DLP keeps sensitive customer records safe with intent-based rules, says Cato
Cato Networks on Tuesday announced Cato DLP, a data loss prevention (DLP) engine added to the company’s SSE 360 service. Cato offers SSE 360 as a Security as a Service platform, offering enterprise customers a converged, cloud-native Security Service Edge (SSE) stack. SSE 360 is built into Cato’s Secure Access Service Edge (SASE) Cloud platform.
DLP systems protect corporate data assets, preventing the exchange or exposure of critical information or sensitive data such as credit card numbers or personal information.
SSE has emerged as a popular corporate cybersecurity buzzword since Gartner first identified the burgeoning security market in 2021, an outgrowth of the already-popular SASE market. SSE provides a similar enterprise security posture to SASE, minus the overlay of Software-Defined Wide Area Network (SD-WAN) services. SSE services and products include a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB) and Zero Trust Network Architecture (ZTNA).
Cato claims the addition of DLP to SSE 360 helps to unravel the operational complexity of legacy DLP systems. Cato says legacy DLP can slow down worker productivity by blocking legitimate activities, or, worse, do nothing to protect sensitive data in use by cloud apps, or other proprietary or unsanctioned tools.
“Cato DLP scans all network traffic for sensitive files and data as defined by the customer. More than 350 data types are currently identified by Cato covering universal sensitive data types, such as credit card numbers, and country-specific data types, such as postal codes. Once identified, DLP rules block, alert, or allow the action depending on customer-defined policies,” said the company.
Cato DLP employs “smart DLP rules” to help simplify security. Intent-based rules replace complicated interactions for each app. For example, administrators can generally “block uploads” rather than having to define rules and activities for each application. The service uses Machine Learning (ML) algorithms to detect rule anomalies and multi-layer protection to mitigate security threats on the network.
Security software vendors including Cato tout the importance of a single-stack solution for optimal performance and minimum complexity. Enterprise customers connect through Cato’s growing global network. The Points of Presence (PoPs) sport compute nodes with multiple processing cores. And each core runs CATO SPACE, the basis of Cato’s cloud SASE and SSE services, which it’s referred to as its “secret sauce.” SPACE – Single Pass Cloud Engine – manages all routing, optimization acceleration, decryption, and deep packet inspection. Cato uses dynamic flow orchestration to manage inbound customer edge tunnels, and applies just-in-time contextual security policy enforcement dynamically.
Cato noted that DLP is part of the SPACE architecture, so it’s fully converged with Cato’s other security products.
In July, Cato announced a new Point of Presence (PoP) in Copenhagen, Denmark which it promised would help to expand its enterprise network protection services across the Nordic region. The news marked the company’s second Nordic PoP and its 20th in Europe, the Middle East and Africa.
“The wave of cyberattacks targeting Nordic enterprises has only contributed to the demand for effective and efficient ways of protecting users, locations, and applications everywhere,” said Luca Simonelli, Cato’s VP of EMEA sales.
