Device Inventory Drill-Down Enhancements in Cato SASE: Deeper Visibility, Smarter Troubleshooting

Introduction

Cato has introduced a recent update to its Device Inventory feature, adding new drill-down views and per-device connectivity insights. These enhancements allow administrators to monitor usage, troubleshoot issues, and strengthen security with greater precision. By extending the visibility of device attributes, applications, and domains, the update makes Device Inventory a more powerful tool for daily operations and long-term policy management.

What Device Inventory Is and Why This Update Matters

Device Inventory is part of Cato’s IoT/OT Security service. It passively analyzes WAN-bound and outbound traffic to discover and classify IT, IoT, and OT devices—without agents. This information is presented in the Cato Management Application (CMA) to give administrators a central view of all connected devices.

The recent update adds deeper drill-down views and device-specific connectivity insights. This builds on existing capabilities such as grouping devices by site, user, manufacturer, or type, and extends the Quick View to show which applications and domains a device is using. The result is a single place where administrators can identify devices, analyze behavior, and tie findings directly into security policies.

Where to Find the New Enhancements

You can access Device Inventory under Home > Devices > Inventory in the CMA.

• Device Inventory Page: Now includes detailed per-device drill-down with connectivity insights, applications, and domains.
• Device Dashboard: A complementary overview tool showing trends and security events, with clickable widgets that filter straight into Inventory for deeper analysis.

This seamless integration between dashboard summaries and detailed inventory views provides a faster way to pivot from anomaly detection to root-cause investigation.

How the Update Improves Daily Operations

Faster Troubleshooting

When users report issues, admins can open the affected device entry and immediately see its applications, domains, and connectivity insights. This reduces time spent switching between pages or guessing root causes.

Stronger Security Hygiene

Inventory drill-downs reveal if IoT or OT devices are connecting to unusual domains. Combined with dashboard widgets such as Top IoT/OT Services or Devices by Threat, this makes it easier to spot misconfigurations or compromised devices before they cause harm.

Policy Precision

Firewall rules in Cato can already use Device Attributes (e.g., Device Type = IP Camera or Manufacturer = Dell). The new insights make those rules smarter by exposing the actual device behavior, helping teams refine allow/deny policies that align with zero-trust principles.

Device Management Integrations: What They Add

Cato integrates with systems such as Microsoft Intune, Zoom, and CrowdStrike. These connectors enrich Device Inventory with external metadata—like OS version or managed/unmanaged status—improving asset identification.

It’s important to note: integrations enhance inventory intelligence but do not provide posture checks. Posture validation is handled separately through Device Posture Profiles and the Cato Client.

Policy Design with Device Attributes and Posture

• Device Inventory Attributes (identity): category, type, model, OS, manufacturer, OS version.
• Device Posture Profiles (security state): compliance checks like anti-malware, disk encryption, firewall.
   

You can combine both in firewall rules. For example:

• Allow access only if Device Manufacturer = Dell AND Device Posture = Disk Encryption Enabled.
• Block all Internet traffic from Device Type = IP Camera.

This dual approach enforces least-privilege access and strengthens zero-trust alignment.

Operational Guidance and Known Limitations

• Licensing: Device Inventory (IoT/OT Security) requires a separate license.
• Best Practices: Enable TLS Inspection and configure Cato as your DHCP server for more accurate classification and MAC detection.
• Protocols: Device classification relies on DHCP, HTTP, MAC, TCP/IP, or FTP identifiers; other protocols may yield limited results.
• Visibility Window: Devices not generating WAN/outbound traffic for three days will not appear in Inventory.
• Data Consistency: IP reuse or multiple IPs within 24 hours may cause duplicates or merges in device listings.
• Feature Rollout: New updates are deployed gradually; availability may vary across accounts during activation.

Advantages at a Glance

• Deeper per-device visibility with applications, domains, and connectivity insights.
• Faster troubleshooting through dashboard-to-inventory pivots.
• Improved security hygiene and IoT/OT anomaly detection.
• Precision policy design using real-time Device Attributes.
• Stronger zero-trust enforcement when combined with posture checks.

Ready to experience the power of Cato SASE Device Inventory firsthand? Schedule a free consultation with our experts today and explore how drill-down enhancements, IoT/OT anomaly detection, and zero-trust policy design can transform your enterprise network security.

FAQs

What exactly changed in the recent Device Inventory update?

The update introduced detailed drill-down views that show per-device applications, domains, and connectivity insights. This is designed to help administrators monitor usage, troubleshoot issues, and improve security posture.
 

Where do I see these new details in the CMA?

Navigate to Home > Devices > Inventory. Select a device entry to access its Quick View and drill-down details. The update expands this view to include application and domain interactions plus connectivity insights.
 

Do I need a license for Device Inventory?

Yes. Device Inventory is part of the IoT/OT Security service and requires a separate license. Only with this license can you view the full inventory and use Device Attributes in firewall rules.
 

Can I combine Device Inventory conditions with Device Posture checks?

Yes. Device Attributes (identity) and Device Posture Profiles (security state) can be combined in firewall rules with an AND relationship. This ensures only devices that match both criteria are allowed.
 

Do third-party integrations support posture validation?

No. Integrations like Microsoft Intune and Zoom enrich device intelligence in Inventory but do not provide posture checks. Device Posture validation is handled by the Cato Client.
 

Why do some devices disappear or appear duplicated?

Devices without WAN/outbound traffic for three days are removed from Inventory. IP reuse or multiple IPs within 24 hours can cause duplicates or merges. DHCP and TLS settings also affect detection accuracy.
 

What best practices improve Device Inventory accuracy?

Enable TLS Inspection, configure Cato as the DHCP server (instead of only relaying), and review three-day traffic windows to ensure devices remain visible and accurately classified.