Cato Networks, a Tel-Aviv based network security company, announced on Tuesday that it was going to be adding network-based capabilities to their Cato SASE cloud product.
The Cato SASE Cloud (secure access service edge) was born out of the explosion of remote users and Software as a Service (SaaS) applications. From this came a need for better network-based security.
SASE combines wide-area networking (WAN) with network security services and, in a world first, Cato turned them into a single cloud-based security system.
Using intuitive algorithms and deep network insight, Cato SASE cloud detects and prevents the spread of ransomware across the enterprise without having to deploy endpoint agents.
“Ransomware protection has become job one for every CISO and CIO, but too often enterprise defense strategies remain vulnerable whether by threat actors bypassing endpoint defenses or by manipulating insiders to spread ransomware,” says Etay Maor, senior director of security strategy at Cato Networks.
“By identifying ransomware by its underlying network characteristics, security teams can protect the enterprise regardless of the threat vector.”
Cato researchers adapted their algorithms through rigorous training of their product, testing their work against Cato’s massive data warehouse, a data lake of end-to-end attributes for all traffic flows processed by the Cato SASE Cloud.
Now, the Cato SASE cloud can inspect all server message block (SMB), the protocol Microsoft uses to share files and folders, for ransomware.
Once trained, the algorithms monitor traffic flows that contain file properties, shared volume access data, network behavior, and time intervals for malware. Once the malware is detected, it is cordoned off from other machines and the customer is notified.