Cato SASE Cloud Platform Capabilities

Cato’s SLA-backed global private backbone underpins the global Cloud Network. The backbone is comprised of a dense footprint of physical Points of Presence (PoPs) hosted in regional top-tier datacenters and interconnected with multiple global and regional carriers. The backbone is designed to provide massive, fully encrypted, SLA-backed global connectivity through a consistent and predictable underlying network transports. Cato’s deep network engineering and operations expertise enables the optimal selection and integration of hosting providers and carriers into the backbone.

Cato DEM empowers IT teams to support the digital business while minimizing user experience issues. Using real-time monitoring, IT teams can troubleshoot user experience issues with end-to-end visibility and improve efficiency. Synthetic probing combined with AI/ML enables proactive monitoring and mitigation of experience issues before they are reported by users. Cato DEM covers all the applications used by the enterprise across internet, SaaS and WAN. No sensor deployment, installation or integrations are required.

A full-fledged SD-WAN solution, the Cato Socket delivers access resiliency across multiple links, application aware quality of service, and automated high availability for local and cloud connectivity and failover scenarios. The Cato Socket connects a physical location to the nearest Cato PoP via one or more last mile connections. Customers can choose any mix of fiber, cable, xDSL, and cellular connections. The Cato Socket applies multiple traffic management capabilities such as active-active link aggregation, application- and user-aware QoS prioritization, dynamic path selection to work around link blackouts and brownouts, and packet duplication to overcome packet loss. The Cato Socket can also route site-to-site traffic over MPLS and the Internet to address gradual migration, regional and application-specific requirements.

Cato provides multiple options to connect cloud datacenters to the Cato SASE Cloud Platform.
 These include a Cato vSocket virtual SD-WAN device that can be deployed in the cloud datacenter, a direct cross-connect from the cloud provider to the Cato PoP, and the creation of an IPSec tunnel between the Cato PoP and the cloud provider’s datacenter VPN edge.

Cato SASE Cloud Platform includes a cloud-native security stack, SSE 360. It is based on Cato’s Single Pass Cloud Engine (SPACE) architecture and converges the following capabilities: network segmentation and zero-trust (FWaaS), threat prevention (SWG, IPS, NGAM, DNS Security, RBI), and application and data protection (CASB, DLP, ZTNA). Cato’s SSE 360 is built to decrypt and inspect all enterprise traffic, without the need for sizing, patching, or upgrading of appliances and other point solutions. Security policies and events analysis are centrally and uniformly managed using the self-service Cato Management Application.

Cato implements defense in depth with multi-layer threat prevention capabilities. Secure Web Gateway (SWG) protects users against risky web sites, phishing attacks and malware delivery. Intrusion Prevention System (IPS) detects and stops malicious traffic based on threat intelligence feeds, AI/ML inline controls, and deep heuristics that leverage granular context including identify, network, application, and data attributes. Next-generation Anti-Malware (NGAM) engine inspects every payload to stop inbound infections. DNS security inspects DNS queries and responses to prevent DNS tunneling and to block phishing attacks, malicious domains, malware communication and other DNS-based threat vectors. Remote Browser Isolation (RBI) further protects users by directing traffic to high-risk web sites into an isolated cloud-based browser session, thus minimizing the risk of endpoint compromise.

Cato enforces application access control and data protection on all access, both inline and out-of-band through SaaS API integrations. Cato Cloud Access Security Broker (CASB) provides broad visibility to the usage of both sanctioned and unsanctioned (“Shadow IT”) applications and the ability to enforce access policies based on application, user, and device risk. Data Loss Prevention (DLP) engine enforces access policies and granular actions on sensitive data across on-premises and cloud destinations from corporate and BYOD devices.

Cato extends access control and endpoint protection, detection and response to user devices using the Cato Client. The Cato Client is available for all major operating systems and is delivered though IT software distribution or as a self-service deployment. The Cato Client provides granular endpoint traffic management capabilities to selectively control WAN and internet traffic using Cato. It also supports always-on mode to ensure corporate endpoints are continuously protected.

The Cato Client includes an Endpoint Protection, Detection, and Response (EPP/EDR) capabilities. Customers can extend protection to the endpoint itself using a next generation anti-malware engine that detects malicious files and correlates on-device suspicious activity. The Cato Client delivers endpoint risk context and events to a cloud-based data lake. Correlated with the detailed network context provided by Cato SSE 360 engines, Cato XDR creates an accurate picture of security incidents across endpoint and network domains.

Cato leverages its granular data set of network, security and endpoint events, proven AI/ML capabilities for anomaly and threat detection, and incident analysis and response tools to deliver a full XDR solution. Cato consolidates incident data generated by the Cloud Network and the Cato Client, as well as 3rd party EPP/EDR solutions, such as Microsoft Defender for Endpoints, into a unified, cloud-based data lake. Cato’s threat hunting, user behavior analysis and network degradation detection algorithms analyze the data to identify and prioritize incidents for further review. Cato XDR generates unique insights and recommendations based on similar incidents detected across multiple customers to improve accuracy and incident prioritization.

For customers who prefer to partner with incident detection and response specialists, Cato and its partners offer a managed service that includes timely detection of threats, recommended remediation actions, and optional preventive measures. Cato’s MXDR ensures early detection of compromised endpoints to minimize threat dwell time, thus reducing the exposure to data breach and offloading a complex and time-consuming task from IT security.

The Cato SASE Cloud Platform is managed through the Cato Management Application, a single pane of glass to manage all policy configuration, network and security analytics, and real-time monitoring and troubleshooting. Cato scales its cloud-delivered management platform to store and process massive volumes of data and provide a high-performance interface to access and investigate all events data generated by the customer’s infrastructure. All current and future Cato capabilities are managed in the same way to ensure easy adoption by IT and quick delivery of new capabilities to the business.