Product Updates - September 15, 2025

New Features & Enhancements

• Introducing Advanced Groups with Full API Support: Over the next few weeks, we are gradually rolling out advanced groups that use a new infrastructure for CMA policies:
  • Provides full API support for automation and integration workflows
  • Available for use in Internet and WAN Firewall policies
  • Improved user experience with built-in validation, only compatible advanced groups are available for the rule (such as a Source for the WAN Firewall)
  • Supports member types: sites, hosts, subnets, etc.
    Note: Existing groups remain available and fully supported for relevant use cases
• Important - Microsoft Azure is Changing Default Outbound Access for New Virtual Networks: After Mar. 31, 2026, new Azure virtual networks will be configured by default with private subnets, requiring explicit outbound access to reach the Internet or Microsoft services.
  • According to Microsoft documentation, existing vSockets with the None setting remain supported
  • New vSockets from the Marketplace will default to Public IP
  • Cato has updated its Azure Terraform modules to align with this change
  • Please review Microsoft's guidance to plan for this change
• File Hash Blocklist Support in Anti-Malware Policy: You can now block files based on SHA-256 hashes from your own threat intelligence sources by adding them to the Anti-Malware blocklist, providing stronger protection against known threats.
  • Also supported via API
• NAT Policy Enforcement Includes All Inbound Traffic: For consistent policy application across all relevant traffic types, we now enforce the NAT policy on DNS and LAN Monitoring traffic.
  • Previously, this traffic was classified as system traffic and excluded from the policy
  • Gradually rolling out over the next few weeks
• New IoT/OT Security Integration with Zoom for Enhanced Device Context and Visibility: To enrich device information, you can now integrate Zoom metadata with Cato’s device inventory. A unified view with enriched attributes from both systems is presented on the Home > Device Inventory page.
  • Configure in the Resources > Integrations page, or with the API
  • This integration provides:
    • Expanded device context: Incorporating Zoom session and connection metadata into device profiles
    • Greater accuracy in device attribution: Helping security teams correlate devices
  • Requires DEM and IoT/OT licenses

Security Updates

• App Catalog
  • ON24, Inc. (Enhancement)
  • Foxit Software (Enhancement)
• IPS Signatures

  • IPS Signatures: View more details about the IPS signatures and protections in the Threats Catalog:

