Cato Networks identifies 6x more malicious domains using AI

Cato Networks recently revealed that it has employed artificial intelligence (AI) to detect malicious domains at a much higher rate than relying solely on reputation feeds. By incorporating AI technology, Cato Networks is able to identify six times more malicious domains and promptly block access to them in real time. This noteworthy achievement comes just two weeks after Cato Networks set a new record in speed for Secure Access Service Edge (SASE) with encrypted tunnels reaching 5 Gbps. Prior to this accomplishment, Cato Networks held the record at 3 Gbps.

The two latest updates - enhanced protection against threats and increased capacity for secure tunnels - demonstrate the significance of cloud-native structures in SASE.

AI technologies and expansive language models (like ChatGPT, for instance) have simplified the process for cybercriminals to create harmful code. Cato Networks' data scientists have created deep learning algorithms that utilize Cato's platform, which is based on cloud technology, and vast data resources to precisely detect malicious domains that often escape notice when relying solely on reputation and security feeds.

Relying solely on reputation feeds for detection is not dependable as users still mistakenly click on deceptive domains imitating reputable brands.

Cato's algorithms work by detecting newly established domains that are seldom visited by users and have letter arrangements often seen in DGAs, thus ensuring that access to such DGA-registered domains is restricted. Additionally, these algorithms effectively put an end to attempts of brand impersonation through an examination of various webpage elements like the favicon, images, and text.

Cato Research Labs regularly monitors a large number of network connection tries to DGA domains from over 1700 businesses using the Cato SASE Cloud. For instance, out of the 457,220 network connection attempts made to DGA domains during a specific period, only 66,675 (15%) were found in the 250+ threat intelligence feeds used by Cato. On the other hand, Cato's algorithms identified the remaining 390,000+ DGA domains, achieving an almost six times better result.

Executing a deep learning algorithm in real-time necessitates substantial computational power to prevent any negative impact on the user experience. The architectures based on physical appliances do not possess adequate resources for this purpose, and transferring data to the cloud for later analysis introduces considerable delays that hinder the possibility of running the algorithms in real-time.

Cato SASE Cloud offers these services. Cato's SPACE technology is a cloud-based design that transfers the handling of packets and security to the cloud, where computing power is more readily available compared to edge devices. In a matter of milliseconds, Cato examines data streams, identifies the intended destination, evaluates the level of risk associated with that domain, and derives actionable insights without causing any interruption to the user's online experience.

According to Elad Menahem, Senior Director of Security at Cato Networks, utilizing ML and AI is crucial in protecting against constantly changing, advanced, and elusive cyber-attacks. However, putting this into practice is more challenging than it may appear in advertising.

Machine learning algorithms require training and continuous training using top-notch data in order to deliver significant benefits. Cato's data reservoir offers a substantial edge in this aspect. By combining extensive networking data and security resources at a massive scale, Cato can train algorithms in unprecedented and distinctive manners. Our ongoing efforts represent merely the beginning of the innovation journey for AI and ML.

In addition to its focus on AI, Cato is also providing 5Gbps connections to various cloud providers. With the introduction of the new Cato cross-connect, users can establish private, fast layer-2 connections between Cato and any other cloud provider that is connected to Equinix Cloud Exchange or Digital Reality. Furthermore, an option for high availability (HA) will be offered to enhance reliability.