This article explains how Artificial Intelligence and Machine Learning optimize the configuration feature polices.
Autonomous Policies leverage AI and Machine Learning to optimize the management and configuration of security policies. These intelligent features help ensure comprehensive policy coverage by detecting potential gaps and offering actionable recommendations, such as identifying an out of date test rule and suggesting how to refine it. These recommendations are available on the following policies:
Autonomous Policies include two key capabilities, AI-Driven Best Practices and a Configuration Wizard.
Autonomous policy settings are continuously analyzed against its AI and Machine Learning powered best practices engine. This engine evaluates the effectiveness and security of your configurations, identifying areas that may require attention. Recommendations are automatically generated for specific rules in your policy to help align it with Cato’s best practices for optimal security and performance.
AI-Driven Best Practices are supported for the Internet Firewall, WAN Firewall and Remote Port Forwarding Policies.
The Configuration Wizard simplifies the process of creating or updating policies by:
-
Recommending rules to enable
-
Suggesting improvements to your existing rules
After generating a list of recommended rules, you can select which ones to apply. The Wizard then guides you through the configuration process, ensuring that each update is applied accurately and efficiently.
The Configuration Wizard is supported for the Internet Firewall and TLS Inspection Policies.
The following use cases provide examples for how autonomous polices can be used with each feature.
A developer needed to test a new integration with a cloud-based payment gateway initially blocked by the organization's Internet Firewall policy. To enable testing, the IT team created a temporary rule allowing outbound access. Once testing concluded, the rule was intended to be deleted, but that step was inadvertently missed.
A week later, the IT team saw that the Review Temporary Rule best practice check flagged the rule with a Failed status. Upon investigation, they discovered that the temporary rule granting access to the payment gateway was still active.
The IT team quickly identified and remediated the oversight by deleting the rule. This ensured their firewall policy remained aligned with security standards and reduced unnecessary exposure.
To enable quick access to a newly deployed internal collaboration tool, the IT team created a WAN Firewall rule allowing access from all Site locations. The rule permitted traffic to the application server from the entire corporate network segment. This covered more users than necessary as a temporary measure until more granular access controls could be implemented. However, the rule remained unchanged well after deployment.
The AI-based Overly Permissive Rule best practice flagged this rule for review. The AI engine analyzed historical traffic and user access patterns, identifying that only two specific departments were actively using the application. It also noted that the current rule applied to all users across the WAN, including those with no business need for access.
This AI-driven alert helped the IT team refine the rule to apply only to the relevant departments, reducing unnecessary access and enforcing the principle of least privilege.
As part of a broader digital transformation initiative, the IT team enabled access to several generative AI tools to improve employee productivity. While valuable, these tools raised concerns around potential data leakage, particularly involving sensitive corporate and customer information.
To address this, the security team needed the ability to inspect TLS-encrypted traffic for these apps. However, there was a significant operational challenge to manually identify which domains were safe to decrypt, and which might break under inspection.
The team used the TLS Inspection Configuration Wizard to simplify and accelerate the deployment. The wizard recommended a balanced and secure configuration:
-
Inspect Rules were automatically created for vetted categories like Popular Cloud Apps and Cato-Recommended Domains, including commonly used AI tools
-
Bypass Rules were suggested for incompatible traffic, such as Categories that are not inspected due to privacy regulations and concerns
-
The wizard clearly indicated which existing rules were safe to enable immediately and which might require further review
As a result, the IT team implemented TLS inspection efficiently, gaining visibility into encrypted traffic without disrupting business-critical applications or user productivity.
As part of a troubleshooting effort, an engineer temporarily enabled Remote Port Forwarding to allow external access to a staging server hosted at a branch location. The rule forwarded traffic from a specific external port to the internal server over SSH, intending to disable the rule once the issue was resolved.
Although the rule was labeled for testing, it was unintentionally left active after troubleshooting was completed.
A few days later, the AI-based Review Testing Rule best practice had a Failed status. The AI engine identified the rule included a broad exposure to the Internet and included "test" in the rule name. This indicated a temporary configuration that may have been forgotten.
The IT team was able to quickly locate and remove the rule, restoring a more secure Remote Port Forwarding posture and minimizing unnecessary external access.
0 comments
Article is closed for comments.