Product Updates - January 5, 2026

New Features & Enhancements

  • Enhanced Experience Monitoring Topologies for WAN and Internet Apps: To help you quickly identify where performance issues occur across the full traffic path, the Experience Monitoring page (Home > Experience Monitoring) now shows a richer end-to-end topology for both Internet and WAN applications (DEM license is required).
    • Visibility for both ingress and egress PoPs in all drill-down views
    • Additional destination-site nodes and metrics, including:
      • First Mile metrics for the destination path
      • Socket, IPsec, or Cloud Interconnect nodes with their relevant metrics
    • This feature is being gradually released over the next few weeks
  • Wiz Integration with XOps for Cloud Environment Visibility: We are extending XOps to include issue data from Wiz to generate stories based on vulnerabilities in your cloud environment to investigate in the Stories Workbench (Home > Stories Workbench).
    • This integration streamlines investigation and correlation across your network and cloud environments by automatically generating stories based on Wiz issue data, including:
      • Issue details and resources
      • Common IOCs (e.g., users, IP addresses, and domains) to correlate between Cato-based and Wiz-based issues
      • XOps license required
  • New Demo Mode Use Case - Investigating Suspicious DNS Activity: A new Demo Mode use case shows how to use XOps to investigate suspicious DNS activity. This helps teams understand typical investigation workflows and security insights using sample data.
    • Access Demo Mode through the AskAI button at the top of the Cato Management Application (CMA)
  • Reminder - Deprecation of ILMM Scheduled Maintenance Page: As part of the migration of the ILMM service to the CMA, the ILMM Scheduled Maintenance page is now deprecated and fully replaced by the Mute Stories policy.
    • Create Mute Stories rules to suppress alerts during planned maintenance windows
    • Note: Existing Scheduled Maintenance entries are not automatically migrated to the Mute Stories policy
    • For more details, see the original announcement

PoP Announcements

  • Phoenix, US: A new range (199.27.47.0/24) will soon be added to the Phoenix PoP location.

Security Updates

  • Apps Catalog

    View more details about apps in the Apps Catalog.

    • New Apps: 3 new apps – Crunched, Farsight, ProSights
    • Enhanced Apps:
      • doodle
        • Removed category Chat and IM
      • Snapchat
        • Added categories Chat and IM, Media Streams
    • Category Changes:
      • Chat and IM:
        • Added app: Snapchat
        • Removed app: doodle
      • Media Streams:
        • Added app: Snapchat

  • IPS Signatures

    View more details about the IPS signatures and protections in the Threats Catalog.

    • CVE-2025-20333 (New)

  • SAM Signatures

    These protections were added to the SAM service:

    • ICMP Tunneling - Inconsistent Outbound ICMP Payload Detected (New)
  • Application Control Policy / CASB
    • CASB
      • Perplexity - Login (Enhancement)
  • XDR Indications of Attack
    • Anomaly Detection
      • First Occurrence of INBOUND RDP Activity in a Site (New)
      • SMTP Application Upstream Bandwidth Anomaly (New)
      • First Occurrence of INBOUND RDP Activity in a Site (New)
      • Abnormal INBOUND RDP Activity (New)

  • Application Control Via API and Data Protection API Integrations

    The enhancements were made for Application Control Via API

    • Microsoft 365 Activities
      • Anomaly Events (New)
    • GitHub Activities
      • Anomaly Events (Enhancement)
    • Wiz Activities
      • CDR (New)
    • Snyk Activities
      • Anomaly Events (New)
    • Zoom Activities
      • Experience (Enhancement)

  • Device Inventory

    These are the updates to the Device Inventory detection engine:

    • NETWORKING
      • Firewall
        • Check Point (Enhancement)
    • OT
      • Industrial Control
        • Wiesemann & Theis (New)

Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.

Was this article helpful?

1 out of 1 found this helpful

0 comments