Secure Cloud Apps and Discover Shadow IT in your Network:Cato’s Cloud Access Security Broker (CASB) Solution provides seamless visibility and assessment for cloud app usage in your organization. Cato’s CASB solution lets you straight-away discover cloud apps (Shadow IT), assess app risk and compliance, monitor user activities and govern app use, and identify and mitigate cloud-based threats.
Granular Application Policy: You can create different types of Application Control rules, including:
Enforcing traffic for specific security and compliance characteristics
Fine-grained access that restrict activities within an app
New Dashboard that Provides Excellent Visibility for Apps and Shadow IT: The Cloud Apps Dashboard has dedicated views and insights for cloud app usage within the organization.
Easily identify risky apps and cloud-based vulnerabilities for WAN and Internet traffic
Identify and monitor app usage according to specific users
CASB is a separate license that includes: Application Control Policy, Cloud Apps Dashboard, and defining sanctioned vs. unsanctioned apps.
New Features & Enhancements
IPS Protection to Automatically Block Pentest Tools: Starting on February 6th 2022, Cato's IPS will block vulnerability scanners for all Protection Scopes (WAN, inbound, and outbound) because they represent a potential security risk to your network. You can use the IPS Policy Allow List to allow a specific tool for Protection Scopes with these signatures:
User Awareness Now Compatible with Microsoft DCOM Patch: Microsoft announced that they are hardening their infrastructure and patching a DCOM vulnerability described here. We are updating the Cato service User Awareness so that it is compatible with Microsoft’s changes.
Improved Sync with Disabled Users for SCIM Provisioning: Starting on February 6th, when you disable users in your Identity Provider (IdP), they are synced to your Cato account as disabled. When you then enable the users in the IdP, they will also be enabled in your Cato account.
Users that were disabled in your IdP prior to February 6th, make a change to the user in the IdP so that the SCIM service updates the user.
Improved Descriptions for Some Apps and Services:
This is a cosmetic change, and there is no impact on behavior or functionality
Changed Office365 Login app name to:
Changed Radius services names to:
RADIUS Protocol - Accounting Phase
RADIUS Protocol - Authentication Phase
RADIUS Protocol - Over TLS
RADIUS Protocol - Over DTLS
Changed Socks Proxy service names to:
Cato SDP Client Releases
Windows Client v5.2: We are starting the gradual release of the Windows Client version 5.2. This version includes:
Enhancements for Client SSO authentication and support for Internet Explorer as the OS browser
Device Posture (EA) enhancement, periodic checks that devices are compliant with the Device Posture policy
Cato authentication server supports CA issued certificates (non-self-signed)