Tel Aviv, Israel, June 27, 2023 — Cato Networks, the world’s leading single-vendor SASE platform provider, today introduced real-time deep learning algorithms for threat defense as part of Cato IPS. The algorithm leverages Cato’s proprietary cloud-native platform and massive data lake to accurately identify malicious domains commonly used in phishing and ransomware attacks. In our tests, our deep learning algorithms identified nearly six times more malicious domains than the reputation feed alone. Cato security research manager Avidan Avraham and his Cato data scientist Asaf Fried presented at his AWS summit in Tel Aviv about using machine learning to detect C2 communications.
Stop phishing and ransomware attacks with deep learning
Real-time identification of malicious domains and IPs is essential to stop phishing, ransomware, and other cyberthreats. The traditional approach of relying on domain reputation feeds to classify and identify malicious domains is too inaccurate, as domain generation algorithms (DGA) allow attackers to rapidly generate new domains with no reputation. It turns out. At the same time, users continue to click through to malicious domains mimicking well-known brands (such as microsoftt).[dot]com or amazonlink[dot]Online) that lack of reputation makes detection from reputation feeds alone unreliable.
Cato’s real-time deep learning algorithms address both problems. This algorithm prevents access to domains registered in the DGA by identifying new domains that are accessed infrequently by users and have common character patterns in the DGA. They look for domains with letter patterns similar to well-known brands to block cybersquatting. Algorithms also thwart brand spoofing by inspecting parts of web pages such as favicons, images, and text.
These fundamental advances in network security are made possible by Cato’s technology’s cloud-native architecture. Real-time deep learning algorithms require large amounts of computing resources to avoid disrupting the user experience. Cato SASE Cloud provides these resources. Cato inspects flows in milliseconds, extracts destination domains, measures domain risk, and infers desired outcomes from traffic without disrupting user experience.
At the same time, deep learning models require extensive training data. The massive data lake underlying Cato SASE Cloud provides that resource. Built from the metadata of every flow that traverses Cato and further enhanced by over 250 threat intelligence feeds, deep learning algorithms benefit from analyzing patterns across all of Cato’s customers. These insights are further enhanced by custom analysis derived from customer traffic, resulting in precise algorithmic identification of suspicious domains.
Real-time deep learning improves threat detection by 6x
Cato Research Labs regularly observes tens of millions of network connection attempts from over 1,700 companies to DGA domains using Cato SASE Cloud. For example, out of the 457,220 network connection attempts to the DGA domain made during the sample period, he was only listed in 66,675 (15%) of the 250+ threat intelligence feeds consumed by Cato. . In contrast, the Cato algorithm identified over the remaining 390,000 additional DGA domains, an almost 6-fold improvement.
Real-time deep learning: just a few of Cato’s multi-layered security protections
Cato’s real-time deep learning algorithms aren’t the only way Cato detects and stops threats. The combination of SWG, NGFW, IPS, NGAM, CASB, DLP, RBI, and ZTNA in Cato SASE Cloud provides multi-layered protection against exploitation and stops cyberattacks at multiple points in MITER’s ATT&CK framework.
Deep learning algorithms are the latest AI and ML additions to the Cato SASE Cloud. Cato has long used machine learning for offline analytics to solve large-scale problems such as OS detection, client classification, and automatic application identification. ChatGPT is also used in a number of ways, including automatically generating threat descriptions for Cato’s threat catalog.
For more information on Cato and its security features, please visit https://www.catonetworks.com/security-service-edge/.
support quotes
Elad Menahem, Senior Director of Security, Cato Networks
“ML and AI are essential to defending against ever-evolving, sophisticated and evasive cyberattacks,” said Erad Menachem, senior director of security at Cato Networks. ML algorithms have to be trained and rebuilt.” – Trained with high quality data to deliver value. Cato’s data lake offers significant advantages in this area. The convergence of rich networking data and security sources and its massive scale allow Cato to train its algorithms in a unique way. Our Current Efforts This is just the beginning of AI and ML innovation. ”
Asaf Fried, Data Scientist, Cato Networks
“To effectively combat evasion attacks, real-time ML must be continuously trained and updated. With the SASE cloud, we can train and continuously update high-quality data at scale. Network security is a much more targeted target for companies relying on SASE clouds, as appliance-based solutions can’t offer either.”
support resources
About Kato Networks
Cato offers the world’s most robust single-vendor SASE platform that integrates Cato SD-WAN and Cato SSE 360, a cloud-native security service edge, into global cloud services. Cato SASE Cloud optimizes and secures application access for all users and locations, anywhere. With Cato, customers can easily replace expensive and rigid legacy MPLS with a modern SD-WAN based network architecture to protect and optimize their hybrid workforce from anywhere and enable seamless cloud migration. to Cato can enforce fine-grained access policies, protect users from threats, prevent loss of sensitive data, and easily manage it all from her single screen. Thanks to Cato, businesses will be ready for whatever comes next.
