Cato adds granular CASB controls to its SASE platform

SASE’s provider, Cato Networks, has equipped its Cloud Access Security Broker (CASB) platforms with granular controls. When remote workers connect from home or a branch office to SaaS services such as Office 365, Dropbox, or Salesforce, the CASB gateway can track what applications they access, where they connect from, and sometimes even what what they do with these applications. “Until now, Cato only offered limited CASB controls, which only allowed companies to allow or disallow the use of certain SaaS tools,” said Dave Greenfield, director of technology evangelism at Cato. Now the platform can control what individual users do. For example, they may be allowed to upload documents from certain cloud file sharing providers, but can only upload documents to the company’s designated platform.

“It is possible to take a broader approach and define categories based on the security features of these products,” also explained Evin Safdia, director of product marketing at Cato. “For example, it is possible to only allow file sharing on SOC 2-compliant platforms with multi-factor authentication functionality,” he said. Other criteria also make it possible to regulate the use of SaaS applications. “For example, during working hours, users can check their personal Gmail, but cannot send attachments,” Safdia also explained. The term SASE or Secure Access Service Edge coined by Gartner in 2019 refers to an architecture that combines SD-WAN with access control and security tools, all bundled together as a cloud service. Typically, SASE includes five key pillars: integrated, cloud-based SD-WAN, firewall-as-a-service, secure web gateway, zero-trust network access, and CASB.

Cato CASB integrated with Cato SASE Cloud

“Cato’s cloud offering is already strong, and adding CASB functionality is a smart move,” said Scott Raynovich, founder and chief technology analyst at research firm Futuriom. “Even though Cato is not yet considered a full-fledged competitor in the CASB space, its SASE offering will allow customers to add CASB without too much difficulty,” he said. According to Roy Chua, founder and principal of research firm AvidThink, “Cato’s current SASE customers will be able to gain more visibility into the SaaS applications being used, track the context and insights being leveraged by those applications, and any implications for compliance “. According to him, “the market trend towards SASE is consolidating, and in this context, Cato seems to be responding well by adding more SASE functionalities to its unified platform”, he added.

The OEM currently has 4,000 SaaS applications that can be used on its platform, and this number continues to grow as enterprise customers add applications or Cato discovers new applications on its networks. SaaS applications are verified using Cato’s Application Credibility Engine, which analyzes business information, compliance characteristics and security capabilities, allowing IT teams to decide whether to block, monitor or allow a application. “Our machine learning algorithms running in the background can detect any new applications from any of our customers on our backbone and integrate them into our environment,” Greenfield said. “The new CASB product is subject to an additional cost for Cato’s SASE customers, but all it takes is a press of a button to activate it,” he also said.

SASE platforms expand

“The speed at which Cato is adding functionality and the synergy between its new CASB functionality and existing functionality speaks to the value of a single converged platform,” said Roy Chua. “Cato and other cloud-based SASE vendors will continue to leverage their cloud platforms to add more functionality,” said the founder and director of research firm AvidThink. “The next obvious addition is content-based protection, a sort of counterpart to data loss prevention, with ever finer protection seeming to be a natural evolution,” he added. Mr. Chua also believes that it may be time to abandon the old denominations altogether. “Granted, terms like ‘next-generation firewall’, ‘secure web gateway’ and ‘CASB’ are convenient, but they are quickly losing relevance,” he said. “Next-generation cloud security platforms, including those from cloud-centric SASE vendors like Cato, can think and build differently,” he added.