Product Updates - November 10, 2025

New Features & Enhancements

  • Device Posture Profiles for Always-On Policy: We've added the ability to use device posture profiles in the Always-On policy. This lets you differentiate between corporate devices that can authenticate with a device certificate check and personal unmanaged devices.
  • New Default Network Rule and Best Practice for Software Update Traffic: For better traffic prioritization, we added a new default rule to the Network Rules policy that defines the lowest priority for traffic for software updates, including MDM traffic.
    • For all accounts, we added a new check to the Best Practices page to ensure that software update traffic is defined with a low priority
    • The default rule is included in the Network Rules for new accounts only
  • Windows Client v5.20: Starting the week of November 10, 2025, we will gradually roll out the new Windows Client version 5.20. This version includes:
    • Stability improvements
    • Security updates
    • Bug fixes
  • IoT/OT Security Integration with Armis for High-Precision Device Inventory: To increase the accuracy of device discovery, you can now integrate Armis device intelligence data with Cato’s device inventory. A unified view with enriched attributes from both systems is presented on the Home > Device Inventory page.
    • Configure in the Resources > Integrations page, or with the API
    • This integration provides:
      • Precise device identification: Combining data from both Cato and Armis
      • Enhanced visibility: Managed, unmanaged, IoT, and OT assets are all visible in a unified view with rich contextual metadata
      • Informed security decisions: A clearer, more complete view of your connected devices
    • Requires IoT/OT license
    • Click here to watch a video recording of this feature
  • Application Control via API Support for Make: Connecting SaaS apps to Cato lets you understand who is accessing each app and identify suspicious activities or trends, even when users are not connected to the Cato Cloud. You can now connect your Make account to provide visibility into user activities.
    • The Make app is available from the Integrations Catalog, under App Activities
    • This feature is included in the CASB license
  • DLP Supports PII Data from Additional Countries: Data Loss Prevention now monitors PII data, for example: driver’s license, passport, and personal ID, from these additional countries: Austria, Bulgaria, Cyprus, Czech Republic, Estonia, France, Greece, Hungary, Latvia, Lithuania, Luxembourg, Malta, Portugal, Romania, Slovakia, and Slovenia.
    • The full list of supported data types can be viewed in the Data Catalog
  • DHCP Enhancement for Socket Native Ranges: For better control over DHCP allocations and reservations, you can now configure multiple separate DHCP ranges under the same native range. For example, the native range 1.1.1.0/24 can be configured with these 3 separate ranges:
    • 1.1.1.1 - 1.1.1.100 (for DHCP allocations)
    • 1.1.1.101 - 1.1.1.199 (for reservations)
    • 1.1.1.200 - 1.1.1.255 (for DHCP allocations)
  • Site Operations Story for Offline Socket After Upgrade: For faster root cause analysis and recovery, we added a Site Operations story that detects when an upgraded Socket is offline longer than expected.
  • Browser Extension v1.2: A new Browser Extension v1.2 will be available in the Chrome Web Store, and includes the following:
    • Significantly reduced appearance of browser Sign-In pop-up message
    • Improved log collection
  • Terraform Modules for TLS Inspection Policy Automation: Simplify TLS Inspection policy deployment and management through Infrastructure as Code. Admins can define TLS Inspection rules and sections in JSON and automate policy updates via Terraform.
    • Automate the bulk creation of TLS Inspection rules and sections from a structured JSON file
    • Easily manage rule order, sections, and item locations when updating TLS Inspection policies in the CMA
  • Change the HA Role for Sockets with One Click: You can now use the CMA to switch the High Availability (HA) roles of the primary and secondary Sockets, or proactively trigger a failover for testing purposes.
    • The Manual HA Failover option is available in the Network > Sites page in the Actions drop-down
  • Socket v24.0.20874: We started the gradual release of minor Socket version 24.0.20874. The build contains bug fixes and internal enhancements.

Security Updates

  • Apps Catalog

    View more details about apps in the Apps Catalog.

