Cato Networks launches SSE system with customizable DLP capabilities

Israel-based SASE (secure access service edge) provider Cato Networks has announced a security service edge (SSE) offering, Cato SSE 360, that includes Cato DLP, a capability for data loss protection across business applications that allows for customizable rules.

Along with SSE 360, Cato is also offering a new expert certification for the SSE  architecture.

“Traditional SSE architectures are mostly proxy-based solutions which have limited visibility and control over WAN traffic as they only take into account the traffic from users to the internet,” says Boaz Avigad, director of product marketing at Cato Networks. “However, at some point they’ll need to cover data centers, on-prem and cloud. Cato SSE 360 does that.”

SSE is defined by Gartner as a collection of integrated, cloud-centric security capabilities that facilitate safe access to websites, SaaS and in-house applications. A typical SSE solution secures web access through secure web gateways, cloud access security brokers (CASBs), DLPs and zero trust network access (ZTNA). It is a subset of SASE that does not include integrated SD-WAN.

DLP can be considered a watchdog program that protects data assets as they flow to and from enterprise applications. It scans and blocks users from sending critical files or sensitive information, such as credit card or customer details, in an insecure manner. The rules followed by legacy DLP to do this, according to Cato, are limited, inaccurately block legitimate activities, and  allow illegitimate ones.

Cato DLP uses machine learning

Cato DLP attempts to solve this problem using a proprietary machine learning algorithm that identifies and allows for the customization of rules.

For instance, rather than explicitly blocking defined activities for applications—such as “commit” on GitHub, or “send” with an email attachment in Outlook—Cato DLP allows for expressive rules to be created (such as “block uploads”), which are then implemented across all relevant applications for all related actions.

“Datatypes scanned by DLP are sometimes inaccurate because we are doing a template match with regular expressions (REGEX),” explains Avigad. “The machine learning capability we have added monitors and understands the behavior of each data type to identify anomalies.”

Cato SSE 360 offers path to full SASE

Cato is also offering SSE 360 customers a migration path to a full suite of  SASE cloud-native security capabilities—including firewall-as-a-service (FWaaS), advanced threat prevention, and managed threat detection and response (MDR)—by connecting websites, remote workers, and cloud resources to the Cato SASE cloud.  

Meanwhile, the new Cato certification is specifically designed for SSE. The focus will entirely be on SWG, CASB and ZTNA and “will not cover anything on network, SD-WAN or firewall,” according to Avigad.

“SSE expert certification will have five sessions dedicated to each separate component of the SSE solution and is due to be released in next two weeks,” says Avigad.

It is intended for users particularly interested in the SSE segment of SASE solution and is open for pre-registration.

Cato SSE 360 with Cato DLP is available now, having had early partial availability in April 2022 for a subset of customers.