Cato Networks Sets New Standards with Real-Time, Machine Learning-Backed Defense Solutions

Cato Networks Sets New Standards with Real-Time, Machine Learning-Backed Defense Solutions

By Greg Tavarez

Promptly detecting and exposing malicious domains and IPs is crucial in combatting cyber threats like phishing and ransomware. That said, the conventional method (which relies on domain reputation feeds for classifying and pinpointing malicious domains) has proven ineffective due to the emergence of domain generation algorithms. These algorithms allow attackers to swiftly create new domains that lack any established reputation.

Users also frequently fall prey to malicious domains that imitate reputable brands, and the absence of reputation associated with these domains renders them undependable for detection based solely on reputation feeds.

Cato, provider of a single-vendor SASE platform, is addressing both problems with the introduction of real-time, deep learning algorithms for threat prevention as part of Cato IPS.

These algorithms counteract access to domains registered by domain generation algorithms (DGAs) by detecting newly created domains that receive limited user visits and exhibit letter patterns commonly associated with DGAs. They thwart cybersquatting attempts by identifying domains with letter patterns resembling those of renowned brands. Cato's algorithms also counter brand impersonation by scrutinizing various webpage elements such as favicons, images, and text.

The results of real-time deep learning are there, too. Cato Research Labs routinely observes tens of millions of network connection attempts to DGA domains from across the enterprises using the Cato SASE Cloud. According to Cato, for example, of the 457,220 network connection attempts to DGA domains made in a sample period, only 66,675, or about 15%, were listed in the 250-plus threat intelligence feeds consumed by Cato. By contrast, Cato algorithms identified the rest, over 390,000 additional DGA domains, a nearly six-fold improvement.

So, what’s enabling these network security advancements by Cato?

Cato's technology leverages a cloud-native architecture. To ensure seamless user experiences, significant computational resources are required for real-time deep learning algorithms. Cato's SASE Cloud provides the necessary resources, enabling rapid inspection of flows, extraction of destination domains, assessment of domain risk and inference of results without causing disruptions.

Meanwhile, the training of deep learning models necessitates vast amounts of training data. Cato's SASE Cloud draws upon a colossal data lake, which is comprised of metadata from all flows passing through the system. This data is enriched by over 250 threat intelligence feeds. By analyzing patterns across all Cato customers, the deep learning algorithms gain valuable insights. Additionally, custom analyses derived from customers' traffic further enhance these insights, resulting in precise and algorithmic identification of suspicious domains.

"ML algorithms must be trained and re-trained on high-quality data to provide value. Cato's data lake provides an enormous advantage in that area,” said Elad Menahem, Senior Director of Security at Cato Networks. “Its convergence of rich networking data and security sources, coupled with its sheer scale, enables Cato to train algorithms in unique ways. Our current work is only the start of AI and ML innovation."

The deep learning algorithms are the latest AI and ML additions to the Cato SASE Cloud. Other additions included machine learning for offline analysis to solve problems at scale, client classification, automatic application identification and ChatGPT.




Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

ICYMI: What's Happening in the MSP Industry?

By: Greg Tavarez    7/19/2024

Here are a few articles compiled into one for readers interested in developments around the MSP space.

Read More

Global Microsoft Outage Linked to CrowdStrike: What Happened, and What's Next

By: Alex Passett    7/19/2024

A massive global Microsoft outage has reportedly stemmed from a misconfigured update from cybersecurity company CrowdStrike.

Read More

MSPs: When is it Time to Evolve Your Brand, Positioning, and Marketing?

By: Contributing Writer    7/18/2024

From the rise of AI to the increase in cyber attacks and the shift to hybrid offices, dynamic forces are driving stronger demand for managed services.…

Read More

Assuring Top-Notch Cybersecurity: Assura and Stellar Cyber Announce New Partnership

By: Alex Passett    7/18/2024

Assura, Inc. and Stellar Cyber have announced a strategic partnership aimed at bolstering both offensive and defensive cybersecurity capabilities for …

Read More

Unveiling Seismic LLC's Unique Value Proposition: An Interview with Richard Cabelo

By: Rich Tehrani    7/18/2024

Seismic is distinctively purpose-built to empower MSPs, VARs, integrators, OEMs, and distributors with the resources and agility needed to achieve bes…

Read More