Book a FREE consult now

We'd love to give you a full tour of our solutions.

Book a FREE consult

Published on:

January 16, 2024

Cato’s Intrusion Prevention System (IPS) inspects inbound and outbound, WAN and Internet traffic, including SSL traffic. IPS can operate in monitor mode (IDS) with no blocking action taking place. In IDS mode, all traffic is evaluated and security events are generated.

The Cato IPS is comprised of several layers of protection:

Behavioral Signatures: Cato IPS looks for deviation from normal or expected behavior of the system or the user. Normal behavior is identified by using Cato’s big data analytics and our deep traffic visibility across many networks. For example, an outgoing HTTP connection to an unknown URL containing a suspicious TLD. Following research that was conducted by Cato Research Labs, such traffic is likely to be malicious.Reputation Feeds: Leveraging both in-house and external intelligence feeds, the Cato IPS can detect or prevent inbound or outbound communication with compromised or malicious resources. Cato Research Labs analyzes many different feeds, validates them against traffic in the Cato Cloud, and sanitizes them to reduce false positives before applying them to production customer traffic. Feeds are updated on an hourly basis without any involvement of the customer.Protocol Validation: Cato IPS validates packet conformance to the protocol, reducing attack surface from exploits using anomalous traffic. Known Vulnerabilities: Cato IPS protects against known CVEs, and rapidly adapts to incorporate new vulnerabilities into the IPS DPI engine. An example of this capability is how Cato IPS blocks the Eternal-Blue exploit used extensively to spread ransomware within organizations.Malware Communication: Cato IPS can stop outbound traffic to C&C servers based on reputation feeds, and network behavioral analysis.Geolocation: Cato IPS enforces a customer-specific geo-protection policy, optionally stopping traffic based on the source and/or destination country.Network Behavioural Analysis: Cato IPS can detect and prevent inbound/outbound network scans.

 

Written by:
Dhivya Srinivasan
Book a demo now

We'd love to give you a full tour of our NaaS solutions.

Book a demo now

SASE SD-WAN

What are the Security Challenges of 5G Networks?

Read article

What are the types of Internet Access?

Read article

Internet access without complications

Read article

Can't find the answer?
Ask us directly.

We've build a huge library with all there is to know about IT networks and security. If you're looking for some deep information, than this is the place to be.
Reach out to us

What we promise

Monthly trails & demos
You're always up-2-date
We're here to help, 24/7
We're always down to business
Ask and we'll answer
Seamless site integration
Simple solutions for big problems
Monthly trails & demos
You're always up-2-date
We're here to help, 24/7
We're always down to business
Ask and we'll answer
Seamless site integration
Simple solutions for big problems