Cato Networks Introduces Smart DLP as Part of Cato SSE 360, the First SSE Platform to Secure and Optimize Access to All Applications

July 19th, 2022

Cato Data Loss Prevention (DLP) eliminates the deployment and operational complexity of legacy DLP. Cato SSE 360 is the first SSE platform with 360-degree visibility, optimization, and control of WAN, cloud, and Internet traffic.

Tel Aviv, Israel – July 19, 2022 — Cato Networks, provider of the world’s first SASE platform, introduced Cato DLP, the first Data Loss Prevention (DLP) engine to protect data across all enterprise applications without complex, cumbersome DLP rules. Cato DLP is part of Cato SSE 360, the only Security Service Edge (SSE) architecture to provide total visibility, optimization, and control of all traffic while providing a seamless migration path to full SASE transformation. Cato has also added Cato SSE Expert Certification, an extension of the industry-leading Cato SASE Expert certification, to enrich understanding of the SSE architecture.

“Traditional SSE architectures alone are not enough to protect the enterprise. They have limited visibility and control over WAN traffic which drives the need for multiple networking and security architectures,” says Shlomo Kramer, CEO and co-founder of Cato Networks. “What’s needed is one architecture that can provide visibility into and control over all traffic to all applications and resources from all endpoints. Cato SSE 360 is the first SSE solution to meet that challenge.”

Cato DLP Solves Operational Complexity of Legacy DLP

DLP has been an effective tool for protecting data assets, scanning, and blocking users from sending critical files or sensitive information, such as credit card or customer details.

But legacy DLP has been fraught with limitations. Too often, inaccurate DLP rules block legitimate activities or allow illegitimate ones. A focus on public cloud applications has left sensitive data in proprietary or unsanctioned applications unprotected by DLP. The investment in DLP does nothing to protect the enterprise from other threat vectors.

Cato DLP addresses those problems. Cato DLP scans all network traffic for sensitive files and data as defined by the customer. More than 350 data types are currently identified by Cato covering universal sensitive data types, such as credit card numbers, and country-specific data types, such as postal codes. Once identified, DLP rules block, alert, or allow the action depending on customer-defined policies.

Cato DLP is fully converged with Cato SSE 360, the security pillar of the Cato SASE Cloud. The application control rules provide granular DLP policies that apply to all applications and resources.

As part of the Cato Single Pass Cloud Engine (SPACE) architecture, Cato DLP is fully converged with the complete range of Cato’s cloud-native networking and security capabilities, gaining deeper visibility into and greater control over network flows than with legacy DLP solutions. More specifically, this means:

Easing Deployment with Smart DLP Rules

DLP becomes easier to implement using Cato’s Smart DLP rules. Rather than explicitly blocking defined activities for each application – for example, “commit” in GitHub, “send” with an attachment in Outlook, or “copy” to external SharePoint folders – security teams can create rules that express their intent (“block uploads”), which Cato then implements across all relevant applications for all intended actions.  

Simplifying DLP Operations with Machine Learning

The inaccuracies in legacy DLP rules often disrupt business operations. Rather than waiting to hear from disgruntled users about not being able to handle specific data, Cato DLP proactively identifies inaccurate DLP rules. Anomaly detection algorithms identify when DLP rules exceed predefined baselines, notifying Cato’s security content teams to refine and improve the out-of-the-box data types.

Improving Security Posture with Layered Protection

Cato simultaneously inspects traffic across multiple security use cases, providing efficient multi-layer protection. Cato’s access control layer ensures user can only access authorized applications and prevents them from accessing unauthorized resources or malicious sites. Cato’s threat mitigation layer scans the traffic for network-based threats and malicious content. All Cato inspections operate in parallel, enabling line-rate performance even for encrypted traffic.

Cato SSE 360: Security for Today, Ready for Tomorrow

Along with Cato DLP, Cato is announcing Cato SSE 360, the only SSE platform with visibility, optimization, and control of WAN, cloud, and Internet traffic.

SSE, as defined by Gartner, secures Internet access, cloud application access, and remote access through Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), and Zero Trust Network Access (ZTNA).

Cato SSE 360 extends basic SSE capabilities with the rest of the cloud-native security capabilities of Cato SASE Cloud — Firewall as a Service (FWaaS), Advanced Threat Prevention (IPS and Next-Generation Anti-Malware), and Managed Threat Detection and Response (MDR) – across all ports and protocols from any source to any destination. Cato SSE 360 leverages the scalability, resiliency, global footprint, and self-maintenance of the Cato SASE Cloud.

With Cato, IT leaders have a single platform for SSE or SASE. They can keep their existing network and transform their security operations today, securing and optimizing application access worldwide with Cato SSE 360. When ready, they can continue to full SASE transformation by connecting their sites, hybrid workforce, and cloud resources to Cato, reducing networking costs and complexity, improving application performance, increasing resiliency through a fully self-healing infrastructure, and gaining deeper visibility into their networking and security infrastructure through a single-pane-of-glass.

Cato Expands SASE Expert Certification with SSE Certification

To help IT learn more about SSE, Cato has added the Cato SSE Expert Certification to the industry’s first SASE certification, the Cato SASE Expert. This in-depth course analyzes the SSE architecture, explains the underlying differences between SSE and SASE, and identifies the drivers, use cases, and critical benefits of SSE. To register, visit

About Cato Networks

Cato provides the world’s most robust single-vendor SASE platform, converging Cato SD-WAN and a cloud-native security service edge, Cato SSE 360, into a global cloud service. Cato SASE Cloud optimizes and secures application access for all users and locations everywhere. Using Cato, customers easily replace costly and rigid legacy MPLS with modern network architecture based on SD-WAN, secure and optimize a hybrid workforce working from anywhere, and enable seamless cloud migration. Cato enforces granular access policies, protects users against threats, and prevents sensitive data loss, all easily managed from a single pane of glass. With Cato, your business is ready for whatever’s next.