Cyber Security

Eliminate the constraints and complexities of legacy physical and virtual firewalls, and make network security consistently available everywhere.

Firewall-as-a-Service (FWaaS


Firewall-as-a-Service (FWaaS) is a new and revolutionary way of delivering firewall and other network security capabilities as a cloud service.

Intrusion Prevention System (IPS)



Wi-Fi 7 is the latest and greatest in the world of wireless connectivity. It offers users faster, more reliable internet speeds and improved connectivity.

DNS Security



Our team uses decades of hands-on experience across specialized areas of expertise to solve even the toughest technology problems.

Firewall-as-a-Service (FWaaS)

Firewall-as-a-Service (FWaaS) is a new and revolutionary way of delivering firewall and other network security capabilities as a cloud service. It eliminates the constraints and complexities of legacy physical and virtual firewalls, and make network security consistently available everywhere.

Firewall-as-a-Service Capabilities


Uc Five inspects network traffic from all sources and to all destinations across the internet (north-south) and the WAN (east-west). This includes traffic over all ports and protocols, and is not limited to HTTP/S traffic only.

Uc Five  helps enterprises retire both branch and datacenter firewall appliances and replaces them with Uc Five  FWaaS. Firewall elimination is possible because Uc Five  can deliver all legacy firewall capabilities in a network (and not proxy) architecture, from the cloud, with multi-gig throughput.

Using Uc Five  FWaaS enterprises avoid configuration gaps, blind spots, and reduce the risk of data breaches

Full Traffic Inspection Without Blind Spots

UC Five Mesh Network security

Uc Five  FWaaS processes rules based on their order in the ruleset, stopping at first hit. To avoid flooding the ruleset with numerous rules, each rule can be set with specific exceptions. Uc Five  allows admins to group rules into sections for better readability and efficient review by 3rd party auditors.

Uc Five  offers a rich set of objects (user identity, organization unit, device, host, application, protocol, location, network, VLAN, and many more) that can be used in the rules, and the ability manage them in logical groups that can combine multiple object types.

Scalable Firewall Ruleset Management

UC Five Security life cycle

All rules and actions in the Uc Five  FWaaS can be set to record an event and store it on the Uc Five  SASE Cloud Platform for an agreed upon retention period.

Email notifications can be configured to alert on selected event that repeat during a defined period and at a defined urgency.

Event monitoring and analysis is available through dedicated dashboards and through the event monitoring interface which provides easy-to-use searching and filtering.

An audit trail records all admin activities for tracking, monitoring and auditing.

Full Logging and Monitoring for Detailed Analysis and Reporting

Uc Five  FWaaS is a cloud service that benefits from a cloud-native software architecture. Features and capabilities are not limited by the underlying hardware, and autonomous and elastic scaling and self-healing ensures high performance and service resiliency.

Uc Five allow admins to enable all features, including TLS inspection, and use any type and number of objects, groups and rules without worrying about performance or availability.

Uc Five’s cloud-native software architecture eliminates concerns of increased latency due to CPU load, packet drops, or device failure. Similarly, risk of mid-term appliance replacement due to insufficient compute power is avoided.

Unlimited Processing and Inspection Capacity for Every Need

Microsegmentation can be easily configured to restrict access to sensitive resources. Policies can be set based on groups, networks, VLANs and individual objects such as hosts and users to govern granular access that meets business requirements. For zero trust, Uc Five allows admin to set identity-to-identity, identity-to-app, and app-to-app access policies that factor in not only the identity of a user, but also their geo location, method of connectivity, security posture and more.

Microsegmentation, Access control and Zero Trust for Risk Reduction

Uc Five FWaaS includes built-in awareness to thousands of applications across all ports and protocols and the ability to define custom applications. A DPI engine identifies the application or service as early as the first packet and without having to decrypt the payload.

Uc Five allows policy configuration and enforcement that factors the identity of the users and the organization units they belong to. By synchronizing with the user directory, and using the identity agent in the Uc Five Client, a user identity is associated with every network flow.

DPI-based Application and User Awareness

The Strategic Benefits of a True SASE Platform

Uc Five

Consistent Policy
Enforcement


Uc Five extends all security capabilities globally to deliver consistent policy enforcement everywhere and to everyone, from the largest datacenters and down to a single user device.

Scalable and Resilient Protection


Uc Five  scales to inspect multi-gig traffic streams with full TLS decryption and across all security capabilities, and can automatically recover from service component failures to ensure continuous security protection.

Autonomous Life Cycle Management


Uc Five  ensures the SASE cloud platform maintains optimal security posture, 99.999% service availability, and low-latency security processing for all users and locations without any customer involvement.

Single Pane of Glass


Uc Five  provides a single pane of glass to consistently manage all security and networking capabilities including configuration, analytics, troubleshooting, and incident detection and response.

Intrusion Prevention System (IPS)

IPS provides organizations with real-time protection against advanced threats and attacks that utilize known and unknown exploits. IPS protection applies to all traffic including Internet, WAN, and Cloud, preventing ransomware delivery and propagation and data theft.

IPS Capabilities


Attackers often use techniques like Domain Squatting and Domain Generation Algorithms (DGAs) to evade reputation-based prevention tools. Cato’s IPS integrates complex AI/ML models in its real-time inspection engine to detect Domain Squatting and DGAs. Threats are identified using deep learning models and correlation of data points such as domain popularity, age, letter patterns and more. Brand impersonation is detected through analysis of webpage components such as favicon, images, and text.

Moving tools that were previously available only in post-mortem analysis into real-time prevention dramatically improves prevention efficacy and the enterprise security posture.

Phishing & Malware Protection with Real-Time AI/ML

A successful ransomware attack requires delivery of the ransomware, command and control (C&C) communication with the attacker, and propagation across the network for maximal impact.

Cato IPS has full visibility to both Internet and WAN traffic. It prevents malware delivery and C&C communication by blocking malicious files download, and access to domains and IP addresses associated with ransomware and malicious activity. Propagation across the WAN is prevented by detection and blocking of lateral movement patterns and indicators.

The comprehensive visibility of Cato IPS provides not just a reduction in ransomware exposure, but also minimizes the potential impact of a ransomware attack.

Prevention of Ransomware Delivery, C&C and Propagation

Enterprises often struggle with the process, resources and time it takes to protect their networks from emerging CVEs. Cato IPS provides virtual patching to rapidly secure our customers’ networks when mitigation time is critical. Cato dedicated team of experts build, test and deploy new IPS rules in record time to quickly adapt to new CVEs without requiring any customer involvement. This “virtual patching” provides enterprises with the assurance that they are protected from high-risk emerging threats while they are updating and patching their impacted systems.

Rapid and Seamless Mitigation of Emerging Threats

Leveraging the power of cloud-native architecture, Cato delivers an elastic and scalable IPS, allowing organizations to inspect all traffic, including TLS-encrypted traffic. Massive cloud compute resources eliminate the need to fine-tune signature sets or limit traffic sent to the IPS. All locations and users, including cloud infrastructure, branch locations, and remote users are protected with Cato’s IPS, eliminating the need to scale and upgrade FW/IPS appliances. With Cato, organizations no longer end up with an IPS that is only inspecting some traffic or use a limited set of signatures due to resource constraints.

Cloud-scale Traffic Inspection

One of the simplest methods of reducing your organization’s attack surface is to block countries that your organization has no business need to interact with. Cato’s IPS allows you to quickly block traffic of specific geographies (inbound, outbound, or both) with a single global policy that applies to all users and locations.

Geo-Fencing for Attack Surface Reduction

Cato IPS uses heuristics to identify threats and attacks in real time. Heuristics are comprised of a set of conditions examined against real network traffic.

A part of Cato’s Single Pass Cloud Engine (SPACE), Cato IPS has visibility to data standalone IPS solutions cant consider including URL classification, app id, target risk score, target popularity, device fingerprint, user authentication, and more.

With a purpose-built heuristics language that is designed to leverage true SASE convergence, enterprises benefit from a robust prevention of threats in real-time.

Purpose-built Heuristics Language Leverages SASE Convergence

Up-to-date threat intelligence is key to IPS efficacy against malware, phishing, and command and control (C&C) sites, and reduced friction caused by false positives. Cato IPS uses a purpose-built AI-based reputation system that autonomously aggregates and scores information from 250+ threat intelligence feeds. The system continuously maps and clears overlaps between feeds, measures threat records quality and relevancy, and simulates potential impact on real traffic. An updated and aggregated blacklist is automatically published to all Cato PoPs, ensuring up-to-date protection with near zero false positives and no customer involvement.

Automated AI-Managed Threat Intelligence

The Strategic Benefits of a True SASE Platform

Architected from the ground up as a true cloud-native SASE platform, all Cato's security capabilities, today and in the future, leverage the global distribution, massive scalability, advanced resiliency, autonomous life cycle management, and consistent management model of the Cato platform.

Consistent Policy
Enforcement


Uc Five extends all security capabilities globally to deliver consistent policy enforcement everywhere and to everyone, from the largest datacenters and down to a single user device.

Scalable and Resilient Protection


Uc Five  scales to inspect multi-gig traffic streams with full TLS decryption and across all security capabilities, and can automatically recover from service component failures to ensure continuous security protection.

Autonomous Life Cycle Management


Uc Five  ensures the SASE cloud platform maintains optimal security posture, 99.999% service availability, and low-latency security processing for all users and locations without any customer involvement.

Single Pane of Glass


Uc Five  provides a single pane of glass to consistently manage all security and networking capabilities including configuration, analytics, troubleshooting, and incident detection and response.

DNS Security

Cato’s DNS Security inspects all DNS traffic, preventing malicious DNS activity hiding within the protocol’s traffic, and blocking DNS requests to malicious destinations before a connection is made.

DNS Security Capabilities


Phishing is one of the top attack vectors that every CISO is concerned about.


Ongoing training of AI and ML algorithms on Cato’s massive global data lake enables Cato DNS Security to provide in-line identification of domain squatting and other website impersonation attempts. This is achieved through real-time analysis of webpage components, domain age, popularity, and patterns associated with toolkits used in phishing sites. This Inline detection of phishing attacks helps prevent credential harvesting, malware delivery, and sensitive data loss.

AI-based DNS Inspection Deliver Superior In-line Phishing Protection

The number of malicious sites that host command and control (C&C) servers to remotely manage malware is huge. Attackers continuously move their C&C servers between sites to avoid detection and blacklisting. Cato DNS Security uses Cato’s timely and continuously optimized threat intelligence system to identify malicious domains and C&C sites and block traffic to and from them in real time. Using Cato DNS Security, enterprises dramatically reduce exposure to millions of web-based attacks with near-zero false positives.

Block Malicious Domains and C&C Sites Before Connection

DNS tunneling attacks leverages the need to allow DNS traffic to pass through security controls, as a method for data exfiltration and C&C access. Cato’s DNS Security analyzes DNS request properties such as packet size, record type, and the ratio of unique subdomains to identify anomalies and indicators of DNS tunneling attacks. Cato’s AI/ML algorithms are continuously trained to identify DNS Tunneling, enabling protection that is not dependent on specific knowledge of the threat actor or domain name.

Stop Data Loss and Malicious Activity over DNS Tunneling

Crypto miners use compromised corporate endpoints for financial gain leading to system instability, poor user experience, and increased costs for the organization. Cato leverages dedicated rules and heuristics to identify domains that are used for crypto-mining operations, blocking any DNS requests to these destinations. With Cato, enterprises protect users’ productivity and security from impact by unauthorized use.

Prevent Resource Leaching from Crypto Miners

Malicious domains are quickly identified and categorized, leading to category-based blocking by most security engines. Threat actors register new domains to bypass category-based security controls. Cato’s DNS Security identifies and blocks access to domains that are less than 14 days old in real-time. Since most newly registered domains are malicious or suspicious, blocking them reduces the attack surface and improves security posture with minimal user impact.

Reduced Risk by Blocking Newly-registered Domains

All threat activity is logged in Cato’s global data lake, providing administrators with instant access to the threat information they need via a single console. DNS security events are visible in the security threats dashboard with filtering and drill down capability into all events related to DNS protection. Security teams can quickly understand and evaluate DNS threats to their organization without aggregating multiple data sources or navigating between multiple consoles.

Full Visibility into DNS Security Threats and Events

The Strategic Benefits of a True SASE Platform

Architected from the ground up as a true cloud-native SASE platform, all Cato's security capabilities, today and in the future, leverage the global distribution, massive scalability, advanced resiliency, autonomous life cycle management, and consistent management model of the Cato platform.

Consistent Policy
Enforcement


Uc Five extends all security capabilities globally to deliver consistent policy enforcement everywhere and to everyone, from the largest datacenters and down to a single user device.

Scalable and Resilient Protection


Uc Five  scales to inspect multi-gig traffic streams with full TLS decryption and across all security capabilities, and can automatically recover from service component failures to ensure continuous security protection.

Autonomous Life Cycle Management


Uc Five  ensures the SASE cloud platform maintains optimal security posture, 99.999% service availability, and low-latency security processing for all users and locations without any customer involvement.

Single Pane of Glass


Uc Five  provides a single pane of glass to consistently manage all security and networking capabilities including configuration, analytics, troubleshooting, and incident detection and response.

Share by: