Combatting Insider Threats: Cato Networks Expands ZTNA Capabilities

By Greg Tavarez, TMCnet Editor  |  July 18, 2023

Insider threat incidents have seen a 44% increase over the past two years, resulting in an average cost of $15.8 million per incident, according to the Ponemon Institute.

The reason behind this trend is rather straightforward. With the implementation of layoffs and the adoption of hybrid work models, the vulnerability to insider threats has significantly escalated. Within this context, disgruntled employees, IT personnel or external attackers who have obtained credentials and seek to exploit elevated privileges pose substantial risks to enterprises.

To address this challenge, the concept of Zero Trust Network Access, or ZTNA, was introduced. Its purpose was to provide users with secure access solely to the essential resources required, while continuously monitoring and scrutinizing network traffic after admission. This approach enabled IT organizations to identify and mitigate risks associated with any user.

Still, ZTNA solutions solely implement access controls for remote users and neglect in-office users, thereby complicating access management. They lack the necessary security measures to consistently inspect traffic flows. This is exposing enterprises to potential attacks from authorized users. Additionally, the absence of AI and machine-learning (ML) algorithms within these solutions prevents the identification of suspicious activities indicative of emerging threats.

So, to make ZTNA more effective, Cato introduced new enhancements to its Cato SASE Cloud. A key addition is the implementation of a unified ZTNA policy, allowing consistent application of access controls regardless of a user's location, whether inside or outside the office. This policy revolves around user identity and takes into account various parameters such as device posture, location and time of day.

To ensure comprehensive control over IT administration, Cato also improved its role-based access control functionality. This enhancement enables secure and precise access management for converged networking and security teams. As enterprises embrace SASE, the demand for a unified management platform that covers networking, security, and access roles has grown. Cato caters to this need by offering globally defined or site-specific roles for networking, access, and security personnel. These roles can be customized to grant editing or viewing capabilities for individual features provided by Cato SASE Cloud, including Internet Firewall, TLS Inspection and DLP Configurations.

"For too long, ZTNA solutions have focused on secure remote access only,” said Gur Shatz, Chief Operating Officer at Cato. “But securing internal access is just as important, particularly with today's hybrid workforce. The work our team has done today makes ZTNA even easier and more effective, letting an enterprise secure access for a user in working remotely or in the office with the same policy."

In addition, Cato added enhanced prevention of DNS-based attacks. Cato now inspects DNS requests to identify and block domains used for DNS tunneling, crypto miners, dynamic DNS, malicious domains and C&C domains, as well as AI detections of domains used for phishing that are newly registered or created by DGAs.

"It is no secret that lack of access control and authorization is a go-to weakness for threat actors,” said Etay Maor, Senior Director of Security Strategy, Cato. “They buy and sell privileged accounts on the Dark Web, offer discovery services and even during discussion with them they have advised companies to 'check granted privileges for users, to make them maximum reduced privileges and access only exact applications'."

All enhancements are currently available at no additional charge to Cato customers.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]