente.

 

Protezione scalabile e resiliente

Cato prevede le giuste misure per ispezionare i flussi di traffico multi-giga con la crittografia TLS completa e tutte le funzionalità di sicurezza. Non solo: è in grado di eseguire il ripristino automatico in caso di guasti dei componenti del servizio per garantire una protezione continua della sicurezza.

 

Gestione autonoma del ciclo di vita

Cato assicura che la piattaforma cloud SASE mantenga un livello di sicurezza efficiente, una disponibilità del servizio del 99,999% e i processi di sicurezza a bassa latenza per tutti gli utenti e i nodi senza coinvolgere in alcun modo il cliente.

 

Un pannello di controllo singolo

Cato offre un pannello di controllo univoco che consente di gestire in modo coerente tutte le funzionalità di sicurezza e rete, tra cui configurazione, analisi, risoluzione dei problemi, rilevamento e risposta agli incidenti. Il modello di gestione unificato facilita l’interazione con nuove funzionalità da parte del reparto IT e dell’azienda.

 

“Abbiamo eseguito una simulazione di violazione e attacco su Cato: i tassi di infezione e di movimento laterale sono diminuiti, mentre i tassi di rilevamento sono aumentati. Questi sono fattori chiave per affidarsi alla sicurezza di Cato”.

Prova Cato

La soluzione che i team IT stavano aspettando.

Preparati alla sorpresa!