Product Updates - January 19, 2026

New Features & Enhancements

  • XOps Supports Predictive Alerting on Socket CPU Trends: As part of the Cato Insights platform, XOps analyzes CPU usage trends to proactively alert on potential issues before they occur.
    • Stories are created with all supported data and remediation playbooks
    • Webhook notification is supported via Response Policy
    • Requires an XOps license
  • Socket Refresh Policy: Read this article to learn about how Cato manages the lifecycle of Socket hardware devices. This policy helps you understand what to expect when your Socket hardware approaches end-of-support, and how and when Cato initiates hardware replacements.
    • To see which Sockets are approaching end-of-support, use the Hardware Version column in the Sockets & Accessories page (Account > Sockets & Accessories) to see all the Socket models in the account (e.g. X1500 and X1500B). This column is hidden by default.
  • Additional Filtering Capabilities for appStats API: Filter aggregated results of the appStats API. For example, return only users whose total application usage exceeds a defined threshold, or return only apps with traffic volume above a specific value.
    • Apply filters after aggregation, similar to the SQL HAVING clause
    • Filtering aggregated fields is only supported for numeric fields (arrays and string fields are not supported)

Security Updates

  • Apps Catalog

    View more details about apps in the Apps Catalog.

    • New Apps: 2 new apps, Chrome Webstore, D.e-Express
    • Enhanced Apps:
      • Windows
        • Updated app domains
      • Zscaler
        • Updated app IPs

  • IPS Signatures

    View more details about the IPS signatures and protections in the Threats Catalog.

    • CVE-2020-29047 (Enhancement)
    • CVE-2025-14847 (New)
    • CVE-2025-2621 (New)
    • CVE-2025-37164 (New)
    • CVE-2025-54236 (New)
    • CVE-2025-54249 (New)
    • CVE-2025-55183 (New)
    • CVE-2025-55184 (New)
    • CVE-2025-68645 (New)

  • SAM Signatures

    These protections were added to the SAM service:

    • ICMP Tunneling - Inconsistent Wan ICMP Payload Detected (New)
  • Application Control Policy
    • CASB
      • Mediafire - upload (New)
  • TLS Inspection
    • Google ChromeOS Rules (New)
  • XDR Indications of Attack
    • Anomaly Detection
      • Remote Access Application Upstream Bandwidth Anomaly (Enhancement)
      • Remote Access Netbios Application Upstream Bandwidth Anomaly (New)
      • Unusual Volume of User Password Change Activities (Enhancement)
      • Unusual Volume of User Delete device Activities (New)
      • Unusual Volume of User Delete Activities (New)
      • Unusual Volume of User Password Reset Activities (New)
      • Abnormal Identity Deletion Activity by User (New)
      • Massive login activities by an authorized third-party user (New)
      • IP checking services First Occurrence Anomaly (Enhancement)
      • First Occurrence of Outbound Remote Access Activity from Site (Enhancement)
      • Abnormal File Transfer Protocols Activity Over The LAN (New)
      • Unusual Volume of User Removing member from group Activities (New)
    • Threat Hunting
      • Sensitive Data Transfer via Generative AI Application (New)
  • Application Control Via API and Data Protection API Integrations

Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.

Was this article helpful?

0 out of 0 found this helpful

0 comments