Cato Networks, a leading provider of the world’s single-vendor Secure Access Service Edge (SASE) platform, announced the introduction of real-time, deep learning algorithms for threat prevention as part of Cato IPS. These algorithms make use of Cato’s cloud-native platform and vast data lake to accurately identify malicious domains commonly used in phishing and ransomware attacks. In testing, the deep learning algorithms demonstrated the ability to identify almost six times more malicious domains compared to reputation feeds alone.
During a presentation at the AWS Summit in Tel Aviv, Cato’s Security Research Manager, Avidan Avraham, and Cato Data Scientist Asaf Fried highlighted the use of machine learning in detecting Command and Control (C2) communications. Real-time identification of malicious domains and IP addresses is crucial in combatting phishing, ransomware, and other cyber threats. However, the traditional approach of relying solely on domain reputation feeds has proven to be highly inaccurate, as attackers can quickly generate new domains that lack reputation.
Cato’s real-time, deep learning algorithms address this challenge by preventing access to domain generation algorithm (DGA)-registered domains. These algorithms identify new domains that are infrequently visited by users and exhibit letter patterns common to DGAs. They also detect cybersquatting by hunting for domains with letter patterns similar to well-known brands. Additionally, the algorithms combat brand impersonation by examining various elements of webpages, such as the favicon, images, and text.
The effectiveness of these advanced network security measures is made possible by the cloud-native architecture of Cato’s technology. Real-time deep learning algorithms require substantial compute resources to prevent disruptions to the user experience, which the Cato SASE Cloud provides. In a matter of milliseconds, Cato examines network flows, extracts the destination domain, assesses its risk, and infers the necessary actions without causing disruptions.
Deep learning models require extensive training data, and Cato leverages its massive data lake, consisting of metadata from every flow passing through Cato’s network, to provide this resource. Furthermore, the data lake is enriched by integrating over 250 threat intelligence feeds. Analyzing patterns across all Cato customers, the deep learning algorithms gain valuable insights that enable precise identification of suspicious domains.
The significance of Cato’s real-time deep learning algorithms is evident in the substantial improvement they offer in threat detection. Cato Research Labs, which monitors network connection attempts to DGA domains across over 1,700 enterprises using the Cato SASE Cloud, observed that traditional threat intelligence feeds accounted for only 15% of such attempts. In contrast, Cato’s algorithms identified over 390,000 additional DGA domains, representing a nearly six-fold improvement.
It’s important to note that Cato’s real-time, deep learning algorithms are just one aspect of the company’s multi-tiered security protection. The Cato SASE Cloud combines various security capabilities, including Secure Web Gateway (SWG), Next-Generation Firewall (NGFW), Intrusion Prevention System (IPS), Next-Generation Anti-Malware (NGAM), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Remote Browser Isolation (RBI), and Zero Trust Network Access (ZTNA). This holistic approach ensures comprehensive protection against cyberattacks, intercepting and neutralizing threats at multiple stages, as aligned with MITRE’s ATT&CK Framework.
While the real-time, deep learning algorithms represent the latest advancements in artificial intelligence and machine learning within the Cato SASE Cloud, Cato has been utilizing machine learning techniques for offline analysis at scale for some time. These techniques have been used for various purposes, such as OS detection, client classification, automatic application identification, and generating threat descriptions for Cato’s threat catalog.
To learn more about Cato and its comprehensive security capabilities, visit https://www.catonetworks.com/security-service-edge/. Cato’s commitment to leveraging advanced technologies like deep learning underscores its dedication to providing robust and effective solutions for threat prevention and network security.