Artificial Intelligence and Machine Learning

AI and ML have become a key component of every modern technology. Whether used in research and development or for day-to-day operations, AI and ML have been proven valuable in helping companies and individuals scale beyond the human brain limitations. Cato Networks uses AI and ML in every part of our SASE service, tapping the power of cloud computing and advanced data science to help our customers benefit from a reliable, accurate and efficient network and security infrastructure.

Examples of AI/ML Usage in the Cato SASE Cloud Platform

Threat lntelligence

Timely threat intelligence is key to maximizing security efficacy and minimizing false positives. Adversaries know how enterprises struggle to maintain threat intelligence data, and leverage that to evade detection. Cato uses AI/ML in a purpose-built threat intelligence software that can process hundreds of feeds without any human involvement. Every 2 hours, the AI/ML based pipeline processes every IoC (Indicator of Compromise) in every feed, examining it against other IoCs, hit counters, age and other parameters to generate a popularity score, and using that to decide if to add, keep or remove it from a global blacklist of over 5 million IoCs.

To find out more about our Threat Intelligence mechanisms, read our blog: Security Testing Shows How SASE Hones Threat Intelligence Feeds, Eliminates False Positives

Threat Prevention

Attackers are continuously evolving their techniques to overcome standard prevention tools such as SWG, IPS, DNS security and others. Their advantage comes from the modus operandi of traditional tools being well known, and based on identifying patterns of known attacks. Cato built and trained ML engines to identify and block attacks in real-time without being dependent on such pattern matching. Instead, we use advanced mathematical models trained on data from our vast data lake, to calculate the maliciousness of a domain or a URL and use that score to decide whether or not to block.
Cato Networks was the first security vendor to use ML models in real-time prevention, and not just detection.

For more on AI/ML applications in real-time threat prevention in the Cato blog:

Client & Device Classification

Knowing which devices are observed on the network is imperative from a security perspective, identifying anomalies through unknown operating systems or unsanctioned devices on the corporate network is a small subset of the possible ways to secure a network. To keep up with the constantly changing landscape of OS’s and devices we use our data lake to train advanced ML models, creating accurate and robust network identification rules able to classify clients in real-time and apply security controls on them.

Find out more in our deep-dive blog posts on how ML is applied on the Cato blog:

Application Classification

The number of web applications (SaaS) is ever growing and maintaining it at scale can be done in one of two ways: employment of large teams of analysts and wasting time propping up the myth of the more applications in the catalog the better, or training AI/ML to do the work in a data-driven approach. Cato selected the latter. We use AI & ML to identify the most important and in-use unclassified applications from the network traffic that traverses our SASE Cloud. We then have the AI/ML mine meta data to enrich what we know about each application, and to calculate a risk score our customers can use in their access and governance decisions.

Find out more about how Cato manages its App Catalog on the Cato blog:

Detection and Response

SOC and NOC groups go through a daily and labor-intensive process of detection, investigation, and remediation of issues. In the Cato SASE Cloud Platform, AI and ML are used extensively to make SOC and NOC teams better informed and faster. Beyond the initial hunting and detection of issues in which AI/ML is table stakes, additional empowerment is provided. Generative AI is used to summarize incidents in seconds. ML engines suggest incident criticality for efficient triage, and flag incidents with similar characteristics to properly understand the magnitude of the issue or the attack. These and many more help identify and resolve issues in record-breaking time, minimizing and even eliminating damage.

For more details read our technical writeups on the Cato blog:

Autonomous, Self-healing Infrastructure

Building, scaling and operating a SASE cloud service is a huge engineering endeavor, especially when serving as the enterprise’s critical infrastructure and required to deliver a 99.999% uptime SLA. To achieve this, reliance on human involvement to identify and resolve issues in real-time is not a scalable option. Cato has been continuously developing and training software engines to monitor, analyze and identify infrastructural issues based on previous patterns and identifying early symptoms, responding to them proactively. With those purpose-built tools, our cloud service can self-diagnose and self-heal in real-time, making sure the service SLA delivered as promised. Cato’s expert operations teams step in after the issue has been resolved temporarily, analyze the root cause, and apply a permanent fix.

AI/ML Blogs, Publications & Keynotes

Our team has been continuously sharing knowledge and experience with the industry, through blogs, published articles, and keynote presentations.

진정한 SASE 플랫폼의 전략적 이점

처음부터 끝까지 진정한 클라우드 네이티브 SASE 플랫폼으로 설계된 Cato의 모든 보안 기능은 현재 Cato 플랫폼의 글로벌 배포, 대규모 확장성, 높은 복원력, 자율적 수명주기 관리, 일관된 관리 모델을 활용하고 있으며 미래에도 그러할 것입니다.

 

일관된 적챙 적용

Cato는 모든 보안 기능을 전 세계적으로 확장하여 대규모 데이터 센터에서 단일 사용자 장치에 이르기까지 모든 곳에서 모든 사람에게 일관된 정책을 시행합니다.

 

확장 가능하고 복원력이 뛰어난 보안

Cato는 전체 TLS 복호화 및 모든 보안 기능을 통해 다중 기가 트래픽 스트림을 검사하도록 확장하고 서비스 구성 요소 오류를 자동으로 복구하여 지속적인 보안을 보장합니다.

 

자율적 수명주기 관리

Cato는 SASE 클라우드 플랫폼이 고객의 개입 없이 모든 사용자와 위치에 대해 최적의 보안 상태, 99.999% 서비스 가용성, 보안 처리 시 짧은 대기 시간을 유지하도록 보장합니다.

 

단일 창

Cato는 구성, 분석, 문제 해결, 사고 감지 및 대응을 비롯한 모든 보안 및 네트워크 기능을 일관적으로 관리할 수 있는 단일 창을 제공합니다. 이 통합 관리 모델을 통해 IT와 비지니스는 새로운 기능을 쉽게 채택할 수 있습니다.

 

“Cato에서 침해 및 공격 시뮬레이터를 실행한 결과 감염률과 내부망 이동은 감소했지만 감지율은 급증했습니다. 이것이 Cato 보안을 신뢰할 수 있는 가장 큰 이유입니다.”

Cato 체험하기

IT 팀이 바라던 솔루션입니다.

기대해주세요!