Product Updates - August 18, 2025

New Features & Enhancements

• Important End-User Changes in Upcoming Release for macOS Client v5.10: On August 24, 2025, we are planning to start rolling out the new macOS Client version 5.10. This version includes:
  • Support for remote internet security with one-time authentication. This means that some Connectivity Policy rules will apply to macOS v5.10 Client users, giving them Internet access after one-time authentication
  • An updated user interface that now includes more connectivity details
  • For more information, see this FAQ
• Bypass the Cato Cloud Using Apps: To make it easier to configure app traffic in Socket sites to egress directly to the Internet, the Bypass policy lets you define rules using predefined apps. For example, instead of having to configure and keep track of all the public IPs for Zoom, you can simply select the Zoom predefined app, and Cato ensures that the correct destinations are bypassed. These are the supported apps:
  • Zoom
  • Google apps
  • Microsoft SharePoint Online & OneDrive
  • Microsoft Teams
  • Microsoft Exchange (Outlook)
  • Microsoft Defender
• Endpoint Visibility from CrowdStrike in Stories Workbench: We are extending XOps to include incident data from CrowdStrike. Customers with XDR Pro, XOps, and MDR licenses can access CrowdStrike stories for endpoint devices to investigate in the Stories Workbench.
  • Configuring the EDR integration enables you to review related stories based on Cato native signals, providing a comprehensive view of EDR and network-based signals within a single platform
  • Stories incorporate data about suspicious activity from CrowdStrike incidents, including:
    • Device and user details
    • Relevant processes, files, registry values, and more
  • Events can be generated without a license, and stories are accessible with an XOps, XDR Pro, or MDR license
  • Click here to watch a video recording of this feature
• Endpoint Visibility from SentinelOne in Stories Workbench: We are extending XOps to include incident data from SentinelOne EDR. Customers with XDR Pro, XOps, and MDR licenses can access endpoint device stories that you can investigate in the Stories Workbench.
  • Configuring the EDR integration enables you to review related stories based on Cato native signals, providing a comprehensive view of EDR and network-based signals within a single platform
  • Stories incorporate data about suspicious activity from SentinelOne EDR incidents, including:
    • Device and user details
    • Relevant processes, files, registry values, and more
  • Events can be generated without a license, and stories are accessible with an XOps, XDR Pro, or MDR license
• Enhanced Host Visibility in Application Analytics: You can now more easily identify and monitor hosts with static IPs using their configured host names. Host names are easier to recognize than raw IPs, helping you quickly understand device activity and improving operational clarity and troubleshooting efficiency.
  • The Application Analytics page now displays the configured host name instead of the IP address for hosts with a static IP
  • A new configured_host_name field is available in the appStats and appStatsTimeSeries APIs
• New Release for EPP Agent v1.5: On Aug 17, 2025, we are starting to roll out EPP Agent version 1.5. This version includes bug fixes and enhancements.
• Query Socket Port Level Data via API: You can now query Socket level data including port and transport-level metrics that were previously only visible in the Site Monitoring > Network Analytics page.
  • Supported for Socket v20 onwards

Security Updates

• App Catalog
  • 450 New AI Apps (See App Catalog)
  • Skype and MS Teams (Enhancement)
  • Cymulate (New)
  • WebSocket (New)
  • Protime (New)
• IPS Signatures

  • IPS Signatures: View more details about the IPS signatures and protections in the Threats Catalog:

