Cato Networks\u2019 new deep learning algorithms are designed to identify malware command and control domains and block them more quickly than traditional systems based on domain reputation, thanks to extensive training on the company\u2019s own data sets.\nCato, a SASE provider based in Tel Aviv, announced the new algorithmic security system today. The system is predicated on the idea that domain reputation tracking is insufficient to quickly identify the command servers used to remotely control malware. That\u2019s because most modern malware uses a domain generation algorithm (DGA) to rapidly generate pseudorandom domain names \u2014 which the deployed malware also has a copy of.\nThis, essentially, hides the command server from traditional intrusion prevention systems, which would be quick to identify a falsified IP or specific domain name. All a bad actor has to do is register one of the domain names that could be generated by the DGA, and it should be able to evade detection.\nHence, the idea here is to tackle the DGA itself. The company\u2019s algorithm identifies domains that aren\u2019t usually visited by users, but whose names are common to DGAs, including common typographical errors for well-known brands. (e.g., \u201cMicrosoftt.com\u201d or similar.) It also applies deep learning to network traffic, which is done remotely in Cato\u2019s cloud to minimize impact on user experience, discovering destination domains and inferring whether or not traffic is malicious.\nThe use of AI and machine learning in the product is interesting as far as it goes, according to Avidthink principal Roy Chua, but the really exciting news is that this could be the beginning of a trend in malware prevention.\n\u201cThis is the beginning of [Cato] dynamically blocking an increasing amount of malware,\u201d he said. \u201cAnd the platform can potentially be used to stop other types of threats \u2014 it\u2019s the framework that\u2019s important.\u201d\nPart of the reason for the apparent efficacy of Cato\u2019s product, noted Chua, is its use of a broad set of user data collected by the company. While he spoke highly of Cato\u2019s reputation, Chua noted that it\u2019s important to understand exactly what any security vendor is doing with each user\u2019s data.\n\u201cIt can see all the traffic and it can aggregate all customers,\u201d he said. \u201cIf you\u2019re expecting the security vendor to do the hard work for you, you have to put your trust in them, and it\u2019s important for customers to do their due diligence.\u201d\nCato confirmed that the new DGA tracking system would be available to all users of its IPS product immediately, and that it would not change the current pricing structure for its offerings.