A risk-based approach restricts access to specific resources and capabilities within applications. Credit: Putilich / Getty Images SASE platform provider Cato Networks has introduced a new risk-based application access control for combatting security threats and productivity challenges posed by remote working and bring your own device (BYOD). The vendor said that with its new control, enterprise policies can consider real-time device context when restricting access to capabilities within corporate applications, as well as internet and cloud resources. The announcement comes amid calls from global governments for organizations to assess and improve their cybersecurity defenses in response to ongoing military and cyber tensions surrounding the Russia-Ukraine conflict.New access control uses converged device contextIn today’s threat landscape, user identity alone is not sufficient for zero-trust network access (ZTNA) or BYOD risk assessment, Cato stated in a press release. Identity spoofing and rogue personal devices pose significant security threats, and so an enforcement solution with contextual awareness to balance user productivity with risk mitigation is required, it added.To address the challenge, Cato is embedding continuous device context assessment throughout its cloud-native software stack the Cato Single Pass Cloud Engine (SPACE). This will continuously assess the posture of a user’s device, acting when the device falls out of compliance. By exposing context attributes, they become available across all current and future Cato capabilities to enable granular control over user application access, the firm explained. Device context attributes include anti-malware type as well as the presence of a client-side firewall, full disk encryption, and patch levels, with information gathered by the OPSWAT OESIS framework as part of the Cato Client. Device context restricts user access to specific resources and capabilitiesThrough device context, user access can be restricted to specific resources and capabilities, allowing IT teams to create access policies that balance users’ real-time risk posture with their need for resource access, Cato said. Use case examples include: When working from a personal device remotely, a user could be given permissions to upload to the collaboration platform but not download data, with no other resources available. When working from a corporate device, the same user could be given download permissions with read-only access to financial systems, ERP and CRM systems granted.When working from a corporate device with current anti-malware, a user could be given read and write access to the collaboration platform, financial systems, and file shares.Access to all resources may be blocked when users appear to be working from any device in an unusual geolocation, such as a warzone.“We’re excited to be partnering with Cato Networks,” commented Hamid Karimi, vice president of technology alliances and OEM at OPSWAT. “By utilizing the OESIS Framework to access endpoint metadata, Cato’s converged, cloud-native SASE platform enables enterprise IT teams to establish granular policies that reduce the attack surface.” Related content feature Some strategies for CISOs freaked out by the specter of federal indictments Experts at this year's RSA Conference offered strategies to help CISOs cope with the prospect of facing federal indictments over their handling of cyber incidents. By Cynthia Brumfield May 10, 2024 7 mins CSO and CISO Legal Security Practices interview Strong CIO-CISO relations fuel success at Ally CIO Sathish Muthukrishnan and CISO Donna Hart have forged a partnership steeped in Ally’s culture of radical candor that keeps the financial services firm secure and innovative. By Dan Roberts May 09, 2024 9 mins CIO CSO and CISO IT Leadership news Zscaler shuts down exposed system after rumors of a cyberattack Initially dismissing rumors, Zscaler now says it did have a system exposed but nothing important has been accessed. By Shweta Sharma May 09, 2024 3 mins Data Breach Cyberattacks news Palo Alto launches AI-powered solutions to fight AI-generated cyberthreats The suite is powered by Palo Alto’s proprietary solution, Precision AI, which integrates machine learning, deep learning, and generative AI technologies. By Prasanth Aby Thomas May 09, 2024 3 mins Generative AI Security Software PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe