Product Updates - October 27, 2025

New Features & Enhancements

  • Granular Tenant Awareness for SaaS Apps: You can now define Application Control rules based on specific SaaS tenants, adding granular visibility and control over user activity across apps like Microsoft OneDrive, Google Drive, and Dropbox. This enables you to differentiate between corporate and personal app instances. For example, you can allow users to upload to your corporate Google Drive but block them from uploading to personal accounts to prevent data exfiltration. Key benefits include:
    • Enforce CASB and DLP policies with tenant-level precision
    • Restrict access to personal or unsanctioned tenants
    • Reduce compliance risk and data leakage
    • Requires CASB or DLP license
    • Click here to watch a video recording of this feature
  • Streamlined LDAP User Management - Import Filters and Dynamic Groups: Easily manage which LDAP users are imported into Cato (Access > Directory Services) and create dynamic user groups based on LDAP attributes.
    • Import LDAP Users with Custom Filters: Use LDAP query filters to control which users are imported into Cato.
      • Import only relevant users (e.g., full-time employees) based on LDAP conditions
      • The filter defines the user directory that dynamic groups are based on
    • Create Dynamic LDAP-Based User Groups: Define user groups in the CMA that automatically reflect LDAP attribute values, which helps maintain accurate, role-based policies without manual adjustments.
      • The dynamic group is a subset of the user directory you defined via the filter
      • Group users based on attributes like department, location, or title
      • Membership updates automatically with every LDAP sync
      • Click here to watch a video recording of this feature
  • New URL for Cato Client Upgrade Service: To ensure seamless upgrades, you must allowlist a new URL used by the Cato Client upgrade service.
    • Add https://clients.cdn.catonetworks.com/ to your allowlist
    • Required for automatic upgrades on Windows, macOS, and Linux

  • WAN Recovery Site-to-Site Tunnels Status in CMA: To ensure WAN Recovery readiness at all times, the site-to-site tunnels feature enables recovery of WAN traffic in case of an unlikely failure, such as a severe Cato Cloud issue. To enhance operational visibility, we have added a new status that indicates whether sites are fully, partially, or not ready for WAN Recovery. The status is displayed for sites as well as WAN interfaces.

    • You can view the status in these CMA pages: Topology, Sites, Site Configuration > Socket
    • Each site and interface can be viewed in wanRecoveryStatus in the accountsnapshot API queries
    • Supported for Socket v24 and higher
  • Support for Keycloak SSO for Users: We added KeyCloak as an SSO provider for authenticating users.
    • Previously, it was only possible to authenticate CMA admins using Keycloak
    • Click here to watch a video recording of this feature
  • Identical Internet-Only IP Ranges For IPsec Sites: To simplify network management and improve security for guest traffic, you can now configure identical IP ranges in multiple IPsec sites to be used for Internet-only traffic.
    • Previously was supported for Socket sites
    • Click here to watch a video recording of this feature
Final Reminder - Expiring 2015 Certificate for TLS Inspection
  • The default 2015 Cato root certificate used for TLS Inspection and Threat Prevention will expire on October 29, 2025. You must immediately distribute and activate the new Cato certificate. Otherwise, there will be service disruptions and security vulnerabilities in your account.
    • For more information, see this video and FAQ article.  
    • No action is needed if you’ve already activated the 2024 Cato certificate

PoP Announcements

  • Lima, PE: A new range (199.27.45.0/24) is now available for the Lima PoP location.

Security Updates

  • Apps Catalog

    View more details about apps in the Apps Catalog.

    • New Apps: 17 new apps – Google Alerts, Google Books, Google Scholar, Google Trends, Google Vertex AI, Naver Blog, Naver CHZZK, Naver Cafe, Naver Finance, Naver Land, Naver Mail, Naver News, Naver Papago, Naver Pay, Naver Shopping, Poka, Tplink Omada Discovery Protocol
    • Enhanced Apps:
      • 8x8
        • Added domains 8x8cloud.com, p8t.us, packet8.net, wavecell.com
      • Fortinet
        • Updated app IPs
      • Google Calendar
        • Updated app domains
      • Google Finance
        • Updated app domains
      • Google keep
        • Updated app domains
      • Google meet
        • Updated app domains
      • Google News
        • Updated app domains
      • Google Pay
        • Updated app domains
      • Google Shopping
        • Updated app domains
      • Google Travel
        • Updated app domains
      • Grok (X.ai)
        • Modified name from X Ai Corporation to Grok (X.ai)
      • Grok (X.ai) API
        • Modified name from X.ai API to Grok (X.ai) API
      • HubSpot
        • Updated app domains
      • Make by Celonis
        • Modified name from Celonis S R O to Make by Celonis
      • OneDrive Personal
        • Modified name from OneDrive to OneDrive Personal
      • PDF Converters Unified
        • Removed domain athena.io
      • Skype and MS Teams
        • Updated app domains

  • IPS Signatures

    View more details about the IPS signatures and protections in the Threats Catalog.

