The Cato MDR Service Becomes First with Immediate Time to Value

June 22, 2021

Cato taps its global SASE platform, machine learning algorithms, and massive data warehouse to eliminate the 30- to 90-day startup window typical of MDR services. Automated 70-point checklist now instantly assesses enterprise security readiness.

Tel Aviv, Israel June 22, 2021 – Cato Networks, provider of the world’s first SASE platform, introduced Cato MDR 2.0, the first managed detection and response (MDR) service to identify threats and vulnerabilities upon deployment. Legacy MDR services required enterprises to wait 30 to 90 days before seeing results. In addition to faster time to value, Cato MDR 2.0 also brings an automated security assessment of more than 70 security best practices and a dedicated security expert (DSE) for each MDR customer.

Cato MDR was first offered back in early 2019. Today, innovation has led Cato to take their security efforts even further.

The Cato MDR service provides us with the peace of mind that the traffic on our network is being monitored 24×7 for potentially unwanted or malicious activities. The service has identified issues that other services missed,” says Edward Jorczyk, director of information technology for Bowman and Brooke, a national product liability defense law firm.

New Threats, Increasing Attack Sophistication Drive Demand for MDR

The need for multi-layer defense necessitates effective prevention and detection capabilities. Average malware dwell time exceeds 200 days, making rapid threat identification imperative. But detecting threats requires significant investment in expertise and technology. MDR services fill this gap. According to Gartner, “By 2025, 50% of organizations will be using MDR services for threat monitoring, detection and response functions that offer threat containment capabilities.” 1

Legacy MDR services, though, required enterprises to wait weeks and months to baseline the customer network before returning results. With Cato MDR initial release, Cato eliminated the need for probes, tapping the power of the Cato SASE platform. Now, Cato eliminates the startup time typical of MDR services.

Cato Uses Machine Learning and AI to Deliver Immediate Threat Insight

Cato has built cross-organizational baselines of “normal” network behaviors. As the corporate networking and security platform, Cato already has deep visibility into enterprise traffic patterns over time, storing the metadata for every IP address, session, and flow crossing the Cato global backbone in a massive data warehouse.

Cato MDR combines this data warehouse with the Cato Threat Hunting System (CTHS), a set of multidimensional machine learning algorithms and procedures developed by Cato Research Labs, to continuously analyze customer traffic for the network attributes indicative of threats.

The results are histograms of normal network behaviors derived from thousands of networks and hundreds of thousands remote users worldwide. “This is what allows us to bring value to Cato MDR customers from day-1 of the service,” says Elad Menahem, director of security at Cato Networks. “We continue to collect network flows as an inherent part of Cato, refining those baselines and hunting for additional insight without any customer involvement.”

The Cato 70-Point Security Checklist Ensures Base Security Compliance is Met

Cato has also added an automatic security assessment to the MDR service. Instantly, customers learn how their network security compares against the checks and best practices implemented by enterprises worldwide. Items inspected include proper configuration of network segmentation, firewall rules, and security controls, like IPS and anti-malware. The 70-point checklist is derived from the practices of the “best” enterprises across Cato — and avoids the biggest mistakes of the worst enterprises.

“Much of what we’re highlighting in our 70-point checklist is probably common sense to any security-minded professional. But all too often, those practices have not been found in one actionable resource,” says Menahem.

Designated Security Engineers Assigned to Cato MDR Customers

To further enhance the support given to Cato MDR customers, Cato has designated security engineers for each customer. The DSE becomes the customer’s single point of contact and security advisor. The DSEC can also tweak threat hunting queries to enhance detection specific to the customer environment, such as gathering specific network information to protect specific valuable assets.

The DSE is part of the large SOC team, sitting between the Security Analysts and the Security Research. Coupled with CTHS and Cato’s unique data warehouse, Cato MDR brings the best of human intelligence and machine intelligence for the highest degree of protection.

Cato MDR service

With the Cato MDR service, organizations receive a detailed monthly report as well as being notified immediately of new threats.

1Gartner, Inc., Market Guide for Managed Detection and Response Services, Toby Bussa, Kelly Kavanagh, Pete Shoard, John Collins, Craig Lawson, and Mitchell Schneider, 26 August 2020

About Cato Networks

Cato is the world’s first SASE platform, converging SD-WAN and network security into a global, cloud-native service. Cato optimizes and secures application access for all users and locations. Using Cato, customers easily migrate from MPLS to SD-WAN, optimize connectivity to on-premises and cloud applications, enable secure branch Internet access everywhere, and seamlessly integrate cloud datacenters and mobile users into the network with a zero-trust architecture. With Cato, the network, and your business, are ready for whatever’s next.