New Features & Enhancements

• SCIM Provisioning for SDP Users: Now you can provision users from your Identity Providers (IdPs) with the SCIM protocol. The SCIM protocol automatically syncs user and group information, and provisions them from the IdP to your Cato account. These are the supported IdPs:
  • Azure – read more
  • Okta – read more
  • OneLogin – read more
• New Enhancements for Managing Site Connectivity SLA: We enhanced the ability to control the link connectivity settings between the Socket and the Cato Cloud. The default setting is to use the Cato Smart algorithm to calculate the optimal SLA thresholds for the best connectivity. You also have the option to configure custom SLA thresholds per site. Read more.
  • Supported from Socket version 12.0 and higher. We are gradually releasing this new version to our customers.
• Option to Force Specific PoP Locations for a Site: There is a new configuration option for Socket sites, that restricts a site to only connect to the configured preferred PoP locations. You can use this option to make sure that the Socket only connects to PoPs within specific countries or regions. Read more.
  • Supported from Socket version 12.0 and higher. We are gradually releasing this new version to our customers.
• Define 4G/LTE Links as Last-Resort Links: You can now define a 4G/LTE cellular link as a Last-Resort link and define the conditions where the Socket activates this link. Read more.
  • New screen that lets you easily configure these settings:
    • Define a Grace Timer that the Socket waits before activating this link
    • Customize keep-alive setting to minimize traffic
  • Supported from Socket version 12.0 and higher. We are gradually releasing this new version to our customers.
• Changes to Implicitly Bypassed Apps for TLS Inspection: We are enhancing the security in the Cato Cloud, and are planning to inspect apps that were previously excluded from TLS Inspection.
  • Starting on October 3rd, the following apps will be inspected by the default TLS Inspection policy:
    • LinkedIn
    • Salesforce
    • Twitter
  • Starting on October 17th, the following apps will be inspected by the default TLS Inspection policy:
    • Amazon AWS
    • Google Apps (including the following services: Gmail and YouTube)
  • Starting on October 31st, the following apps will be inspected by the default TLS Inspection policy:
    • Microsoft Apps (including the following services: Teams, Skype, and microsoft_office_login)
  • If there is an issue with one of the above apps, please contact Support and you can also configure your TLS Inspection policy to bypass the app. Read more.

Cato SDP Client Releases

• Windows Client v4.7 Support for Windows 11: Microsoft announced that they are releasing Windows 11 on October 5th, 2021. Cato officially supports Windows 11 with Windows Client version 4.7 and higher.

Security Updates

• IPS Signatures: 
  • Microsoft Exchange Autodiscover Password Leak
  • CVE-2021-22005 | VMware vCenter Server File Upload
  • CVE-2021-40444
  • CVE-2021-34473
  • CVE-2020-29448
  • CVE-2021-22005
  • CVE-2020-18879
  • CVE-2020-15148
  • CVE-2019-18935
  • CVE-2018-7600
  • CVE-2018-19629
  • CVE-2018-19518
  • CVE-2017-11317
  • Malware - Bozok (New)
  • Malware - trojPuTTY (New)
  • Heuristic Vulnerability Scanning Detection (Enhancement)
• Application Database:
  • RingCentral (Enhancement)
  • Jitsi
  • Veeam Backup (Enhancement)

Support Tickets Resolved

• #42543, #95612, #96251, #96351, #99138, #100062, #100090, #100128, #100506, #100897, #101312, #101959, #102239, #102805, #103072, #103245, #103495, #103703, #104103, #104427, #104706, #105547, #105978, #106012, #106298, #106560, #106802, #107184, #107247, #108309, #108532, #108910, #109749