Managed Detection and Response

Cato MDR enables enterprises to offload the resource-intensive and skill-dependent process of detecting compromised endpoints to the Cato SOC team.

Traditional managed detection and response (MDR) services require installing dedicated software and hardware across the enterprise network to obtain full visibility to network traffic. This deployment model makes these services costly and complex and creates a challenging barrier to deployment for many organizations

Cato seamlessly applies a full MDR service to customers networks. Cato automatically collects and analyzes all network flows, verifies suspicious activity, and notifies customers of compromised endpoints. This is the power of networking and security convergence in action to simplify network protection for enterprises of all sizes.

Cato MDR Service Capabilities

  • Zero-footprint network visibility

    Cato gathers complete metadata for every Internet and WAN flow initiation, including originating client, timeline, and destinations. All without deploying any network probes.

  • Automated threat hunting

    Advanced algorithms look for anomalies in Cato’s flow data warehouse and correlate them with threat intelligence sources. This machine learning driven process produces a small number of suspicious events for further analysis.

  • Expert threat verification

    Cato security researchers review flagged endpoints and traffic over time and assess the risk. The Cato SOC will only alert on actual threats

  • Threat containment

    Verified live threats can be contained automatically by configuring customer network policies to block C&C domains and IP addresses or disconnect a compromised machine or user from the network.

  • Remediation assistance

    The Cato SOC will advise on the threat level of risk, recommended remediation, and a follow up until the threat is eliminated.

  • Reporting and tracking

    Every quarter, the Cato SOC will issue a custom report summarizing all threats detected, their descriptions and risk levels, as well as impacted endpoints.

Service Solution Brief

Cato Managed Detection & Response

Cato MDR enables enterprises to offload the resource-intensive and skill-dependent process of detecting compromised endpoints to the Cato SOC. For customers using Cato Cloud, the Cato SOC has instant, unobscured visibility to all traffic without deploying any additional network probes or software agents.

Download Brief

Loading...