Adding CASB functionality to Cato’s SASE Cloud architecture is meant to make it easier for enterprises to protect against data breaches and cloud-delivered threats. Credit: Getty Images SASE vendor Cato Networks is adding fine-grained cloud access security broker (CASB) controls to its platforms. When employees working from home or branch locations log into SaaS services such as Office 365 or Dropbox or Salesforce, a CASB gateway can track the applications employees access, where they log in from, and sometimes even what they do when using those applications. Previously, Cato only offered limited CASB controls, enabling companies to allow or prohibit the use of particular SaaS tools, says Dave Greenfield, Cato’s director of technology evangelism. Now, individual behaviors can be controlled. For example, users might be allowed to download documents from certain cloud file-sharing providers but can only upload documents to a company’s preferred platform. “You can also take a broader approach and define categories based on security features in those products,” says Evin Safdia, Cato’s director of product marketing. “You can, say, allow file sharing only on platforms that are SOC 2 compliant and have [multi-factor authentication] as a feature,” he says. The use of SaaS applications can also be restricted along other criteria. “For example, during work hours, people can look at their personal Gmail but can’t send attachments,” says Safdia. The term SASE – which stands for Secure Access Service Edge – was coined by Gartner in 2019 to describe an architecture that combines SD-WAN with access control and security tools, all bundled as a cloud service. SASE typically includes five key pillars: integrated, cloud-based SD-WAN, firewall-as-a-service, a secure web gateway, zero-trust network access, and CASB. The Cato Cloud is already a strong offering, and adding CASB functionality is a smart move, says Scott Raynovich, founder and chief technology analyst at research firm Futuriom. “While Cato may not yet be considered a full-fledged CASB competitor, its strong offering in SASE will enable customers to add CASB without a lot of hassle,” he says. Cato’s existing SASE customers will be able to gain visibility into what SaaS applications are being used and get context and information behind these applications, as well as any compliance implications, says Roy Chua, founder and principal at research firm AvidThink. “The market is shifting to SASE, and in that context, Cato appears to be executing well by adding more capabilities in the SASE portfolio onto their unified platform,” he says. Cato CASB now part of Cato SASE Cloud Cato currently has 4,000 SaaS applications set up to use on its platform, and the number continues to grow as enterprise customers add more apps or Cato discovers new applications on its networks. SaaS applications are verified using Cato’s application credibility engine, which analyzes company information, compliance features and security capabilities so IT teams can decide if an app should be blocked, controlled, or allowed. “We’ve got machine learning algorithms that run in the background and pick up on any new applications on our backbone by all of our customers and can bring them into our environment,” Greenfield adds. The new CASB product is an additional cost for Cato’s SASE customers, but enabling it is as simple as flipping a switch, he says. The rate at which Cato is adding features, and the synergy between their new CASB features and existing functionality, speak to the value of a single converged platform, Chua says. Cato and other cloud-based SASE vendors will continue to leverage their cloud platforms to add more functionality, he says. “The next one that’s obvious is content-based protection, something like data loss prevention. It’s a natural progression of ever finer-grained protection.” In fact, it might be time to retire legacy categories altogether, Chua says. Terms like next-generation firewall, secure web gateway, and CASB are convenient but are quickly becoming less relevant. “The new generation of cloud security platforms, including cloud-centric SASE vendors like Cato, have the opportunity to think and build differently,” he says. Related content how-to Compressing files using the zip command on Linux The zip command lets you compress files to preserve them or back them up, and you can require a password to extract the contents of a zip file. By Sandra Henry-Stocker May 13, 2024 4 mins Linux news High-bandwidth memory nearly sold out until 2026 While it might be tempting to blame Nvidia for the shortage of HBM, it’s not alone in driving high-performance computing and demand for the memory HPC requires. By Andy Patrizio May 13, 2024 3 mins CPUs and Processors High-Performance Computing Data Center opinion NSA, FBI warn of email spoofing threat Email spoofing is acknowledged by experts as a very credible threat. By Sandra Henry-Stocker May 13, 2024 3 mins Linux how-to Download our SASE and SSE enterprise buyer’s guide From the editors of Network World, this enterprise buyer’s guide helps network and security IT staff understand what Secure Access Service Edge (SASE) and Secure Service Edge) SSE can do for their organizations and how to choose the right solut By Neal Weinberg May 13, 2024 1 min SASE Remote Access Security Network Security PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe