Cato integrates native, behavior-based auto-adaptive threat prevention into its SASE platform

Cato Networks has announced an auto-adaptive threat prevention engine within its SASE platform, enabling enterprises to proactively block advanced threats that use legitimate tools and targets. Cato Dynamic Prevention continuously evaluates activity in full context, correlating signals from across Cato’s sensors over months of activity.

Once malicious behavior is identified, Cato automatically adapts and enforces restrictions across related actions by threat actors, stopping threats early without adding operational overhead or requiring IT or SOC intervention.

“From a CISO perspective, the biggest risk today is that advanced attacks don’t arrive as a single event. They develop quietly over time, spread across users, sites, and systems, and exploit the gaps between disconnected tools,” said Giles Ashton-Roberts, CISO at Swissport International AG, a global leader in airport ground services and air cargo handling with 360+ sites, Microsoft Azure and Amazon Web Services (AWS) instances, and 26,000+ users on the Cato SASE Platform.

“At Swissport, we operate in a truly always‑on environment. There’s no downtime when you’re supporting hundreds of airport locations across the globe,” said Ashton-Roberts. “In that kind of environment, delayed detection directly impacts our ability to respond. The Cato Dynamic Prevention launch is emblematic of why unifying all security and networking signals into a single platform matters, because only with that level of visibility and context can security teams respond fast enough to stop threats before they disrupt critical operations.”

Advanced threats continue to evade enterprise defenses

Advanced attacks increasingly blend into normal enterprise activity by abusing legitimate tools and targets. Rather than triggering a single high-confidence alert, threat actors execute a series of low-signal actions over time, each appearing benign in isolation. This approach allows malicious behavior to evade traditional, point-in-time inspection and remain undetected during the early, and most preventable, stages of an attack.

Security point solutions are typically not built to identify these patterns. Operating in silos, they lack the context needed to correlate activity across time, hosts, and networks. Even when threats are eventually detected, response is often manual and delayed, giving threat actors time to persist, move laterally, and escalate impact. According to Gartner, “61% of enterprises lack full-time threat hunting experts and rely on reactive analysts repurposing their time, leaving teams underfunded, misaligned, and vulnerable.”

This critical gap between detection and timely prevention is where advanced threats succeed, and where security point solutions fall short.

Cato Dynamic Prevention stops advanced threats with real-time, behavior-based threat prevention

Cato Dynamic Prevention closes the gap by identifying and automatically stopping advanced threats that evade point-in-time inspection. Built natively into the Cato SASE Platform, Cato Dynamic Prevention continuously correlates months of security and networking activity in real time across Cato’s full range of inline sensors, such as DLP, IPS, and NGAM, and out-of-band engines to identify behavior-based threats that appear benign in isolation. Once identified, Cato dynamically applies adaptive rules, blocking high-risk activity in real time.

As a result, enterprises gain:

• Reduced risk exposure: Address threats earlier by identifying and stopping malicious activity before it escalates.
• Stronger security posture: Protect proactively against the misuse of legitimate tools and previously unseen behaviors.
• Greater IT and SOC efficiency: Reduce false positives and manual investigation, allowing IT and security teams to focus on higher-value work.

“Enterprises are already struggling to stop advanced threats that unfold quietly over time, and with the explosion of AI and autonomous agents, the threat landscape is accelerating exponentially. Threat actors abuse trusted tools and valid credentials, knowing most defenses still analyze isolated events and rely on humans to connect the dots for more complex attack chains,” says Lior Cohen, VP of product management, security and management at Cato Networks.

“Cato Dynamic Prevention changes the game by continuously understanding behavior in context, predicting the threat actor’s next move, and enforcing protection automatically that would only impact true positive threats. As a result, this stops potential threats before a breach ever takes shape,” Cohen concluded.