    • CVE-2020-11455 (New)
    • CVE-2020-13886 (New)
    • CVE-2020-15050 (New)
    • CVE-2020-17456 (New)
    • CVE-2020-24285 (New)
    • CVE-2020-26073 (New)
    • CVE-2020-27191 (New)
    • CVE-2020-35736 (New)
    • CVE-2020-8641 (New)
    • CVE-2021-20092 (New)
    • CVE-2021-23241 (New)
    • CVE-2021-24227 (New)
    • CVE-2021-29006 (New)
    • CVE-2021-33544 (New)
    • CVE-2021-35380 (New)
    • CVE-2021-38751 (New)
    • CVE-2021-40651 (New)
    • CVE-2021-41293 (New)
    • CVE-2021-41749 (New)
    • CVE-2021-43421 (New)
    • CVE-2021-43495 (New)
    • CVE-2021-43496 (New)
    • CVE-2021-43831 (New)
    • CVE-2021-45043 (New)
    • CVE-2021-45967 (New)
    • CVE-2021-46381 (New)
    • CVE-2022-24288 (New)
    • CVE-2023-26469 (New)
    • CVE-2023-3722 (New)
    • CVE-2024-20356 (New)
    • CVE-2024-23334 (New)
    • CVE-2024-3673 (New)
    • CVE-2024-38018 (New)
    • CVE-2024-7399 (New)
    • CVE-2024-8752 (New)
    • CVE-2024-8859 (New)
    • CVE-2024-9707 (New)
    • CVE-2025-1097 (New)
    • CVE-2025-1098 (New)
    • CVE-2025-1974 (Enhancement)
    • CVE-2025-24513 (Enhancement)
    • CVE-2025-24514 (New)
    • CVE-2025-34300 (New)
    • CVE-2025-53778 (New)
    • Malware - Oyster (New)
    • Ransomware - 707 (Enhancement)
    • Ransomware - Charon (Enhancement)
    • Ransomware - CyberHazard (Enhancement)
    • Ransomware - GRYPHON (Enhancement)
    • Ransomware - Keversen (New)
    • Ransomware - Matrix (Proton) (Enhancement)
    • Ransomware - RDAT (Enhancement)
    • Ransomware - SolutionWeHave (New)
    • Ransomware - Traders (Enhancement)
    • Web Application Attack - Active Directory Certificate Services (ADCS) ESC1 Attack - Certificate Signing Request (CSR) with Enrollee-Supplied Subject (New)
  • SAM Signatures
    • These protections were added to the SAM service:
      • UPX Packed File Download (New)
  • OS Detection
    • OS embedded signature for Cisco Meraki devices (New)
    • OS Linux signature for IO DATA devices (New)
  • Application Control Policy
    • Inline tenant control for Zendesk (New)
  • XOps Indications of Attack
    • Anomaly Detection
      • First Occurrence of Outbound Remote Access Activity from Site (New)
      • Abnormal File Sharing/Cloud Storage App Outbound Activity from Site (New)
      • Unusual SMB Traffic from Site Over the WAN (New)
    • Threat Prevention
      • Suspicious Network Activity (MS-PowerShell) (Enhancement)
      • Abnormal HTTP/TLS on Non-Standard Ports in a Site) (Enhancement)
      • Device fingerprint sending  via user agent (Enhancement)
      • Suspicious Network Activity (MS-Office) (Enhancement)
  • Device Inventory
    • These are the updates to the Device Inventory detection engine:
      • IoT
        • Multifunction Device
          • Canon (Enhancement)
        • Payment Terminal
          • Castles Technology (Enhancement)
          • Verifone (Enhancement)
        • Printer
          • Brother Industries (Enhancement)
          • Epson (Enhancement)
          • HP (Enhancement)
          • Konica Minolta (Enhancement)
          • Kyocera (Enhancement)
          • Lexmark (Enhancement)
          • Xerox (Enhancement)
          • Zebra (Enhancement)
        • Signage Media Player
          • BrightSign (Enhancement)
        • Speaker
          • Algo (Enhancement)
        • Unidentified IoT
          • Grandstream Networks (Enhancement)
          • Synology (Enhancement)
        • Video Conferencing
          • Cisco (Enhancement)
        • VoIP
          • Aastracom (Enhancement)
          • Avaya (Enhancement)
          • Cisco (Enhancement)
          • Digium (Enhancement)
          • Grandstream Networks (Enhancement)
          • Polycom (Enhancement)
          • Snom (Enhancement)
          • Yealink (Enhancement)
      • PC
        • Desktop
          • Dell (Enhancement)
          • HP (Enhancement)
          • Lenovo (Enhancement)
        • Laptop
          • Apple (Enhancement)
          • Dell (Enhancement)
          • HP (Enhancement)
          • Lenovo (Enhancement)
          • Microsoft (Enhancement)
          • Toshiba (Enhancement)
          • Vaio (Enhancement)
        • Thin Client
          • Dell (Enhancement)
        • Workstation
          • Apple (Enhancement)
          • Fujitsu (Enhancement)
          • HP (Enhancement)
          • NEC (Enhancement)
          • Panasonic (Enhancement)
      • Mobile
        • Mobile Computer
          • Zebra (Enhancement)
        • Mobile Phone
          • Newland (Enhancement)
          • Oppo (Enhancement)
          • Samsung (Enhancement)
          • Vivo (Enhancement)
          • Galaxy Note (Enhancement)
        • Tablet
          • Samsung (Enhancement)
          • Networking
            • Network Appliance
              • 3Com (Enhancement)
              • Aruba Networks (Enhancement)
              • Juniper Networks (Enhancement)
              • Ubiquiti (Enhancement)
      • Server
        • Media Server
          • Roku (Enhancement)
        • Print Server
          • HP (Enhancement)