Cato Networks launches new SASE-powered XDR offering

Cato Networks has announced an expansion of its secure access service edge (SASE) cloud platform to include a threat detection and incident response offering, Cato extended detection and response (XDR).

Combining its existing SASE functionalities with a new endpoint protection platform (EPP) capability, Cato’s new XDR extension aims to overcome “deployment delays, limited data quality, and inadequate investigation and response” associated with legacy XDR solutions, according to the Israel-based network security company.

Cato Networks is a cloud-based platform for enterprise security and networking based on a modular SASE architecture, which follows a security framework that combines network security functions with WAN (Wide Area Network) capabilities.

Available immediately, Cato XDR is a fresh attempt at combining the strength of a SASE architecture and using its telemetry to inform an enterprise’s threat detection and response workflows.

Legacy tools depend on disparate data sensors

Cato’s SASE-based XDR is designed to reduce threat detection complications associated with a large number of security alerts produced by network sensors used by legacy XDRs, such as firewalls and intrusion prevention systems (IPS).

Security analysts use XDR tools to ingest, correlate, and contextualize threat intelligence information with the data from native and third-party sensors. To identify true threats, these tools require reliable and accurate data from across their network, according to Cato.

“Legacy XDR tools require the deployment of sensors, extending the time-to-value as IT must install the sensors and then baseline specific organizational activity for accurate assessments,” said Cato in a press release. “Data quality is also compromised when importing and normalizing third-party sensor data, complicating threat identification and incident response.”

Relying on tools pooling data from disparate sensors leads to inefficient sorting of incident stories and poor identification for critical remediation. “Once determined, incident remediation often remains hampered by missing information and requiring analysts to master and switch between disparate tools,” the company added.

SASE-backed XDR for faster remediation

Cato XDR attempts to address the limitations of legacy tools by tapping into its existing SASE capabilities, using its pool of native sensors for incident identification.

Cato’s existing stack of sensors includes its multiple SASE components such as a next-generation firewall (NGFW), next-generation antimalware (NGAM), IPS, DNS security, Secure Web Gateway (SWG), cloud access security broker (CASB), zero-trust network access (ZTNA), data loss protection (DLP), and remote browser isolation (RBI).

Additionally, endpoint-based telemetry from Cato’s new EPP capability is added to the data pool for granular analysis. “Powered by Bitdefender’s world-leading malware prevention technology, Cato EPP protects the endpoint from attack,” Cato added. “Endpoint threat and user data are still stored in the same converged Cato data lake as the rest of the customer’s network data, simplifying endpoint and network event correlation.”

To further enhance remediation Cato uses in-house AI to identify and rank incidents and help analysts address critical cases on priority. “Cato AI is battle-tested and proven across years of threat hunting and remediation handling by Cato MDR service agents,” the company added.

Security Software

Go to Source