Cato Networks Launches Auto-Adaptive Threat Prevention Engine

Cato Networks, a provider of SASE solutions, has announced the debut of Cato Dynamics Prevention, an auto-adaptive threat-prevention engine on its SASE platform.

Proactive defense against compromise

The new solution was designed to proactively stop stealthy, multi-stage attacks – continuously evaluating activity in full context – and correlate signals from across Cato’s sensors over months of activity.

The solution automatically adapts and enforces restrictions across related actions from threat actors once malicious behavior is identified. This stops threats early without adding operational overhead or requiring IT or SOC intervention.

“Enterprises are already struggling to stop advanced threats that unfold quietly over time, and with the explosion of AI and autonomous agents, the threat landscape is accelerating exponentially. Threat actors abuse trusted tools and valid credentials, knowing most defenses still analyze isolated events and rely on humans to connect the dots for more complex attack chains,” said Lior Cohen, vice president of product management, security, and management at Cato Networks. 

“Cato Dynamic Prevention changes the game by continuously understanding behavior in context, predicting the threat actor’s next move, and enforcing protection automatically that would only impact true positive threats. As a result, this stops potential threats before a breach ever takes shape.”

Resolving the gap between detection and timely prevention

According to Cato Networks, there’s a significant gap between detection and timely prevention where advanced threats succeed and where security point solutions fail.

Advanced attacks blend into normal enterprise activity by abusing legitimate tools and targets. 

Threat actors are able to execute a series of low-signal actions over time with each appearing benign in isolation – allowing malicious behavior to evade traditional, point-in-time inspection and remain undetected during the early stages of an attack.

Cato Dynamic Prevention identifies and automatically stops advanced threats that evade point-in-time inspection.

The engine is built natively into the Cato SASE Platform and continuously correlates months of security and networking activity in real time across Cato’s full range of inline sensors and out-of-band engines to identify behavior-based threats that appear benign in isolation. 

Cato touts reduced exposure and improved SOC efficiency

Cato applies adaptive rules to block high-risk activity in real time once a threat is identified.

Among the benefits to an enterprise from the engine include:

• Reduced risk exposure: The ability to address threats earlier by identifying and stopping malicious activity before it escalates.
• Stronger security posture: Protect proactively against the misuse of legitimate tools and previously unseen behaviors.
• Improved IT and SOC efficiency: Reduces false positives and manual investigation, allowing IT and security teams to focus on higher-value work.

“From a CISO perspective, the biggest risk today is that advanced attacks don’t arrive as a single event. They develop quietly over time, spread across users, sites, and systems, and exploit gaps between disconnected tools,” said Giles Aston-Roberts, chief information security officer at Swissport International AG. 

“At Swissport, we operate in a truly always-on environment. There’s no downtime when you’re supporting hundreds of airport locations across the globe. The Cato Dynamic Prevention launch is emblematic of why unifying all security and networking signals into a single platform matters, because only with that level of visibility and context can security teams respond fast enough to stop threats before they disrupt critical operations.”

Security is essential to requirements related to distributed work and AI deployments. Learn more about Aryaka’s latest Unified SASE as a Service 2.0 platform, which features Zero Trust Network Access and AI security capabilities.