Cato Networks adds CASB to growing SASE portfolio

Cato Networks has launched a cloud access security broker for its growing Secure Access Service Edge portfolio, allowing enterprises more granular visibility and control over SaaS, IaaS and WAN applications.

With this week’s cloud access security broker (CASB) update, Cato added a dashboard for an aggregate view of SaaS, IaaS and WAN app usage in an organization, including shadow IT cloud apps. As much as 97% of the cloud apps used by enterprises are unsanctioned, which pose a more significant security threat than those managed by central IT, according to a 2021 Netskope report.

Cato’s CASB dashboard also allows enterprises to set and enforce policy rules for those apps, such as blocking access entirely or allowing it for only specific users or functions.

The new CASB capabilities are accessible through a redesigned console Cato released in December. The latest advancement provides data to assess the riskiness and compliance posture of the apps in an enterprise’s network and to monitor how people are using them. Existing security capabilities, including a secure web gateway, a next-generation firewall and an intrusion prevention system supplement the new CASB capabilities.

Cato Networks plans to build out its Secure Access Service Edge (SASE) offering by adding data loss prevention in the coming months.

Cato Networks' Shadow IT dashboard
Cato Networks’ Shadow IT dashboard

Accessing CASB will be a simple matter of customers turning on the cloud-based service. New customers will need to establish a way to route their traffic through the Cato cloud to access CASB.

Cato Networks is far from the only vendor offering CASB as part of its SASE — Palo Alto Networks’ Prisma, Zscaler’s Zero Trust Exchange, Cisco’s Umbrella and the startup Perimeter 81 are all competitors. But Cato’s built-from-the-ground-up approach makes it uniquely positioned, according to Roy Chua, an analyst at AvidThink.

“The unique thing that Cato’s demonstrating is that a ground-up SASE platform can add a lot of features relatively quickly, and those features can work in harmony together,” Chua said. “[Also,] there are synergies with existing capabilities.”

For example, Chua identified Cato’s ability to unencrypt a packet, perform all necessary security checks, and re-encrypt it once, rather than unencrypt and re-encrypt each service along a security “conga line.”

Cato did not release pricing for CASB but said it would be in line with the company’s per bandwidth/per-user pricing model for other security services. Cato Networks CASB is available now.

Madelaine Millar is a news writer covering network technology at TechTarget. She has previously written about science and technology for MIT’s Lincoln Laboratory and the Khoury College of Computer Science, as well as covering community news for Boston Globe Media.