Cato's Live Network Analysis Sheds Light on Cyberthreats

Unexpected Threats Emerge in Latest Cato Network Security Analysis

Written by James Anderson
May 25, 2021

You might think the majority of cyberthreats comes from Russia, but you'd be wrong.

Cyberthreats might not be as sexy as you think they are, but they still can cause serious damage.

Cato Networks‘ latest network security analysis tells a different story than how “exotic” headlines describe cyberattacks. High-profile cases involving foreign groups and extremely advanced attack methods have dominated the news lately, but cyberthreats often come in far more mundane packages.

Cato’s Etay Maor

For example, although the Russian SolarWinds hack dominated news coverage last year, U.S. locations accounted for the vast majority of attack sources in the first quarter.

“Blocking network traffic to and from ‘the usual suspects’ may not necessarily make your organization more secure,” said Etay Maor, Cato’s senior director of security strategy. “Threat actors are hosting their Command & Control servers on ‘friendly’ grounds, including the U.S., Germany, and Japan.”

Source: Cato Networks

In addition, Cato argues that cybercriminals more commonly harness older exploits, which makes security patches all the more important. Many of the exploits have existed for up to 20 years.

“While organizations always need to keep up with the latest security patches, it is also vital to ensure older system and well-known vulnerabilities from years past are monitored and patched as well,” Maor said. “Threat actors are attempting to take advantage of overlooked, vulnerable systems.”

According to Cato, attackers often went after software like vSphere, Oracle WebLogic and Big-IP. They also targeted hardware, such as routers that contain remote administration vulnerabilities.

Cato revealed data trends from the 850-plus enterprise networks it oversees in its Q1 SASE Threat Research Report. Cato based its findings on 190 billion network flows that ran through Cato private network backbone. Out of those flows, Cato’s security controls listed 16 billion events, 181,000 cyberthreats and 19,000 incidents.

Top Apps

Cato listed Microsoft Office, Google Apps, Skype/Teams, TeamViewer and AnyConnect as the five cloud applications people use most. However, TikTok accounted for a large number of flows. Indeed, TikTok flows out-totaled Gmail’s — and we’re talking about enterprise networks. The trading app Robinhood joined TikTok as another popular consumer app.

“The increase in consumer applications not only consumes bandwidth but poses a security risk to enterprises,” Maor said. “As the type of data flow and applications changes, so does the way in which threat actors exploit vulnerabilities, and in turn, the way enterprises secure their networks must change as well.”

According to the report, network discovery scans triggered the most events, followed by reputation-based communication.

Source: Cato Networks

Cato converges security and networking features into the same cloud-based platform, utilizing more than 60 global points of presence. The Tel Aviv, Israel-based company last month updated its partner program to reflect a more “MSP-centric” approach.