Cato Networks just announced a new set of capabilities to further bolster its advanced security services. Cato Research Labs has developed the Cato Threat Hunting System (CTHS) in order to reduce the time needed to detect threats across enterprise networks. CTHS is a set of algorithms and procedures that Cato Networks says is “not only incredibly accurate but also requires no additional infrastructure on a customer’s network”.
Malware infections are a continuous source of worry for most enterprises, even those who have invested heavily in perimeter security. According to a recent Gartner report, 1 in 95 emails received by most midsized enterprises (MSEs) are attempts to deceive employees into installing malware. Gartner says, “80% of breaches go undetected. The median attack dwell time from compromise to discovery is 101 days”.
CTHS looks set to be a game changer for the security ecosystem. It requires no extra hardware and is a natural extension of Cato’s existing security services. It leverages Cato Cloud, which acts as the virtual cloud network for hundreds of enterprises connecting and securing mobile users and branch locations, in addition to physical and cloud datacenters.
Through leveraging Cato Cloud, the Cato Threat Hunting System is able to address the challenges of deployment, quality of data collection and limited context that reduces the capabilities of many threat hunting systems.
Significantly, Cato Cloud has existing visibility into all site-to-site and Internet traffic. Therefore, CTHS is not required to collect new data or invest in potentially costly new infrastructure, but instead can draw on the existing rich dataset that Cato Cloud provides.
Furthermore, rather than working with logs (which frequently lack the full network context) Cato offers CTHS the potential of working with real-time network traffic data. This provides CTHS with the full context for every IP address, session and flow initiated from any endpoint to any WAN or Internet resource, creating the “rich traffic context and unobscured network and endpoint visibility to accurately pinpoint threats and dramatically reduce dwell time”.
“As an industry, our ability to detect threats has been significantly hampered by the complexity of collecting granular, relevant data over time and applying the right analytics and people to interpret that data,” says Gur Shatz, co-founder and CTO of Cato Networks. “Virtual cloud networks, such as Cato Cloud, enable effortless access to such data, empowering our proprietary software and world-class SOC to hunt for threats on customer networks.”
CTHS also benefits from Cato’s Security Operations Center (SOC), meaning that human verification validates the events its generates before notifying customers of live threats and potentially affected devices. The SOC is able to rapidly deploy policies to protect any endpoint, whether fixed or mobile.
“The network, threat and application data available through the Cato Cloud is an analyst goldmine”, says Elad Menahem, head of security research at Cato Networks, “Using CTHS and its machine learning algorithms trained with data from hundreds of enterprise networks, we’ve been able to focus on the few security events that matter and identify malware infections in minutes.“