Cato’s offerings in the XDR market have a different basis than many other XDR platforms. It is an extension of the vendor’s existing SASE platform. With it, it adds threat detection, IR and endpoint protection without sacrificing the original SASE platform, Cato claims.
Many XDR platforms are fundamentally an extension of EDR platforms from their providers. That means endpoints are at the root of these platforms. Cato comes at it from a completely different angle. After all, SASE is the amalgamation of SSE and SD-WAN, put succinctly. SSE does relate to endpoints, but mainly to how they access the network according to a Zero Trust model. SD-WAN ensures that all those endpoints can securely connect via an optimal route to services and environments elsewhere in an organization’s distributed network.
XDR with everything SASE has to offer
A Point of Presence (PoP) from a SASE player such as Cato Networks has plenty of value to offer for an XDR platform. Namely, with this extension, it immediately has access to all the native sensors and thus the telemetry of the firewalls, threat prevention, Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA) and Remote Browser Isolation (RBI) that Cato provides as standard in the PoPs scattered around the world.
Of course, an XDR platform is not complete without also protecting endpoints. That cannot be done from Cato’s SASE environment. That is why the company is introducing an Endpoint Protection Platform (EPP) at the same time as the new XDR platform today. This platform runs on technology from Bitdefender. Together with the XDR platform and the Cato SASE Cloud, this results in a very complete security platform.
Also read: How cloud solutions integrate with Cato Networks to accelerate performance and security
Everything comes together in a data lake
With today’s introduction, Cato Networks adds a lot of additional data that it collects. Of course, this data has to go somewhere. Otherwise, the platform can’t do much with it. For that, Cato has a data lake. Using what it itself calls Cato AI, it can detect and prioritize incidents there. The idea is that this should ensure that security teams can put their best people on the biggest threats.
You could say Cato Networks is doing roughly the same thing as SentinelOne with this approach, but from a different angle. SentinelOne does not have access to all the native SASE data that Cato does. On the other hand, we can assume that SentinelOne can provide a bit more expertise when it comes to protecting endpoints. We have further learned from a reliable source that Cato has been using an SDK from SentinelOne in its own product for some time. In this way, the various security components merge quite literally.
Cato Networks is a ‘real’ security vendor as of today
For organizations, the integration that Cato Networks can offer from today, of SASE, XDR and EPP, is definitely interesting. It gives XDR another flavour. It will be of particular interest to organizations that are initially in the market for a single-vendor SASE solution. That is, organizations with enough branches worldwide to warrant the investment in such a platform. We are also curious to know how open this new platform is, in combination with the data lake. We’ll be sure to ask about that as soon as we can get someone from Cato to talk about it.
For Cato Networks, the addition of the new components, which are immediately available by the way, means that it has formally entered the world of cybersecurity vendors. That wasn’t how the company was always seen, as it happens. In itself, that’s a little strange, as Cato’s founder, Shlomo Kramer, was also a founding member of Check Point. It doesn’t get much more security than that. Viewed this way, the move Cato Networks is making today was actually always bound to happen.
Also read: SentinelOne XDR platform and Security Datalake get Gen AI boost
19 hours ago
