Vulnerability protection is now less about knowing that a CVE exists but more about closing the gap before attackers can use it.
Cato Networks has revealed that it has reduced the time-to-protect for newly disclosed vulnerabilities to as little as 45 minutes by combining agentic threat research with its cloud-native Cato Cloud platform.
Traditional appliance-based security, which depends on update, testing, and deployment cycles, can be difficult to manage at scale. Cato says its cloud architecture lets it develop, validate, and deploy protections globally without waiting for each customer to patch or configure distributed appliances.
Cato says its approach is different
Cato says its 45-minute claim is different because the company is focused on network security across the enterprise, not WAF protection for applications.
Eyal Webber-Zvik, chief strategy officer at Cato Networks, told MSSP Alert, “To the best of our knowledge, there are no network security products or platforms that deliver a faster time-to-protect."
Cato says the speed comes from automating the full CVE response process. That includes watching for new disclosures, triaging the risk, extracting indicators of compromise, reproducing the exploit in a lab, creating a threat signature, testing it, and then deploying it globally.
“What makes Cato’s solution unique is the full agentic process that executes the entire cycle of monitoring, triage, IoC extraction, development, simulation, and global deployment,” Webber-Zvik said.
The company says this process runs with human supervision, but without people needing to perform every step by hand. That does not remove the need for patching. It is meant to give organizations protection while they patch.
What this means for MSSPs
For MSSPs, this is not just about the 45-minute number. It is the reduction in manual work. When a serious CVE is disclosed, an MSSP usually has to find out which customers are affected, wait for vendor updates, test the fix, schedule deployment, and watch for problems. That can include latency, packet drops, false positives, or broken traffic.
Cato says its architecture removes much of that work from the MSSP and the customer.
“Once a CVE is disclosed and protected against by Cato, the enterprise has time to patch their relevant systems without being at risk of exploitation,” Webber-Zvik said. “This is materially different from network security appliances managed by MSSPs, where the MSSP needs to triage the CVE, wait for the fix from the vendor, test the fix, schedule the deployment, and then monitor impact, such as added latency, packet drops, false positives, etc.”
Here is the important part. Cato is not replacing patching. Customers still need to patch affected systems, update applications, and keep proof for compliance. Cato is providing network-level protection that can reduce exposure while that work happens.
“In Cato’s solution architecture, the CVE mitigation at the network level has zero involvement or dependency on the MSSP or the end customer, who can focus on patching the vulnerable systems or applications,” Webber-Zvik said.
Proof matters
For MSSPs, speed claims need evidence. Partners will want to know when a CVE was detected, when a protection was created, when it was tested, when it was pushed, and whether customers saw any negative impact.
Cato says MSSPs receive notice when new IPS signatures are released.
“MSSPs are notified on any new IPS signature via the formal release notes,” Webber-Zvik said. “False positives have been proven to be near zero for years, and the impact on customers is non-existent, apart from the delivered security, as all the work and compute resources are Cato’s responsibility.”
If partners want to include the capability in managed security services, this reporting could become important during security reviews, compliance audits, or post-incident discussions. A customer may ask not only whether protection was available, but also when it was applied and what systems still needed patching.
AI is making response time more important
Cato is also linking the announcement to the rise of AI-assisted security research and AI-assisted attacks. Webber-Zvik pointed to Gartner research on AI-accelerated threats and network-based defense.
“Gartner just published a new research titled ‘
Beyond Mythos: The I&O Playbook for Responding to the AI-Accelerated Threat Landscape,’ where they clearly tell enterprises to ‘
Lead With Network-Based Defenses,’” he said. “This is exactly what Cato and our MSSP partners offer to customers, now at a record-breaking speed.”
Security work is becoming less manual. Instead of updating many appliances one by one, MSSPs and MSPs can use cloud-based controls that update in one place. While patching still matters, customers can get faster network-level protection with Cato while they patch. For MSSPs and security teams, this can mean fewer emergency updates, less testing, and more time helping customers understand risk, choose which patches come first, and prove the work was done.
