Cato: Cybersecurity Threat Insights

Cato_blog featured image

In the first quarter of 2021, 190 billion traffic flows passed through the SASE Network of Cato.


With this in mind, the organization set out to dissect and identify new pitfalls and critical trends related to cybersecurity. They have just published their findings in the SASE Threat Research Report, and now, we present the five crucial highlights that will help you gauge the strength of your network security.

Crucial Insights from the SASE Research Report of Cato Networks

1. Top 5 Threat Types in 2021

Using machine literacy to identify high-risk dangers and authenticated security incidents, Cato capably identified and observed the most common types of attacks. These include:


  • Network Scanning – CATO detected the attacker testing different ports to see which services are running and are most vulnerable.
  • Reputation – There were inbound or outbound messages pointing to known-bad domains or IP addresses.
  • Vulnerability Scan – The attacker uses a vulnerability scanner that runs against the systems of a company.
  • Malware – This was seen proliferating within the network traffic.
  • Web Operation Attack – The bad actor tried to take advantage of a web application vulnerability, similar to cross-site scripting (XSS) or SQL injection.
The threat types above prove that cyberattackers accomplish espionage operations on a company’s systems. They can also successfully gain original access (as demonstrated by the quantity of inbound and outbound suspicious business flows).

2. Regional Bans Produce a False Sense of Security

The latest news attributes the top cybercrime and other online vicious acts to a small set of countries only.


It might seem logical that having firewall rules to block businesses to and from these countries would enhance security. Still, these domestic bans produce a false sense of security. The immense quantity of vicious attempts originates in the US, which counts for more than the four largest sources (namely, Venezuela, China, Germany, and Japan) put together. Regional restrictions have little to no impact because top malware sources and command and control servers are in the US.

3. Cyberattackers Prey upon Remote Administration Tools

Remote access and administration tools like TeamViewer grew significantly prevalent during the pandemic. These tools empowered businesses to continue performing their tasks despite an unforeseen and mandatory transition to remote work.


But keep in mind, these tools are desirable for cyberattackers as well. These malicious actors will try to phish credentials for these services. Then, they will use them to gain direct access to the resources of a company. RDP is now a common delivery vector for ransomware. An inadequately secured TeamViewer allowed the Oldsmar water treatment hack to be possible.

4. Legacy Software and PHP are Constant Targets

By breaking down the Common Vulnerabilities and Exposures (CVEs) most targeted by cyberattackers, intriguing trends are revealed. The first is that vulnerabilities related to the programming language, PHP, are extremely notorious. This substantially permits an attacker to succeed in remote code execution (RCE).


Another significant takeaway is that cyberattackers are targeting age-old dangers lurking on company networks. Cyberattackers are generally surveying for unsubstantiated and defenseless systems that are greater than twenty times old.

5. Business Traffic Flows Are Not Always Predictable

Dissecting the business network traffic flows demonstrates that Microsoft Office and Google operations are the two most typically used cloud apps in company networks.


Nevertheless, that is not to say that they are the only frequent network flows on enterprise networks. The average organization has additional traffic on TikTok than Gmail, LinkedIn, or Spotify. These TikTok flows put enterprise security in danger. Bad actors take advantage of consumer operations to distribute malware or phishing content, and the use of unsanctioned apps creates fresh weaknesses and implicit attack vectors within the network of a company.

Enhance Your Network Visibility and Cybersecurity with Cato

The latest SASE Threat Research Report from Cato demonstrated the significance of deep network visibility and understanding for enterprise security. While some trends (similar to the exploitation of remote access issues) may have been expected, others were much less.


Cato was qualified to accomplish this report grounded on the deep visibility given by its SASE network. Choosing to partner with Cato to achieve this standard of visibility is necessary for your company’s protection and so that you can pinpoint the pitfalls within your network.

Ready to Get Started?

Ready to
Get Started?

Connecting with MEC provides you with access to globally recognized technology brands and a range of premium value-added services.