Cato introduces SIEM and deep network insight tool

2 min read Networks & Network Services
Cato Networks has introduced Cato Instant*Insight, the first time SIEM capabilities have been included at no cost in a secure access service edge (SASE) platform. Cato Instant*Insight leverages the convergence of networking and security into Cato SASE platform to eliminate deployment complexity, upfront investment, and the learning curve previously required with traditional event managers, SIEMs, and network analysis tools.

“From its founding, Cato realiSed that converging networking and security into the cloud would simplify all aspects of networking. Cato Instant*Insight attests to that vision. With our SASE platform, we’re able to deliver the kind of visibility out-of-the-box that previously required extensive custom integration and development,” says Shlomo Kramer, CEO and co-founder of Cato Networks. “Cato Instant*Insight let us find the ‘needle in the haystack’ in minutes,” says Lars Norling, Director of IT Operations at ADB Safegate, a provider of airport efficiency and productivity solutions. “We build complex queries to filter through millions of events just by clicking on values on the side of the screen. Especially for smaller IT teams, Instant*Insight is a game changer. It lets them work together like a large NOC or SOC without investing tens if not hundreds of thousands of dollars on custom integration and forensic tools.”

"I'm very impressed with Instant*Insight," says Tomy Joseph, Director of IT Infrastructure at Coolsys, a leader in the commercial refrigeration and HVAC industry. "We can use it right away to troubleshoot all sorts of problems, like our VoIP disconnects or security incidents, by mining a massive repository of security and networking data.”

SASE Enables Advanced Root Cause Analysis Without the Pain or Cost of a SIEM

For years, IT’s fragmented view of the network has hampered problem resolution and prevention. Developing a timeline of events required mastering a range protocols and APIs just to retrieve the necessary data from networking and security appliances. Data interpretation and normalisation technologies were needed to store event data in common format for analysis. Querying and utilising this information required specialised skills and knowledge. Finally, IT was left having to store and

maintain this massive data warehouse. All of which made root cause analysis difficult and impractical for many enterprises.

Cato Instant*Insight addresses these problems by organising the millions of networking and security events tracked by Cato into a single, queryable timeline. IT teams can quickly filter the millions of networking and security events tracked by Cato to arrive at root cause. Key to Cato Instant*Insight is the Cato’s SASE architecture. First defined in Gartner’s Hype Cycle for Enterprise Networking, 2019, SASE converges many disparate network and network-security capabilities including SD-WAN, SWG, CASB, SDP/ZTNA, DNS protection, and FWaaS onto a global, cloud-native platform. As such, all networking and security events are already stored in a common data warehouse maintained by Cato.

More specifically, Cato Instant*Insight solves a number of challenges of delivering SIEM capabilities in three ways:

·Automated aggregation consolidates all security and networking events into one massive data warehouse without any effort. No additional agents are needed to extract, or code required to normalise data.

·Faceted search makes Cato Instant*Insight very adaptable and still easy to use. All variables and parameters are presented for easy querying. Network and security professionals simply select the requisite items to construct the necessary queries.

·The network analysis workbench is a built-in interface for data mining. There’s no need to purchase an additional data analysis tool to piece together the timeline of networking and security problems. Instant*Insight correlates all events into a single timeline, filtered through this simple interface.