    • CVE-2020-1147 (New)
    • CVE-2021-1472 (New)
    • CVE-2021-24970 (New)
    • CVE-2021-31249 (New)
    • CVE-2021-39316 (New)
    • CVE-2023-20864 (Enhancement)
    • CVE-2023-31446 (New)
    • CVE-2023-38879 (New)
    • CVE-2023-48777 (New)
    • CVE-2023-6549 (New)
    • CVE-2024-0195 (New)
    • CVE-2025-20337 (New)
    • CVE-2025-2945 (New)
    • CVE-2025-32815 (New)
    • CVE-2025-33053 (Enhancement)
    • CVE-2025-33073 (New)
    • CVE-2025-43864 (New)
    • CVE-2025-43865 (New)
    • CVE-2025-44177 (New)
    • CVE-2025-48827 (New)
    • CVE-2025-49706 (Enhancement)
    • CVE-2025-49718 (New)
    • CVE-2025-53770 (Enhancement)
    • CVE-2025-53771 (Enhancement)
    • Heuristic - PingRAT C2 Tunneling (New)
    • Malware - Prometei Botnet CnC (New)
    • Ransomware - Aleta (Enhancement)
    • Ransomware - AntiHacker (Enhancement)
    • Ransomware - Arena (Enhancement)
    • Ransomware - Atomic (Enhancement)
    • Ransomware - Backups (Enhancement)
    • Ransomware - Bash 2.0 (Bash Red) (Enhancement)
    • Ransomware - Bitrix (Enhancement)
    • Ransomware - BlackFL (Enhancement)
    • Ransomware - BlackHeart (MedusaLocker) (Enhancement)
    • Ransomware - Blackransombdbot (Enhancement)
    • Ransomware - Blocker (Enhancement)
    • Ransomware - BOBER (Enhancement)
    • Ransomware - BQTLOCK (Enhancement)
    • Ransomware - Cowa (Enhancement)
    • Ransomware - Cybertron (Enhancement)
    • Ransomware - Darkness (Enhancement)
    • Ransomware - DeadLock (Enhancement)
    • Ransomware - Dire Wolf (Enhancement)
    • Ransomware - Jackpot (MedusaLocker) (Enhancement)
    • Ransomware - KaWaLocker (Enhancement)
    • Ransomware - KREMLIN (Enhancement)
    • Ransomware - Kyj (Enhancement)
    • Ransomware - Level (Enhancement)
    • Ransomware - Mr.Dark101 (Enhancement)
    • Ransomware - Nitrogen (Enhancement)
    • Ransomware - RA World (Enhancement)
    • Ransomware - RestoreMyData (Enhancement)
    • Ransomware - REVRAC (Enhancement)
    • Ransomware - Rokku (Enhancement)
    • Ransomware - RTRUE (Enhancement)
    • Ransomware - Sinobi (Enhancement)
    • Ransomware - Solara (Enhancement)
    • Ransomware - THRSX (Enhancement)
    • Ransomware - Tiger (Enhancement)
    • Ransomware - UraLocker (Enhancement)
    • Ransomware - Vatican (Enhancement)
    • Ransomware - Ziver (Enhancement)
  • SAM Signatures
    • Impacket smbexec Execution – (Enhancement)
    • Impacket psexec Execution – (Enhancement)
    • Certificate Signing Request via Web Enrollment from Non-Browser Client (New)
    • SMB Public Share Enumeration Across Multiple Client Ports, Script Associated (New)
    • SMB Public Share Enumeration Across Multiple File Names (New)
    • SMB Public Share Enumeration Across Multiple File Names (New)
    • SMB Public Share Enumeration Across Multiple Servers (New)
    • SMB Public Share Write (New)
    • SMB Public Share Write Across Multiple Client Ports, Script Associated (New)
    • SMB Public Share Write Across Multiple File Names (New)
    • SMB Public Share Write to Multiple Servers (New)
  • Application Control Policy
    • Intralinks – Login (New)
    • Intralinks – View (New)
    • Outlook – Add Attachment (Enhancement)
    • Inline tenant control for Google Docs (New)
    • Inline tenant control for Dropbox (New)
  • XDR Indications of Attack
    • Anomaly Detection
      • Putty Connection First Occurrence Anomaly (New)
      • First Occurrence of SSH Upstream Activity (New)
      • First Occurrence of SAMR Activity (New)
      • First Occurrence of Outbound Tor/Bittorrent/Torrent Activity (New)
      • Abnormal Outbound Tor/BitTorrent/Torrent Activity (New)
      • Abnormal DNS Activity (New)

  • Device Inventory

    • These are the updates to the Device Inventory detection engine:

      • Networking

        • Access Point
          • Aruba Networks (Enhancement)
        • Network Appliance
          • Cisco Meraki (Enhancement)
        • WAP
          • SonicWave (New)
          • Cisco (Enhancement)

      • IoT

        • Media Player
          • Roku (Enhancement)
        • Payment Terminal
          • Castles Technology (Enhancement)
          • Verifone (Enhancement)
        • Printer
          • Canon (Enhancement)
          • Epson (Enhancement)
          • HP (Enhancement)
          • Konica Minolta (Enhancement)
          • Kyocera (Enhancement)
          • Lexmark (Enhancement)
          • Ricoh (Enhancement)
        • Signage Media Player
          • BrightSign (Enhancement)
        • Smart Display
          • Kyocera (Enhancement)
        • Smart TV
          • Samsung (Enhancement)
          • TCL (Enhancement)
        • Video Conferencing
          • Logitech (Enhancement)
        • IP Camera
          • Axis (Enhancement)
          • Dahua (Enhancement)
          • Hikvision (Enhancement)
          • Vivotek (Enhancement)
        • VoIP
          • Aastracom (Enhancement)
          • Cisco (Enhancement)
          • Grandstream Networks (Enhancement)
          • Mitel (Enhancement)
          • Panasonic (Enhancement)
          • Polycom (Enhancement)
          • Siemens (Enhancement)
          • Ubiquiti (Enhancement)
          • Yealink (Enhancement)
      • PC
        • Desktop
          • HP (Enhancement)
          • Lenovo (Enhancement)
        • Laptop
          • Asus (Enhancement)
          • Dell (Enhancement)
          • HP (Enhancement)
          • Lenovo (Enhancement)
          • Microsoft (Enhancement)
          • Toshiba (Enhancement)
          • Vaio (Enhancement)
        • Thin Client
          • HP (Enhancement)
        • Workstation
          • Apple (Enhancement)
          • Fujitsu (Enhancement)
          • Lenovo (Enhancement)
          • NEC (Enhancement)
          • Panasonic (Enhancement)
      • Mobile
        • Mobile Computer
          • Zebra (Enhancement)
        • Mobile Phone
          • Apple (Enhancement)
          • Janam (Enhancement)
          • Oppo (Enhancement)
          • Samsung (Enhancement)
          • Zebra (Enhancement)
        • Tablet
          • Apple (Enhancement)
          • Samsung (Enhancement)
      • Server
        • Print Server
          • Axis (Enhancement)