Product Updates - July 6, 2026

New Features & Enhancements

  • Updated EOS Policy for Cato Clients: We are updating the End of Support (EOS) policy for Cato Clients for all operating systems and devices to make the support lifecycle clearer and help you plan Client upgrades more effectively.
    • Each Client version automatically reaches EOS one year after its release date. For information, see this article
  • Ask AI Simplifies Support Escalation: Ask AI helps you investigate issues faster with guided answers and relevant context. Troubleshoot issues directly in Ask AI, and if needed, it will create a draft of a Support ticket populated from the full context of your conversation.
  • Socket Hardware Refresh for X1500A and X1700A Models: Following the February 2026 End of Support (EOS) announcement for X1500A and X1700A Sockets (effective July 1, 2030), Cato is starting the hardware refresh process to replace eligible devices with newer models. Cato notifies eligible accounts during the renewal process. For details, see this article.
  • XOps Experience Anomaly Enhancements: We expanded Experience Anomalies with new detections for application response time and HTTP latency across remote users, sites, and ISPs. Other enhancements include:
    • Related anomalies detected for multiple users are automatically aggregated into a single story
    • The new Entities widget shows all impacted entities
    • Each anomaly detection generates an event of subtype Anomaly shown in the story Incident Timeline, and available in the Events page
    • DEM and XOps licenses required. Show me the CMA page
  • Expanded Posture Checks: Get broader visibility into your account with new checks for SSO, Always-On, Device Posture, and network settings to make sure you are aligned with Cato best practices. To view posture checks, go to Home > Posture (open the Posture CMA page).
  • Improved AI Security Engine Detection: We enhanced the AI Security Engine to more accurately detect sensitive personal identifiers in AI interactions, including a significantly improved Name detector. This helps identify more relevant AI Security events with fewer false positives.
    • AI Security for Applications or AI Security for Users license required
  • CMA Enhancement - Improvements to the App Catalog:
    • Display FQDNs: The App Quick View panel displays the FQDNs associated with each app
    • Search Account Overridden Domains: On the Account Overridden Domains panel, you can search the list of domain categories that you redefined for your account

PoP Announcements

  • Tokyo, JP: A new range (113.30.138.0/24) is now available for the Tokyo PoP location.
  • The following localized IP ranges for Egypt and Martinique are now available:
    • EG: 216.252.183.32/27 (serviced through the Milan PoP location)
    • MQ: 45.62.191.160/28 (serviced through the Miami PoP location)
  • The following new ranges will soon be available:
    • London, UK: 159.117.244.0/24
    • Paris, FR: 159.117.245.0/24

Security Updates

  • Apps Catalog

    View more details about apps in the Apps Catalog.

    • New Apps: 9 new apps: AireSpring AirePBX, Gurkerl, Kifli, Knuspr, Rohlik, Rohlik Group, S7comm, Sezamo, Wonderful
    • Enhanced Apps:
      • Amazon Bedrock
        • Updated app domains
      • RTP
        • Signature Updated
      • Tnt
        • Added domain tnt.fr
      • Tor Network
        • Signature Updated
        • Updated app IPs
    • Category Changes:
      • Business Operations AI:
        • Removed app: SiliconExpert
      • Business Systems:
        • Added apps: Deon Gmbh & Kg, Qzzr, Inc., Yasoon Gmbh, conceptboard
      • Chat and IM:
        • Added app: Keybase
      • Computers and Technology:
        • Added apps: Bechtle Ag, Boschsecurity, Telekom
      • ERP And CRM:
        • Added apps: Scopevisio Ag, ariba
      • Education:
        • Added apps: Duden, Toddle
      • Finance:
        • Added apps: Billomat Gmbh & Kg, Lexoffice
      • Generative AI Tools:
        • Removed app: SiliconExpert
      • Government:
        • Added app: Af
      • Hiring:
        • Added apps: Gradar, Heavenhr Gmbh
      • News:
        • Added apps: Bmj, Computerbase, Gsmarena, Heise, Sport1, Tvspielfilm, Wallstreet-online, Winfuture
      • Online Storage:
        • Added apps: Amana, Filesanywhere, Lucidlink Corp, Qumulo, T&D WebStorage, TeamDrive, Your Secure Cloud Gmbh
      • Shopping:
        • Added apps: Galerieslafayette, Hagebau, Hoffmann-Group, Notebooksbilliger
      • Vehicles:
        • Added apps: Adac, Autobahn Technologies Llc, Autozone, Cummins, LeasePlan Corporation N.V., Louis, Paccar, Vanmoof B V, terex
      • Voip Video:
        • Added app: Snom
      • Web Hosting:
        • Added apps: Hetzner, Strato, hosteurope
  • IPS Signatures

    View more details about the IPS signatures and protections in the Threats Catalog.

