New Features & Enhancements
There are no new features or enhancements for the Cato service for this week. Take a look at these great features that we released over the past few weeks:
- Entra ID (Azure AD) Sign-in Activity Integration: Admins can comprehensively view usage within their ecosystem of sanctioned apps to identify potential security concerns by integrating Entra ID sign-in activity with Cato. The Entra ID API connector extends visibility to all user sign-in and sign-in anomaly events, showcased in the Cloud Activity Dashboard and security event sub-types for sign-in and identity-related anomalies.
-
Seamlessly Connect your Cloud Tenants to Cato: We enhanced Cross Connect sites and added a turnkey provisioning configuration so you can quickly connect your cloud resources to the Cato PoP location.
- Supported Cloud Providers: AWS DirectConnect, Azure Express Route, GCP Interconnect, Oracle FastConnect
-
AWS Marketplace vSocket Deployment: Cato simplified and streamlined the deployment process for AWS virtual Sockets (vSockets) by using the AWS Marketplace. The marketplace automatically creates the necessary virtual resources for the vSocket.
- Previously you could only manually deploy AWS vSockets
-
Access Policies and Improvements: Check out these improvements for Remote Access policies that provide increased flexibility:
- Policy to Manage Proxy Configuration File: Provides a granular method to easily manage PAC files, used by the Client for proxy configuration
- Split Tunnel Policy: Provides a granular method to easily configure traffic routing for remote users and control which traffic is tunneled towards the Cato Cloud
- Enforce Different Security Policies When a User Connects Behind a Site or Remotely: You can use the Device Posture Profiles to enforce different security policy rules when a user connects remotely with the Client or behind a site
- Device Posture Check Enforces Minimum Client Version: You can ensure any device connecting to your network has a minimum Client Client version installed on it
Go to the Cato Product Roadmap in the Knowledge Base to follow the status of upcoming features and enhancements.
Security Updates
-
IPS Signatures:
- View more details about the IPS signatures and protections in the Threats Catalog
- Ransomware - DumbStackz (Enhancement)
- Ransomware - FBIRAS (Enhancement)
- Ransomware - AttackFiles (New)
- Ransomware - HWABAG (New)
- Ransomware - DysentryClub (Enhancement)
- Ransomware - Crocodile Smile (Enhancement)
- Ransomware - L00KUPRU (Enhancement)
- Ransomware - Datah (Enhancement)
- Ransomware - Rincrypt (Enhancement)
- Ransomware - Unkno (Enhancement)
- Ransomware - Ncov (Enhancement)
- Ransomware - Stop/Djvu (Enhancement)
- Malware - Cryptbotv2-CnC communication (New)
- Malware - DarkGate CnC communication (New)
- Malware - ObserverStealer CnC communication-Check-in (New)
- Malware - FFDroider-CnC communication (New)
- Malware - Vodkagats Loader CnC communication-Payload (New)
- Malware - TrickBot Anchor-Checkin (New)
- Malware - Vidar Stealer CnC communication - Style Headers In HTTP POST (New)
- Malware - Vidar Stealer CnC communication - Style Headers post (New)
- Malware - Stealc Stealer CnC communication - Style Headers post (New)
- Malware - Generic Stealer CnC communication - Style Headers post (New)
- Malware - GCleaner Downloader - CnC communication (New)
- Malware - Konni RAT CnC communication (New)
- Malware - PureLogs Stealer - C2 Connection (New)
- Malware - Arkei Stealer C2C Communication - IP Lookup (Enhancement)
- CVE-2022-38108 (New)
- CVE-2023-32714 (New)
- CVE-2024-3400 (Enhancement)
- CVE-2023-26477 (New)
- CVE-2024-25153 (New)
- CVE-2024-1403 (New)
- CVE-2023-43208 (New)
- CVE-2020-24391 (New)
- CVE-2023-4634 (New)
- CVE-2022-4305 (New)
- CVE-2018-14716 (New)
- CVE-2023-24955 (New)
- CVE-2020-13957 (New)
- CVE-2023-36210 (New)
- CVE-2021-31474 (New)
- Exploiting Server Side Template Injection to gain Remote Code Execution (New)
- View more details about the IPS signatures and protections in the Threats Catalog
-
Detection & Response:
- These are the updates to the Indications Catalog:
- Threat Hunting Indications:
- Malware DNS Activity (Emotet) (Enhancement)
- Dynamic DNS services (Enhancement)
- Suspicious Network Traffic (Enhancement)
- Suspicious Cryptomining Activity (JSON-RPC) (Enhancement)
- Suspicious SSH Communication to Low-Popularity Domains (Enhancement)
- Lateral transfer of possibly suspicious tool over SMB (Enhancement)
- Threat Prevention:
- Suspicious TOR Traffic (Enhancement)
- Threat Hunting Indications:
- These are the updates to the Indications Catalog:
-
Suspicious Activity Monitoring:
- These protections were added to the SAM service:
- Downloading PowerToll (New)
- Lateral ADfind transfer over SMB (Enhancement)
- Lateral Filezilla transfer (Enhancement)
- Lateral PuTTY transfer (Enhancement)
- Lateral MobaXterm transfer (Enhancement)
- Lateral Nmap transfer (Enhancement)
- Lateral Mimikatz transfer (Enhancement)
- Lateral WinSCP transfer (Enhancement)
- Lateral Powershell script transfer (New)
- Lateral Netcat transfer over SMB (Enhancement)
- These protections were added to the SAM service:
-
Apps Catalog:
- Added over 100 new SaaS applications including (you can view the SaaS apps in the Apps Catalog):
- Enhanced these apps:
- Private Internet Access VPN (Enhancement)
- Tunnelbear (Enhancement)
- Enhanced these apps:
- Added over 100 new SaaS applications including (you can view the SaaS apps in the Apps Catalog):
Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.
0 comments
Please sign in to leave a comment.