Working with Application Control Policies in Cato

Introduction

In today’s hybrid work environments, managing which applications are allowed—or restricted—on your corporate network is critical to both productivity and security. Cato’s Application Control engine provides granular control over user behavior and application usage across the WAN and internet.
 

With the updated Cato Management Application (CMA), defining and enforcing application policies is both streamlined and deeply integrated into traffic visibility. In this blog, we’ll walk you through how to configure, monitor, and optimize Application Control policies using the current CMA interface—no guesswork, no outdated tabs.
 

What You’ll Learn

• How to enable and configure Application Control in Cato CMA
• Steps to create rules to allow or block apps by category, app name, or port
• How to use real-time analytics to audit app behavior
• Where to monitor violations and policy effectiveness
• Real-world use case: Blocking unsanctioned file-sharing tools

What Is Cato Application Control?

Application Control allows you to:

• Identify thousands of apps in real time using Layer 7 inspection and Cato’s application signatures
• Allow or block based on predefined categories (e.g., Social Media, File Sharing, Productivity)
• Apply granular policies based on source identity, site, group, or even time of day
• Enforce policies uniformly across all connected sites and mobile clients

This feature is available for all customers with Threat Prevention enabled.
 

How to Enable and Access Application Control

1. Go to Security > Application And Data Control from the CMA side menu
2. Toggle the Enable Application Control switch if not already enabled
3. Click + Add Rule to start creating custom control rules
4. Use predefined categories or search for a specific application (e.g., Dropbox)
5. Choose Allow or Block, and optionally add logging
6. Set scope: apply globally or by site/user group/time schedule
    

Real-World Use Case: Blocking Personal File Sharing Apps

Let’s say your compliance policy prohibits the use of personal file-sharing platforms like Dropbox or WeTransfer, but you still want to allow corporate OneDrive.

Solution:

• Navigate to Application Control rules
• Block Dropbox, WeTransfer, and Google Drive
• Allow OneDrive, scoped only to your corporate identity group (e.g., AD group or user tag)
• Enable log violation for all blocked categories for auditing

This keeps your file policies clean while enabling visibility on violations.

Monitoring Violations and Rule Hits

Monitor enforcement success and violations using:

• Analytics > Application Analytics → App usage over time by category
• Monitoring > Application Control Violations → Lists of blocked attempts
• Security Events > Threats → Filter by category: "Application Control"
   

Use this data to:

• Refine policies
• Justify new exceptions
• Identify shadow IT behavior

Tips for Effective App Control

• Start in Audit Mode: Begin with alert-only rules to gauge impact
• Leverage Identity Tags: Apply rules by AD group, not just by site
• Use Categories First: Block entire categories like "P2P" or "Proxy Avoidance" before drilling down
• Review Logs Weekly: Spot trends and adjust rules to reduce noise
• Align with Business Use: Don’t block tools your teams rely on—get buy-in first

FAQ Summary

Does Application Control require TLS inspection?

No, but enabling TLS inspection improves classification accuracy.
 

Can I block only specific app functions (e.g., file upload in Slack)?

Yes, but only when Cato’s DLP (Data Loss Prevention) is enabled.
 

Is reporting real-time or delayed?

Analytics data is near real-time; logs are updated every few minutes.
 

Can mobile users be included in App Control policies?

Yes. Rules apply to all users connected via the Cato Client.
 

Are custom applications supported?

Yes. You can define custom apps based on IP/port/domain and use them in Application Control rules.

With Cato Application Control, your IT team can effectively strike the balance between enabling productivity and enforcing security. Start with a few high-impact policies and evolve them as your network visibility improves. Click Here To Know More