Network security company Cato Networks has released an AI-powered system designed to identify and block domains used to control malware. Cato Networks’ new deep learning algorithms are designed to identify malware command and control domains and block them more quickly than traditional systems based on domain reputation, thanks to extensive training on the company’s own data sets. Cato, a SASE provider based in Tel Aviv, announced the new algorithmic security system today. The system is predicated on the idea that domain reputation tracking is insufficient to quickly identify the command servers used to remotely control malware. That’s because most modern malware uses a domain generation algorithm (DGA) to rapidly generate pseudorandom domain names — which the deployed malware also has a copy of. This, essentially, hides the command server from traditional intrusion prevention systems, which would be quick to identify a falsified IP or specific domain name. All a bad actor has to do is register one of the domain names that could be generated by the DGA, and it should be able to evade detection. Hence, the idea here is to tackle the DGA itself. The company’s algorithm identifies domains that aren’t usually visited by users, but whose names are common to DGAs, including common typographical errors for well-known brands. (e.g., “Microsoftt.com” or similar.) It also applies deep learning to network traffic, which is done remotely in Cato’s cloud to minimize impact on user experience, discovering destination domains and inferring whether or not traffic is malicious. The use of AI and machine learning in the product is interesting as far as it goes, according to Avidthink principal Roy Chua, but the really exciting news is that this could be the beginning of a trend in malware prevention. “This is the beginning of [Cato] dynamically blocking an increasing amount of malware,” he said. “And the platform can potentially be used to stop other types of threats — it’s the framework that’s important.” Part of the reason for the apparent efficacy of Cato’s product, noted Chua, is its use of a broad set of user data collected by the company. While he spoke highly of Cato’s reputation, Chua noted that it’s important to understand exactly what any security vendor is doing with each user’s data. “It can see all the traffic and it can aggregate all customers,” he said. “If you’re expecting the security vendor to do the hard work for you, you have to put your trust in them, and it’s important for customers to do their due diligence.” Cato confirmed that the new DGA tracking system would be available to all users of its IPS product immediately, and that it would not change the current pricing structure for its offerings. Related content analysis At RSA, Cisco unveils Splunk integrations, Hypershield upgrades At RSA Conference 2024, Cisco announced plans to integrate its XDR platform and Splunk’s SIEM, bolster its Hypershield AI-native security architecture, and add to its Duo access-protection software. By Michael Cooney May 06, 2024 5 mins Network Management Software Network Security Networking how-to Download our Zero Trust network access (ZTNA) enterprise buyer’s guide From the editors of Network World, this enterprise buyer’s guide helps network and security IT staff understand what ZTNA can do for their organizations and how to choose the right solution. By Josh Fruhlinger and Steve Zurier May 06, 2024 1 min Network Security Enterprise Buyer’s Guides news Network jobs watch: Hiring, skills and certification trends What IT leaders need to know about expanding responsibilities, new titles and hot skills for network professionals and I&O teams. By Denise Dubie May 06, 2024 6 mins Careers Data Center Networking feature IBM’s bets on AI and hybrid cloud pay off Three key differentiators of IBM’s AI and cloud offerings are cross-platform automation, integration with multiple clouds, and tie-ins to IBM professional services. By Jeff Vance May 06, 2024 9 mins Hybrid Cloud Network Management Software Cloud Computing PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe