native cloud SASE (Secure Access Service Edge) Cato Networks offers a new network-based ransomware protection feature on Cato SASE Cloud. The Cato cloud will use new machine learning heuristic algorithms, combined with network information from the platform, to detect and prevent the spread of ransomware in an enterprise without having to deploy endpoint agents.
By identifying ransomware through its underlying network characteristics, security teams can protect against sophisticated threat actors who have learned to bypass endpoint defenses, said Etay Maor, senior director of security strategy at Cato Networks. , in a company announcement.
SASE is a relatively new concept in network and cloud security. It was first defined in 2019 by the consulting firm Gartner as the combination of traditional WAN management with key security functions, including cloud access security brokers (CASB), Secure Web Gateways (SWG), Virtual Private Networks (VPN), Firewall as a Service (FWaaS), and Data Loss Prevention (DLP) – to be built and delivered as a cloud service single native to a dispersed SASE point of presence (PoP).
Bring ransomware protection to the network
Inasmuch as SD-WAN provider, Cato provides a network that connects sites, cloud resources, and mobile users to each other and to the Internet, and thus has visibility into site-to-site and Internet traffic.
The core principle used in the new network-based ransomware protection capability includes inspecting all server message block (SMB) streams with Cato’s algorithms for ransomware activity. SMB is a network file sharing protocol used in Windows, allowing applications to read or write to files and also to request services from a server program in a network.
Trained on the Cato data lake of end-to-end attributes for all historical Cato Cloud traffic flows, including from connected devices, sites, users, IoT devices, and other cloud-connected resources , the algorithms inspect live SMB traffic streams for a combination of network attributes. Attributes inspected include file properties, shared volume access data, network behavior, and encryption time intervals.
Upon detection of ransomware, Cato technology is designed to automatically block SMB traffic from the source device, preventing any file encryption or lateral movement and notifying the client.
According to a company press release, the announcement is part of Cato’s multi-layered ransomware mitigation strategy, designed to address common ransomware tactics, techniques, and procedures (TTPs) highlighted in the MITER ATT&CK framework.
To that end, Cato Networks recently introduced new risk-based application access control to combat the security threats and productivity challenges posed by remote working and BYOD (bring your own device) policies.
The company has also partnered with Windstream Enterprise, a managed communications company, to launch a comprehensive, managed SASE solution.
Copyright © 2022 IDG Communications, Inc.