Cato Networks Unveils World’s First Auto-Adaptive Threat Prevention Engine in a SASE Platform to Stop Attacks Before Compromise

Cato Networks Unveils World’s First Auto-Adaptive Threat Prevention Engine in a SASE Platform to Stop Attacks Before Compromise

Cato Dynamic Prevention proactively stops stealthy, multi-stage attacks by correlating long‑term behavior in real time, automatically adapting and enforcing security polices

TEL AVIV, Israel, March 3, 2026 – Cato Networks, the SASE leader, today announced the world’s first auto-adaptive threat prevention engine in a SASE platform, enabling enterprises to proactively block advanced threats using legitimate tools and targets. Cato Dynamic Prevention continuously evaluates activity in full context, correlating signals from across Cato’s sensors over months of activity. Once malicious behavior is identified, Cato automatically adapts and enforces restrictions across related actions from threat actors—stopping threats early without adding operational overhead or requiring IT or SOC intervention.

“From a CISO perspective, the biggest risk today is that advanced attacks don’t arrive as a single event. They develop quietly over time, spread across users, sites, and systems, and exploit the gaps between disconnected tools,” said Giles Ashton-Roberts, chief information security officer at Swissport International AG, a global leader in airport ground services and air cargo handling with 360+ sites, Microsoft Azure and Amazon Web Services (AWS) instances, and 26,000+ users on the Cato SASE Platform.

“At Swissport, we operate in a truly always‑on environment. There’s no downtime when you’re supporting hundreds of airport locations across the globe,” said Ashton-Roberts. “In that kind of environment, delayed detection directly impacts our ability to respond. The Cato Dynamic Prevention launch is emblematic of why unifying all security and networking signals into a single platform matters, because only with that level of visibility and context can security teams respond fast enough to stop threats before they disrupt critical operations.”

Advanced Threats Continue to Evade Enterprise Defenses

Advanced attacks increasingly blend into normal enterprise activity by abusing legitimate tools and targets. Rather than triggering a single high-confidence alert, threat actors execute a series of low-signal actions over time, each appearing benign in isolation. This approach allows malicious behavior to evade traditional, point-in-time inspection and remain undetected during the early—and most preventable—stages of an attack.

Security point solutions are typically not built to identify these patterns. Operating in silos, they lack the context needed to correlate activity across time, hosts, and networks. Even when threats are eventually detected, response is often manual and delayed, giving threat actors time to persist, move laterally, and escalate impact. According to Gartner®, “61% of enterprises lack full-time threat hunting experts and rely on reactive analysts repurposing their time, leaving teams underfunded, misaligned, and vulnerable.”¹

This critical gap between detection and timely prevention is where advanced threats succeed, and where security point solutions fall short.

Cato Dynamic Prevention Stops Advanced Threats with Real-Time, Behavior-Based Threat Prevention

Cato Dynamic Prevention closes the gap by identifying and automatically stopping advanced threats that evade point-in-time inspection. Built natively into the Cato SASE Platform, Cato Dynamic Prevention continuously correlates months of security and networking activity in real time across Cato’s full range of inline sensors—such as DLP, IPS, and NGAM—and out-of-band engines to identify behavior-based threats that appear benign in isolation. Once identified, Cato dynamically applies adaptive rules, blocking high-risk activity in real time.

As a result, enterprises gain:

• Reduced risk exposure: Address threats earlier by identifying and stopping malicious activity before it escalates.
• Stronger security posture: Protect proactively against the misuse of legitimate tools and previously unseen behaviors.
• Greater IT and SOC efficiency: Reduce false positives and manual investigation, allowing IT and security teams to focus on higher-value work.

“Enterprises are already struggling to stop advanced threats that unfold quietly over time, and with the explosion of AI and autonomous agents, the threat landscape is accelerating exponentially. Threat actors abuse trusted tools and valid credentials, knowing most defenses still analyze isolated events and rely on humans to connect the dots for more complex attack chains,” says Lior Cohen, vice president of product management, security and management at Cato Networks. “Cato Dynamic Prevention changes the game by continuously understanding behavior in context, predicting the threat actor’s next move, and enforcing protection automatically that would only impact true positive threats. As a result, this stops potential threats before a breach ever takes shape.”

Cato Networks, a leader in SASE and AI security, delivers secure, zero-trust access everywhere to thousands of customers worldwide. Built for organizations operating across all cloud and hybrid environments, the Cato SASE Platform unifies networking, security, and access, providing them as elastic, modular capabilities that organizations can easily adopt and grow over time. Cato combines the Cato Cloud, a purpose-built global network, with simplified operational experience, all delivered across a robust, AI-driven platform. With Cato, organizations modernize confidently, operate with greater resilience, and innovate faster, without added complexity or risk.

Picture: Shlomo Kramer, Co-Founder and CEO – Photo credit: Eclipse Media and Leonid Yakobov