Cato Networks Sets New Standards with Real-Time, Machine Learning-Backed Defense Solutions

Cato Networks Sets New Standards with Real-Time, Machine Learning-Backed Defense Solutions

By Greg Tavarez

Promptly detecting and exposing malicious domains and IPs is crucial in combatting cyber threats like phishing and ransomware. That said, the conventional method (which relies on domain reputation feeds for classifying and pinpointing malicious domains) has proven ineffective due to the emergence of domain generation algorithms. These algorithms allow attackers to swiftly create new domains that lack any established reputation.

Users also frequently fall prey to malicious domains that imitate reputable brands, and the absence of reputation associated with these domains renders them undependable for detection based solely on reputation feeds.

Cato, provider of a single-vendor SASE platform, is addressing both problems with the introduction of real-time, deep learning algorithms for threat prevention as part of Cato IPS.

These algorithms counteract access to domains registered by domain generation algorithms (DGAs) by detecting newly created domains that receive limited user visits and exhibit letter patterns commonly associated with DGAs. They thwart cybersquatting attempts by identifying domains with letter patterns resembling those of renowned brands. Cato's algorithms also counter brand impersonation by scrutinizing various webpage elements such as favicons, images, and text.

The results of real-time deep learning are there, too. Cato Research Labs routinely observes tens of millions of network connection attempts to DGA domains from across the enterprises using the Cato SASE Cloud. According to Cato, for example, of the 457,220 network connection attempts to DGA domains made in a sample period, only 66,675, or about 15%, were listed in the 250-plus threat intelligence feeds consumed by Cato. By contrast, Cato algorithms identified the rest, over 390,000 additional DGA domains, a nearly six-fold improvement.

So, what’s enabling these network security advancements by Cato?

Cato's technology leverages a cloud-native architecture. To ensure seamless user experiences, significant computational resources are required for real-time deep learning algorithms. Cato's SASE Cloud provides the necessary resources, enabling rapid inspection of flows, extraction of destination domains, assessment of domain risk and inference of results without causing disruptions.

Meanwhile, the training of deep learning models necessitates vast amounts of training data. Cato's SASE Cloud draws upon a colossal data lake, which is comprised of metadata from all flows passing through the system. This data is enriched by over 250 threat intelligence feeds. By analyzing patterns across all Cato customers, the deep learning algorithms gain valuable insights. Additionally, custom analyses derived from customers' traffic further enhance these insights, resulting in precise and algorithmic identification of suspicious domains.

"ML algorithms must be trained and re-trained on high-quality data to provide value. Cato's data lake provides an enormous advantage in that area,” said Elad Menahem, Senior Director of Security at Cato Networks. “Its convergence of rich networking data and security sources, coupled with its sheer scale, enables Cato to train algorithms in unique ways. Our current work is only the start of AI and ML innovation."

The deep learning algorithms are the latest AI and ML additions to the Cato SASE Cloud. Other additions included machine learning for offline analysis to solve problems at scale, client classification, automatic application identification and ChatGPT.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

LogMeIn Rescue, to the Rescue: Forrester Studies GoTo's Support Capabilities

By: Alex Passett    9/22/2023

Over a period of three years, a Forrester Total Economic Impact (TEI) study examined the business and financial benefits of LogMeIn Rescue, a flagship…

Read More

Canadian Managed IT Services Gear Up for Cybersecurity Awareness Month

By: Contributing Writer    9/22/2023

October, prominently known as Cybersecurity Awareness Month, is an annual observance and an intensified rally for Canada's premier IT service provider…

Read More

ITEXPO Exhibitor RingLogix Looks to TeamMate to Open New Possibilities for MSPs

By: Greg Tavarez    9/21/2023

The RingLogix and TeamMate collaboration enables MSPs to get the most out of Microsoft Teams as a collaboration solution.

Read More

Acronis Introduces Advanced Automation for MSPs

By: Stefania Viscusi    9/21/2023

Acronis Advanced Automation addresses a common challenge faced by MSPs, the increasing complexities businesses face with so many different initiatives…

Read More

Comprehensive Cybersecurity Solutions: Rackspace Taps Palo Alto Networks

By: Alex Passett    9/20/2023

Strengthening organizations' abilities to stay ahead of progressively evolving cyber threats and attackers is key. That's why Rackspace Technology has…

Read More