New Features & Enhancements
There are no new features or enhancements for the Cato service for this week. Take a look at these great features that we released over the past few weeks:
Entra ID (Azure AD) Sign-in Activity Integration: Admins can comprehensively view usage within their ecosystem of sanctioned apps to identify potential security concerns by integrating Entra ID sign-in activity with Cato. The Entra ID API connector extends visibility to all user sign-in and sign-in anomaly events, showcased in the Cloud Activity Dashboard and security event sub-types for sign-in and identity-related anomalies.
Seamlessly Connect your Cloud Tenants to Cato: We enhanced Cross Connect sites and added a turnkey provisioning configuration so you can quickly connect your cloud resources to the Cato PoP location.
Supported Cloud Providers: AWS DirectConnect, Azure Express Route, GCP Interconnect, Oracle FastConnect
AWS Marketplace vSocket Deployment: Cato simplified and streamlined the deployment process for AWS virtual Sockets (vSockets) by using the AWS Marketplace. The marketplace automatically creates the necessary virtual resources for the vSocket.
Previously you could only manually deploy AWS vSockets
Access Policies and Improvements: Check out these improvements for Remote Access policies that provide increased flexibility:
Policy to Manage Proxy Configuration File: Provides a granular method to easily manage PAC files, used by the Client for proxy configuration
Split Tunnel Policy: Provides a granular method to easily configure traffic routing for remote users and control which traffic is tunneled towards the Cato Cloud
Enforce Different Security Policies When a User Connects Behind a Site or Remotely: You can use the Device Posture Profiles to enforce different security policy rules when a user connects remotely with the Client or behind a site
Device Posture Check Enforces Minimum Client Version: You can ensure any device connecting to your network has a minimum Client Client version installed on it
Go to the Cato Product Roadmap in the Knowledge Base to follow the status of upcoming features and enhancements.
Security Updates
IPS Signatures:
View more details about the IPS signatures and protections in the Threats Catalog
Ransomware - DumbStackz (Enhancement)
Ransomware - FBIRAS (Enhancement)
Ransomware - AttackFiles (New)
Ransomware - HWABAG (New)
Ransomware - DysentryClub (Enhancement)
Ransomware - Crocodile Smile (Enhancement)
Ransomware - L00KUPRU (Enhancement)
Ransomware - Datah (Enhancement)
Ransomware - Rincrypt (Enhancement)
Ransomware - Unkno (Enhancement)
Ransomware - Ncov (Enhancement)
Ransomware - Stop/Djvu (Enhancement)
Malware - Cryptbotv2-CnC communication (New)
Malware - DarkGate CnC communication (New)
Malware - ObserverStealer CnC communication-Check-in (New)
Malware - FFDroider-CnC communication (New)
Malware - Vodkagats Loader CnC communication-Payload (New)
Malware - TrickBot Anchor-Checkin (New)
Malware - Vidar Stealer CnC communication - Style Headers In HTTP POST (New)
Malware - Vidar Stealer CnC communication - Style Headers post (New)
Malware - Stealc Stealer CnC communication - Style Headers post (New)
Malware - Generic Stealer CnC communication - Style Headers post (New)
Malware - GCleaner Downloader - CnC communication (New)
Malware - Konni RAT CnC communication (New)
Malware - PureLogs Stealer - C2 Connection (New)
Malware - Arkei Stealer C2C Communication - IP Lookup (Enhancement)
CVE-2022-38108 (New)
CVE-2023-32714 (New)
CVE-2024-3400 (Enhancement)
CVE-2023-26477 (New)
CVE-2024-25153 (New)
CVE-2024-1403 (New)
CVE-2023-43208 (New)
CVE-2020-24391 (New)
CVE-2023-4634 (New)
CVE-2022-4305 (New)
CVE-2018-14716 (New)
CVE-2023-24955 (New)
CVE-2020-13957 (New)
CVE-2023-36210 (New)
CVE-2021-31474 (New)
Exploiting Server Side Template Injection to gain Remote Code Execution (New)
Detection & Response:
These are the updates to the Indications Catalog:
Threat Hunting Indications:
Malware DNS Activity (Emotet) (Enhancement)
Dynamic DNS services (Enhancement)
Suspicious Network Traffic (Enhancement)
Suspicious Cryptomining Activity (JSON-RPC) (Enhancement)
Suspicious SSH Communication to Low-Popularity Domains (Enhancement)
Lateral transfer of possibly suspicious tool over SMB (Enhancement)
Threat Prevention:
Suspicious TOR Traffic (Enhancement)
Suspicious Activity Monitoring:
These protections were added to the SAM service:
Downloading PowerToll (New)
Lateral ADfind transfer over SMB (Enhancement)
Lateral Filezilla transfer (Enhancement)
Lateral PuTTY transfer (Enhancement)
Lateral MobaXterm transfer (Enhancement)
Lateral Nmap transfer (Enhancement)
Lateral Mimikatz transfer (Enhancement)
Lateral WinSCP transfer (Enhancement)
Lateral Powershell script transfer (New)
Lateral Netcat transfer over SMB (Enhancement)
Apps Catalog:
Added over 100 new SaaS applications including (you can view the SaaS apps in the Apps Catalog):
Enhanced these apps:
Private Internet Access VPN (Enhancement)
Tunnelbear (Enhancement)
Note:
Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.