    • CVE-2020-20601 (New)
    • CVE-2021-46104 (New)
    • CVE-2022-24288 (Enhancement)
    • CVE-2022-37122 (New)
    • CVE-2024-34470 (New)
    • CVE-2024-9166 (New)
    • CVE-2025-0674 (New)
    • CVE-2025-10035 (New)
    • CVE-2025-20362 (New)
    • CVE-2025-27222 (New)
    • CVE-2025-36604 (New)
    • CVE-2025-49844 (New)
    • CVE-2025-57822 (New)
    • CVE-2025-59049 (New)
    • CVE-2025-61882 (New)
    • Heuristic - ICMP Tunneling - Abnormal Response Count (New)
    • Block Malicious Domain After Multiple Anti-Malware Detections (New)

  • SAM Signatures

    These protections were added to the SAM service:

    • TeamViewer WAN Lateral Remote Connectivity (Enhancement)
  • Out of Band Integrations
    • GitHub Activities
      • Code Scan Alerts (New)
      • Vulnerability Scan Alerts (New)
      • Secret Scan Alerts (New)
    • Slack Activities
      • Security Anomalies (New)
    • Microsoft 365 App Activities
      • Security Anomalies (New)
    • Google Activities
      • Security Anomalies (New)
    • Crowdstrike EDR
      • Device Inventory - Reporting devices from the EDR connector (New)
    • ChatGPT Activities (Enhancement)
  • Application Control Policy / CASB
    • Box - Inline tenant control (New)
  • XDR Indications of Attack
    • Anomaly Detection
      • Abnormal Remote Access Protocols Activity Over The LAN (New)
      • First Occurrence of Generative AI Application in the Organization (New)
      • First Occurrence of File Transfer Protocols Activity Over The LAN (New)
      • Abnormal Suspicious Activity (Enhancement)
    • Threat Hunting
      • Outbound DNS Queries for Local Domains (New)

  • Device Inventory

    These are the updates to the Device Inventory detection engine:

    • IOT
      • Multifunction Device
        • Canon (Enhancement)
      • Payment Terminal
        • Castles Technology (Enhancement)
        • Verifone (Enhancement)
      • Printer
        • Brother Industries (Enhancement)
        • Epson (Enhancement)
        • HP (Enhancement)
        • Konica Minolta (Enhancement)
        • Kyocera (Enhancement)
        • Lexmark (Enhancement)
        • Xerox (Enhancement)
        • Zebra (Enhancement)
      • Signage Media Player
        • BrightSign (Enhancement)
      • Speaker
        • Algo (Enhancement)
      • Video Conferencing
        • Cisco (Enhancement)
      • VoIP
        • Aastracom (Enhancement)
        • Avaya (Enhancement)
        • Cisco (Enhancement)
        • Digium (Enhancement)
        • Grandstream Networks (Enhancement)
        • Polycom (Enhancement)
        • Snom (Enhancement)
        • Yealink (Enhancement)
    • PC
      • Desktop
        • Dell (Enhancement)
        • HP (Enhancement)
        • Lenovo (Enhancement)
      • Laptop
        • Apple (Enhancement)
        • Dell (Enhancement)
        • HP (Enhancement)
        • Lenovo (Enhancement)
        • Microsoft (Enhancement)
        • Toshiba (Enhancement)
        • Vaio (Enhancement)
      • Thin Client
        • Dell (Enhancement)
      • Workstation
        • Apple (Enhancement)
        • Fujitsu (Enhancement)
        • HP (Enhancement)
        • NEC (Enhancement)
        • Panasonic (Enhancement)
    • MOBILE
      • Mobile Computer
        • Zebra (Enhancement)
      • Mobile Phone
        • Newland (Enhancement)
        • Oppo (Enhancement)
        • Samsung (Enhancement)
        • Vivo (Enhancement)
      • Tablet
        • Samsung (Enhancement)
    • NETWORKING
      • Network Appliance
        • 3Com (Enhancement)
        • Aruba Networks (Enhancement)
        • Juniper Networks (Enhancement)
        • Ubiquiti (Enhancement)
    • OT, IOT
      • IP Camera
        • Axis (Enhancement)
        • Uniview (Enhancement)
    • SERVER
      • Media Server
        • Roku (Enhancement)
      • Print Server
        • HP (Enhancement)

Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.

Was this article helpful?

0 out of 0 found this helpful

0 comments