Anas is an Expert in Network and Security Infrastructure, With over seven years of industry experience, holding certifications Including CCIE- Enterprise, PCNSE, Cato SASE Expert, and Atera Certified Master. Anas provides his valuable insights and expertise to readers.
Share it with friends!
Threats to your network are no longer limited to known malware or signature-based exploits. Modern enterprises need dynamic protection that works in real time, at cloud scale. Cato Networks delivers advanced threat prevention capabilities—Intrusion Prevention System (IPS), Anti-Malware, and TLS Inspection—all managed through a unified cloud-native architecture.
This blog shows how to enable and configure these security services in the latest Cato Management Application (CMA) and what to expect in terms of operational behavior.
Cato’s IPS engine runs at the network layer and is powered by both signature-based and behavioral detection.
You can also review threat severity and categories detected historically.
Cato’s Anti-Malware engine inspects downloaded files and executables in real time. It uses both known threat signatures and zero-day detection via machine learning models.
Anti-Malware logs are viewable under Monitoring > Security Events.
TLS (SSL) Inspection allows Cato to decrypt and inspect HTTPS traffic to detect threats hidden inside encrypted sessions.
⚠️ TLS inspection introduces overhead and may impact latency. It’s recommended to roll out in stages.
After enabling threat prevention, you can monitor detections under:
Use filters to sort events by source IP, severity, or blocked signature.
An enterprise with distributed branch offices started seeing spikes in CPU usage at multiple endpoints. After enabling TLS inspection and Anti-Malware selectively on file-sharing categories, they discovered embedded ransomware downloads in seemingly harmless zip files.
Using Cato’s logs, the IT team quickly isolated affected endpoints and blocked the application category globally.
No. You can scope TLS policies per site or category.
Only if you exclude their subnet or device identity from policies.
They’ll receive HTTPS warnings. Ensure your root cert is deployed via GPO or MDM.
They’re included in most standard Cato SASE subscriptions, but confirm with your sales rep.
Yes. Cato supports log forwarding via Syslog and REST API.
