New Features & Enhancements
Introducing Advanced Groups with Full API Support: Over the next few weeks, we are gradually rolling out advanced groups that use a new infrastructure for CMA policies:
Provides full API support for automation and integration workflows
Available for use in Internet and WAN Firewall policies
Improved user experience with built-in validation, only compatible advanced groups are available for the rule (such as a Source for the WAN Firewall)
Supports member types: sites, hosts, subnets, etc.
Note: Existing groups remain available and fully supported for relevant use cases
Important - Microsoft Azure is Changing Default Outbound Access for New Virtual Networks: After Mar. 31, 2026, new Azure virtual networks will be configured by default with private subnets, requiring explicit outbound access to reach the Internet or Microsoft services.
According to Microsoft documentation, existing vSockets with the None setting remain supported
New vSockets from the Marketplace will default to Public IP
Cato has updated its Azure Terraform modules to align with this change
Please review Microsoft's guidance to plan for this change
File Hash Blocklist Support in Anti-Malware Policy: You can now block files based on SHA-256 hashes from your own threat intelligence sources by adding them to the Anti-Malware blocklist, providing stronger protection against known threats.
Also supported via API
NAT Policy Enforcement Includes All Inbound Traffic: For consistent policy application across all relevant traffic types, we now enforce the NAT policy on DNS and LAN Monitoring traffic.
Previously, this traffic was classified as system traffic and excluded from the policy
Gradually rolling out over the next few weeks
New IoT/OT Security Integration with Zoom for Enhanced Device Context and Visibility: To enrich device information, you can now integrate Zoom metadata with Cato’s device inventory. A unified view with enriched attributes from both systems is presented on the Home > Device Inventory page.
Configure in the Resources > Integrations page, or with the API
This integration provides:
Expanded device context: Incorporating Zoom session and connection metadata into device profiles
Greater accuracy in device attribution: Helping security teams correlate devices
Requires DEM and IoT/OT licenses
Security Updates
App Catalog
ON24, Inc. (Enhancement)
Foxit Software (Enhancement)
IPS Signatures
IPS Signatures: View more details about the IPS signatures and protections in the Threats Catalog:
CVE-2020-11455 (New)
CVE-2020-13886 (New)
CVE-2020-15050 (New)
CVE-2020-17456 (New)
CVE-2020-24285 (New)
CVE-2020-26073 (New)
CVE-2020-27191 (New)
CVE-2020-35736 (New)
CVE-2020-8641 (New)
CVE-2021-20092 (New)
CVE-2021-23241 (New)
CVE-2021-24227 (New)
CVE-2021-29006 (New)
CVE-2021-33544 (New)
CVE-2021-35380 (New)
CVE-2021-38751 (New)
CVE-2021-40651 (New)
CVE-2021-41293 (New)
CVE-2021-41749 (New)
CVE-2021-43421 (New)
CVE-2021-43495 (New)
CVE-2021-43496 (New)
CVE-2021-43831 (New)
CVE-2021-45043 (New)
CVE-2021-45967 (New)
CVE-2021-46381 (New)
CVE-2022-24288 (New)
CVE-2023-26469 (New)
CVE-2023-3722 (New)
CVE-2024-20356 (New)
CVE-2024-23334 (New)
CVE-2024-3673 (New)
CVE-2024-38018 (New)
CVE-2024-7399 (New)
CVE-2024-8752 (New)
CVE-2024-8859 (New)
CVE-2024-9707 (New)
CVE-2025-1097 (New)
CVE-2025-1098 (New)
CVE-2025-1974 (Enhancement)
CVE-2025-24513 (Enhancement)
CVE-2025-24514 (New)
CVE-2025-34300 (New)
CVE-2025-53778 (New)
Malware - Oyster (New)
Ransomware - 707 (Enhancement)
Ransomware - Charon (Enhancement)
Ransomware - CyberHazard (Enhancement)
Ransomware - GRYPHON (Enhancement)
Ransomware - Keversen (New)
Ransomware - Matrix (Proton) (Enhancement)
Ransomware - RDAT (Enhancement)
Ransomware - SolutionWeHave (New)
Ransomware - Traders (Enhancement)
Web Application Attack - Active Directory Certificate Services (ADCS) ESC1 Attack - Certificate Signing Request (CSR) with Enrollee-Supplied Subject (New)
SAM Signatures
These protections were added to the SAM service:
UPX Packed File Download (New)
OS Detection
OS embedded signature for Cisco Meraki devices (New)
OS Linux signature for IO DATA devices (New)
Application Control Policy
Inline tenant control for Zendesk (New)
XOps Indications of Attack
Anomaly Detection
First Occurrence of Outbound Remote Access Activity from Site (New)
Abnormal File Sharing/Cloud Storage App Outbound Activity from Site (New)
Unusual SMB Traffic from Site Over the WAN (New)
Threat Prevention
Suspicious Network Activity (MS-PowerShell) (Enhancement)
Abnormal HTTP/TLS on Non-Standard Ports in a Site) (Enhancement)
Device fingerprint sending via user agent (Enhancement)
Suspicious Network Activity (MS-Office) (Enhancement)
Device Inventory
These are the updates to the Device Inventory detection engine:
IoT
Multifunction Device
Canon (Enhancement)
Payment Terminal
Castles Technology (Enhancement)
Verifone (Enhancement)
Printer
Brother Industries (Enhancement)
Epson (Enhancement)
HP (Enhancement)
Konica Minolta (Enhancement)
Kyocera (Enhancement)
Lexmark (Enhancement)
Xerox (Enhancement)
Zebra (Enhancement)
Signage Media Player
BrightSign (Enhancement)
Speaker
Algo (Enhancement)
Unidentified IoT
Grandstream Networks (Enhancement)
Synology (Enhancement)
Video Conferencing
Cisco (Enhancement)
VoIP
Aastracom (Enhancement)
Avaya (Enhancement)
Cisco (Enhancement)
Digium (Enhancement)
Grandstream Networks (Enhancement)
Polycom (Enhancement)
Snom (Enhancement)
Yealink (Enhancement)
PC
Desktop
Dell (Enhancement)
HP (Enhancement)
Lenovo (Enhancement)
Laptop
Apple (Enhancement)
Dell (Enhancement)
HP (Enhancement)
Lenovo (Enhancement)
Microsoft (Enhancement)
Toshiba (Enhancement)
Vaio (Enhancement)
Thin Client
Dell (Enhancement)
Workstation
Apple (Enhancement)
Fujitsu (Enhancement)
HP (Enhancement)
NEC (Enhancement)
Panasonic (Enhancement)
Mobile
Mobile Computer
Zebra (Enhancement)
Mobile Phone
Newland (Enhancement)
Oppo (Enhancement)
Samsung (Enhancement)
Vivo (Enhancement)
Galaxy Note (Enhancement)
Tablet
Samsung (Enhancement)
Networking
Network Appliance
3Com (Enhancement)
Aruba Networks (Enhancement)
Juniper Networks (Enhancement)
Ubiquiti (Enhancement)
Server
Media Server
Roku (Enhancement)
Print Server
HP (Enhancement)
Note:
Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.