Cato Sets 45-Minute CVE Mitigation Benchmark
Company says agentic threat research and cloud-native architecture enable automated protection across global platform
Photo credit: Yifat Yogev
Cato Networks, an Israeli company which provides a cloud-native security platform for the AI era, said it has achieved what it believes is a new benchmark in vulnerability protection, reducing time-to-protect for newly disclosed CVEs (common vulnerabilities and exposures) to just 45 minutes.
The company said traditional CVE mitigation typically takes weeks, and even cloud-based approaches often require hours to move from disclosure to protection. By combining agentic threat research with its cloud-native architecture, Cato said it can now close that gap to minutes, with no customer action required.
“Attackers move in minutes. Appliance-centric security still moves in patch cycles,” said Shlomo Kramer, co-founder and CEO of Cato Networks. “Cato closes the gap by turning new CVE intelligence into protections deployed globally across our cloud service, with zero customer effort.”
Cato said legacy security models rely on a slow patching cycle involving vendor updates, customer testing, and deployment across distributed infrastructure. It argued that this approach cannot keep pace with the rising velocity of AI-driven exploit development.
According to NIST, CVE submissions increased by 263% between 2020 and 2025, while Verizon’s 2025 DBIR found that only about 54% of edge-device vulnerabilities are fully remediated within a year, with a median remediation time of 32 days.
Cato said its agentic system automates the full CVE response lifecycle, including monitoring disclosures, extracting indicators of compromise, reproducing exploits in a lab environment, generating and validating detection signatures, and deploying protections globally via its cloud platform.
Elad Menahem, SVP of Research at Cato Networks, said the key shift is operational. “Vulnerability response itself can now operate continuously and at machine scale,” he said.
The company said its cloud-native architecture enables rapid, automated protection delivery across its global network, removing the need for customer-managed patching and allowing security updates to be enforced centrally in near real time.