Cato Networks, providerThe world’s leading single-vendor SASE platformintroduced today real time, a deep learning algorithm for threat defense as part of Cato IPS. The algorithm leverages Cato’s proprietary cloud-native platform and massive data lake to accurately identify malicious domains commonly used in phishing and ransomware attacks. In testing, deep learning algorithms have roughly identified: 6x more malicious domains than reputation feeds alone. Cato Security Research His Manager Avidan Avraham and Cato Data His Scientist Asaf Fried gave a talk on using machine learning to detect C2 communications. AWS Summit in Tel Aviv.
Stop phishing and ransomware attacks with deep learning
Real-time identification of malicious domains and IPs is essential to stop phishing, ransomware, and other cyberthreats. The traditional approach of relying on domain reputation feeds to classify and identify malicious domains is too inaccurate, as domain generation algorithms (DGA) allow attackers to rapidly generate new domains with no reputation. It turns out. At the same time, users continue to click through to malicious domains mimicking well-known brands (such as microsoftt).[dot]com or amazonlink[dot]Online) that lack of reputation makes detection from reputation feeds alone unreliable.
Cato’s real-time deep learning algorithms address both problems. The algorithm prevents access to . DGA Registered Domains Identify new domains that users do not visit frequently by character patterns common to DGA.they block cyber squatting By looking for domains with letter patterns similar to well-known brands.and the algorithm stops brand impersonation By examining parts of web pages such as favicons, images, and text.
These fundamental advances in network security are made possible by Cato’s technology’s cloud-native architecture. Real-time deep learning algorithms require large amounts of computing resources to avoid disrupting the user experience. Cato SASE Cloud provides these resources. Cato inspects flows in milliseconds, extracts destination domains, measures domain risk, and infers desired outcomes from traffic without disrupting user experience.
At the same time, deep learning models require extensive training data. The massive data lake underlying Cato SASE Cloud provides that resource. Built from the metadata of every flow that traverses Cato and further enhanced by over 250 threat intelligence feeds, deep learning algorithms benefit from analyzing patterns across all of Cato’s customers. These insights are further enhanced by custom analysis derived from customer traffic, resulting in precise algorithmic identification of suspicious domains.
Real-time deep learning improves threat detection by 6x
Cato Research Labs regularly observes tens of millions of network connection attempts from over 1,700 companies to DGA domains using Cato SASE Cloud. For example, out of the 457,220 network connection attempts to the DGA domain made during the sample period, he was only listed in 66,675 (15%) of the 250+ threat intelligence feeds consumed by Cato. . In contrast, the Cato algorithm identified over the remaining 390,000 additional DGA domains, an almost 6-fold improvement.
Real-time deep learning: just a few of Cato’s multi-layered security protections
Cato’s real-time deep learning algorithms aren’t the only way Cato detects and stops threats.of Kato SASE Cloudof Combining SWG, NGFW, IPS, NGAM, CASB, DLP, RBI, and ZTNA to provide multi-layered protection against exploits and stop cyberattacks at multiple points. MITER’s ATT&CK framework.
Deep learning algorithms are the latest AI and ML additions to the Cato SASE Cloud. Cato has long used machine learning for offline analysis to solve problems. on a large scalelike that OS detection,Client classificationandAutomatic identification of applications. ChatGPT is also used in a number of ways, including automatically generating threat descriptions for Cato’s threat catalog.
For more information on Cato and its security features, please visit: https://www.catonetworks.com/security-service-edge/.
