Say Goodbye to Patching with the World's First SASE-native LAN NGFW from Cato Networks

First complete convergence of LAN and cloud firewalls taps SASE simplicity to close the 55-day patch gap

LONDON, March 12, 2025 /PRNewswire/ -- Cato Networks, the SASE leader, today announced the end of firewall patching and the security gaps left by disparate firewalls with the world's first SASE-native LAN NGFW. With the Cato LAN NGFW, Cato converges all firewall engines for seamless management and deep visibility from the cloud into the LAN. The Cato LAN NGFW is a native capability of the Cato SASE Cloud Platform, requiring no additional hardware, and is fully self-updating and self-maintaining, eliminating manual patching and emergency fixes.  

"Patching is a costly, time-consuming nightmare - a ticking time bomb if delayed. Legacy firewall appliance vendors experience over 20 high and critical vulnerabilities in a single year, which means that IT has no choice but to drop everything and act quickly before it's too late," says Ofir Agasi, vice president of product management at Cato Networks. "The Cato LAN NGFW flips the script, delivering always-up-to-date protection without the patching chaos of firewall appliances."

The 55-day Patch Gap Opens the Door to Threat Actors

For years, IT teams have faced challenges with traditional local firewall appliances. Managing individual policy sets adds complexity, while the lack of shared data context between appliances creates security gaps and limits end-to-end visibility.

Firewall appliances, meant to protect enterprise assets, have themselves become security risks, subject to their own critical vulnerabilities. The 2024 Verizon Data Breach Investigations Report (DBIR) found that organizations take an average of 55 days to remediate 50% of critical vulnerabilities. This prolonged window exposes enterprises to threats, increasing the risk of security breaches.

Faulty patches only exacerbate the risk posed by patching firewall appliances. According to Gartner®, "Many organizations have experienced outages attributed to patches not working as intended. These outages are often high profile, generating reputational damage as well as lost revenue. Faced with these risks, I&O organizations are justifiably conservative when it comes to high-velocity patching requests from security, especially for business-critical systems."¹

Cato LAN NGFW Revolutionizes Firewall Management

The Cato LAN NGFW, the latest expansion of the Cato SASE Cloud Platform, enables Layer 7, application-aware controls for local LAN segmentation while ensuring centralized policy enforcement. By converging all firewalls - Internet, site-to-site, and within the LAN - Cato simplifies policy management and delivers consistent enforcement using the security engine that achieved near-perfect protection on an independent security efficacy test from Frost & Sullivan.

The Cato LAN NGFW also enables enterprises to:

• Meet Compliance Requirements for Localized Traffic Control: Enforce security policies locally, allowing organizations to comply with regulations that mandate LAN traffic isolation.
• Transition from Legacy LAN Firewalls: Eliminate costly, resource-intensive standalone LAN firewalls while gaining application-aware segmentation and centralized policy enforcement.
• Simplify Security for Distributed Environments: Provide consistent, application-aware security across multiple locations without needing additional on-premises firewalls, ensuring Zero Trust enforcement across all locations.
• Secure East-West Traffic with Microsegmentation to Reduce Risk: Minimize lateral movement of threats with granular, application-aware segmentation policies for RDP, SSH, and SMB traffic aligning with NIST 800-207 Zero Trust principles.

The Cato LAN NGFW is generally available worldwide at no additional cost to Cato customers.

Cato Networks will be at Tech Show London's Cloud & AI Infrastructure 2025 on March 12-13 at ExCeL London. During the two-day event, Cato will be showcasing the Cato SASE Cloud Platform at stand CE060.

Resources

• [Image] Ofir Agasi
• [Product Page] Cato FWaaS
• [Blog] Expanding Enterprise Security with the Cato LAN NGFW
• [Report] Frost & Sullivan Report: Cato SASE Cloud Platform

Gartner Disclaimer

¹ Gartner, We're Not Patching Our Way Out of Vulnerability Exposure, Craig Lawson, Dale Gardner, January 2025

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

About Cato Networks
Cato Networks delivers enterprise security and networking in a single cloud platform. The SASE leader creates a seamless and elegant customer experience that effortlessly enables threat prevention, data protection, and timely incident detection and response. With Cato, organizations replace costly and rigid legacy infrastructure with an open and modular SASE architecture based on SD-WAN, a purpose-built global cloud network, and an embedded cloud-native security stack.

Want to learn why thousands of organizations secure their future with Cato? Visit us at www.catonetworks.com.

Media Contact
Cato Communications
press@catonetworks.com