SASE Threat Research Reports

The Cato Networks Research Report highlights cyber threats and trends based on almost 200 billion network flows that passed through Cato Cloud.

SASE Quarterly Threat Research Reports

Unsanctioned AI apps creating potential vulnerabilities for organizations: Cato CTRL tracked 10 AI applications (among hundreds monitored), and spotlighted data privacy as the top security risk.
Threat actor hiring drive: Threat actors are recruiting pen testers for ransomware affiliate programs to successfully deploy ransomware against organizations.
Avoiding TLS inspection is risky: Organizations are not using TLS inspection due to potential application and domain disruption, which puts them at risk of being attacked by threat actors using TLS traffic to remain undetected.
Strategic recommendations: Guidance on how to combat ransomware gangs, how to gain visibility into shadow AI, and how to best utilize TLS inspection.

Threat intelligence trends: Notable activities within hacking communities and the dark web.
Enterprise security trends: A breakdown of the top 10 spoofed brands, the top 10 AI applications used, and the top 10 anonymizer applications used.
Network security trends: Key stats on Suspicious Activity Monitoring (SAM), secure vs. insecure protocols and mitigated vulnerabilities.
Security best practices: Recommendations to enhance your security posture.

Unparalleled Data Analysis: Leveraging Cato’s global SASE platform to analyze 1.26 trillion network traffic flows from over 2000 Cato customers, providing a detailed view of current cybersecurity trends and vulnerabilities
Advanced Threat Intelligence: Insights on the utilization of AI tools, the persistence of unpatched systems, and the specifics of internal network threats
Sector Threats: A detailed look into how cyber threats vary across different sectors with actionable intelligence tailored to strategic, operational, and tactical needs

Even over six months after its disclosure, Log4j continues to be the topmost used exploitation attempt.
Ransomware as a Service attacks show a third monetization opportunity (on top of payment for decryption and payment for not publishing data) for ransomware gangs – selling network architecture and user data to other ransomware groups.

Reputation-based attacks (fueled by Phishing and malware) more than doubled in Q1 of 2022
Log4j continues to dominate in exploitation attempts
New for 2022 reports – MITRE attacks techniques stats
TOP MITRE attack techniques observed on networks include data exfiltration attempts and application layer protocol usage

Log4j was had the most exploit attempts in Q4 (by far)
While there was a decline in the number of malware threats, threats from low reputation destinations is on the rise
A total of over 1 trillion network flows were analyzed in 2021
Exploit attempts of PHP vulnerabilities consistently remained in the Top 5 exploit attempts throughout 2021

Network-based threat hunting helps identify previously unknown, unclassified threats
There’s an uptick in the usage of TOR and crypto miners on organizations’ networks
Exploit attempts focus on older PHP vulneraries as well as home cameras and routers

Why you should be concerned about Amazon Sidewalk coming to your network
What’s Spoofing-as-a-Service and how it’s important to the future of network protection
Which consumer threats are sneaking into enterprise networks
The top threats and countries of origin to consider in your security planning

Network-based threat hunting helps identify previously unknown, unclassified threats
There’s an uptick in the usage of remote administration tools, as well as attempts to brute force passwords to these tools
Attack source countries are not your usual suspects, so banning regions from the network may lead to a false sense of security while ignoring real threats