SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Massive cloud shield over office and datacenter network security
#
Firewalls
#
Digital Transformation
#
Hyperscale

Cato unveils Dynamic Prevention engine for SASE security

Fri, 6th Mar 2026
Author image
By Catherine Knowles, News Editor

Cato Networks has launched Cato Dynamic Prevention, which it describes as an auto-adaptive threat prevention engine built into its SASE platform.

Cato is positioning the product around a shift in attack patterns, where threat actors use legitimate tools and valid credentials over time. Such campaigns can look like routine activity when viewed as isolated events. Security teams often connect these sequences only after an incident, using multiple tools and manual investigation.

Cato Dynamic Prevention correlates security and networking telemetry across the Cato SASE Platform over extended periods. According to Cato, it evaluates activity "in full context" rather than relying on point-in-time inspection and standalone alerts. When the platform identifies behaviour it classifies as malicious, it applies restrictions inline across related actions.

Attack chains

The approach targets multi-stage attacks that progress through low-signal actions, where each step can appear benign. Over time, the pattern can indicate credential abuse, lateral movement, or preparation for data theft and disruption.

Cato argues that many security point products operate in silos and lack the context to connect activity across time, hosts, and networks. It also points to organisational constraints in threat hunting and investigation. The announcement cites Gartner research: "61% of enterprises lack full-time threat hunting experts and rely on reactive analysts repurposing their time, leaving teams underfunded, misaligned, and vulnerable."

The engine uses telemetry gathered across Cato's global platform, including networking and security signals. Cato says it correlates data over months and uses that history to identify behaviour-based threats that might not trigger a high-confidence alert at any single moment.

Inline enforcement

According to Cato, the engine applies adaptive restrictions automatically when risk conditions are met. Because enforcement happens inline, policy actions take effect as traffic flows through the platform rather than after an investigation step.

Cato frames the feature as a way to reduce manual work for IT and security operations teams and to limit the time an attacker can remain active in an environment. It also says the system avoids broad disruption by restricting only related actions associated with the identified behaviour.

Within Cato's platform, the engine draws on inputs from sensors and engines covering different security functions. Cato lists data loss prevention, intrusion prevention, and NGAM among the inline sensors feeding signals into the correlation layer, alongside out-of-band engines.

Swissport International, which uses Cato's platform, linked the launch to operational constraints in distributed environments.

"From a CISO perspective, the biggest risk today is that advanced attacks don't arrive as a single event. They develop quietly over time, spread across users, sites, and systems, and exploit the gaps between disconnected tools," said Giles Ashton-Roberts, Chief Information Security Officer, Swissport International.

Swissport operates airport ground services and air cargo handling across more than 360 sites and runs Microsoft Azure and Amazon Web Services instances. The organisation has more than 26,000 users on the Cato SASE Platform, according to Cato.

"At Swissport, we operate in a truly always‐on environment. There's no downtime when you're supporting hundreds of airport locations across the globe," said Ashton-Roberts. "In that kind of environment, delayed detection directly impacts our ability to respond. The Cato Dynamic Prevention launch is emblematic of why unifying all security and networking signals into a single platform matters, because only with that level of visibility and context can security teams respond fast enough to stop threats before they disrupt critical operations."

Cato also ties the product to broader changes in the threat landscape, including increased automation. It says attackers use trusted tools and valid credentials, betting that many defences still evaluate events in isolation.

"Enterprises are already struggling to stop advanced threats that unfold quietly over time, and with the explosion of AI and autonomous agents, the threat landscape is accelerating exponentially. Threat actors abuse trusted tools and valid credentials, knowing most defenses still analyze isolated events and rely on humans to connect the dots for more complex attack chains," said Lior Cohen, Vice President of Product Management, Security and Management, Cato Networks.

"Cato Dynamic Prevention changes the game by continuously understanding behavior in context, predicting the threat actor's next move, and enforcing protection automatically that would only impact true positive threats. As a result, this stops potential threats before a breach ever takes shape," Cohen said.

Cato says Cato Dynamic Prevention is generally available worldwide as part of the Cato SASE Platform.

Related stories
Turning security into a story: How managed service providers use reporting to drive retention and revenue
Barracuda spots 7 million device code phishing attacks
CommBank deploys AI to spot emerging fraud patterns
The real-time data solution to the AI energy problem
Commvault extends Clumio support to Google Cloud Storage

Top stories

Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
ISACA launches AI risk certification amid governance gap