Product Update - May 20th, 2024

New Features & Enhancements

  • Manually Upgrade Sockets to a Newer Version: We're introducing an option to manually start the Socket upgrade process and install a Socket firmware version. This can help when an upgrade was skipped because the Socket was disconnected during the maintenance window, or for any other reason.
  • Simplified Removal of Users and User Groups From Your Account: You can now delete a user or user group even if they are included in a policy. After being deleted, they are removed from the Users or User Groups pages and can no longer connect with the Cato Client or have a policy applied.
    • Users or user groups are still visible in a policy and marked as deleted, for example, John Doe (Deleted)
    • Previously, users or user groups could not be deleted when included in a policy
  • Improved Monitoring of Sanctioned Apps: To better manage cloud app ecosystems, customers can now include their known business applications in the Sanctioned Apps Category. This lets you filter to see analytics specifically for sanctioned apps.
    • The App Analytics and Experience Monitoring pages can be filtered for sanctioned apps
    • For customers with a CASB license:
    • The Sanctioned Apps Category is configured in the Assets > Categories page
    • Previously, the category was available only with a CASB license

Go to the Cato Product Roadmap in the Knowledge Base to follow the status of upcoming features and enhancements.

Security Updates

  • IPS Signatures:
    • View more details about the IPS signatures and protections in the Threats Catalog
      • Malware AlphaCrypt-CnC Beacon (New)
      • Malware DuckTail APT-CnC communication (New)
      • Malware Lumma Stealer-CnC (New)
      • Malware PrivateLoader-CNC Communication (New)
      • Ransomware ATCK (New)
      • Ransomware BlackSkull (New)
      • Ransomware DumbStackz (Enhancement)
      • Ransomware KUZA (Enhancement)
      • Ransomware Mallox (Enhancement)
      • Ransomware Ncov (Enhancement)
      • Ransomware Robaj (Enhancement)
      • Ransomware SHINRA (Enhancement)
      • Ransomware Stop/Djvu (Enhancement)
      • Ransomware Tuborg (Enhancement)
      • Ransomware Virus (MedusaLocker) (Enhancement)
      • Ransomware Wormhole (Enhancement)
      • Ransomware xDec (Enhancement)CVE-2022-38108 (New)
      • CVE-2020-4000 (New)
      • CVE-2021-21345 (New)
      • CVE-2021-21480 (New)
      • CVE-2022-29847 (New)
      • CVE-2022-44373 (New)
      • CVE-2023-32985 (New)
      • CVE-2023-34993 (New)
      • CVE-2023-37569 (New)
      • CVE-2023-44353 (New)
      • CVE-2023-48782 (New)
      • CVE-2023-6019 (New)
      • CVE-2023-6184 (New)
      • CVE-2024-1212 (Enhancement)
      • CVE-2024-26212 (New)
      • CVE-2024-3272 (New)
      • Generic Directory Traversal - HTTP (Enhancement)
      • PetitPotam - Active Directory Certificate Services (ADCS) NTLM Authentication (New)
  • Detection & Response
    • These are the updates to the Indications Catalog:
      • Threat Hunting Indications:
        • Suspicious Bot Activity(Pastebin) (Enhancement)
        • Suspicious DNS Traffic (Enhancement)


Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.

Was this article helpful?

0 out of 0 found this helpful


Add your comment