Universal Zero Trust Network Access (ZTNA)

Cato’s Universal ZTNA uses a single risk-based policy to control user access to sensitive data using identity and a variety of access context attributes including device security posture, user geography, application risk, and compliance ratings. Cato consistently enforces ZTNA policies across its global cloud service and all users regardless of their location – office, home, or remote.

Cato evaluates connected device posture, including operating system and patches, anti-virus, disk encryption, device firewall, geographic location, and device certificate at connection and throughout the session. If a posture check fails, Cato can terminate the user’s connection entirely or block access to specific resources until the device becomes compliant. Continuous device posture evaluation strengthens the security posture of organizations by ensuring devices meet a minimum set of requirements, reducing the risk of data breaches from compromised endpoints.

Remote users often complain about application performance degradation, impacting their productivity. This is typically a result of an unreliable internet connection and traffic backhauling to a central location for security inspection.

The Cato SASE Cloud Platform includes a global private backbone that features robust optimization and QoS capabilities, targeted to deliver optimized access to cloud and on-premises resources from anywhere. With Cato, remote users connected to The Cato SASE Cloud Platform enjoy the same optimized application access as users at office locations, ensuring optimal user experience and maximum productivity, without security compromises.

Cato natively supports browser-based clientless access to private applications for users who can’t use the Cato Client. Admins can easily publish applications to a web portal, create access policies, and enable instant secure application access for any user. Cato’s clientless access requires minimal setup and can be deployed with secure authentication from an external SSO and MFA provider of your choice or using Cato’s user database.

Cato provides administrators and auditors a dedicated dashboard to monitor remote user connectivity and activity. The dashboard shows currently connected users, their location, their source device and posture, and their application usage analytics. One-click filtering allows further per-user analysis, for related networking, access, and security events which can support the creation of new access policies.

Cato Universal ZTNA client supports Windows, MacOS, iOS, Android, and Linux for maximum coverage, regardless if the device is corporate-owned or BYOD. To help admins seamlessly migrate from their legacy VPN to the Cato Universal ZTNA, central deployment via common Mobile Device Management (MDM) is supported. A self-service portal for user provisioning is available for external contractors and enterprises who do not use MDMs.