Cato Networks Sets New Standards with Real-Time, Machine Learning-Backed Defense Solutions

By Greg Tavarez

Promptly detecting and exposing malicious domains and IPs is crucial in combatting cyber threats like phishing and ransomware. That said, the conventional method (which relies on domain reputation feeds for classifying and pinpointing malicious domains) has proven ineffective due to the emergence of domain generation algorithms. These algorithms allow attackers to swiftly create new domains that lack any established reputation.

Users also frequently fall prey to malicious domains that imitate reputable brands, and the absence of reputation associated with these domains renders them undependable for detection based solely on reputation feeds.

Cato, provider of a single-vendor SASE platform, is addressing both problems with the introduction of real-time, deep learning algorithms for threat prevention as part of Cato IPS.

These algorithms counteract access to domains registered by domain generation algorithms (DGAs) by detecting newly created domains that receive limited user visits and exhibit letter patterns commonly associated with DGAs. They thwart cybersquatting attempts by identifying domains with letter patterns resembling those of renowned brands. Cato's algorithms also counter brand impersonation by scrutinizing various webpage elements such as favicons, images, and text.

The results of real-time deep learning are there, too. Cato Research Labs routinely observes tens of millions of network connection attempts to DGA domains from across the enterprises using the Cato SASE Cloud. According to Cato, for example, of the 457,220 network connection attempts to DGA domains made in a sample period, only 66,675, or about 15%, were listed in the 250-plus threat intelligence feeds consumed by Cato. By contrast, Cato algorithms identified the rest, over 390,000 additional DGA domains, a nearly six-fold improvement.

So, what’s enabling these network security advancements by Cato?

Cato's technology leverages a cloud-native architecture. To ensure seamless user experiences, significant computational resources are required for real-time deep learning algorithms. Cato's SASE Cloud provides the necessary resources, enabling rapid inspection of flows, extraction of destination domains, assessment of domain risk and inference of results without causing disruptions.

Meanwhile, the training of deep learning models necessitates vast amounts of training data. Cato's SASE Cloud draws upon a colossal data lake, which is comprised of metadata from all flows passing through the system. This data is enriched by over 250 threat intelligence feeds. By analyzing patterns across all Cato customers, the deep learning algorithms gain valuable insights. Additionally, custom analyses derived from customers' traffic further enhance these insights, resulting in precise and algorithmic identification of suspicious domains.

"ML algorithms must be trained and re-trained on high-quality data to provide value. Cato's data lake provides an enormous advantage in that area,” said Elad Menahem, Senior Director of Security at Cato Networks. “Its convergence of rich networking data and security sources, coupled with its sheer scale, enables Cato to train algorithms in unique ways. Our current work is only the start of AI and ML innovation."

The deep learning algorithms are the latest AI and ML additions to the Cato SASE Cloud. Other additions included machine learning for offline analysis to solve problems at scale, client classification, automatic application identification and ChatGPT.




Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

The Next SOC Shift Is Here: Autonomous Identity Response for MSPs

By: Erik Linask    7/8/2026

Blackpoint Cyber's new AI SOC Agent for Identity Threat Detection and Response gives MSPs an autonomous, human-guided way to contain high-confidence c…

Read More

Identity Is the New Perimeter and MSPs Are on the Front Line

By: Erik Linask    7/8/2026

Barracuda's acquisition of Evo Security expands BarracudaONE with MSP-focused IAM and PAM capabilities, highlighting how identity resilience is becomi…

Read More

MSPs: The Network Is No Longer Someone Else's Problem

By: Erik Linask    6/30/2026

Reinvent's new MyCloud SecureLink offering gives MSPs and resellers a partner-ready way to deliver managed SD-WAN, network security, and resilient con…

Read More

Why the Fastest-Growing MSPs Are Saying "No" More Often

By: Special Guest    6/30/2026

The fastest-growing MSPs in the U.S. are boosting margins, reducing cyber risk, and scaling more sustainably by adopting stricter customer qualificati…

Read More

The AI ROI Problem Was Never About the Model; It's About Integration

By: Erik Linask    6/24/2026

Xurrent's new built-in iPaaS is designed to help AI agents move from recommendation to execution by connecting ITSM workflows directly to systems like…

Read More