Cato Networks enhanced its cloud-based SD-WAN with a threat hunting system that eliminates enterprises’ need to deploy data collection infrastructure and analyze raw data from the network. The new system is built into the SD-WAN platform, also called Cato Cloud, and has access to the real-time traffic on the network.
Typically, threat detection systems use an army of sensors to intercept traffic in branches, data centers, and the cloud. The sensors collect raw data that require analysis in order to identify threats to the network. The problem with this, according to Cato, is that enterprises have to deploy sensors, which can’t always be placed on edge devices. In addition, logs don’t have full network context to identify threats, and often enterprises lack the skills and/or resources to analyze the data.
Cato’s Threat Hunting System negates the need of enterprises to deploy the extra infrastructure, instead leveraging the visibility already employed by Cato Cloud, calling this particular function zero-footprint data aggregation. It can then identify unknown clients on the network as it views all WAN and internet traffic. Cato Cloud’s visibility is enabled by its network of Points of Presence, which connect a customer’s locations, cloud data centers, applications, and mobile users.
In addition, Cato’s system leverages machine learning algorithms and aggregates the data of the entire network, including across multiple enterprise networks, to creates events, or suspicious occurrences. The company has a Security Operations Center which validates these events and gives enterprises notice of where the threats are in the network.
This is not the only security offering built into Cato’s SD-WAN platform. In addition to the the new threat hunting feature, the platform has a next-generation firewall, a secure web gateway, an intrusion prevention system, cloud and mobile access protection, and collects network forensic data.