This week, Cato Networks announced the expansion of the Cato SASE Cloud platform into threat detection and incident response with Cato XDR, the world’s first SASE-based, extended detection and response (XDR) solution. Available immediately, Cato XDR utilises the functional and operational capabilities of the Cato SASE Cloud to overcome the protracted deployment times, limited data quality, and inadequate investigation and response experience too often associated with legacy XDR solutions.
Cato also introduced Cato EPP, the first SASE-managed endpoint protection platform. Together, Cato XDR and Cato EPP mark the first expansion beyond the original SASE scope pioneered by Cato in 2016 and defined by industry analysts in 2019. SASE’s security capabilities encompassed threat prevention and data protection in a common, easy-to-manage, and easy-to-adopt global platform. With today’s announcement, Cato is expanding SASE into threat detection, incident response, and endpoint protection without compromising on the architectural elegance captured by the original SASE definition.
“Cato SASE continues to be the antidote to security complexity,” says Shlomo Kramer, CEO and co-founder of Cato Networks. “Today, we extend our one-of-a-kind SASE platform beyond threat prevention and into threat detection and response. Only Cato and our simple, automated, and elegant platform can streamline security this way.”
An early adopter of Cato XDR is Redner’s Markets, an employee-owned supermarket chain headquartered in Reading, Pennsylvania, with 75 locations. Redner’s Markets’ vice president of IT and Infrastructure, Nick Hidalgo, said, “The Cato platform gave us better visibility, saved time on incident response, resolved application issues, and improved network performance ten-fold.” (Read more about Redner’s Markets and Cato in this blog).
“The convergence of XDR and EPP into SASE is not just another product; it’s a game-changer for the industry,” said Art Nichols, CTO of Windstream Enterprise, a Cato partner. “The innovative integration of these capabilities brings together advanced threat detection, response capabilities, and endpoint security within a unified, cloud-native architecture—revolutionising the way enterprises protect their networks and data against increasingly sophisticated cyber threats.” (Read more about what Cato partners are saying about today’s news in this blog.)
Platform vs. Product: The Difference Matters
Cato XDR takes full advantage of the enormous benefits of the Cato SASE Cloud platform, the first platform built from the ground up to enable enterprises to connect, secure, and manage sites, users, and cloud resources anywhere in the world.
Unlike disjointed point solutions and security appliances, Cato capabilities are instantly on, always available at scale, and fully converged, giving IT teams a single, shared context worldwide to understand their networks, prevent threats, and resolve problems. As an autonomous platform, Cato SASE Cloud sustains its evolution, resiliency, optimal performance, and security posture, saving enterprises the operational overhead of maintaining enterprise infrastructure. Enterprises simply subscribe to Cato to meet their business needs.
Cato’s cloud-native model revolutionised security and networking operations when it was introduced in 2016, a fact validated three years later in 2019 when the Cato approach was formally recognised by the industry as SASE.
Breach Times Still Too Long; Limitations of Legacy XDR
Cato is again revolutionising cybersecurity with the first SASE platform to expand into threat detection, empowering security teams to become smarter and remediate incidents faster.
The flood of security alerts triggered by network sensors, such as firewalls and IPS, complicates threat identification. In 2023, enterprises required 204 days on average to identify breaches.1 XDR tools help security analysts close this gap by ingesting, correlating, and contextualising threat intelligence information with the data from native and third-party sensors.
However, legacy XDR tools suffer from numerous problems relating to data quality. Sensor deployment extends the time-to-value as IT must not only install the sensors but also develop a baseline of specific organisational activity for accurate assessments. Data quality is also compromised when importing and normalising third-party sensor data, complicating threat identification and incident response.
Security analysts waste time sorting through incident stories to identify the ones most critical for immediate remediation. Once determined, incident remediation is often hampered by missing information, requiring analysts to master and switch between disparate tools. No wonder in 2023, average breach containment required more than two months.
Cato XDR and Cato EPP Expands the Meaning of SASE
Cato XDR addresses legacy XDR’s limitations. Instantly activated globally, Cato XDR provides enterprises with immediate insights into threats on their networks. Incident detection is accurate due to Cato’s many native sensors – NGFW, advanced threat prevention (IPS, NGAM, and DNS Security), SWG, CASB, DLP, ZTNA, RBI, and now EPP/EDR. Powered by Bitdefender’s world-leading malware prevention technology, Cato EPP protects endpoints from attack – in the Cato way. Endpoint threat and user data are stored in the same converged Cato data lake as the rest of the customer’s network data, simplifying cross-domain event correlation.
The result is incredibly high-quality data that improves the incident identification and remediation process. Cato AI uses the data to accurately identify and rank incidents, empowering analysts to focus critical resources on an organisation’s most important remediation cases. Cato AI is battle-tested and proven across years of threat hunting and remediation handling by Cato MDR service agents.
Remediation times reduce as detected incident stories contain the relevant information for in-depth investigation. Cato’s tools sit in the same console as the native engines, enabling security analysts to view everything in one place — the current security policy and the reviewed story.
The XDR dashboard provides a high-level overview of threats in the customer’s network.
Finally, incident reporting is simplified with generative AI. Purpose-built for investigations, this natural language engine provides human-readable explanations of incident stories. Analysts save time sharing incident information with other teams and reporting to their managers.
To learn more about Cato XDR and the Cato SASE platform, visit here.