Product Update - Mar. 4th, 2024

New Features & Enhancements

  • New Device Posture Check for Cato Client Version: You can require that devices connecting to the network have a minimum Client version installed, by creating a Device Posture check for a specific Client version. This can be added to a Device Posture Profile and then included in your Client Connectivity and security policies.
    • This feature will be gradually enabled over the next few weeks
  • Easily View Events for a Network Rule: Now you can use the new View Rule Events action to show the events for a specific Network Rule. When you select this action, the Events page opens and is immediately pre-filtered for all events that match that rule.

Video Feature Overviews

Security Updates

  • IPS Signatures:
    • View more details about the IPS signatures and protections in the Threats Catalog
      • Ransomware 2023lock (New)
      • Ransomware GoodMorning (New)
      • Ransomware Ma1x0 (New)
      • Ransomware Phobos (New)
      • Ransomware SYSDF (New)
      • Ransomware Dxen Ransomware (Enhancement)
      • Ransomware Rocklee Ransomware (Enhancement)
      • Ransomware Stop/Djvu Ransomware (Enhancement)
      • Ransomware Vx-underground Ransomware (Enhancement)
      • Ransomware ZENEX Ransomware (Enhancement)
      • Malware DarkGate CNC Communiaction - Check-In (New)
      • Malware Fewin Stealer Data Exfiltration Attempt (New)
      • Malware GCleaner Downloader - IP Address Retrieval Attempt (New)
      • Malware Lumma Stealer CNC Communication - Exfiltration (New)
      • Malware Reverse Shell Connection - CNC Communication (New)
      • Malware TA402 CnC Communication - User-Agent (New)
      • Malware NodeStealer CNC Communication - Downloaded Archive GET (Enhancement)
      • CVE-2024-22024 (New)
      • CVE-2024-1709 (New)
      • CVE-2023-6623 (New)
      • CVE-2023-51467 (New)
      • CVE-2023-28128 (New)
      • CVE-2023-26255 (New)
      • CVE-2022-36534 (New)
      • CVE-2016-20017 (New)
      • CVE-2023-39677 (New)
      • CVE-2023-38203 (New)
      • CVE-2023-35082 (New)
      • CVE-2023-22527 (New)
      • CVE-2019-3967 (New)
      • CVE-2024-21893 (Enhancement)
      • CVE-2024-21887 (Enhancement)
      • CVE-2023-46805 (Enhancement)
      • CVE-2023-39143 (Enhancement)
      • CVE-2023-45484 (Enhancement)
      • CVE-2023-45480 (Enhancement)
      • Threat Actor r00ts3c-owned-you (New) 
      • Lumma Stealer CNC Communication - Check-In (New)
  • Detection & Response
    • These are the updates to the Indications Catalog
      • Threat Hunting Indications:
        • Kali Linux Detection (New)
        • Suspicious Binary File Download using WinHTTP (New)
        • Suspicious Tool Download (New)
        • WebShell uploaded (New)
  • Suspicious Activity Monitoring:
    • These protections were added to the SAM service:
      • AnyDesk remote desktop connection (New)
      • Process Hacker - download (New)
      • Lateral bash script transfer (New)
      • Phishing heuristic (Enhancement)
  • TLS Inspection
    • Added global bypass for these applications, preventing possible TLS inspection errors:
      • Brother Industries
      • Cisco Meraki Cloud
      • Oculus
      • Ring
      • Western Digital
      • Xerox
  • Apps Catalog:
    • Added over 100 new SaaS applications (you can view the SaaS apps in the Apps Catalog), and enhanced these applications:
      • Microsoft Copilot (formerly BingAI) 
      • Google Gemini (formerly Bard) 
      • King 
      • WireGuard protocol 
  • Application Control (CASB and DLP):  
    • This app is included in DLP scans:
      • Google Gemini - Search
  • Client Classification:
    • Greenbone OS


Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.

Was this article helpful?

0 out of 0 found this helpful


Add your comment