New Features & Enhancements
- Manually Upgrade Sockets to a Newer Version: We're introducing an option to manually start the Socket upgrade process and install a Socket firmware version. This can help when an upgrade was skipped because the Socket was disconnected during the maintenance window, or for any other reason.
-
Simplified Removal of Users and User Groups From Your Account: You can now delete a user or user group even if they are included in a policy. After being deleted, they are removed from the Users or User Groups pages and can no longer connect with the Cato Client or have a policy applied.
- Users or user groups are still visible in a policy and marked as deleted, for example, John Doe (Deleted)
- Previously, users or user groups could not be deleted when included in a policy
-
Improved Monitoring of Sanctioned Apps: To better manage cloud app ecosystems, customers can now include their known business applications in the Sanctioned Apps Category. This lets you filter to see analytics specifically for sanctioned apps.
- The App Analytics and Experience Monitoring pages can be filtered for sanctioned apps
- For customers with a CASB license:
- The Sanctioned Apps Category can be configured in Application Control rules
- The Cloud Apps Dashboard can be filtered for sanctioned apps
- The Sanctioned Apps Category is configured in the Assets > Categories page
- Previously, the category was available only with a CASB license
Go to the Cato Product Roadmap in the Knowledge Base to follow the status of upcoming features and enhancements.
Security Updates
-
IPS Signatures:
- View more details about the IPS signatures and protections in the Threats Catalog
- Malware AlphaCrypt-CnC Beacon (New)
- Malware DuckTail APT-CnC communication (New)
- Malware Lumma Stealer-CnC (New)
- Malware PrivateLoader-CNC Communication (New)
- Ransomware ATCK (New)
- Ransomware BlackSkull (New)
- Ransomware DumbStackz (Enhancement)
- Ransomware KUZA (Enhancement)
- Ransomware Mallox (Enhancement)
- Ransomware Ncov (Enhancement)
- Ransomware Robaj (Enhancement)
- Ransomware SHINRA (Enhancement)
- Ransomware Stop/Djvu (Enhancement)
- Ransomware Tuborg (Enhancement)
- Ransomware Virus (MedusaLocker) (Enhancement)
- Ransomware Wormhole (Enhancement)
- Ransomware xDec (Enhancement)CVE-2022-38108 (New)
- CVE-2020-4000 (New)
- CVE-2021-21345 (New)
- CVE-2021-21480 (New)
- CVE-2022-29847 (New)
- CVE-2022-44373 (New)
- CVE-2023-32985 (New)
- CVE-2023-34993 (New)
- CVE-2023-37569 (New)
- CVE-2023-44353 (New)
- CVE-2023-48782 (New)
- CVE-2023-6019 (New)
- CVE-2023-6184 (New)
- CVE-2024-1212 (Enhancement)
- CVE-2024-26212 (New)
- CVE-2024-3272 (New)
- Generic Directory Traversal - HTTP (Enhancement)
- PetitPotam - Active Directory Certificate Services (ADCS) NTLM Authentication (New)
- View more details about the IPS signatures and protections in the Threats Catalog
-
Detection & Response
- These are the updates to the Indications Catalog:
- Threat Hunting Indications:
- Suspicious Bot Activity(Pastebin) (Enhancement)
- Suspicious DNS Traffic (Enhancement)
- Threat Hunting Indications:
- These are the updates to the Indications Catalog:
Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.
0 comments
Please sign in to leave a comment.