Israel-based SASE (secure access service edge) provider Cato Networks has announced a security service edge (SSE) offering, Cato SSE 360, that includes Cato DLP, a capability for data loss protection across business applications that allows for customizable rules.\n\nAlong with SSE 360, Cato is also offering a new expert certification for the SSE architecture.\n\n"Traditional SSE architectures are mostly proxy-based solutions which have limited visibility and control over WAN traffic as they only take into account the traffic from users to the internet," says Boaz Avigad, director of product marketing at Cato Networks. "However, at some point they\u2019ll need to cover data centers, on-prem and cloud. Cato SSE 360 does that."\n\nSSE is defined by Gartner as a collection of integrated, cloud-centric security capabilities that facilitate safe access to websites, SaaS and in-house applications. A typical SSE solution secures web access through secure web gateways, cloud access security brokers (CASBs), DLPs and zero trust network access (ZTNA). It is a subset of SASE that does not include certain features, such as integrated SD-WAN.\n\nDLP can be considered a watchdog program that protects data assets as they flow to and from enterprise applications. It scans and blocks users from sending critical files or sensitive information, such as credit card or customer details, in an insecure manner. The rules followed by legacy DLP to do this, according to Cato, are limited, inaccurately block legitimate activities, and allow illegitimate ones.\n\nCato DLP uses machine learning \n\nCato DLP attempts to solve this problem using a proprietary machine learning algorithm that identifies and allows for the customization of rules.\n\nFor instance, rather than explicitly blocking defined activities for applications\u2014such as "commit" on GitHub, or "send" with an email attachment in Outlook\u2014Cato DLP allows for expressive rules to be created (such as "block uploads"), which are then implemented across all relevant applications for all related actions.\n\n"Datatypes scanned by DLP are sometimes inaccurate because we are doing a template match with regular expressions (REGEX)," explains Avigad. "The machine learning capability we have added monitors and understands the behavior of each data type to identify anomalies."\n\nCato SSE 360 offers path to full SASE\n\nCato is also offering SSE 360 customers a migration path to a full suite of SASE cloud-native security capabilities\u2014including firewall-as-a-service (FWaaS), advanced threat prevention, and managed threat detection and response (MDR)\u2014by connecting websites, remote workers, and cloud resources to the Cato SASE cloud. \n\nMeanwhile, the new Cato certification is specifically designed for SSE. The focus will be on SWG, CASB and ZTNA, according to Avigad.\n\n"SSE expert certification will have five sessions dedicated to each separate component of the SSE solution and is due to be released in next two weeks," says Avigad.\n\nIt is intended for users particularly interested in the SSE segment of SASE and is open for pre-registration.\n\nCato SSE 360 with Cato DLP is available now, having had early partial availability in April 2022 for a subset of customers.