Cato Networks has developed a suite of multidimensional machine learning algorithms and procedures that continuously analyze customer traffic for the network characteristics that indicate threats. For those who want extra technical background, here are 5 advantages of CTHS to detect cyber threats in a smart way.
5 benefits of
the Cato Threat Hunting System (CTHS)
Benefit 1: Full visibility
No sensors. Cato sees all WAN and Internet traffic normally segmented by network firewalls and Network Address Translation (NAT). CTHS has full access to real-time network traffic for any IP, session, and flow initiated from any endpoint to any WAN or Internet resource.
Optional SSL decryption further expands the data available for threat mining. CTHS uses its deep visibility to determine which client application is communicating on the network and to identify unknown clients.
The raw data required for this analysis is often not available to security analysis platforms (such as SIEMs) and cannot be correlated for real-time systems, such as legacy IPS.
Benefit 2: Deep Threat Mining
Data aggregation and machine learning algorithms mine the entire network context over time and across multiple enterprise networks. Threat mining identifies suspicious applications and domains using a unique “popularity” indicator that is modeled on access patterns observed throughout the customer base. Combining client and target contexts yields a minimal number of suspicious events for investigation.
Benefit 3: Human Threat Verification
Cato’s world-class Security Operations Center (SOC) validates the events generated by CTHS to ensure customers receive accurate notifications of live threats and affected devices. CTHS output is also used to strengthen Cato’s prevention layers to detect and stop malicious activity on the network.
Benefit 4: Rapid Threat Containment
For any endpoint, specific corporate network, or Cato’s entire customer base, the SOC can implement policies in minutes to include every exposed endpoint, whether fixed or mobile. CTHS creates a deep threat-hunting foundation that powers all Cato security services without requiring customers to deploy data collection infrastructure or analyze mountains of raw data. At the same time, CTHS adheres to privacy regulatory frameworks such as the GDPR. With CTHS and Cato Cloud, enterprises of all sizes continue their journey to streamline and simplify network and security.
Benefit 5: Cato MDR 2.0 gets an automated 70-point checklist
In addition to faster time-to-value, Cato has also introduced automatic security assessment into the MDR service. Customers immediately learn how their network security compares to controls and best practices implemented by enterprises worldwide. Items inspected include proper network segmentation, firewall rules, and security controls, such as IPS and anti-malware. The 70-point checklist is derived from the practices of the “best” companies in Cato and avoids the biggest mistakes of the worst companies.