We are announcing two new additions to Cato’s cloud security offering:
Cato Managed Threat Detection and Response (MDR) service is a managed service for detecting threats in our customer’s networks and working with them towards remediation. Cato MDR is zero-footprint, requiring no additional hardware or software, making adoption remarkably simple.
Cato also announced the integration of an additional, zero-day malware prevention engine from SentinelOne.The SentinelOne engine uses machine learning algorithms to identify malware without signatures (i.e, not seen before malware where a specific signature is used for detection).
Why is MDR important and what is special about Cato’s MDR?
Security and IT leaders today know that no matter how many layers of prevention are in place, hackers always find their way in. We also know today that all sizes and types of organizations are targeted; security experts advise organizations to assume their networks are compromised.
To address the shortcomings of prevention, Gartner (and many other IT and security thought leaders) advise a multilayered security architecture combining prevention and detection technologies. Our MDR service provides customers with managed, effortless detection on top of Cato’s and other prevention technologies (like endpoint protection).
Cato’s MDR is unique in its availability as a zero-footprint service. Cato customers can subscribe instantly without requiring any agent installations, network changes, or computer updates. Cato MDR is backed by Cato’s proprietary machine learning algorithms and SOC (security operation center) team and has already proven its value many times over as evidenced by the results of Cato’s courtesy malware alerts.
What are the details of Cato’s MDR?
Cato MDR is a fully managed service that offloads the detection of compromised endpoints onto Cato’s security operation center (SOC) team. Cato MDR includes:
In addition to instant alerts, Cato MDR includes a monthly audit report of all incidents
- Automated threat hunting —- machine learning algorithms look for
anomalies across billions of flows in Cato’s data warehouse and correlate them with threat intelligence sources and complex heuristics. This process produces a small number of suspicious events for further analysis.
- Expert threat verification — Cato security researchers review flagged endpoints and assess the validity and severity of the risk, only alerting on actual threats. Cato relieves customers from handling the flood of false-positives that suck precious IT resources.
- Threat containment — Verified live threats can be contained automatically by blocking C&C domains and IP addresses, or disconnecting compromised machines or users from the network.
- Guided remediation — The Cato SOC advises on the risk’s threat level, recommended remediation, and follows up until the threat is eliminated.
Each month Cato MDR provides an audit report of all incidents across a company’s network (see figure). Complete details of Cato MDR service be seen here a customer’s audit report (identifying information removed) can be seen here.
Why is SentinelOne’s Anti-Malware engine important, and what is special about it?
Traditional anti-malware engines, like the one already integrated into Cato’s service, identify malware based on their previously gathered digital fingerprints. This makes their ability to identify and block new types or variants of malware (AKA zero-day) incomplete.
Machine-learning based anti-malware is a new technology that identifies malware based on a thorough, real-time analysis of thousands of parameters in an inspected file and the relations between them. Being trained on millions of file samples (both malicious and benign), such algorithms are able to detect zero-day malware with very high accuracy.
The combination of our existing anti-malware and the addition of SentinelOne provides customers with prevention of both known and unknown malware.
SentinelOne is a leading vendor in this space, and Cato is integrating their technology at the network-level for scanning files in transit. This means Cato customers are protected against zero-day malware entering from the Internet or moving laterally between sites.
What does this mean for Cato customers?
With the addition of MDR and integration of SentinelOne, Cato customers can now significantly improve their network security posture. SentinelOne prevents zero-day malware coming over the network, and Cato’s MDR complements Cato’s threat prevention services with a managed service for threat detection and response.
Together, Cato offers customers a complete suite of enterprise-grade network security services that is tightly aligned with the industry best-practice for a secure IT architecture.
What does this mean for Cato partners?
With the addition of MDR and integration of SentinelOne, Cato partners can now offer their customers the means to significantly improve their customer’s network security posture. SentinelOne adds protection against zero-days malware coming over the network, and Cato’s MDR complements Cato’s threat prevention services with a managed service for threat detection and response.
Overall, Cato provides partners with a complete suite of enterprise-grade network security services they can deliver to their customers. Cato Security Services are easily implemented and tightly aligned with the industry best-practice for a secure IT architecture.
Do we already have MDR customers? What is their feedback?
We have already sold several MDR subscriptions already before the official service launch. Here is a feedback from one early MDR subscriber, BioIVT:
“Cato MDR has already discovered several pieces of malware missed by our antivirus system and we removed them more quickly because of Cato,” says Andrew Thomson, director of IT systems and services at BioIVT, a provider of biological products to life sciences and pharmaceutical companies.
“We thought updating our security architecture was going to require running around to different vendors, piecing together a solution, and going through all of the deployment and management pains. So, when we found out that Cato not only delivered a global network but also built-in security services and now MDR, we were extremely excited. It was a huge help.”