Cato Networks Intros Smart Data Loss Prevention (DLP) Engine

Cato Networks, provider of the world’s first SASE platform, introduced Cato DLP, the first Data Loss Prevention (DLP) engine to protect data across all enterprise applications without complex, cumbersome DLP rules. 

Cato DLP is part of Cato SSE 360, the only Security Service Edge (SSE) architecture to provide total visibility, optimization, and control of all traffic while providing a seamless migration path to full SASE transformation. Cato has also added Cato SSE Expert Certification, an extension of the industry-leading Cato SASE Expert certification, to enrich understanding of the SSE architecture.

Cato DLP Solves Operational Complexity of Legacy DLP

DLP has been an effective tool for protecting data assets, scanning, and blocking users from sending critical files or sensitive information, such as credit card or customer details.

But legacy DLP has been fraught with limitations. Too often, inaccurate DLP rules block legitimate activities or allow illegitimate ones. A focus on public cloud applications has left sensitive data in proprietary or unsanctioned applications unprotected by DLP. The investment in DLP does nothing to protect the enterprise from other threat vectors.

Cato DLP addresses those problems. Cato DLP scans all network traffic for sensitive files and data as defined by the customer. More than 350 data types are currently identified by Cato covering universal sensitive data types, such as credit card numbers, and country-specific data types, such as postal codes. Once identified, DLP rules block, alert, or allow the action depending on customer-defined policies.

Cato DLP is fully converged with Cato SSE 360, the security pillar of the Cato SASE Cloud. The application control rules provide granular DLP policies that apply to all applications and resources.

As part of the Cato Single Pass Cloud Engine (SPACE) architecture, Cato DLP is fully converged with the complete range of Cato’s cloud-native networking and security capabilities, gaining deeper visibility into and greater control over network flows than with legacy DLP solutions. More specifically, this means:

Easing Deployment with Smart DLP Rules

DLP becomes easier to implement using Cato’s Smart DLP rules. Rather than explicitly blocking defined activities for each application – for example, “commit” in GitHub, “send” with an attachment in Outlook, or “copy” to external SharePoint folders – security teams can create rules that express their intent (“block uploads”), which Cato then implements across all relevant applications for all intended actions.  

Simplifying DLP Operations with Machine Learning

The inaccuracies in legacy DLP rules often disrupt business operations. Rather than waiting to hear from disgruntled users about not being able to handle specific data, Cato DLP proactively identifies inaccurate DLP rules. Anomaly detection algorithms identify when DLP rules exceed predefined baselines, notifying Cato’s security content teams to refine and improve the out-of-the-box data types.

Improving Security Posture with Layered Protection

Cato simultaneously inspects traffic across multiple security use cases, providing efficient multi-layer protection. Cato’s access control layer ensures user can only access authorized applications and prevents them from accessing unauthorized resources or malicious sites. Cato’s threat mitigation layer scans the traffic for network-based threats and malicious content. All Cato inspections operate in parallel, enabling line-rate performance even for encrypted traffic.

Cato SSE 360: Security for Today, Ready for Tomorrow

Along with Cato DLP, Cato is announcing Cato SSE 360, the only SSE platform with visibility, optimization, and control of WAN, cloud, and Internet traffic.