Cato Networks, a leading provider of the world’s top single-vendor Secure Access Service Edge (SASE) platform, has announced the introduction of real-time, deep learning algorithms for threat prevention as part of Cato IPS. These cutting-edge algorithms utilize Cato’s cloud-native platform and extensive data lake to accurately identify malicious domains commonly used in phishing and ransomware attacks. In testing, the deep learning algorithms detected nearly six times more malicious domains than reputation feeds alone.
Presenting at the AWS Summit in Tel Aviv, Cato’s Security Research Manager, Avidan Avraham, and Cato Data Scientist, Asaf Fried, showcased the use of machine learning in detecting command-and-control (C2) communications. With real-time identification of malicious domains and IPs being crucial in combating cyber threats such as phishing and ransomware attacks, Cato’s advanced algorithms provide a solution to the challenges posed by traditional approaches.
The traditional method of relying solely on domain reputation feeds to classify and identify malicious domains has proven to be highly inaccurate due to the ability of attackers to generate new domains quickly through domain generation algorithms (DGAs). These newly generated domains lack reputation, making detection by reputation feeds alone unreliable. Furthermore, attackers often deceive users by creating malicious domains that imitate well-known brands, which again lack reputation and are difficult to identify using traditional means.
Cato’s real-time, deep learning algorithms effectively address both issues. By analyzing user behavior and identifying new domains that are infrequently visited, the algorithms prevent access to DGA-registered domains. Additionally, the algorithms hunt for domains with letter patterns resembling well-known brands, thwarting cybersquatting attempts. They also examine elements of webpages, such as the favicon, images, and text, to stop brand impersonation.
These significant advances in network security are made possible by Cato’s cloud-native architecture. Real-time deep learning algorithms require substantial compute resources to avoid disrupting user experience, which are provided by the Cato SASE Cloud. In milliseconds, Cato inspects data flows, extracts destination domains, assesses their risk, and infers necessary results, all without disrupting user experience.
Deep learning models rely on extensive training data, which is precisely what Cato’s vast data lake offers. Leveraging metadata from every flow passing through Cato, combined with insights from over 250 threat intelligence feeds, the deep learning algorithms benefit from analyzing patterns across all Cato customers. This analysis is further refined by custom analyses derived from specific customer traffic, resulting in the precise identification of suspicious domains.
Cato Research Labs consistently observes millions of network connection attempts to DGA domains across the 1700+ enterprises using the Cato SASE Cloud. In a recent sample period, out of 457,220 network connection attempts to DGA domains, only 66,675 (15 percent) were listed in the 250+ threat intelligence feeds. In contrast, Cato’s algorithms identified over 390,000 additional DGA domains, an improvement of nearly six times.
It is important to note that Cato’s real-time, deep learning algorithms are just one aspect of its multifaceted security protection system. The Cato SASE Cloud offers a comprehensive range of security services, including Secure Web Gateway (SWG), Next-Generation Firewall (NGFW), Intrusion Prevention System (IPS), Next-Generation Anti-Malware (NGAM), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Remote Browser Isolation (RBI), and Zero Trust Network Access (ZTNA). This combination provides various tiers of protection against cyberattacks, disrupting them at multiple points, in alignment with MITRE’s ATT&CK Framework.
While the deep learning algorithms represent the latest advancements in AI and ML within Cato’s SASE Cloud, the organization has long been utilizing machine learning for offline analysis to solve scalability issues in processes such as OS detection, client classification, and automatic application identification. Additionally, ChatGPT is employed in various capacities, including automatically generating threat descriptions for Cato’s threat catalog.
Elad Menahem, senior director of security at Cato Networks, emphasized the essential role of ML and AI in defending against constantly evolving cyberattacks. Menahem highlighted the importance of training ML algorithms on high-quality data, citing Cato’s data lake as a significant advantage. Asaf Fried, Data Scientist at Cato Networks, further emphasized the need for continuous training and update of real-time ML models to effectively combat evasive attacks, stating that on-premises appliance-based solutions lack the ability to offer such capabilities, making them more vulnerable targets for enterprises relying on them for network security.
Cato Networks positions itself as the provider of the most robust single-vendor SASE platform globally, combining Cato SD-WAN with its cloud-native security service edge, Cato SSE 360, into a unified cloud service. The Cato SASE Cloud optimizes and secures application access for all users and locations, enabling customers to replace outdated and inflexible MPLS networks with SD-WAN, secure and optimize a hybrid workforce operating from any location, and seamlessly migrate to the cloud. With granular access policies, protection against threats, and prevention of data loss, all efficiently managed from a single user interface, Cato aims to empower businesses to stay prepared for future challenges.
For further information on Cato and its security capabilities, please visit https://www.catonetworks.com/security-service-edge/.