Reviewing Best Practices for Your Account

This article explains how to use the Best Practices page to assess policies and settings in your account.

Overview of the Best Practices Assessment

The Best Practices page evaluates the configurations and settings in your account, and shows how they comply with Cato’s recommendations for optimal performance and security. For example, the page shows whether critical security services are enabled, and can identify security rules that are too permissive. The assessment also focuses on detailed settings, such as whether specific risky categories and services are blocked.

Understanding the Best Practices Summary


To show the Best Practices page:

  • From the navigation menu, select Monitoring > Best Practices.

The Best Practices summary shows the following metrics and information to help evaluate overall compliance with best practices:

  • Cato Score - An overall account rating for compliance with Cato best practices. The score is calculated using a method that weights the various best practices according to their importance. For more information about weighting the practices, see the explanation for Impact below.

  • Passed - Number of best practices successfully complied with, out of the total number of practices checked. This metric doesn't count the individual components that compose a best practice. For example, the best practice Block Risky Categories is counted, but not the individual categories such as Spyware, Cheating, Botnets, etc.

  • Status - Filter the page to show only Failed, only Passed, or All practices.

  • The time of the last assessment.

    • Assessments are performed automatically every 24 hours. However, If you made configuration changes and want to immediately refresh the assessment, click Refresh.png.

Explanation of the Best Practice Fields


The Best Practices assessments are divided into sections for the different topics, such as Internet Firewall, WAN Firewall, TLS Inspection, etc. The assessment for a practice can include multiple components. For example, the Block Risky Services practice shows the status for each individual service. For each best practice, the page shows a recommended action, as well as the following fields:

  • Name of the practice

  • A brief Description of the practice and an explanation of its importance

  • Status - Shows if the account configuration complies with the practice. Possible values are Passed and Failed. For each main practice, the number of failed component practices is shown.

The following field is shown for the individual component practices:

  • Impact - The relative importance of the practice, with possible values of High, Medium, and Low.The Impact reflects the weight given the practice in calculating the overall Cato Score, with higher impact practices counting more. For example, within the Block Risky Categories practice, the Impact for Phishing is High, while for Spam it's Low.

Was this article helpful?

2 out of 3 found this helpful


Add your comment