DNS Security

Cato’s DNS Security inspects all DNS traffic, preventing malicious DNS activity hiding within the protocol’s traffic, and blocking DNS requests to malicious destinations before a connection is made.

DNS Security Capabilities

AI-based DNS Inspection Deliver Superior In-line Phishing Protection

Phishing is one of the top attack vectors that every CISO is concerned about.

Ongoing training of AI and ML algorithms on Cato’s massive global data lake enables Cato DNS Security to provide in-line identification of domain squatting and other website impersonation attempts. This is achieved through real-time analysis of webpage components, domain age, popularity, and patterns associated with toolkits used in phishing sites. This Inline detection of phishing attacks helps prevent credential harvesting, malware delivery, and sensitive data loss.

Block Malicious Domains and C&C Sites Before Connection

The number of malicious sites that host command and control (C&C) servers to remotely manage malware is huge. Attackers continuously move their C&C servers between sites to avoid detection and blacklisting. Cato DNS Security uses Cato’s timely and continuously optimized threat intelligence system to identify malicious domains and C&C sites and block traffic to and from them in real time. Using Cato DNS Security, enterprises dramatically reduce exposure to millions of web-based attacks with near-zero false positives.

Stop Data Loss and Malicious Activity over DNS Tunneling

DNS tunneling attacks leverages the need to allow DNS traffic to pass through security controls, as a method for data exfiltration and C&C access. Cato’s DNS Security analyzes DNS request properties such as packet size, record type, and the ratio of unique subdomains to identify anomalies and indicators of DNS tunneling attacks. Cato’s AI/ML algorithms are continuously trained to identify DNS Tunneling, enabling protection that is not dependent on specific knowledge of the threat actor or domain name.

Prevent Resource Leaching from Crypto Miners

Crypto miners use compromised corporate endpoints for financial gain leading to system instability, poor user experience, and increased costs for the organization. Cato leverages dedicated rules and heuristics to identify domains that are used for crypto-mining operations, blocking any DNS requests to these destinations. With Cato, enterprises protect users’ productivity and security from impact by unauthorized use.

Reduced Risk by Blocking Newly-registered Domains

Malicious domains are quickly identified and categorized, leading to category-based blocking by most security engines. Threat actors register new domains to bypass category-based security controls. Cato’s DNS Security identifies and blocks access to domains that are less than 14 days old in real-time. Since most newly registered domains are malicious or suspicious, blocking them reduces the attack surface and improves security posture with minimal user impact.

Full Visibility into DNS Security Threats and Events

All threat activity is logged in Cato’s global data lake, providing administrators with instant access to the threat information they need via a single console. DNS security events are visible in the security threats dashboard with filtering and drill down capability into all events related to DNS protection. Security teams can quickly understand and evaluate DNS threats to their organization without aggregating multiple data sources or navigating between multiple consoles.

DNS Protection Video Demo

Cato's DNS protection provides an additional layer of protection by blocking DNS requests to malicious and phishing sites, blocking domains registered within the last 14 days and blocking DNS tunneling and crypto-mining activity.

The Strategic Benefits of a True SASE Platform

Architected from the ground up as a true cloud-native SASE platform, all Cato's security capabilities, today and in the future, leverage the global distribution, massive scalability, advanced resiliency, autonomous life cycle management, and consistent management model of the Cato platform.

Consistent Policy

Cato extends all security capabilities globally to deliver consistent policy enforcement everywhere and to everyone, from the largest datacenters and down to a single user device.

Scalable and Resilient Protection

Cato scales to inspect multi-gig traffic streams with full TLS decryption and across all security capabilities, and can automatically recover from service component failures to ensure continuous security protection.

Autonomous Life Cycle Management

Cato ensures the SASE cloud platform maintains optimal security posture, 99.999% service availability, and low-latency security processing for all users and locations without any customer involvement.

Single Pane of Glass

Cato provides a single pane of glass to consistently manage all security and networking capabilities including configuration, analytics, troubleshooting, and incident detection and response. Unified management model eases new capabilities adoption by IT and the business.

Recognized as a SASE Pioneer and Leader by Industry Analysts

Cato is the category creator of SASE. We didn't invent the name, but SASE is Cato's founding vision. Since 2015 we are continuously evolving and perfecting the only true SASE platform. Cato is fully committed to deliver on the promise of SASE: making secure and optimized access effortlessly available for everyone and everywhere.

“We ran a breach-and-attack simulator on Cato, Infection rates and lateral movement just dropped while detection rates soared. These were key factors in trusting Cato security.”

Try Cato

The Solution that IT teams have been
Waiting for. Prepare to be amazed!

Contact Us