Cato Networks, a prominent Secure Access Service Edge (SASE) leader, has revealed the results of its first-ever Cato CTRL SASE Threat Report for the first quarter of 2024. According to the report, surveyed organizations are still utilizing insecure protocols across their Wide Area Networks (WAN), which makes it easier for cybercriminals to infiltrate and navigate through networks.
Prepared by Cato CTRL, the cyber threat intelligence (CTI) research team at Cato Networks, the Q1 2024 Cato CTRL SASE Threat Report offers a deep dive into security threats and their identifying network characteristics for all aggregate traffic, regardless of whether it originates or is directed towards the internet or the WAN, and for all endpoints including sites, remote users, and cloud resources.
In a statement, Etay Maor, Chief Security Strategist at Cato Networks and one of the founding members of Cato CTRL, highlighted the importance of a comprehensive view of enterprise threats amidst the constantly evolving landscape of cyber threats. Maor further mentioned, “Cato CTRL fills this gap by providing a detailed look at enterprise threats. As a global network, Cato has intricate data on every traffic flow originating from every endpoint communicating across the Cato SASE Cloud Platform, and we are thrilled to share our insights with the industry to usher in a more secure future.”
The Cato CTRL SASE Threat Report for Q1 2024 has compiled findings from traffic flows across Cato customers utilizing the Cato SASE Cloud Platform between January and March 2024. Cato CTRL assessed 1.26 trillion network flows and thwarted 21.45 billion attacks, revealing critical observations such as:
– Enterprises exhibit excessive trust within their networks, with a majority of them employing insecure protocols across their WAN. Notably, a significant portion of web application traffic comprises unsafe protocols like HTTP, telnet, and SMB v1 or v2 instead of the more secure SMBv3.
– An emphasis on the pervasiveness of lateral movement by threat actors, notably prevalent in industries such as agriculture, real estate, and travel and tourism.
Moreover, the report touches upon the increasing integration of Artificial Intelligence (AI) tools within enterprises during the initial months of 2024, with popular tools being Microsoft Copilot, OpenAI ChatGPT, and Emol. The adoption of these AI tools varied across industries, with the travel and tourism sector displaying the highest usage rate.
Interestingly, the report also sheds light on the prominence of known vulnerabilities over zero-day threats, citing examples like the seven-year-old CVE-2017-9841 exploit targeting the PHPUnit testing framework, which was prevalent in inbound vulnerabilities. Additionally, the enduring prevalence of the CVE-2021-44228 exploit related to Log4J was highlighted in outbound vulnerabilities, indicating the persistence of exploiting unpatched systems.
Furthermore, industry-specific cyber threats were outlined, demonstrating variations in threat profiles across different sectors like media and entertainment, telecommunication, and mining & metals. The report also delves into sector-specific techniques employed by threat actors, showcasing the distinct cybersecurity challenges faced by various industries.
For a detailed exploration of the findings in the Cato CTRL SASE Threat Report Q1 2024, interested readers can access the full report on the Cato Networks website.
Additionally, Cato Networks has extended an invitation to attendees of the RSA Conference 2024 to visit their booth #4401 at Moscone North Expo. The Cato CTRL team is hosting sessions at the conference, with discussions focused on security complexities and evasion techniques utilized by attackers.
In conclusion, the Cato CTRL SASE Threat Report Q1 2024 provides valuable insights into the evolving cybersecurity landscape and underscores the importance of adopting proactive security measures to combat the ever-growing threat landscape.