CIO Influence
CIO Influence News Networking Security

Cato Networks Revolutionizes Network Security with Real-Time, Machine Learning-Powered Protection

Cato Networks Revolutionizes Network Security with Real-Time, Machine Learning-Powered Protection

Cato Networks, provider of the world’s leading single-vendor SASE platform, introduced today real-timedeep learning algorithms for threat prevention as part of Cato IPS. The algorithms leverage Cato’s unique cloud-native platform and vast data lake to provide highly accurate identification of malicious domains, which are often used in phishing and ransomware attacks. In testing, the deep learning algorithms identified nearly six times more malicious domains than reputation feeds aloneCato’s Security Research Manager, Avidan Avraham, and Cato Data Scientist Asaf Fried presented on the use of machine learning to detect C2 communications at the AWS Summit in Tel Aviv.

Tapping Deep Learning to Stop Phishing and Ransomware Attacks

Real-time identification of malicious domains and IPs is essential to stopping phishingransomware, and other cyber threats. The traditional approach – relying on domain reputation feeds to categorize and identify malicious domains – has proven far too inaccurate as domain generation algorithms (DGAs) enable attackers to quickly generate new domains, which lack reputation. At the same time, users continue to click through to malicious domains mimicking well-known brands (such as microsoftt[dot]com or amazonlink[dot]online) whose lack of reputation also makes detection by reputation feeds alone unreliable.

CIO INFLUENCE: Nextira Selected by Ansys Technology Partner Program to Support Customers Implementing Ansys Gateway Powered by AWS

Cato‘s real-time, deep-learning algorithms address both problems. The algorithms prevent access to DGA-registered domains by identifying those new domains infrequently visited by users and with letter patterns common to DGAs. They block cybersquatting by hunting for domains with letter patterns similar to well-known brands. And the algorithms stop brand impersonation by examining parts of the webpage, such as the favicon, images, and text.

These radical advancements in network security are enabled by the cloud-native architecture of Cato‘s technology. Real-time deep learning algorithms require significant compute resources to avoid disrupting the user experience. The Cato SASE Cloud provides those resources. In millisecondsCato inspects flows, extracts their destination domain, measures the domain’s risk, and infers the necessary results from the traffic without disrupting the user experience.

At the same time, deep learning models need extensive training data.The massive data lake underlying Cato SASE Cloud provides that resource. Built from the metadata of every flow traversing Cato and further enriched by 250+ threat intelligence feeds, the deep learning algorithms benefit from analyzing patterns across all Cato customers. Those insights are further enhanced by custom analyses derived from customers’ traffic—the result: precise, algorithmic identification of suspicious domains.

CIO INFLUENCE: CIO Influence Interview with Pete Lilley, Vice President and GM at Instaclustr

Real-time Deep Learning Yields 6X Improvement in Threat Detection

Cato Research Labs routinely observes tens of millions of network connection attempts to DGA domains from across the 1700+ enterprises using the Cato SASE Cloud. For example, of the 457,220 network connection attempts to DGA domains made in a sample period, only 66,675 (15 percent) were listed in the 250+ threat intelligence feeds consumed by Cato. By contrast, Cato algorithms identified the rest, over 390,000 additional DGA domains, a nearly six-fold improvement.

Real-time, Deep LearningJust One Part of Cato‘s Multitiered Security Protection

Cato‘s real-time, deep learning algorithms are not the only way Cato detects and stops threats. The Cato SASE Cloud’s combination of SWG, NGFW, IPS, NGAM, CASB, DLP, RBI, and ZTNA provides multitiered protection against exploitations, disrupting cyberattacks at multiple points in MITRE‘s ATT&CK Framework.

The deep learning algorithms are the latest AI and ML additions to the Cato SASE Cloud. Cato has long used machine learning for offline analysis to solve problems at scale, such as OS detection, client classification, and automatic application identification. ChatGPT is also used in various ways, including automatically generating descriptions of threats for Cato‘s threat catalog.

CIO INFLUENCE: JFrog Software Supply Chain Platform Delivers 393% ROI According to Total Economic Impact Study

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Keenan & Associates Data Security Incident Notification

Business Wire

Confluent Acquires WarpStream to Advance Next-Gen BYOC Data Streaming

Business Wire

BILT Engages HHQ Ventures to Support Federal Expansion