Cato SASE Cloud Becomes First SASE Platform with Network-based Ransomware Protection
Machine learning algorithms detect and prevent the spread of ransomware across Cato customer networks, creating a multilayered enterprise ransomware defense
Cato Networks, provider of the world’s first SASE platform, introduced network-based ransomware protection for the Cato SASE Cloud. Using heuristic algorithms and deep network insight, Cato detects and prevents the spread of ransomware across the enterprise without having to deploy endpoint agents. Infected machines are identified and immediately isolated for remediation.
AI and ML News: Why SMBs Shouldn’t Be Afraid of Artificial Intelligence (AI)
“Ransomware protection has become job one for every CISO and CIO, but too often enterprise defense strategies remain vulnerable whether by threat actors bypassing endpoint defenses or by manipulating insiders to spread ransomware,” says Etay Maor, senior director of security strategy at Cato Networks. “By identifying ransomware by its underlying network characteristics, security teams can protect the enterprise regardless of the threat vector.”
Extending Ransomware Protection from the Endpoint to the Network
With today’s announcement, Cato’s heuristic algorithms inspect all SMB (Server Message Block) protocol flows for ransomware. SMB is the protocol used by Windows to share files and folders.
Cato researchers trained and tested these algorithms against Cato’s massive data warehouse, a data lake of end-to-end attributes for all traffic flows processed by the Cato SASE Cloud. Being the network, Cato has visibility into data normally blocked by firewalls and NATs. More than a trillion flows from all Cato-connected edges – sites, users, IoT devices, cloud-connected resources, and the Internet resources – populate Cato’s data lake.
Top Artificial Intelligence Insights: Determining the Potential of Your AI Algorithm Starts with Measurement
Once trained, the machine-learning heuristic algorithms inspect live SMB traffic flows for a combination of network attributes including:
- File properties such as specific file names, file extensions, creation dates, and modification dates,
- Shared volumes access data such as metrics on users accessing remote folders,
- Network behavior such as creating certain files and moving across the network in particular ways, and
- Time intervals such as encrypting whole directories in seconds.
When ransomware is identified, Cato automatically blocks SMB traffic from the source device, preventing lateral movement or file encryption, and notifies the customer.
Read More About AI News : AI Innovation Supports Rural and Remote Internet Connectivity
[To share your insights with us, please write to sghosh@martechseries.com]
Comments are closed.