Cato Networks Adds Malware Detection to SD-WAN

Cato Networks today extended the reach of its software-defined wide area network (SD-WAN) service into the realm of cybersecurity.

Cato Cloud has added a Cato Threat Hunting System (CTHS) capability that IT organizations can use to identify which endpoints attached to the SD-WAN service are potentially compromised. That data can then be used to quarantine endpoints attached to the Cato network.

IT organizations could start sharing the malware data it collects with third-party IT security products and services, says Dave Greenfield, secure networking evangelist for Cato Networks. Those organizations in theory could use that data to delivered a “hot patch” to remediate a vulnerability that is being actively exploited.

CTHS leverages machine-learning algorithms infused into a cloud service to identify threats across an extended SDN that is shared by multiple customers. Each customer gets allocated its own amount of dedicated WAN bandwidth that is centrally managed via a console that Cato Networks expose to network administrators.

“We’re a global SDN layered on top on a WAN backbone,” says Greenfield.

All the traffic travelling across that network winds up being a rich data source for hunting cybersecurity threats, says Greenfield.

It remains to be seen to what degree SD-WANs and cybersecurity might converge in the months and years ahead. But as SD-WAN traffic moves over a common WAN backbone, enough data is being centralized to make it feasible to apply machine learning algorithms to identify malware in real-time. The next big issue will be how turn that information in actionable intelligence that can automatically applied to ideally remediate an issue before it becomes a problem. But in the absence of being able to apply an ounce of prevention, the next best thing is to mitigate that risk by isolating the compromised endpoint before malware gets a chance to move laterally across an extended enterprise network.