Next-Generation Anti-Malware (NGAM)

Cato’s NGAM detects zero-day and polymorphic malware in real-time. In partnership with SentinelOne, a machine learning algorithm maps connections between thousands of data points to return a verdict of benign, suspicious, or malicious. Real-time zero-day malware protection eliminates the dependency on legacy sandboxing solutions that overburden IT teams and hurt the user experience.

Policies are simple to manage, and administrators can define allow, and block actions based on context such as Internet or WAN destinations, source (user, IP address, Host), application, and more. Scanning exceptions can be specific or apply to the entire account. With Cato’s NGAM organizations can adopt a stricter security approach while maintaining the agility to meet business needs with policy changes taking effect globally in just minutes.

More than 90% of web traffic is encrypted and enterprises must inspect it for threats. Cato’s SASE Cloud performs TLS inspection at scale, eliminating the need to size and scale legacy security appliances. Inspection policies can be granularly applied, allowing organizations to inspect as much traffic as desired. Enabling TLS inspection has no impact on performance and allows Cato’s NGAM complete visibility to detect and block malware across all traffic.

Cato’s NGAM supports multiple file types and can scan multiple levels within nested archive files. Archive files are held until the engine confirms that the entire contents of the files are free from malware. Encrypted and password-protected files cannot be scanned but can be blocked by policy rules. These features help secure organizations by addressing one of the techniques used by threat actors to bypass security engines.

Cato’s NGAM scans every file at wire speed, continuously evaluating the files against a signature and heuristics database that is continuously updated and optimized by Cato. Customers can replace the anti-malware engine of traditional firewalls and UTMs, ensuring that all files are evaluated against a comprehensive and up-to-date malware prevention database without the constraints of fixed appliance resources.