New Features & Enhancements
Turnkey Integration with Microsoft Sentinel: Streamline operations by automatically forwarding Cato events to Microsoft Sentinel for unified monitoring and analysis. The built-in integration:
Reduces setup time and eliminates the need for custom scripts or connectors
Uses Cato events schema
Enhances visibility through centralized event management
Detailed Visibility of Interconnected Apps: View detailed information about third-party apps and plugins connected to critical business apps. This visibility helps you understand which external apps are used in your environment and how they interact with core services. For example, you can review apps integrated with Slack to quickly assess their security posture.
Currently supported for Slack and Entra ID
CASB license required
DLP Uses Machine Learning to Identify Images: Data Loss Prevention (DLP) can now inspect image files to detect sensitive data in images and prevent them from being exfiltrated.
Machine Learning (ML) is used to identify sensitive images based on models that dynamically learn and evolve with changing data patterns
The new Image ML Classifier provides comprehensive detection for images of personal documents, engineering diagrams, and collaboration (for example, images of a handwritten note with sensitive information)
DLP license required
Granular RBAC for Policy Management: Delegate managing a set of rules as a subpolicy, and then assign admin permissions to access the subpolicies.
Maintains centralized control over the global policy and lets you delegate ownership of a subpolicy to specific teams
Supported for Internet Firewall and WAN Firewall policies
For example, delegate a subpolicy of traffic to sites in France to the French SOC team
Access Point Integration for Enhanced Device Inventory Identification: To improve device visibility and accuracy, you can integrate third-party access point device data with Cato’s device discovery for the IoT/OT Security service. This integration leverages machine learning–driven capabilities to enhance device identification and classification across wireless networks.
Initial support includes Juniper Mist access points
Requires an IoT/OT Security license and configuration of the Juniper Mist connector
Turnkey Integration with Splunk: Streamline operations by automatically forwarding Cato events to Splunk for unified monitoring and analysis. The built-in integration:
Reduces setup time and eliminates the need for custom scripts or connectors
Uses Cato events schema
Enhances visibility through centralized event management
Improved Management of Best Practice Checks: Mute or dismiss a Best Practice check or specific findings within a check to increase the accuracy and relevance of your account score displayed on the Best Practices page.
Initially supported for the Internet Firewall, other policies will be supported in the coming weeks
Browser Extension v1.5: During the week of February 1, 2026, a new Browser Extension version 1.5 will be available in the Chrome Web Store, and includes improved performance fixes.
PoP Announcements
Bangkok, TH: A new range (113.30.130.0/24) is now available for the Bangkok PoP location.
New ranges will soon be added to these PoP locations:
Marseille, FR: 159.117.239.0/24
Chennai, IN: 113.30.132.0/24
Security Updates
Apps Catalog
View more details about apps in the Apps Catalog.
New Apps: 20 new apps – BuzzSumo, Geekbot, Linear, NewReleases, OpenPoll, Peerbound, PollChamp, Polly, Pylon, Redash, Semgrep, Shufflet, Standuply, StatusGator, Stream, Tatsu, Timy, UserGems, Walnut, Workast
Enhanced Apps:
Genesys
Updated app IPs
IPS Signatures
View more details about the IPS signatures and protections in the Threats Catalog.
CVE-2024-29269 (New)
CVE-2025-11700 (New)
CVE-2025-4009 (New)
CVE-2025-52691 (New)
CVE-2025-54253 (Enhancement)
CVE-2025-64446 (New)
CVE-2025-68613 (New)
CVE-2026-21859 (New)
CVE-2026-24061 (New)
XDR Indications of Attack
Anomaly Detection
Abnormal Data Upload to AI Application by User (New)
Threat Hunting
Suspicious Chrome Extension (New)
Application Control Via API and Data Protection API Integrations
The enhancements were made for Application Control Via API
GitHub
Anomaly Events (Enhancement)
Dropbox
Anomaly Events (New)
SentinelOne
EDR (Enhancement)
CrowdStrike
EDR (Enhancement)
Devices (Enhancement)
Note:
Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.