SASE platform provider Cato Networks has introduced new risk-based application access control to combat the security threats and productivity challenges posed by remote work and bring your own device (BYOD). The vendor said that with its new control, corporate policies can consider real-time device context when restricting access to corporate application features, as well as internet resources. and cloud. The announcement comes as governments around the world call on organizations to assess and improve their cybersecurity defenses in response to ongoing military and cyber tensions surrounding the Russia-Ukraine conflict.
New access control uses converged device context
In today’s threat landscape, user identity alone is not sufficient for Trustless Network Access (ZTNA) or BYOD risk assessment, Cato said in a press release. Identity theft and rogue personal devices are significant security threats, and therefore an app solution with contextual awareness to balance user productivity with risk mitigation is needed, he added. .
To address the challenge, Cato is integrating continuous device context assessment into its cloud-native Cato Single Pass Cloud Engine (SPACE) software stack. This will continuously assess a user’s device posture, taking action when the device is no longer compliant. By exposing context attributes, they become available across all current and future Cato features to enable granular control over access to user applications, the company explained. Device context attributes include anti-malware type as well as the presence of a client-side firewall, full disk encryption, and patch levels, with information gathered by the OPSWAT OESIS framework as part of the client cato.
Device context limits user access to specific resources and features
Using device context, user access can be limited to specific resources and capabilities, allowing IT teams to create access policies that balance users’ real-time risk position with their need for security. access to resources, Cato said. Examples of use cases include:
- When working remotely from a personal device, a user may be allowed to upload to the collaboration platform, but not upload data, with no other resources available. When working from a corporate device, the same user can be granted download permissions with read-only access to granted financial systems, ERP and CRM systems.
- When working from a corporate device with current anti-malware, a user can have read and write access to the collaboration platform, financial systems, and file shares.
- Access to all resources can be blocked when users appear to be working from any device in an unusual geolocation, such as a war zone.
“We are thrilled to partner with Cato Networks,” commented Hamid Karimi, Vice President of OEM and Technology Alliances at OPSWAT. “Using the OESIS framework to access endpoint metadata, Cato’s converged, cloud-native SASE platform enables enterprise IT teams to establish granular policies that reduce the attack surface.
Copyright © 2022 IDG Communications, Inc.