Understanding the Capabilities of the Cato Client

You can easily install the Cato Client on a device to provide a range of capabilities to benefit users connecting remotely or behind a site. As well as supporting universal ZTNA functionality, the Client provides additional benefits, for example, device posture endpoint protection, User Engagement, and Digital experience monitoring.

The capabilities of the Client can be grouped into these key capabilities:

Some of these features, such as secure remote and Internet access, require a ZTNA license. However, there are several features that you can use without a license, and we recommend that you install the Client on all devices in your organization.

The Cato Client can identify who is connecting to your network and confirm their identity from any place the user is located. By installing the Client on any device, you can identify users with or without a ZTNA license.

The Client has an Identity Agent that identifies users connecting remotely or behind a site. By installing the Client on every device within your network, you can easily identify all users and enforce policies based on identity in any location.

Confirming the identity of the users connecting to your network protects against unauthorized access.

Device Posture lets you control which devices are allowed to connect to your network remotely or behind a site. The Client can run over 10 different checks to assess the conditions of the device. The Client only allows access if the conditions of the device meet your security requirements. The Client continuously checks the device posture to ensure it always complies with your requirements. This protects your network by blocking vulnerable devices.

The Client Secured Private Access based on the identity of a user, their context (for example, geographical location), and the device they are connecting with. This is enforced through various policies configured in the CMA. For example, with the WAN firewall, one-time authentication, and Device Posture, you can ensure that access to your WAN resources is granted only when users are properly authenticated, and their devices meet your security standards, implementing a true Zero Trust architecture.

The Client ensures that all Internet traffic flows through the Cato Cloud. Cato security engines inspect the traffic to ensure it complies with your security and access policies, for example, CASB. The Split Tunnel Policy gives you granular control over which traffic goes through Cato and which bypasses it. You can ensure your users and organization are always protected by enabling the Always-on Policy. This enhances Internet security by defining rules for when users or User groups always connect to the Cato Cloud. 

The Client supports Synthetic Monitoring, which lets you monitor the reachability and individual user experience for business-critical applications.  Experience Monitoring  lets you combine the existing Network Analytics with app and user analytics to provide a holistic view of issues that your users are experiencing.

The Client notifies users when they are attempting to perform an action that the Data Control or Application Control polices block. This provides a better experience for users because they understand why they can't access an app or resource.