New Features & Enhancements
CASB Enhancement - Visibility for All Cloud App Activities: We added an option to configure Any Activity in a single Application Control rule that monitors all app activities. This lets you configure a single rule that monitors Any Activity for Any Cloud Application to discover all the apps and activities used on your network.
For customers with a new CASB license, a rule that monitors Any Activity for Any Cloud Application is automatically added at the bottom of the Application Control rulebase
New Academy Training - Network Operation Stories in XDR: Learn how Cato XDR can help Network Operation Center (NOC) teams identify and resolve network and connectivity issues. This training unit helps you understand:
Building blocks of Network stories
XDR functionality for network issues
Reporting and notification options
Go to the Cato Product Roadmap in the Knowledge Base to follow the status of upcoming features and enhancements.
Cato Client Releases
New Client Versions: From June 6, 2024, we started the rollout of the following Clients:
Windows version 5.10.34
Linux version 5.2.1.1
Android version 5.0.3.117
The new versions contain an important security update and bug fixes.
Security Updates
IPS Signatures:
View more details about the IPS signatures and protections in the Threats Catalog
Ransomware 0day (Enhancement)
Ransomware Banta (New)
Ransomware BOMBO (Enhancement)
Ransomware Chaddad (Enhancement)
Ransomware EDHST (Enhancement)
Ransomware Eject (Enhancement)
Ransomware FUNNY (Enhancement)
Ransomware Harma (Enhancement)
Ransomware Lexus (Enhancement)
Ransomware Nett (Enhancement)
Ransomware OPIX (Enhancement)
Ransomware payB (Enhancement)
Ransomware POLSAT (New)
Ransomware Qilin (New)
Ransomware QRYPT (New)
Ransomware Stop/Djvu (Enhancement)
Ransomware SYSDF (Enhancement)
Ransomware xDec (Enhancement)
Sality Checkin (New)
Ducktail-Payload Communication(New)
FlyStudio - CnC Activity (New)
Low Credibility File Names(New)
CVE-2024-31982 (New)
CVE-2020-25858 (New)
CVE-2021-26914 (New)
CVE-2022-47075 (New)
CVE-2023-38204 (New)
CVE-2023-50386 (New)
CVE-2024-21683 (New)
CVE-2024-24919 (New)
CVE-2024-31848 (New)
CVE-2024-31849 (New)
CVE-2024-31850 (New)
CVE-2024-31851 (New)
CVE-2024-32113 (New)
CVE-2024-3273 (New)
CVE-2024-4040 (New)
CVE-2024-4956 (New)
CVE-2024-4978 (New)
Generic Java Serialization Over HTTP (New)
JS File Downloaded From Low-Popularity Target (New)
Detection & Response:
These are the updates to the Indications Catalog:
Threat Hunting Indications:
Communication with suspicious targets (New)
Dynamic DNS services (Enhancement)
Threat Prevention:
Suspicious DNS Communication with Blacklisted Targets
Suspicious Activity Monitoring:
These protections were added to the SAM service:
Downloading Teamviewer (New)
Lateral Batch Script Transfer (New)
SimpleHelp Remote Management Tool Lateral Remote Connectivity (New)
TeamViewer Inbound Remote Session (New)
Wininet/Winsock (Native Windows Client) to low Popularity (Enhancement)
AnyDesk WAN Remote Desktop Connection Initiation (New)
Transfer AnyDesk over SMB (New)
Apps Catalog:
Added over 100 new SaaS applications (you can view the SaaS apps in the Apps Catalog), including:
C3 AI
Intuit sub-services:
TurboTax
QuickBooks
Mint
Credit Karma
Mailchimp
Enhanced these applications:
Commvault
ProtonVPN
Device Inventory:
These are the updates to the Device Inventory detection engine:
IoT:
Access Point:
Aruba Networks (Enhancement)
Docking Station:
Action Star (Enhancement)
IP Camera:
Axis (Enhancement)
Hanwha (Enhancement)
Verkada (Enhancement)
IoMT:
Ascom (Enhancement)
Media Server:
BrightSign (Enhancement)
Network Appliance:
Cisco Meraki (Enhancement)
Ewon (Enhancement)
Juniper Networks (Enhancement)
Synology (Enhancement)
Payment Terminal:
CCV (Enhancement)
Castles Technology (Enhancement)
Verifone (Enhancement)
Power Device:
APC (Enhancement)
Printer
Canon (Enhancement)
HP (Enhancement)
Lexmark (Enhancement)
Ricoh (Enhancement)
Xerox (Enhancement)
Zebra (Enhancement)
Single Board Computer:
Raspberry Pi Foundation (Enhancement)
Smart Display:
Kyocera (Enhancement)
VoIP:
Cisco (Enhancement)
Commend (Enhancement)
Digium (Enhancement)
Grandstream Networks (Enhancement)
Innovaphone (Enhancement)
Mitel (Enhancement)
Polycom (Enhancement)
Snom (Enhancement)
Ubiquiti (Enhancement)
Yealink (Enhancement)
WAP:
Cambium Networks (Enhancement)
Cisco (Enhancement)
Video Encoder:
Axis (Enhancement)
Mobile:
Mobile Phone:
Samsung (Enhancement)
Tablet:
Amazon (Enhancement)
Apple (Enhancement)
Thin Client:
Dell (Enhancement)
PCoIP Endpoint Device (Enhancement)
Workstation:
Apple (Enhancement)
Dell (Enhancement)
HP (Enhancement)
MSI (Enhancement)
Note:
Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.