Cato Introduces Smart DLP to Secure, Optimize Application Access

Cato Networks has introduced Cato DLP, a data loss prevention (DLP) engine to protect data across all enterprise applications. Cato DLP is part of Cato SSE 360, a security service edge (SSE) architecture that provides total visibility, optimization, and control of all traffic while providing a seamless migration path to full SASE transformation.

Cato also has added Cato SSE Expert Certification, an extension of the Cato SASE Expert certification, to enrich understanding of the SSE architecture.

Cato DLP converges with Cato SSE 360, the security pillar of the Cato SASE Cloud. The application control rules provide granular DLP policies that apply to all applications and resource

“Traditional SSE architectures alone are not enough to protect the enterprise. They have limited visibility and control over WAN traffic which drives the need for multiple networking and security architectures,” said Shlomo Kramer, CEO and co-founder of Cato Networks. “What’s needed is one architecture that can provide visibility into and control over all traffic to all applications and resources from all endpoints. Cato SSE 360 is the first SSE solution to meet that challenge.”

DLP has been an effective tool for protecting data assets, scanning, and blocking users from sending critical files or sensitive information, such as credit card or customer details. But legacy DLP has been fraught with limitations. Too often, inaccurate DLP rules block legitimate activities or allow illegitimate ones.

A focus on public cloud applications has left sensitive data in proprietary or unsanctioned applications unprotected by DLP. The investment in DLP does nothing to protect the enterprise from other threat vectors.

Cato DLP addresses those problems. Cato DLP scans all network traffic for sensitive files and data as defined by the customer. Cato identifies more than 350 data types covering universal sensitive data types, such as credit card numbers, and country-specific data types, such as postal codes.

Once identified, DLP rules block, alert, or allow the action depending on customer-defined policies.

As part of the Cato Single Pass Cloud Engine (SPACE) architecture, Cato DLP converges with Cato’s cloud-native networking and security capabilities, gaining deeper visibility into and greater control over network flows than with legacy DLP solutions. More specifically, this means:

DLP becomes easier to implement using Cato’s Smart DLP rules. Rather than blocking defined activities for each application, security teams can create rules that express their intent (“block uploads”), which Cato implements across all relevant applications for all intended actions.

Inaccuracies in legacy DLP rules often disrupt business operations. Rather than waiting to hear from disgruntled users about not being able to handle specific data, Cato DLP identifies inaccurate DLP rules. Anomaly detection algorithms identify when DLP rules exceed predefined baselines, notifying Cato’s security content teams to refine and improve the out-of-the-box data types.

Cato simultaneously inspects traffic across multiple security use cases, providing efficient multi-layer protection. Cato’s access control layer ensures users can access authorized applications and prevents them from accessing unauthorized resources or malicious sites. Cato’s threat mitigation layer scans the traffic for network-based threats and malicious content. All Cato inspections operate in parallel, enabling line-rate performance even for encrypted traffic.

Cato also announced the Cato SSE 360, an SSE platform with visibility, optimization and control of WAN, cloud, and Internet traffic.

The Cato SSE 360 extends basic SSE capabilities with the rest of the cloud-native security capabilities of Cato SASE Cloud –  firewall as a service (FWaaS), advanced threat prevention (IPS and next-generation anti-malware), and managed threat detection and response (MDR) – across all ports and protocols from any source to any destination. Cato SSE 360 leverages the scalability, resiliency, global footprint, and self-maintenance of the Cato SASE Cloud.

With Cato, IT leaders have a single platform for SSE or SASE. They can keep their existing network and transform their security operations, securing and optimizing application access worldwide with Cato SSE 360.

To help IT learn more about SSE, Cato has added the Cato SSE Expert Certification to its SASE certification, the Cato SASE Expert. This in-depth course analyzes the SSE architecture, explains the underlying differences between SSE and SASE, and identifies the drivers, use cases, and critical benefits of SSE. To register, visit