Cato Endpoint Protection (EPP)

Cato EPP scans over 300 file types for threats, including archives and packed files. It uses advanced rule-based analysis and machine learning algorithms, to identify known, polymorphic, and zero-day malware based on file characteristics analysis. Cato EPP uses heuristics and process behavioral analysis to detect suspicious and malicious activity in real-time. This capability enables the detection and prevention of fileless malware operating directly in the system memory, evasive exploits and zero-day attacks, and ”living-off-the-land” attacks that leverage legitimate tools for malicious purposes. To further minimize attack surface, Cato can block the use of USB drives with device control.

Responding to threats in real time is critical to minimizing the potential damage of a malware outbreak. However, delicate balance is often needed between automated response and user productivity. Cato provides administrators with the flexibility to adjust the containment policies to meet their organization security requirements including threat blocking, file quarantine, or process termination.

Cato EPP is fully managed through the Cato Management Application (CMA), seamlessly integrated with all other Cato SASE Cloud Platform capabilities. Administrators gain the advantage of overseeing the protected endpoints from a unified console, where user data, network information, and security policies are consolidated. Cato EPP saves administrators the need to integrate, maintain, and manage a standalone endpoint protection solution. Manual SIEM integration is also eliminated as all EPP events and alerts are now a native part of the Cato SASE Cloud platform.

Cato EPP is provisioned via the Cato Management Application (CMA) or through the Customer’s selected Mobile Device Management tool (MDM). Administrators can onboard and start protecting thousands of endpoints in a matter of minutes. Once installed, the Cato EPP agent runs in the background and is completely transparent to the end-user. No login is required, and users get instantly protected and alerted when a security event occurs on the endpoint. Ad-hoc malware scanning activities can be initiated by the user or by the administrator directly from the Cato Management Application.

Cato EPP events are stored in the same data lake with all other events generated by the various Cato SASE Cloud Platform engines. Cato XDR leverages high-quality endpoint data, alongside network-based sensors, for optimal AI/ML threat detection and investigation. Administrators can easily filter events by user or device seeing a unified list of all endpoint and network security events in one screen, enabling efficient incident investigation and response.