Cato Networks has announced an expansion of its secure access service edge (SASE) cloud platform to include a threat detection and incident response offering, Cato extended detection and response (XDR).
Combining its existing SASE functionalities with a new endpoint protection platform (EPP) capability, Catoâs new XDR extension aims to overcome âdeployment delays, limited data quality, and inadequate investigation and responseâ associated with legacy XDR solutions, according to the Israel-based network security company.
Cato Networks is a cloud-based platform for enterprise security and networking based on a modular SASE architecture, which follows a security framework that combines network security functions with WAN (Wide Area Network) capabilities.
Available immediately, Cato XDR is a fresh attempt at combining the strength of a SASE architecture and using its telemetry to inform an enterpriseâs threat detection and response workflows.
Legacy tools depend on disparate data sensors
Catoâs SASE-based XDR is designed to reduce threat detection complications associated with a large number of security alerts produced by network sensors used by legacy XDRs, such as firewalls and intrusion prevention systems (IPS).
Security analysts use XDR tools to ingest, correlate, and contextualize threat intelligence information with the data from native and third-party sensors. To identify true threats, these tools require reliable and accurate data from across their network, according to Cato.
âLegacy XDR tools require the deployment of sensors, extending the time-to-value as IT must install the sensors and then baseline specific organizational activity for accurate assessments,â said Cato in a press release. âData quality is also compromised when importing and normalizing third-party sensor data, complicating threat identification and incident response.â
Relying on tools pooling data from disparate sensors leads to inefficient sorting of incident stories and poor identification for critical remediation. âOnce determined, incident remediation often remains hampered by missing information and requiring analysts to master and switch between disparate tools,â the company added.
SASE-backed XDR for faster remediation
Cato XDR attempts to address the limitations of legacy tools by tapping into its existing SASE capabilities, using its pool of native sensors for incident identification.
Catoâs existing stack of sensors includes its multiple SASE components such as a next-generation firewall (NGFW), next-generation antimalware (NGAM), IPS, DNS security, Secure Web Gateway (SWG), cloud access security broker (CASB), zero-trust network access (ZTNA), data loss protection (DLP), and remote browser isolation (RBI).
Additionally, endpoint-based telemetry from Catoâs new EPP capability is added to the data pool for granular analysis. âPowered by Bitdefenderâs world-leading malware prevention technology, Cato EPP protects the endpoint from attack,â Cato added. âEndpoint threat and user data are still stored in the same converged Cato data lake as the rest of the customer’s network data, simplifying endpoint and network event correlation.â
To further enhance remediation Cato uses in-house AI to identify and rank incidents and help analysts address critical cases on priority. âCato AI is battle-tested and proven across years of threat hunting and remediation handling by Cato MDR service agents,â the company added.