    • CVE-2024-36420 (New)
    • CVE-2025-69971 (New)
    • CVE-2026-4810 (New)
    • CVE-2026-33032 (New)
  • TLS Inspection
    • Remove cursor.ai from global TLS bypass rules (Enhancement)
  • XDR Indications of Attack
    • Threat Prevention
      • First Seen External Teams Chat from Suspicious Tenant by Account (New)
      • First Seen External Teams Chat from Suspicious Tenant by Account (New)
      • First Seen External Teams Chat from Suspicious Tenant by Account (New)
    • Anomaly Detection
      • First Seen Kerberos Bruteforce Activity By Site (New)
      • First Seen Kerberos Bruteforce Activity By User (New)
      • First Seen External Teams Chat from Suspicious Tenant by Account (New)
      • First Seen External Teams Call from Suspicious Tenant by Account (New)
      • First occurrence of a high risk AI application on the account (New)
      • Sensitive File Download to First Seen Device (New)
    • Indications of Attack
      • First Seen Kerberos Bruteforce Activity By Site (New)
      • First Seen Kerberos Bruteforce Activity By User (New)
      • Sensitive File Download to First Seen Device (New)
  • Device Inventory

    These are the updates to the Device Inventory detection engine:

    • New Devices: 9 new devices
    • OT:
      • Circuit Breaker Network Interface:
        • Schneider Electric EnerlinX IFE LV434010 (New)
      • Flow Meter:
        • Emerson Micro Motion 5700 5700 Ethernet Coriolis Flowmeter (New)
      • OT Gateway:
        • Modbus/TCP to RTU Bridge (New)
        • Schneider Electric Acti9 PowerTag Link A9XMWD20 (New)
        • Schneider Electric ComX 510 EBX510 (New)
        • Schneider Electric EnerlinX IFE Switchboard Server LV434011 (New)
      • PLC:
        • Schneider Electric Modicon M340 BMX P34 2020 (New)
        • Schneider Electric Twido TWDLCAE40DRF TWDLCAE40DRF (New)
      • Power Meter:
        • Phoenix Contact EMpro EEM-MA371-R 2907985 (New)
  • Application Control Via API and Data Protection API Integrations

    The enhancements were made for Application Control Via API

    • New: SaaS Security Posture Management (SSPM) - 10 apps
      • Salesforce | SaaS Security Posture (New) - 43 posture checks across session, password and lockout policy, clickjack/CSRF/session hardening, OAuth token hygiene, SSO, IP restrictions and external sharing
      • Microsoft 365 | SaaS Security Posture (New) - 38 posture checks across Entra ID MFA/passwordless, Conditional Access, legacy-auth blocking, privileged-role and guest governance, and SharePoint sharing/app-consent controls
      • Zendesk | SaaS Security Posture (New) - 32 posture checks across 2FA/SSO enforcement, admin and end-user session controls, password policy, API token hygiene, and attachment/privacy settings
      • GitHub | SaaS Security Posture (New) - 26 posture checks across org MFA/2FA and SSO enforcement, repository visibility and permission defaults, secret scanning/push protection, and outside-collaborator governance
      • Google Workspace | SaaS Security Posture (New) - 22 posture checks across 2SV enforcement, super-admin governance and recovery, session/password policy, Gmail spoofing/attachment protections, and marketplace app-access restrictions
      • Google Drive | SaaS Security Posture (New) - 18 posture checks across external sharing and web-publishing restrictions, shared-drive access governance, Drive SDK/desktop controls, and file-security enforcement
      • Dropbox | SaaS Security Posture (New) - 15 posture checks across admin/suspended-user counts, external sharing and shared-link policy, link expiration/password enforcement, and device (EMM) and group-creation controls
      • ChatGPT | SaaS Security Posture (New) - 8 posture checks across Enterprise admin governance, unused API-key revocation, project visibility and spend alerts, and external-account/custom-GPT sharing restrictions
      • Cursor | SaaS Security Posture (New) - 8 posture checks across admin count and external-admin/account review, orphaned/inactive account cleanup, repository blocklist, spend limits, and client-version currency
      • Slack | SaaS Security Posture (New) - 6 posture checks across workspace/admin MFA, inactive-user and admin-count review, guest-user governance, and externally shared channel detection
    • Enhancements: Activity
      • Microsoft General | Activity (Enhancement) - extracts additional resource and device fields (resource.id, os.type)
      • Microsoft Defender | EDR (Enhancement)
      • Citrix ShareFile | Activity (Enhancement)
    • Enhancements: EDR
      • Microsoft Defender (Enhancement)

Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.

Was this article helpful?

0 out of 0 found this helpful

0 comments