Using Cato Device Inventory for Better IoT and OT Security Visibility

Using the New Cato Device Inventory for Better Security

Cato just dropped a fresh update for the Device Inventory feature, and it's a game-changer for how you see your network. We’re talking about new drill-down views and per-device connectivity insights that make monitoring a breeze. These tweaks help you watch usage and fix bugs with total precision. By showing more about device types, apps, and domains, this update turns your inventory into a powerhouse for daily work and long-term safety rules.

What is Device Inventory and Why Do You Need It?

Think of Device Inventory as a core part of Cato’s IoT/OT Security service. It works behind the scenes, looking at traffic to find and label IT, IoT, and OT gadgets without needing any clunky software agents. You see all this in the Cato Management Application (CMA).

To be honest, the best part of this update is the deep dive you get into how each device connects. It builds on the basics—like sorting by site or maker—and adds a "Quick View" for apps and domains. Have you ever wondered exactly what your office printers are talking to? Now you can see it and lock it down in one spot.

Start with Cato SASE Today

Where to Find the New Enhancements

You can access Device Inventory under Home > Devices > Inventory in the CMA.

• Device Inventory Page: Now includes detailed per-device drill-down with connectivity insights, applications, and domains.
• Device Dashboard: A complementary overview tool showing trends and security events, with clickable widgets that filter straight into Inventory for deeper analysis.

This seamless integration between dashboard summaries and detailed inventory views provides a faster way to pivot from anomaly detection to root-cause investigation.

How This Update Makes Your Life Easier

Faster Troubleshooting When someone says the Wi-Fi is slow, you don't have to guess. Just open their device entry. You’ll see every app and domain they’re using right away. In my experience, this saves hours of clicking around different screens.

Better Security Habits Does your smart fridge really need to talk to a random server in another country? These drill-downs show you weird connections before they turn into a crisis. We've all seen how one bad IoT gadget can mess things up, right?

Smarter Rules Your firewall can already use Device Inventory tags like "IP Camera." But now, those rules are even sharper because you see actual behavior. It helps you build a "zero-trust" setup that actually works.

Also Read: How the Cato Client Becomes the Identity Anchor for Zero Trust Access

Plugging in Your Other Tools

Cato plays nice with Microsoft Intune, Zoom, and CrowdStrike. These links add extra "juice" to your Device Inventory by pulling in data like OS versions. Just a heads-up: these links help you know what the device is, but they don't check its health. That part is still handled by your Posture Profiles and the Cato Client.

Mixing Identity with Health Checks

You can mix and match two things in your firewall rules:

1. Inventory Attributes: Who are you? (Dell laptop, Linux, etc.)
2. Posture Profiles: Are you safe? (Is your disk encrypted?)

Picture this: you can make a rule that only allows a Dell laptop if its disk encryption is turned on. Or, you could just block every IP camera from touching the public internet. It’s all about giving the least amount of access needed.

Tips and Things to Watch Out For

• Licensing: You need the IoT/OT Security license to see all this.
• Accuracy: Turn on TLS Inspection. Also, let Cato handle DHCP if you can. It makes the data much cleaner.
• The 3-Day Rule: If a device stays quiet for three days, it disappears from the list.
• Messy Data: Sometimes IPs get reused, which might cause a double entry for a day.

Also Read: Device-Aware WAN Firewall Policies in Cato SASE

Device Management Integrations: What They Add

Cato integrates with systems such as Microsoft Intune, Zoom, and CrowdStrike. These connectors enrich Device Inventory with external metadata—like OS version or managed/unmanaged status—improving asset identification.

It’s important to note: integrations enhance inventory intelligence but do not provide posture checks. Posture validation is handled separately through Device Posture Profiles and the Cato Client.

Policy Design with Device Attributes and Posture

• Device Inventory Attributes (identity): category, type, model, OS, manufacturer, OS version.
• Device Posture Profiles (security state): compliance checks like anti-malware, disk encryption, firewall.
   

You can combine both in firewall rules. For example:

• Allow access only if Device Manufacturer = Dell AND Device Posture = Disk Encryption Enabled.
• Block all Internet traffic from Device Type = IP Camera.

This dual approach enforces least-privilege access and strengthens zero-trust alignment.

Operational Guidance and Known Limitations

• Licensing: Device Inventory (IoT/OT Security) requires a separate license.
• Best Practices: Enable TLS Inspection and configure Cato as your DHCP server for more accurate classification and MAC detection.
• Protocols: Device classification relies on DHCP, HTTP, MAC, TCP/IP, or FTP identifiers; other protocols may yield limited results.
• Visibility Window: Devices not generating WAN/outbound traffic for three days will not appear in Inventory.
• Data Consistency: IP reuse or multiple IPs within 24 hours may cause duplicates or merges in device listings.
• Feature Rollout: New updates are deployed gradually; availability may vary across accounts during activation.

Advantages at a Glance

• Deeper per-device visibility with applications, domains, and connectivity insights.
• Faster troubleshooting through dashboard-to-inventory pivots.
• Improved security hygiene and IoT/OT anomaly detection.
• Precision policy design using real-time Device Attributes.
• Stronger zero-trust enforcement when combined with posture checks.

Ready to experience the power of Cato SASE Device Inventory firsthand? 

Schedule a free consultation with our experts today 

Key Takeaways

• Granular Visibility: The update adds per-device drill-downs for applications and domains, moving beyond basic hardware identification.
• Proactive Security: Dashboard-to-inventory pivots allow admins to jump from a high-level threat alert to a specific device’s behavior in one click.
• Zero-Trust Integration: You can now combine Device Attributes (what it is) with Posture Profiles (how safe it is) for hyper-specific firewall rules.
• Agentless Discovery: It remains 100% agentless, passively analyzing traffic to find every connected gadget on your WAN.

FAQs

What exactly changed in the recent Device Inventory update?

The update introduced detailed drill-down views that show per-device applications, domains, and connectivity insights. This is designed to help administrators monitor usage, troubleshoot issues, and improve security posture.
 

Where do I see these new details in the CMA?

Navigate to Home > Devices > Inventory. Select a device entry to access its Quick View and drill-down details. The update expands this view to include application and domain interactions plus connectivity insights.
 

Do I need a license for Device Inventory?

Yes. Device Inventory is part of the IoT/OT Security service and requires a separate license. Only with this license can you view the full inventory and use Device Attributes in firewall rules.
 

Can I combine Device Inventory conditions with Device Posture checks?

Yes. Device Attributes (identity) and Device Posture Profiles (security state) can be combined in firewall rules with an AND relationship. This ensures only devices that match both criteria are allowed.
 

Do third-party integrations support posture validation?

No. Integrations like Microsoft Intune and Zoom enrich device intelligence in Inventory but do not provide posture checks. Device Posture validation is handled by the Cato Client.
 

Why do some devices disappear or appear duplicated?

Devices without WAN/outbound traffic for three days are removed from Inventory. IP reuse or multiple IPs within 24 hours can cause duplicates or merges. DHCP and TLS settings also affect detection accuracy.
 

What best practices improve Device Inventory accuracy?

Enable TLS Inspection, configure Cato as the DHCP server (instead of only relaying), and review three-day traffic windows to ensure devices remain visible and accurately classified.