Support

CATO

Cato SASE Cloud Platform Capabilities

Cato SASE Cloud Platform Capabilities

Cato SASE optimally and securely connects all enterprise locations, users, applications, and clouds, into a global and secure, cloud-native platform. Cato can be gradually deployed to replace security point solutions and legacy network services.

Simplicity is a guiding design principle for SIRIS. From deployment flexibility that spans a software-only implementation to hardened backup appliances, MSPs can implement the solution that fits their client’s requirements.

Consistent and Optimized Cloud Network

Global Private Backbone

Cato’s SLA-backed global private backbone underpins the global Cloud Network. The backbone is comprised of a dense footprint of physical Points of Presence (PoPs) hosted in regional top-tier datacenters and interconnected with multiple global and regional carriers. The backbone is designed to provide massive, fully encrypted, SLA-backed global connectivity through a consistent and predictable underlying network transports. Cato’s deep network engineering and operations expertise enables the optimal selection and integration of hosting providers and carriers into the backbone.

Global Traffic Optimization

Cato applies optimization and acceleration to all traffic going through the backbone to enhance application performance and the user experience.
 To ensure all users and locations benefit from the backbone capabilities, Cato optimizes traffic from
 all edges and towards all destinations (on premises and in the cloud). With this design Cato supports latency sensitive traffic such as voice, video, and transactional and legacy applications, to enable optimal user productivity. For SaaS traffic, Cato provides granular control of application traffic routing to ensure traffic is delivered via the
optimized backbone to the PoP nearest to the application instance.

Digital Experience Monitoring

Cato DEM empowers IT teams to support the digital business while minimizing user experience issues. Using real-time monitoring, IT teams can troubleshoot user experience issues with end-to-end visibility and improve efficiency. Synthetic probing combined with AI/ML enables proactive monitoring and mitigation of experience issues before they are reported by users. Cato DEM covers all the applications used by the enterprise across internet, SaaS and WAN. No sensor deployment, installation or integrations are required.

Network Security

Network Segmentation and Zero Trust

The most fundamental security capability of Cato’s SSE 360 is Firewall as a Service (FWaaS). FWaaS controls traffic flow, across all ports and protocols, and in all directions both WAN (east-west), and the Internet (south-north). Firewall policies are used to segment the network based on network resources (such as VLANs) and logical elements such as identity, organizational units, applications, and services. Network segmentation in conjunction with continuous traffic inspection enables customers to sustain a zero-trust security posture.

Multi-Layer Threat Prevention

Cato implements defense in depth with multi-layer threat prevention capabilities. Secure Web Gateway (SWG) protects users against risky web sites, phishing attacks and malware delivery. Intrusion Prevention System (IPS) detects and stops malicious traffic based on threat intelligence feeds, AI/ML inline controls, and deep heuristics that leverage granular context including identify, network, application, and data attributes. Malware Prevention engine inspects every payload to stop inbound infections. DNS security inspects DNS queries and responses to prevent DNS tunneling and to block phishing attacks, malicious domains, malware communication and other DNS-based threat vectors. Remote Browser Isolation (RBI) further protects users by directing traffic to high-risk web sites into an isolated cloud-based browser session, thus minimizing the risk of endpoint compromise.

Application and Data Protection

Cato enforces application access control and data protection on all access, both inline and out-of-band through SaaS API integrations. Cato Cloud Access Security Broker (CASB) provides broad visibility to the usage of both sanctioned and unsanctioned (“Shadow IT”) applications and the ability to enforce access policies based on application, user, and device risk. Data Loss Prevention (DLP) engine enforces access policies and granular actions on sensitive data across on-premises and cloud destinations from corporate and BYOD devices.

AI Security

Secure Use of Public AI

Cato enables enterprises to securely harness the power of Public GenAI applications without compromising security or compliance. With comprehensive visibility into every AI interaction, Cato discovers and categorizes all GenAI usage across web, API, and applications, mitigating Shadow AI risks. By enforcing granular, intent-based usage policies and real-time detection of sensitive data violations, enterprises can confidently embrace third-party AI services. Cato’s AI usage controls ensure consistent governance, proactively preventing data leakage, limiting misuse, and reducing risk exposure, empowering safe adoption of innovative AI-driven use-cases.

Securing Private AI Modes and Agents

Cato safeguards homegrown AI applications and agents against evolving threats. Leveraging purpose-built detection engines, Cato identifies runtime AI attacks, including prompt injections, jailbreaks, data leakage, and malicious interactions. Enterprises gain centralized, real-time visibility, enabling rapid response and reducing operational and reputational risks. Flexible deployment—via AI gateways or APIs—ensures seamless protection across cloud, on-premises, and edge environments. Cato protects internally developed AI and models, maintaining secure, compliant operations without hindering innovation or productivity.

AI Security Posture Management

Cato provides continuous discovery, assessment, and remediation of AI security and compliance risks before deployment into production. Through comprehensive AI asset inventory and model scanning, enterprises can identify vulnerabilities and risks within their AI environments. Cato helps security team ensure secure AI operations aligned with regulatory frameworks like the EU AI Act, MITRE ATLAS, and ISO standards. Enterprises gain actionable insights to confidently accelerate AI initiatives, safeguarding valuable data and reputation without sacrificing speed or agility.

The Strategic Benefits of a True SASE Platform

Architected from the ground up as a true cloud-native SASE platform, all Cato’s security capabilities, today and in the future, leverage the global distribution, massive scalability, advanced resiliency, autonomous life cycle management, and consistent management model of the Cato platform.

 
Consistent Policy Enforcement

Cato extends all security capabilities globally to deliver consistent policy enforcement everywhere and to everyone, from the largest datacenters down to a single user device.

Scalable and Resilient Protectiont

Cato scales to inspect multi-gig traffic streams with full TLS decryption and across all security capabilities, and can automatically recover from service component failures to ensure continuous security protection.

Autonomous Life Cycle Management

Cato ensures the SASE cloud platform maintains optimal security posture, 99.999% service availability, and low-latency security processing for all users and locations, without any customer involvement.

Single Pane of Glass

Cato provides a single pane of glass to consistently manage all security and networking capabilities including configuration, analytics, troubleshooting, and incident detection and response. Unified management model eases new capabilities adoption by IT and the business.