Cato Networks Introduces Smart Data Loss Prevention (DLP) Engine – The Fast Mode | Region & Cash

Cato Networks, provider of the world’s first SASE platform, introduced Cato DLP, the first Data Loss Prevention (DLP) engine to protect data across all enterprise applications without complex, cumbersome DLP rules.

Cato DLP is part of Cato SSE 360, the only Security Service Edge (SSE) architecture that provides full visibility, optimization and control of all traffic while providing a seamless migration path to full SASE transformation. Cato has also added the Cato SSE Expert certification, an extension of the industry-leading Cato SASE Expert certification, to increase understanding of the SSE architecture.

Cato DLP solves the operational complexities of legacy DLP

DLP has proven to be an effective tool for protecting data assets, scanning and blocking users from sending critical files or sensitive information such as credit card or customer details.

But legacy DLP had limitations. Too often, imprecise DLP rules block legitimate activity or allow illegitimate ones. A focus on public cloud applications has left sensitive data in proprietary or unauthorized applications unprotected by DLP. Investing in DLP does nothing to protect the organization from other threat vectors.

Cato DLP addresses these issues. Cato DLP scans all network traffic for customer-defined sensitive files and data. More than 350 data types are currently identified by Cato, including universal sensitive data types such as credit card numbers and country-specific data types such as zip codes. Once identified, DLP rules block, warn, or allow the action, depending on customer-defined policies.


Cato DLP is fully converged with Cato SSE 360, the security pillar of the Cato SASE Cloud. Application control rules provide granular DLP policies that apply to all applications and resources.

As part of the Cato Single Pass Cloud Engine (SPACE) architecture, Cato DLP is fully converged with Cato’s full suite of cloud-native networking and security capabilities, gaining deeper visibility into and control over network flows than traditional DLP solutions . Specifically, this means:

Facilitate deployment with intelligent DLP rules

DLP becomes easier to implement with Cato’s Smart DLP Rules. Instead of explicitly blocking defined activities for each application — for example, “commit” in GitHub, “send” with attachment in Outlook, or “copy” to external SharePoint folders — security teams can create rules that express their intent (“block uploads ’), which Cato then implements across applications for all intended actions.

Simplifying DLP operations with machine learning

The inaccuracies in old DLP rules often disrupt business operations. Instead of waiting to hear from angry users that they can’t process certain data, Cato DLP proactively identifies inaccurate DLP rules. Anomaly detection algorithms detect when DLP rules exceed predefined baselines and alert Cato’s security content teams to refine and improve out-of-the-box data types.

Improve the security posture with multi-layered protection

Cato examines traffic simultaneously across multiple security use cases, providing efficient multi-layered protection. Cato’s access control layer ensures users can only access authorized applications and prevents them from accessing unauthorized resources or malicious websites. Cato’s threat mitigation layer scans traffic for network-based threats and malicious content. All Cato inspections run in parallel, enabling line-rate performance even for encrypted traffic.

Cato SSE 360: security for today, ready for tomorrow

Together with Cato DLP, Cato announces Cato SSE 360, the only SSE platform with visibility, optimization and control of WAN, cloud and internet traffic.

Shlomo Kramer, CEO and co-founder of Cato Networks
Traditional SSE architectures alone are not enough to protect the enterprise. They have limited visibility and control over WAN traffic, increasing the need for multiple network and security architectures. What is needed is an architecture that provides visibility and control over all traffic to all applications and resources from all endpoints. Cato SSE 360 is the first SSE solution to meet this challenge.

Leave a Comment