    • Removed Apps: 2 apps – Mailchi (included in Mailchimp), neuro-flash.com (included in Neuroflash)
    • Enhanced Apps:
      • Adobe Creative Cloud
        • Added domain creativecloud.adobe.com
      • Ai Software Llc
        • Added domains equals3.ai, smartaction.ai, textel.net
      • Appian Corporation
        • Added domain appiancloud.com
      • Aryel Srl
        • Added domain aryel.app
      • Atlassian Remote MCP Server
        • Added domain cf.mcp.atlassian.com
      • Auth0
        • Updated app domains
      • Basecamp LLC
        • Removed category "Media Streams"
      • Blackbox
        • Added domain useblackbox.io
      • Bolt
        • Added domain bolt.new
      • Box
        • Added domains boxcn.net, boxenterprise.net
      • Chatbase
        • Added domain chatbase.co
      • Civit AI
        • Added the domain civitai.green
      • Databricks
        • Added domain azuredatabricks.net
      • Deepmind Technologies Limited
        • Added domain deepmind.google
      • Duckduckgo
        • Added domain duck.ai
      • eclinicalworks
        • Added domains eclinicalweb.com, ecwcloud.com, healow.com
      • Flux AI
        • Added domain fluxaiimagegenerator.com
      • Framer
        • Added domain framerusercontent.com
      • Freepik Company S.L.
        • Added domains freepik.es, originalmockups.com
      • Gamma Tech
        • Added domain gamma.site
      • Heygen
        • Added domain movio.la
      • Hootsuite Inc.
        • Added domain heyday.ai
      • inFeedo Inc
        • Added domain infeedo.ai
      • Languagetool
        • Added domain languagetoolplus.com
      • Linguee
        • Added domain linguee.com
      • Listnr
        • Added domain listnr.tech
      • livechat
        • Added domain lc.chat
      • Lucid Vr
        • Added domain lucid.co
      • MailChimp
        • Added domain mailchi.mp
      • Meta
        • Updated app domains
      • Meta AI
        • Added domain ai.meta.com
      • Midjourney
        • Added domain midjourney.co
      • Miro - RealtimeBoard, Inc.
        • Added domain realtimeboard.com
      • motionbox
        • Added domain motionbox.io
      • Moveworks
        • Added domain moveworks.ai
      • Neuroflash
        • Modified name from Neuroflash Gmbh to Neuroflash
        • Added categories Generative AI Tools, Productivity
        • Added domain neuro-flash.com
      • novita.ai
        • Added domain omniinfer.io
      • Panopto, Inc.
        • Added domain panopto.eu
      • Pi by Inflection AI
        • Added domain heypi.com
      • Pixelz AI
        • Added domain pixelz.com
      • RingCentral
        • Updated app IPs
      • SAP SE
        • Added domain cloud.sap
      • Sprout Social, Inc.
        • Added domain sprout.link
      • Stability AI
        • Updated app domains
      • SurveyMonkey Inc.
        • Added domains surveymonkey.ca, surveymonkey.co.uk, surveymonkey.net
      • Suspicious TLD mov
        • Updated app domains
      • Suspicious TLD top
        • Updated app domains
      • Suspicious TLD zip
        • Updated app domains
      • Thoughtspot
        • Added domain thoughtspot.cloud
      • Tines Security Service
        • Added domain tines.inf.elasticnet.co
      • Tools A Day
        • Added domain toolsaday.com
      • Typetone
        • Added domain schrijven.ai
      • Udio AI Music Generator
        • Added domain udio.com
      • Usabilla
        • Removed domains surveymonkey.ca, surveymonkey.co.uk, surveymonkey.net
      • vision6
        • Added domain vision6.com.au
      • Weights & Biases
        • Added domain wandb.auth0.com
      • Yandex Appmetrica
        • Modified name from Yandex AppMetrica to Yandex Appmetrica
        • Application is now available in Application Control rules
        • App risk increased from 1 to 3
      • Yandex Cloud
        • Application is now available in Application Control rules
        • App risk increased from 1 to 3
      • Yandex Disk
        • Application is now available in Application Control rules
        • App risk decreased from 4 to 3
      • Yandex E-Mail
        • Application is now available in Application Control rules
        • App risk decreased from 4 to 3
      • Yandex Market
        • Application is now available in Application Control rules
        • App risk increased from 1 to 3
      • Yandex Tanslate
        • Application is now available in Application Control rules
        • App risk increased from 1 to 3
    • Category Changes:
      • Generative AI Tools: Added app Neuroflash
      • Media Streams: Removed app Basecamp LLC
      • Productivity: Added app Neuroflash

  • IPS Signatures

    View more details about the IPS signatures and protections in the Threats Catalog.

