Cato Intrusion Prevention System (IPS)

Cato IPS provides organizations with real-time protection against advanced threats and attacks that utilize known and unknown exploits. IPS protection applies to all traffic including Internet, WAN, and Cloud, preventing ransomware delivery and propagation and data theft.

Cato IPS Capabilities

Phishing & Malware Protection with Real-Time AI/ML

Attackers often use techniques like Domain Squatting and Domain Generation Algorithms (DGAs) to evade reputation-based prevention tools. Cato’s IPS integrates complex AI/ML models in its real-time inspection engine to detect Domain Squatting and DGAs. Threats are identified using deep learning models and correlation of data points such as domain popularity, age, letter patterns and more. Brand impersonation is detected through analysis of webpage components such as favicon, images, and text.
Moving tools that were previously available only in post-mortem analysis into real-time prevention dramatically improves prevention efficacy and the enterprise security posture.

Prevention of Ransomware Delivery, C&C and Propagation

A successful ransomware attack requires delivery of the ransomware, command and control (C&C) communication with the attacker, and propagation across the network for maximal impact.
Cato IPS has full visibility to both Internet and WAN traffic. It prevents malware delivery and C&C communication by blocking malicious files download, and access to domains and IP addresses associated with ransomware and malicious activity. Propagation across the WAN is prevented by detection and blocking of lateral movement patterns and indicators.
The comprehensive visibility of Cato IPS provides not just a reduction in ransomware exposure, but also minimizes the potential impact of a ransomware attack.

Rapid and Seamless Mitigation of Emerging Threats

Enterprises often struggle with the process, resources and time it takes to protect their networks from emerging CVEs. Cato IPS provides virtual patching to rapidly secure our customers’ networks when mitigation time is critical. Cato dedicated team of experts build, test and deploy new IPS rules in record time to quickly adapt to new CVEs without requiring any customer involvement. This “virtual patching” provides enterprises with the assurance that they are protected from high-risk emerging threats while they are updating and patching their impacted systems.

Cloud-scale Traffic Inspection

Leveraging the power of cloud-native architecture, Cato delivers an elastic and scalable IPS, allowing organizations to inspect all traffic, including TLS-encrypted traffic. Massive cloud compute resources eliminate the need to fine-tune signature sets or limit traffic sent to the IPS. All locations and users, including cloud infrastructure, branch locations, and remote users are protected with Cato’s IPS, eliminating the need to scale and upgrade FW/IPS appliances. With Cato, organizations no longer end up with an IPS that is only inspecting some traffic or use a limited set of signatures due to resource constraints.

Geo-Fencing for Attack Surface Reduction

One of the simplest methods of reducing your organization’s attack surface is to block countries that your organization has no business need to interact with. Cato’s IPS allows you to quickly block traffic of specific geographies (inbound, outbound, or both) with a single global policy that applies to all users and locations.

Purpose-built Heuristics Language Leverages SASE Convergence

Cato IPS uses heuristics to identify threats and attacks in real time. Heuristics are comprised of a set of conditions examined against real network traffic.
A part of Cato’s Single Pass Cloud Engine (SPACE), Cato IPS has visibility to data standalone IPS solutions cant consider including URL classification, app id, target risk score, target popularity, device fingerprint, user authentication, and more.
With a purpose-built heuristics language that is designed to leverage true SASE convergence, enterprises benefit from a robust prevention of threats in real-time.

Automated AI-Managed Threat Intelligence

Up-to-date threat intelligence is key to IPS efficacy against malware, phishing, and command and control (C&C) sites, and reduced friction caused by false positives. Cato IPS uses a purpose-built AI-based reputation system that autonomously aggregates and scores information from 250+ threat intelligence feeds. The system continuously maps and clears overlaps between feeds, measures threat records quality and relevancy, and simulates potential impact on real traffic. An updated and aggregated blacklist is automatically published to all Cato PoPs, ensuring up-to-date protection with near zero false positives and no customer involvement.

The Strategic Benefits of a True SASE Platform

Architected from the ground up as a true cloud-native SASE platform, all Cato's security capabilities, today and in the future, leverage the global distribution, massive scalability, advanced resiliency, autonomous life cycle management, and consistent management model of the Cato platform.

Consistent Policy

Cato extends all security capabilities globally to deliver consistent policy enforcement everywhere and to everyone, from the largest datacenters and down to a single user device.

Scalable and Resilient Protection

Cato scales to inspect multi-gig traffic streams with full TLS decryption and across all security capabilities, and can automatically recover from service component failures to ensure continuous security protection.

Autonomous Life Cycle Management

Cato ensures the SASE cloud platform maintains optimal security posture, 99.999% service availability, and low-latency security processing for all users and locations without any customer involvement.

Single Pane of Glass

Cato provides a single pane of glass to consistently manage all security and networking capabilities including configuration, analytics, troubleshooting, and incident detection and response. Unified management model eases new capabilities adoption by IT and the business.

Recognized as a SASE Pioneer and Leader by Industry Analysts

Cato is the category creator of SASE. We didn't invent the name, but SASE is Cato's founding vision. Since 2015 we are continuously evolving and perfecting the only true SASE platform. Cato is fully committed to deliver on the promise of SASE: making secure and optimized access effortlessly available for everyone and everywhere.

“We ran a breach-and-attack simulator on Cato, Infection rates and lateral movement just dropped while detection rates soared. These were key factors in trusting Cato security.”

Try Cato

The Solution that IT teams have been
Waiting for. Prepare to be amazed!

Contact Us