Cato Networks, a specialist in wide-area network (WAN) and secure access service edge (SASE) solutions, is turning its attention to local area networks (LANs) with “the first complete convergence” of LAN and cloud firewalls to close the 55-day patch gap with “the world’s first” SASE-native LAN next-generation firewall (NGFW) to “mark the end of firewall patching”.
Explaining the 55-day patch gap that opens the door to threat actors, Cato noted that the 2024 Verizon data breach investigations report (DBIR) found businesses take an average of 55 days to remediate 50% of critical vulnerabilities. This prolonged window exposes them to threats, increasing the risk of security breaches.
Firewall appliances that are meant to protect enterprise assets are seen as having become security risks, subject to their own critical vulnerabilities with managing individual policy sets for such technology adding complexity, while the lack of shared data context between appliances is creating security gaps and limits end-to-end visibility.
Cato also believes that faulty patches only exacerbate the risk posed by patching firewall appliances. It cited a report by research and consulting firm Gartner, We’re not patching our way out of vulnerability exposure, that said: “Many organisations have experienced outages attributed to patches not working as intended. These outages are often high profile, generating reputational damage as well as lost revenue. Faced with these risks, I&O organisations are justifiably conservative when it comes to high-velocity patching requests from security, especially for business-critical systems.”
The latest expansion of the Cato SASE Cloud Platform, called LAN NGFW, converges all firewall engines for “seamless” management and deep visibility from the cloud into the LAN. The Cato LAN NGFW is a native capability of the Cato SASE Cloud Platform, requiring no additional hardware, and is self-updating and self-maintaining, eliminating manual patching and emergency fixes, according to Cato.
“Legacy firewall appliance vendors experience over 20 high and critical vulnerabilities in a single year, which means that IT has no choice but to drop everything and act quickly before it’s too late,” said Ofir Agasi, vice-president of product management at Cato Networks. “The Cato LAN NGFW flips the script, delivering always-up-to-date protection without the patching chaos of firewall appliances.”
In practice, the Cato LAN NGFW enables Layer 7 application-aware controls for local LAN segmentation while ensuring centralised policy enforcement. By converging all firewalls – internet, site-to-site, and within the LAN – Cato said it can simplify policy management and delivers consistent enforcement using the security engine that, according to achieved an independent security efficacy test from Frost & Sullivan, achieved “near-perfect protection”.
Among the key benefits of the LAN NGFW is that it enables enterprises meet compliance requirements for localised traffic control, transitions from legacy LAN firewalls, simplifies security for distributed environments and security for distributed environments, and secures east-west traffic with micros segmentation to reduce risk.
Businesses can enforce security policies locally, allowing them to comply with regulations that mandate LAN traffic isolation while eliminating costly, resource-intensive standalone LAN firewalls while gaining application-aware segmentation and centralised policy enforcement.
The product is seen as being able to provide consistent, application-aware security across multiple locations without needing additional on-premise firewalls, ensuring zero-trust enforcement across all locations. It can also minimise lateral movement of threats with granular, application-aware segmentation policies for RDP, SSH and SMB traffic aligning with NIST 800-207 zero-trust principles.