Cato Networks introduces device context-driven access control to tackle remote working and BYOD risks

SASE platform provider Cato Networks has introduced a new risk-based application access control for combatting security threats and productivity challenges posed by remote working and bring your own device (BYOD). The vendor said that with its new control, enterprise policies can consider real-time device context when restricting access to capabilities within corporate applications, as well as internet and cloud resources. The announcement comes amid calls from global governments for organizations to assess and improve their cybersecurity defenses in response to ongoing military and cyber tensions surrounding the Russia-Ukraine conflict.

New access control uses converged device context

In today’s threat landscape, user identity alone is not sufficient for zero-trust network access (ZTNA) or BYOD risk assessment, Cato stated in a press release. Identity spoofing and rogue personal devices pose significant security threats, and so an enforcement solution with contextual awareness to balance user productivity with risk mitigation is required, it added.

To address the challenge, Cato is embedding continuous device context assessment throughout its cloud-native software stack the Cato Single Pass Cloud Engine (SPACE). This will continuously assess the posture of a user’s device, acting when the device falls out of compliance. By exposing context attributes, they become available across all current and future Cato capabilities to enable granular control over user application access, the firm explained. Device context attributes include anti-malware type as well as the presence of a client-side firewall, full disk encryption, and patch levels, with information gathered by the OPSWAT OESIS framework as part of the Cato Client.

Device context restricts user access to specific resources and capabilities

Through device context, user access can be restricted to specific resources and capabilities, allowing IT teams to create access policies that balance users’ real-time risk posture with their need for resource access, Cato said. Use case examples include:

• When working from a personal device remotely, a user could be given permissions to upload to the collaboration platform but not download data, with no other resources available. When working from a corporate device, the same user could be given download permissions with read-only access to financial systems, ERP and CRM systems granted.
• When working from a corporate device with current anti-malware, a user could be given read and write access to the collaboration platform, financial systems, and file shares.
• Access to all resources may be blocked when users appear to be working from any device in an unusual geolocation, such as a warzone.

“We’re excited to be partnering with Cato Networks,” commented Hamid Karimi, vice president of technology alliances and OEM at OPSWAT. “By utilizing the OESIS Framework to access endpoint metadata, Cato’s converged, cloud-native SASE platform enables enterprise IT teams to establish granular policies that reduce the attack surface.”