Secure access service edge (SASE) technology provider Cato Networks has announced an expansion of its SASE Cloud platform into threat detection and incident response, leading to what it calls the world’s first SASE-based, extended detection and response (XDR) offering that can “dramatically” improve the quality of insight and ease of incident response, leading to faster incident remediation.
With the announcement, Cato is expanding SASE into threat detection, incident response and endpoint protection without compromising on the architectural elegance captured by the original SASE definition.
Available immediately, the Cato XDR is designed to use the functional and operational capabilities of the SASE Cloud platform to overcome the protracted deployment times, limited data quality and what Cato calls the inadequate investigation and response experience too often associated with legacy XDR services.
At the same time, the provider introduced Cato EPP, said to be the first SASE-managed endpoint protection platform (EPP/EDR). In combination, the launch of XDR and EPP platforms mark the first expansion beyond the original SASE scope defined by industry analyst Gartner in 2019. SASE’s security capabilities encompass threat prevention and data protection in a common global platform.
Putting the expansion into XDR into context, Cato said the flood of security alerts triggered by network sensors, such as firewalls and IPS, complicates threat identification. It noted that in 2023, enterprises required 204 days on average to identify breaches. As a solution, XDR tools help security analysts close this gap by ingesting, correlating and contextualising threat intelligence information with the data from native and third-party sensors.
However, Cato argues that legacy XDR tools suffer from numerous problems relating to data quality. Sensor deployment can extend the time-to-value as IT must not only install the sensors, but also develop a baseline of specific organisational activity for accurate assessments. The company added that data quality could also be compromised when importing and normalising third-party sensor data, complicating threat identification and incident response.
That means security analysts could waste time sorting through incident stories to identify the ones most critical for immediate remediation. Once determined, incident remediation may often be hampered by missing information, requiring analysts to master and switch between disparate tools. Cato calculates that in 2023, average breach containment required more than two months.
Cato XDR is said to be the first platform built from the ground up to enable enterprises to connect, secure and manage sites, users and cloud resources while addressing legacy XDR’s limitations. Instantly activated globally, Cato XDR is built to provide enterprises with immediate insights into threats on their networks. Incident detection comes from Cato’s native sensors – NGFW, advanced threat prevention (IPS, NGAM, and DNS Security), SWG, CASB, DLP, ZTNA, RBI, and now EPP/EDR.
Powered by Bitdefender’s malware prevention technology, Cato EPP protects endpoints from attack – in the Cato way. Endpoint threat and user data are stored in the same converged Cato data lake as the rest of the customer’s network data, simplifying cross-domain event correlation.
Cato said the net result is “incredibly high-quality data” that improves the incident and remediation process. AI uses the data to accurately identify and rank incidents, empowering analysts to focus critical resources on remediation cases that an organisation regards as the most important.
In addition, remediation times are said to be reduced as detected incident stories contain the relevant information for in-depth investigation. Generative AI is deployed to simplify incident reporting with the natural language engine providing human-readable explanations of incident stories.
Analysts are said to able to save time sharing incident information with other teams and reporting to their managers.