TEL AVIV, Israel – Cato Networks, provider of the world's first SASE platform, introduced Cato MDR 2.0, the first managed detection and response (MDR) service to identify threats and vulnerabilities upon deployment. Legacy MDR services required enterprises to wait 30 to 90 days before seeing results. In addition to faster time to value, Cato MDR 2.0 also brings an automated security assessment of more than 70 security best practices and a dedicated security expert (DSE) for each MDR customer.
"The Cato MDR service provides us with the peace of mind that the traffic on our network is being monitored 24×7 for potentially unwanted or malicious activities. The service has identified issues that other services missed," says Edward Jorczyk, director of information technology for Bowman and Brooke, a national product liability defense law firm.
New Threats, Increasing Attack Sophistication Drive Demand for MDR
The need for multi-layer defense necessitates effective prevention and detection capabilities. Average malware dwell time exceeds 200 days, making rapid threat identification imperative. But detecting threats requires significant investment in expertise and technology. MDR services fill this gap. According to Gartner, "By 2025, 50% of organizations will be using MDR services for threat monitoring, detection and response functions that offer threat containment capabilities." 1
Legacy MDR services, though, required enterprises to wait weeks and months to baseline the customer network before returning results. With Cato MDR initial release, Cato eliminated the need for probes, tapping the power of the Cato SASE platform. Now, Cato eliminates the startup time typical of MDR services.
Cato Uses Machine Learning and AI to Deliver Immediate Threat Insight
Cato has built cross-organizational baselines of "normal" network behaviors. As the corporate networking and security platform, Cato already has deep visibility into enterprise traffic patterns over time, storing the metadata for every IP address, session, and flow crossing the Cato global backbone in a massive data warehouse.
Cato MDR combines this data warehouse with the Cato Threat Hunting System (CTHS), a set of multidimensional machine learning algorithms and procedures developed by Cato Research Labs, to continuously analyze customer traffic for the network attributes indicative of threats.
The results are histograms of normal network behaviors derived from thousands of networks and hundreds of thousands remote users worldwide. "This is what allows us to bring value to Cato MDR customers from day-1 of the service," says Elad Menahem, director of security at Cato Networks. "We continue to collect network flows as an inherent part of Cato, refining those baselines and hunting for additional insight without any customer involvement."
The Cato 70-Point Security Checklist Ensures Base Security Compliance is Met
Cato has also added an automatic security assessment to the MDR service. Instantly, customers learn how their network security compares against the checks and best practices implemented by enterprises worldwide. Items inspected include proper configuration of network segmentation, firewall rules, and security controls, like IPS and anti-malware. The 70-point checklist is derived from the practices of the "best" enterprises across Cato — and avoids the biggest mistakes of the worst enterprises.
"Much of what we're highlighting in our 70-point checklist is probably common sense to any security-minded professional. But all too often, those practices have not been found in one actionable resource," says Menahem.
Designated Security Engineers Assigned to Cato MDR Customers
To further enhance the support given to Cato MDR customers, Cato has designated security engineers for each customer. The DSE becomes the customer's single point of contact and security advisor. The DSEC can also tweak threat hunting queries to enhance detection specific to the customer environment, such as gathering specific network information to protect specific valuable assets.
The DSE is part of the large SOC team, sitting between the Security Analysts and the Security Research. Coupled with CTHS and Cato's unique data warehouse, Cato MDR brings the best of human intelligence and machine intelligence for the highest degree of protection.