Cato Client Capabilities
SASE-native Zero Trust Network Access
Secure remote access is often purchased as a point product that requires tight integration with adjacent network and security solutions. The Cato Client provides ZTNA capabilities natively from the Cato SASE Cloud Platform, with no integrations required. Administrators configure the users’ device posture requirements, and their access conditions. The Cato Client authenticates the user, validates the device posture, and establishes a secure, encrypted tunnel to the Cato SASE Cloud Platform, where access is granted based on application-centric policies.
Built-in Endpoint Protection Engine
Built into the Cato Client is the Cato EPP, which protects endpoints against malware in multiple ways. A File Protection engine scans every file opened or created on the endpoint, to protect against malicious files. A Behavioral Protection engine analyses running processes for malicious activities, and uses heuristics to protect against unknown and zero-day threats. Being part of Cato’s SASE platform, endpoint protection deployment, management, monitoring and troubleshooting is seamlessly done through the Cato Management Application.
Real-time and Historical Visibility into User Activity
Cato provides granular details about user devices, activity, and locations through a centralized dashboard. Administrators can further zoom into details on specific users or devices to view past connectivity and security events. Through deep visibility into user activity, Cato helps technical teams to quickly identify, investigate, and resolve connectivity and access problems, as well as risky behavior that may indicate a compromised endpoint.
Continuous Device Posture Assessment with Automated Response
The Cato client continuously monitors and evaluates device posture for a variety of attributes including anti-malware, endpoint firewall, disk encryption, patching, endpoint DLP and device certificate to differentiate between corporate devices and BYOD. Any combination of these posture checks can be used to fine-tune access policies. When a deviation from the designated policy is reported by the client, Cato can limit access or completely terminate the user’s connection.
Automated User Identity Detection for Universal ZTNA
ZTNA has become a synonym with remote access, but a full zero-trust strategy requires extending it into the office network, delivering Universal ZTNA. User identity is a central component for enforcing zero trust access policies and user activity tracking anywhere the user is connected. The Cato SASE Cloud Platform integrates with your identity provider of choice and in concert with the Cato Client accurately and continuously tracks the user identity. This enables admins to deliver ZTNA everywhere based on this identity, regardless of the user’s whereabouts – remote or in the office.
Self-Service or MDM-based Deployment
Client deployment is often a significant hurdle to adopting a new solution. The Cato Client can be easily deployed through your MDM of choice. Alternatively, a user-friendly self-service onboarding option is available, tested and proven over hundreds of thousands of user deployments. With self-service onboarding, users are provisioned via your identity provider, directed to a Cato portal to install the Cato Client, authenticate, and securely connect to the Cato SASE Cloud Platform. Cato enables administrators to deploy the Cato Client in any manner that meets their needs.
Always-on Mode for Strong Security Posture
Enterprises require always-on secure access mode to prevent users from bypassing security controls and increase the risk of data breach. The Cato Client can prevent users from disabling it, forcing all their network traffic to be inspected by the Cato SASE Cloud Platform. Bypass options are available if required to aid with troubleshooting and temporary exceptions. Additionally, pre-login client logic allows a device to connect before a user is logged in, enabling secure connectivity to domain controllers and other resources that may be required for a user’s first login to a new device, password resets, and operating system updates.
Effortless and Centrally Managed Version Control
The Cato Client is centrally managed by the Cato Management Application, providing administrators with full control over software upgrade rollouts. Administrators are notified of upcoming version releases and can define policies for automatic or controlled rollout. When validation and testing is required prior to deployment, a pilot group of users can be designated to automatically be upgraded first. Cato enables admins to align updates with enterprise constraints, balancing exposure and business disruption.
Your Client, Branded for You
Branding is central to your organization and helps build trust between your users and the tools deployed to their endpoints. The Cato Client can be easily branded with your logo in just minutes. Administrators simply upload the desired logo via the Cato Management Application and it will appear instead of the Cato Networks logo in the Cato Client UI.
Consistent Security and Performance, Regardless of Location
Admins are often forced to backhaul or split-tunnel remote user’s traffic to balance security and performance. The Cato Client dynamically connects to the nearest Cato PoP, allowing security inspection and policy enforcement to happen near the user, no backhauling needed. Access to Cato’s Global Private Backbone enables reliable and optimized network access to any resource, on-premises or in the cloud, eliminating the productivity impact often associated with remote work. The Cato Client delivers a secure, consistent experience to users, regardless of location.