A risk-based approach restricts access to specific resources and capabilities within applications. Credit: Putilich / Getty Images SASE platform provider Cato Networks has introduced a new risk-based application access control for combatting security threats and productivity challenges posed by remote working and bring your own device (BYOD). The vendor said that with its new control, enterprise policies can consider real-time device context when restricting access to capabilities within corporate applications, as well as internet and cloud resources. The announcement comes amid calls from global governments for organizations to assess and improve their cybersecurity defenses in response to ongoing military and cyber tensions surrounding the Russia-Ukraine conflict.New access control uses converged device contextIn today’s threat landscape, user identity alone is not sufficient for zero-trust network access (ZTNA) or BYOD risk assessment, Cato stated in a press release. Identity spoofing and rogue personal devices pose significant security threats, and so an enforcement solution with contextual awareness to balance user productivity with risk mitigation is required, it added.To address the challenge, Cato is embedding continuous device context assessment throughout its cloud-native software stack the Cato Single Pass Cloud Engine (SPACE). This will continuously assess the posture of a user’s device, acting when the device falls out of compliance. By exposing context attributes, they become available across all current and future Cato capabilities to enable granular control over user application access, the firm explained. Device context attributes include anti-malware type as well as the presence of a client-side firewall, full disk encryption, and patch levels, with information gathered by the OPSWAT OESIS framework as part of the Cato Client.Device context restricts user access to specific resources and capabilitiesThrough device context, user access can be restricted to specific resources and capabilities, allowing IT teams to create access policies that balance users’ real-time risk posture with their need for resource access, Cato said. Use case examples include: When working from a personal device remotely, a user could be given permissions to upload to the collaboration platform but not download data, with no other resources available. When working from a corporate device, the same user could be given download permissions with read-only access to financial systems, ERP and CRM systems granted.When working from a corporate device with current anti-malware, a user could be given read and write access to the collaboration platform, financial systems, and file shares.Access to all resources may be blocked when users appear to be working from any device in an unusual geolocation, such as a warzone.“We’re excited to be partnering with Cato Networks,” commented Hamid Karimi, vice president of technology alliances and OEM at OPSWAT. “By utilizing the OESIS Framework to access endpoint metadata, Cato’s converged, cloud-native SASE platform enables enterprise IT teams to establish granular policies that reduce the attack surface.” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe