New Features & Enhancements
Introducing the New Cato Learning Center: We are converging Cato knowledge to a single location, where you can easily read Knowledge Base articles and Community posts.
Launching the Cato Community: The Community is the place for our customers and partners to ask questions and start discussions with other community members about the Cato Cloud, share your experiences, learn all about SASE, and provide feedback to Cato.
To create or comment on posts, log in to the Community with your Cato Management Application username and password
New hierarchy for posts and topics, no previous content was removed
New and Improved Knowledge Base: We rebuilt the Knowledge Base from the ground up and now it’s easier to read articles and learn about Cato’s service and features.
New Partner Only section which contains exclusive content for Cato partners and resellers
No change to article links or URLs
Please share your feedback and comments with us: productdocs@catonetworks.com
New Condition Type in Application Control Rules: We added support for Value Sets so you can group multiple user-defined strings, such as URL paths, for Application Control rules. This lets you manage extensive activity and Full Path URL polices with fewer rules that are easier to maintain. For example, you can create a Value Set that contains a list of URL paths for specific Dropbox folders, and then use it in an Application Control rule for Dropbox.
A Value Set can include any string values
Value Sets can be created in the Edit panel for a rule, or in the Value Sets tab in the Categories page
PoP Announcements
New York, United States: We added a new range (150.195.207.0/24) to the New York PoP location.
Security Updates
IPS Signatures:
View more details about the IPS Signatures and Protections in the Threats Catalog.Ransomware INC (New)
Ransomware Key Group (New)
Ransomware Kuiper (New)
Ransomware NoEscape (New)
Ransomware Steloj (New)
Ransomware Unlocker (New)
Malware DarkGate (New)
CVE-2023-36851
CVE-2023-36847
CVE-2023-36846
CVE-2023-36845
CVE-2023-36844
CVE-2023-35844
CVE-2023-33300
CVE-2023-33299
CVE-2023-32521
CVE-2023-28432
CVE-2023-27372
CVE-2023-26802
CVE-2022-28561
CVE-2022-26960
CVE-2022-24632
CVE-2022-24629
CVE-2017-8220
CVE-2014-8423
Suspicious Activity Monitoring:
These protections were added to the SAM service:Commercial VPN access on Inbound
Execution of SC to do Lateral Movement
Phishing heuristic
Apps Catalog:
Added dozens of new SaaS applications (you can view the SaaS apps in the Apps Catalog), including these highlights:
Azure Blob (Enhancement)
Webex (Enhancement)
MullvadVPN (Enhancement)
ExpressVPN (Enhancement)
PureVPN (Enhancement)
Application Control Policy (CASB):
Enhanced granular actions for the following apps:
Granular Activity: Zendesk - Login (New)
Granular Activity: Atlassian - Login (New)
Granular Activity: Dropbox - Upload (Enhancement)
Detection and Response:
Threat Hunting IOA signatures:
Device Attributes Exfiltration (New)
Downloading a Suspicious Script (New)
HTA File Found in MS Office (New)
PSTools Download Detection (New)
Remote PsExec Service Execution (New)
SDP File Sharing Application Upstream Bandwidth Anomaly (New)
Suspected Exfiltration to Cloud Storage Applications (New)
Suspicious Execution - High Risk (New)
Suspicious LNK File Download (New)
Traffic to an IP address as host name with a redirection (New)
Transferring a Suspicious Script (New)
Client Classification:
Google Chrome Browser (Enhancement)
Knowledge Base Updates
Note:
Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.