Product Update - Mar. 18th, 2024

New Features & Enhancements

  • Enhanced RBI Security Controls: We added granular security controls to Remote Browser Isolation (RBI) that let you customize the security settings for RBI sessions.
    • You can now block or allow these actions: upload, download, copy/paste, and print
    • We also added a Read Only setting that prevents users from entering credentials or other sensitive data on the site
  • Increased Visibility of Remote User Access and Security: We added new widgets to the User Dashboard. These widgets show:
    • How the Client Connectivity Policy is used to control network access for remote users
    • How often the Always-On Policy is bypassed and with which bypass method
    • This feature will be gradually enabled over the next few weeks
  • Enhanced XDR Stories for Microsoft Defender Endpoint Alerts: We added data to Microsoft Endpoint Alert stories that can help you identify key Indicators of Compromise in stories related to outbound network traffic, such as for phishing attacks.
    • These are the new data fields:
      • Target: The URL involved in the story
      • Destination IP: The remote IP address involved in the story
    • Available for XDR Core, XDR Pro and MDR customers
  • Updated the Threshold for Link Congestion Alerts: We updated the threshold when Congestion is configured to True to trigger an event only when more than 1% of packets are discarded. This change improves the accuracy for detecting link congestion, and can change the frequency of the email notifications.
  • New Banner Announcing Expiration for Trial Site Licenses: When there are sites with trial licenses that are expired or about to expire, the Cato Management Application will now show a banner indicating the expiration date for these licenses.
    • The banner is displayed on all pages, until all sites have valid licenses
  • Cato Management Application Enhancement:
    • Enter Socket Description: We added a new Description field to the Sockets page, and you can add information (such as Socket hostname or an ID) to quickly identify the correct Socket in your account. For HA sites, you can configure different descriptions for Primary and Secondary Sockets

PoP Announcements

  • Tokyo, JP: A new IP range is now available in the Tokyo PoP location - 150.195.219.0/24

Security Updates

  • IPS Signatures:
    • View more details about the IPS signatures and protections in the Threats Catalog
      • Ransomware Frea (New)
      • Ransomware RSA-4096 (New)
      • Ransomware WoXoTo (New)
      • Ransomware DoNex (Enhancement)
      • Ransomware Duralock (Enhancement)
      • Ransomware Dxen (Enhancement)
      • Ransomware Genesis (Enhancement)
      • Ransomware Ma1x0 (Enhancement)
      • Ransomware Payuranson (Enhancement)
      • Ransomware Rocklee (Enhancement)
      • Ransomware Stop/Djvu (Enhancement)
      • Ransomware Zarik Locker (Enhancement)
      • CVE-2024-21412 (New)
      • CVE-2023-52251 (New)
      • CVE-2023-47218 (New)
      • CVE-2023-46731 (New)
      • CVE-2023-40289 (New)
      • CVE-2023-25573 (New)
      • CVE-2022-48323 (New)
      • CVE-2022-42139 (New)
      • CVE-2022-36883 (New)
      • CVE-2022-31499 (New)
      • CVE-2022-31188 (New)
      • CVE-2018-14716 (New)
      • CVE-2023-46263 (Enhancement)
  • Detection & Response:
    • These are the updates to the Indications Catalog
      • Threat Hunting Indication:
        • Suspicious Executable File Download (Enhancement)
  • Suspicious Activity Monitoring:
    • These protections were added to the SAM service:
      • Download impersonated image 
      • Enumerating user terminal sessions in RPC 
      • Harnessing spools service to gain authentication on target machine 
      • Pastebin bot communication 
      • PowerShell impersonated IMG 
  • TLS Inspection:
    • Added global bypass for these applications, preventing possible TLS inspection errors:
      • Brother Industries
      • Cisco Meraki Cloud
      • Oculus
      • Ring
      • Western Digital
      • Xerox
  • Apps Catalog:
    • Added over 100 new SaaS applications including (you can view the SaaS apps in the Apps Catalog):
      • Trados
    • Enhanced this application: 
      • Zoom 
  • File Identification:
    • Enhanced file identification in Cato Cloud services for the following file types: 
      • BAT and CMD
      • Binary files

Knowledge Base Updates

 

Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.

Was this article helpful?

0 out of 0 found this helpful

0 comments

Add your comment