“Legacy XDR tools require the deployment of sensors, extending the time-to-value as IT must install the sensors and then baseline specific organizational activity for accurate assessments,” said Cato in a press release. “Data quality is also compromised when importing and normalizing third-party sensor data, complicating threat identification and incident response.”
Relying on tools pooling data from disparate sensors leads to inefficient sorting of incident stories and poor identification for critical remediation. “Once determined, incident remediation often remains hampered by missing information and requiring analysts to master and switch between disparate tools,” the company added.
Cato XDR attempts to address the limitations of legacy tools by tapping into its existing SASE capabilities, using its pool of native sensors for incident identification.
Cato’s existing stack of sensors includes its multiple SASE components such as a next-generation firewall (NGFW), next-generation antimalware (NGAM), IPS, DNS security, Secure Web Gateway (SWG), cloud access security broker (CASB), zero-trust network access (ZTNA), data loss protection (DLP), and remote browser isolation (RBI).
Additionally, endpoint-based telemetry from Cato’s new EPP capability is added to the data pool for granular analysis. “Powered by Bitdefender’s world-leading malware prevention technology, Cato EPP protects the endpoint from attack,” Cato added. “Endpoint threat and user data are still stored in the same converged Cato data lake as the rest of the customer’s network data, simplifying endpoint and network event correlation.”
To further enhance remediation Cato uses in-house AI to identify and rank incidents and help analysts address critical cases on priority. “Cato AI is battle-tested and proven across years of threat hunting and remediation handling by Cato MDR service agents,” the company added.
