The IPS will be integrated into the rest of Cato’s security services, which include its next-generation firewall, secure web gateway, URL filtering, and malware protection. All of these services are included in Cato’s SD-WAN cloud, which is a network connecting end-user devices and office locations.
Cato’s cloud is similar to Aryaka because its cloud provides a network backbone and private connectivity to enterprises. Many SD-WAN vendors have basic firewalls and other security services built into these appliances at the edge but Cato’s reside in its cloud.
IPS appliances typically analyze network and application traffic flows and detects vulnerabilities by understanding known events like where the packet is supposed to go, where it is coming from, or what kind of device it was sent by.
However, IPS appliances are often location-sensitive and typically don’t extend into cloud and mobile traffic, which can often call for further inspection. Additionally, because IPS appliances are standalone, it can be hard to pair the traffic data with what is happening in the rest of the network.
With Cato’s IPS as a service, a packet hits the IPS in its SD-WAN cloud and is examined by the IPS in addition to the other security services it is paired with. “Because [our cloud] has converged security and networking and can see all of the information going across our backbone, we can bring in context from certain behaviors,” said Dave Greenfield, Cato Networks spokesperson. All of this context allows Cato to allow or block traffic based on the device, location, or user identity, which is important when securing a WAN, he said.