Cato Networks Introduces Risk-based Application Access Control Solving BYOD and Remote Work Security and Productivity Challenges

April 5th, 2022

Granular access and security controls overcome the limitations of ZTNA- and SSE-point solutions by reducing attack surface without compromising user productivity

Tel Aviv, Israel – April 5, 2022 — Cato Networks, provider of the world’s first SASE platform, introduced today risk-based application access control for combatting the threat of infiltration posed by remote workers and Bring Your Own Device (BYOD). Enterprise policies can now consider real-time device context when restricting access to capabilities within corporate applications, as well as Internet and cloud resources.

“User devices can be notoriously unprotected, opening a backdoor into enterprise networks,” says Eyal Webber-Zvik, vice president of product marketing at Cato Networks. “Today’s announcement allows IT to deliver just the right degree of application access to minimize the risk of breach without compromising user productivity.”

Cato Converges Device Context Across SPACE

With the evolving threat landscape, user identity alone is no longer sufficient for ZTNA or BYOD risk assessment. Identities can be spoofed while personal devices may not conform to enterprise security standards. What’s needed is an enforcement solution with the contextual awareness to balance user productivity with risk mitigation.

To address that challenge, Cato is embedding continuous device context assessment throughout the Cato Single Pass Cloud Engine (SPACE), Cato’s converged, cloud-native software stack. Cato SPACE will continuously assess the posture of a user’s device, taking action when the device falls out of compliance. In addition to device context, Cato SPACE already considers identity, network, data, and many other attributes.

By exposing context attributes through Cato SPACE, they become available across all current and future Cato capabilities to enable granular control over user application access. For example,

  • When working from a personal device (BYOD) remotely, a user could be given permissions to upload to the collaboration platform but not download data. No other resources may be available.
  • However, when working from a corporate device, the same user could also be given download permissions. Read-only access to financial systems, ERP, and CRM systems could be granted.
  • When working from a corporate device with current antimalware, a user could be given read and write access to the collaboration platform, financial systems, and file shares.
  • Finally, access to all resources may be blocked when users appear to be working from any device in an unusual geolocation, such as a war zone.

Device context attributes include antimalware type as well as the presence of a client-side firewall, full disk encryption, patch levels, and more. Information is gathered by the industry-leading OPSWAT OESIS framework as part of the Cato Client.

“We’re excited to be partnering with Cato Networks,” said Hamid Karimi, VP of technology alliances and OEM at OPSWAT. “By utilizing the OESIS Framework to access endpoint metadata, Cato’s converged, cloud-native SASE platform enables enterprise IT teams to establish granular policies that reduce the attack surface.”

The Performance and Security Problems of ZTNA

ZTNA addresses a critical need for secure remote access, but failure to address security and productivity challenges undermines the utility of ZTNA and SSE point solutions.

By contrast, the Cato SASE Platform inspects all WAN and Internet traffic to all users for advanced threats. Signature-based antimalware stops known attacks; NGAM leverages machine learning and artificial intelligence to identify and block unknown malware. Cato’s managed IPS service taps machine learning algorithms and Cato’s SOC team to protect against network-based threats.

Cato addresses user productivity challenges on two levels. By assessing device context in its FWaaS, SWG, and ZTNA policies, Cato can restrict user access to specific resources. By using device context within its CASB policies, Cato can restrict user access to capabilities within those applications. Together, IT can create access policies that balance a users’ real-time risk posture with their need for resource access.

In addition, the Cato global private backbone ensures optimal user experience from anywhere in the world. Built-in WAN optimization and a managed global network of 70+ PoPs delivers as much as 40x better throughput than the public Internet. This is particularly critical when remote users access corporate from across the globe. ZTNA and SSE-point solutions lack similar networking controls.

Cato’s security and access policies with device context are available for all Cato Client customers at no additional charge. For more information, visit

About Cato Networks

Cato provides the world’s first SASE platform, converging SD-WAN and network security into a global, cloud-native service. Cato optimizes and secures application access for all users and locations. Using Cato, customers easily migrate from MPLS to SD-WAN, optimize connectivity to on-premises and cloud applications, enable secure branch Internet access everywhere, and seamlessly integrate cloud datacenters and remote users into the network with a zero-trust architecture. With Cato, the network, and your business, are ready for whatever’s next. @CatoNetworks.


OPSWAT is a global leader in IT, OT and ICS critical infrastructure cybersecurity solutions and Deep Content Disarm and Reconstruction (CDR), protecting the world’s mission-critical organizations from malware and zero-day attacks. To minimize the risk of compromise, OPSWAT Critical Infrastructure Protection solutions safeguard both public and private sector organizations with the latest technology, processes, and hardware scanning to secure the transfer of data, files, and device access across critical networks. More than 1,500 organizations worldwide spanning Financial Services, Defense, Manufacturing, Energy, Aerospace, and Transportation Systems trust OPSWAT to secure their files and devices; ensure compliance with industry and government-driven policies and regulations, and protect their reputation, finances, employees, and customers from cyber-driven disruption. For more information on OPSWAT, visit


Media Contacts 

Cato Networks

David Greenfield

T +972 73-316-474



Eskenzi PR

Lara Joseph

T: +44 (0)7854 841 892