Cato CASB protects enterprises against data breach and cloud-delivered threats

Cato Networks introduced Cato CASB, a Cloud Access Security Broker (CASB) to deliver actionable value in under 60 minutes.


“CASB addresses a critical visibility and control gap created by cloud migration but must be converged into a broad SASE platform to be truly effective across the business,” said Shlomo Kramer, co-founder and CEO of Cato Networks, “We’ve done just that with Cato CASB. By building Cato CASB into the Cato SPACE engine, it can leverage the global footprint, rich context, cloud scalability, and self-healing and self-maintenance underpinning the Cato SASE Cloud. Cato CASB is just the latest example of high impact, high value capabilities that are effortless to deploy and use.”

SASE: The Cato difference

With Cato CASB, Cato brings the benefits of a true SASE platform to the challenge of managing cloud application risk. Legacy, stand-alone CASB solutions require extensive planning and deployment times that can take several months. By contrast, Cato CASB is instantly available offering full visibility and control of cloud application access -immediately.

As part of Cato SASE Cloud, Cato CASB is available worldwide from 70+ locations for every site or user accessing any cloud application. This broad footprint enables optimized enforcement of corporate policies on all cloud access without introducing high latency, even when accessing cloud applications across geographical regions. Legacy CASB solutions coverage vary by location or available capabilities.

And Cato CASB taps the full power of Cato’s multi-layer threat defense. Cloud-based file access is inspected by Cato advanced anti-malware and IPS engines. Access control to locations and resources are limited through Cato NGFW and SWG. With legacy CASB, all of those components would be additional, requiring integration and deployment.

The four steps to managing cloud application risk

More specifically, with this announcement, Cato addresses all four stages for managing cloud application data risk — visibility, assessment, enforcement, and protection.

Visibility: The new Shadow IT dashboard: Cato is introducing a new Shadow IT dashboard that provides a bird’s eye view of aggregate SaaS usage including number of total and high-risk applications, list of the highest risk applications, number of users accessing them, as well as distribution by risk.

Assessment: The Cato Application Credibility Engine (ACE): Having identified unauthorized applications, IT leaders must assess their risk before deciding if they should be blocked, controlled, or allowed. Cato has built a unique Application Credibility Engine (ACE) which automates data collection from several sources to enable a quick and accurate assessment of each application. Three vectors are aggregated together for a comprehensive analysis – general company information, compliance features, and security capabilities.

Machine learning algorithms operating against Cato’s massive data lake of flow metadata analyzing the actual features applications exhibit on the network. Currently, Cato regulatory compliance verification includes HIPAA, PCI, and SOC 1-3. Security feature verification includes MFA, encryption of data at rest, and SSO.

Enforcement: Cato CASB rules define access policies: Having discovered unauthorized applications on their networks and been able to assess their risk, IT leaders must now decide how they want to respond. With Cato CASB, they gain fine-grained access over the application. The rules allow them to define the matching criteria, the specified action to be taken in case the rule applies, the associated severity level, and whether an alert or event should be generated.

Protection: Cato detects and blocks threats and breaches: The last stage is ensuring the protection of SaaS usage. Cato’s SASE achieves this through the convergence of its security tools. All SaaS traffic is processed by multiple security tools — NGFW, SWG, IPS, and NGAM. Together, these tools provide comprehensive protection from a wide array of threats.

Share this