New Features & Enhancements
New Device Posture Check for Cato Client Version: You can require that devices connecting to the network have a minimum Client version installed, by creating a Device Posture check for a specific Client version. This can be added to a Device Posture Profile and then included in your Client Connectivity and security policies.
This feature will be gradually enabled over the next few weeks
Easily View Events for a Network Rule: Now you can use the new View Rule Events action to show the events for a specific Network Rule. When you select this action, the Events page opens and is immediately pre-filtered for all events that match that rule.
Video Feature Overviews
Security Updates
IPS Signatures:
View more details about the IPS signatures and protections in the Threats Catalog
Ransomware 2023lock (New)
Ransomware GoodMorning (New)
Ransomware Ma1x0 (New)
Ransomware Phobos (New)
Ransomware SYSDF (New)
Ransomware Dxen Ransomware (Enhancement)
Ransomware Rocklee Ransomware (Enhancement)
Ransomware Stop/Djvu Ransomware (Enhancement)
Ransomware Vx-underground Ransomware (Enhancement)
Ransomware ZENEX Ransomware (Enhancement)
Malware DarkGate CNC Communiaction - Check-In (New)
Malware Fewin Stealer Data Exfiltration Attempt (New)
Malware GCleaner Downloader - IP Address Retrieval Attempt (New)
Malware Lumma Stealer CNC Communication - Exfiltration (New)
Malware Reverse Shell Connection - CNC Communication (New)
Malware TA402 CnC Communication - User-Agent (New)
Malware NodeStealer CNC Communication - Downloaded Archive GET (Enhancement)
CVE-2024-22024 (New)
CVE-2024-1709 (New)
CVE-2023-6623 (New)
CVE-2023-51467 (New)
CVE-2023-28128 (New)
CVE-2023-26255 (New)
CVE-2022-36534 (New)
CVE-2016-20017 (New)
CVE-2023-39677 (New)
CVE-2023-38203 (New)
CVE-2023-35082 (New)
CVE-2023-22527 (New)
CVE-2019-3967 (New)
CVE-2024-21893 (Enhancement)
CVE-2024-21887 (Enhancement)
CVE-2023-46805 (Enhancement)
CVE-2023-39143 (Enhancement)
CVE-2023-45484 (Enhancement)
CVE-2023-45480 (Enhancement)
Threat Actor r00ts3c-owned-you (New)
Lumma Stealer CNC Communication - Check-In (New)
Detection & Response
These are the updates to the Indications Catalog:
Threat Hunting Indications:
Kali Linux Detection (New)
Suspicious Binary File Download using WinHTTP (New)
Suspicious Tool Download (New)
WebShell uploaded (New)
Suspicious Activity Monitoring:
These protections were added to the SAM service:
AnyDesk remote desktop connection (New)
Process Hacker - download (New)
Lateral bash script transfer (New)
Phishing heuristic (Enhancement)
TLS Inspection
Added global bypass for these applications, preventing possible TLS inspection errors:
Brother Industries
Cisco Meraki Cloud
Oculus
Ring
Western Digital
Xerox
Apps Catalog:
Added over 100 new SaaS applications (you can view the SaaS apps in the Apps Catalog), and enhanced these applications:
Microsoft Copilot (formerly BingAI)
Google Gemini (formerly Bard)
King
WireGuard protocol
Application Control (CASB and DLP):
This app is included in DLP scans:
Google Gemini - Search
Client Classification:
Greenbone OS
Note:
Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.