Cato Networks has incorporated real-time, deep learning algorithms for threat prevention into its Cato IPS (intrusion prevention system) offering to help organizations defend against evolving cyberattacks.
The algorithms leverage Cato's cloud-native platform and data lake to identify malicious domains commonly used in phishing and ransomware attacks, the company explained in a prepared statement.
How Cato Networks' Threat Prevention Algorithms Work
Cato's threat prevention algorithms identify domains that users infrequently visit and with letter patterns common to domain generation algorithms (DGAs), the company said. In doing so, they prevent access to DGA-registered domains.
In addition, the algorithms hunt for domains with letter patterns similar to well-known brands to block cybersquatting. Cato explained that cybersquatting occurs when someone that does not own a trademark registers it as an internet domain name and attempts to profit from it). They also examine a webpage's text, images and other elements to detect and stop brand impersonation.
How Cato Networks' Algorithms Stack Up Against Threat Intelligence Feeds
Cato's threat prevention algorithms have identified nearly six times more malicious domains than threat intelligence feeds, Cato Research Labs noted.
In one sample, Cato Research Labs evaluated 457,220 network connection attempts to DGA domains. It found that 66,675 (15%) were listed in more than 250 threat intelligence feeds.
Comparatively, Cato's threat prevention algorithms identified over 390,000 additional DGA domains in contrast to the threat intelligence feeds.
Cato Networks' ML and AI Integrations
Along with the threat prevention algorithms, Cato has used machine learning (ML) for offline analysis to handle problems relating to client classification, automatic application identification and other issues, the company said. Cato also has used ChatGPT to automatically generate descriptions of threats for its threat catalog and in other ways.
Elad Menahem, Cato's senior director of security, explained why ML and AI are vital to protect against cyberattacks — and how his company intends to use these technologies moving forward:
"ML and AI are essential to defending against the ever-evolving, sophisticated and evasive cyberattacks. But that's easier marketed than done. ML algorithms must be trained and re-trained on high-quality data to provide value.
"Cato's data lake provides an enormous advantage in that area. Its convergence of rich networking data and security sources, coupled with its sheer scale, enables Cato to train algorithms in unique ways. Our current work is only the start of AI and ML innovation."
Cato offers products and services designed to help organizations transform their networking and security infrastructure, the company indicated. It partners with MSSPs, MSPs, VARs and other technology providers and allows them to incorporate its SASE solution into their offerings.