    • CVE-2025-0868 (New)
    • CVE-2025-3600 (New)
    • CVE-2025-25034 (New)
    • CVE-2025-59287 (New)
    • Sliver C2 - HTTP Session CnC First Request to The Server (New)
  • Out of Band Integrations
    • New Apps – Make Activities (New)
    • Enhanced Apps –
      • GitHub Activities
        • Code Scan Alerts (Enhancement) - Added Resource fields
        • Vulnerability Scan Alerts (Enhancement) - Added Resource fields
        • Secret Scan Alerts (Enhancement) - Added Resource fields
      • Slack Activities
        • Security Anomalies (Enhancement) - Added Resource fields
      • Microsoft 365 App Activities
        • Security Anomalies (Enhancement) - Added Resource fields
      • Google Activities
        • Security Anomalies (Enhancement) - Added Resource fields
  • Application Control Policy / CASB
    • Google Drive - Share (Enhancement)
    • ChatGPT - Download File (Enhancement)
  • DLP
    • ChatGPT - Download File (Enhancement)
  • XDR Indications of Attack
    • Anomaly Detection
      • Application Used with Multiple Tenants Across the Organization (New)
      • PsExec Activity Anomaly (New)
      • First Occurrence of File Transfer Protocols Activity Over The LAN (New)
      • Abnormal Suspicious Activity (New)

  • Device Inventory

    These are the updates to the Device Inventory detection engine:

    • IOT
      • Multifunction Device
        • Canon (Enhancement)
      • Payment Terminal
        • Castles Technology (Enhancement)
        • Verifone (Enhancement)
      • Printer
        • Brother Industries (Enhancement)
        • Epson (Enhancement)
        • HP (Enhancement)
        • Konica Minolta (Enhancement)
        • Kyocera (Enhancement)
        • Lexmark (Enhancement)
        • Xerox (Enhancement)
        • Zebra (Enhancement)
      • Signage Media Player
        • BrightSign (Enhancement)
      • Speaker
        • Algo (Enhancement)
      • Unidentified IoT
        • Grandstream Networks (Enhancement)
        • Synology (Enhancement)
      • Video Conferencing
        • Cisco (Enhancement)
      • VoIP
        • Aastracom (Enhancement)
        • Avaya (Enhancement)
        • Cisco (Enhancement)
        • Digium (Enhancement)
        • Grandstream Networks (Enhancement)
        • Polycom (Enhancement)
        • Snom (Enhancement)
        • Yealink (Enhancement)
      • IP Camera
        • Axis (Enhancement)
        • Uniview (Enhancement)
    • PC
      • Desktop
        • Dell (Enhancement)
        • HP (Enhancement)
        • Lenovo (Enhancement)
      • Laptop
        • Apple (Enhancement)
        • Dell (Enhancement)
        • HP (Enhancement)
        • Lenovo (Enhancement)
        • Microsoft (Enhancement)
        • Toshiba (Enhancement)
        • Vaio (Enhancement)
      • Thin Client
        • Dell (Enhancement)
      • Workstation
        • Apple (Enhancement)
        • Fujitsu (Enhancement)
        • HP (Enhancement)
        • NEC (Enhancement)
        • Panasonic (Enhancement)
    • MOBILE
      • Mobile Computer
        • Zebra (Enhancement)
      • Mobile Phone
        • Newland (Enhancement)
        • Oppo (Enhancement)
        • Samsung (Enhancement)
        • Vivo (Enhancement)
      • Tablet
        • Samsung (Enhancement)
    • NETWORKING
      • Network Appliance
        • 3Com (Enhancement)
        • Aruba Networks (Enhancement)
        • Juniper Networks (Enhancement)
        • Ubiquiti (Enhancement)
    • SERVER
      • Media Server
        • Roku (Enhancement)
      • Print Server
        • HP (Enhancement)

Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.

Was this article helpful?

1 out of 1 found this helpful

0 comments