Product Update - Apr. 29th, 2024

New Features & Enhancements

There are no new features or enhancements for the Cato service for this week. Take a look at these great features that we released over the past few weeks:

  • Entra ID (Azure AD) Sign-in Activity Integration: Admins can comprehensively view usage within their ecosystem of sanctioned apps to identify potential security concerns by integrating Entra ID sign-in activity with Cato. The Entra ID API connector extends visibility to all user sign-in and sign-in anomaly events, showcased in the Cloud Activity Dashboard and security event sub-types for sign-in and identity-related anomalies.
  • Seamlessly Connect your Cloud Tenants to Cato: We enhanced Cross Connect sites and added a turnkey provisioning configuration so you can quickly connect your cloud resources to the Cato PoP location.
    • Supported Cloud Providers: AWS DirectConnect, Azure Express Route, GCP Interconnect, Oracle FastConnect
  • AWS Marketplace vSocket Deployment: Cato simplified and streamlined the deployment process for AWS virtual Sockets (vSockets) by using the AWS Marketplace. The marketplace automatically creates the necessary virtual resources for the vSocket.
    • Previously you could only manually deploy AWS vSockets
  • Access Policies and Improvements: Check out these improvements for Remote Access policies that provide increased flexibility:
    • Policy to Manage Proxy Configuration File: Provides a granular method to easily manage PAC files, used by the Client for proxy configuration
    • Split Tunnel Policy: Provides a granular method to easily configure traffic routing for remote users and control which traffic is tunneled towards the Cato Cloud
    • Enforce Different Security Policies When a User Connects Behind a Site or Remotely: You can use the Device Posture Profiles to enforce different security policy rules when a user connects remotely with the Client or behind a site
    • Device Posture Check Enforces Minimum Client Version: You can ensure any device connecting to your network has a minimum Client Client version installed on it

Go to the Cato Product Roadmap in the Knowledge Base to follow the status of upcoming features and enhancements.

Security Updates

  • IPS Signatures:
    • View more details about the IPS signatures and protections in the Threats Catalog
      • Ransomware - DumbStackz (Enhancement)
      • Ransomware - FBIRAS (Enhancement)
      • Ransomware - AttackFiles (New)
      • Ransomware - HWABAG (New)
      • Ransomware - DysentryClub (Enhancement)
      • Ransomware - Crocodile Smile (Enhancement)
      • Ransomware - L00KUPRU (Enhancement)
      • Ransomware - Datah (Enhancement)
      • Ransomware - Rincrypt (Enhancement)
      • Ransomware - Unkno (Enhancement)
      • Ransomware - Ncov (Enhancement)
      • Ransomware - Stop/Djvu (Enhancement)
      • Malware - Cryptbotv2-CnC communication (New)
      • Malware - DarkGate CnC communication (New)
      • Malware - ObserverStealer CnC communication-Check-in (New)
      • Malware - FFDroider-CnC communication (New)
      • Malware - Vodkagats Loader CnC communication-Payload (New)
      • Malware - TrickBot Anchor-Checkin (New)
      • Malware - Vidar Stealer CnC communication - Style Headers In HTTP POST (New)
      • Malware - Vidar Stealer CnC communication - Style Headers post (New)
      • Malware - Stealc Stealer CnC communication - Style Headers post (New)
      • Malware - Generic Stealer CnC communication - Style Headers post (New)
      • Malware - GCleaner Downloader - CnC communication (New)
      • Malware - Konni RAT CnC communication (New)
      • Malware - PureLogs Stealer - C2 Connection (New)
      • Malware - Arkei Stealer C2C Communication - IP Lookup (Enhancement)
      • CVE-2022-38108 (New)
      • CVE-2023-32714 (New)
      • CVE-2024-3400 (Enhancement)
      • CVE-2023-26477 (New)
      • CVE-2024-25153 (New)
      • CVE-2024-1403 (New)
      • CVE-2023-43208 (New)
      • CVE-2020-24391 (New)
      • CVE-2023-4634 (New)
      • CVE-2022-4305 (New)
      • CVE-2018-14716 (New)
      • CVE-2023-24955 (New)
      • CVE-2020-13957 (New)
      • CVE-2023-36210 (New)
      • CVE-2021-31474 (New)
      • Exploiting Server Side Template Injection to gain Remote Code Execution (New)
  • Detection & Response:
    • These are the updates to the Indications Catalog
      • Threat Hunting Indications:
        • Malware DNS Activity (Emotet) (Enhancement)
        • Dynamic DNS services (Enhancement)
        • Suspicious Network Traffic (Enhancement)
        • Suspicious Cryptomining Activity (JSON-RPC) (Enhancement)
        • Suspicious SSH Communication to Low-Popularity Domains (Enhancement)
        • Lateral transfer of possibly suspicious tool over SMB (Enhancement)
      • Threat Prevention:
        • Suspicious TOR Traffic (Enhancement)
  • Suspicious Activity Monitoring:
    • These protections were added to the SAM service:
      • Downloading PowerToll (New)
      • Lateral ADfind transfer over SMB (Enhancement)
      • Lateral Filezilla transfer (Enhancement)
      • Lateral PuTTY transfer (Enhancement)
      • Lateral MobaXterm transfer (Enhancement)
      • Lateral Nmap transfer (Enhancement)
      • Lateral Mimikatz transfer (Enhancement)
      • Lateral WinSCP transfer (Enhancement)
      • Lateral Powershell script transfer (New)
      • Lateral Netcat transfer over SMB (Enhancement)
  • Apps Catalog:
    • Added over 100 new SaaS applications including (you can view the SaaS apps in the Apps Catalog):
      • Enhanced these apps: 
        • Private Internet Access VPN (Enhancement)
        • Tunnelbear (Enhancement)

Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.

Was this article helpful?

0 out of 0 found this helpful

0 comments

Add your comment