Catoのシステムカテゴリについて

昨今UTMや次世代ファイアウォール、更にWebProxyといった製品からのリプレースが多くなり、そこで多くの人が気にされているのが、アプリケーションやWebフィルタのカテゴリ数です。
Cato Networksのナレッジベース等には公開されていないので、CMA（Cato Management Application ）から抽出してカウントしたところ、2025年5月時点では84のカテゴリがありました。

さてCatoでプリセットされているシステムカテゴリの一覧が以下の通りです。（英語版です）

Category	Description
Education	Training and trade schools, including: online courses, vocational training, software training, and skills training.
Code Assistants	AI-powered tools that assist in writing, debugging, and optimizing code across different programming languages.
Gambling	Online gambling, lottery, casinos, and betting agencies.
Criminal Activity	Content that explains how to carry out illegal activities, including crimes, intellectual and copyright violations, etc...
Computers and Technology	General knowledge related to computer and technical information. Also includes SaaS and sites that deliver Internet services.
Leisure and Recreation	Recreational activities and hobbies including: zoos, public recreation centers, pools, amusement parks. Also includes hobbies, such as gardening, literature, arts & crafts, home improvement, home deﾌ...or, family, and so on.
Games	Computer or other games, information about game producers, or how to obtain cheat codes. Content about game-related publications.
Sex education	Sexual reproduction, sexual development, safe sex practices, sexually transmitted diseases, birth control, advice for better sex, products related to sexual enjoyment, and contraceptives.
Software Downloads	Downloading software and applications that are free, or request a donation. Including: open source software projects, screensavers, icons, wallpapers, ringtones, and so on.
Real Estate	Commercial or residential real estate services, including renting, purchasing, selling or financing homes, offices, and so on.
Shopping	Online shopping, catalogs, auctions, and ordering products. Excludes shopping for products and services that are part of a different category, such as health & medicine.
Keyloggers	Related to software agents that track a user's keystrokes. Keyloggers can also monitor their web surfing habits.
Chat and IM	Real-time messages, instant messaging, and chat services over the Internet. Also includes chat rooms.
CDN	Content Delivery Networks - Delivers content and data to third parties, including: ads, media, files, images, and Content Delivery video.
Network Protocol	Any protocol that is used as part of networking, for example: TCP and UDP.
Industrial Protocols	Communication protocols used in industrial control systems and operational technology (OT) environments.
Search Engines and Portals	Internet and web searches, including: newsgroups, images, directories, portals, yellow pages, and so on.
Travel AI Assistance	AI tools that help with trip planning, booking, navigation, and travel-related information.
Weapons	Selling, reviewing, and describing guns and other weapons. Includes content that is for sport and recreational weapons.
Media Streams	Streaming media content, movies, music, talk radio and so on.
Entertainment	Motion pictures, videos, television, music and programming guides, books, comics, movie theatres, galleries, artists or reviews on entertainment. Performing arts (including: theatre, vaudeville, opera, symphonies, and so on). Museums, galleries, artist sites, sculpture, photography, and so on.
Nudity	Full or partial nude depictions of the human body. Also includes content that does not have sexual intent, such as: nude paintings, artistic photo galleries, nudist or naturist sites with pictures of nude individuals.
Information Security	Internet and computer security content and discussion groups.
Undefined	Content that temporarily cannot be categorized.
Porn	Explicit sexual content, including: adult products such as sex toys, DVDs, and videos. Also, adult services such as videoconferencing, escort services, strip clubs, erotic stories and textual descriptions of sexual acts.
Advertisements	Advertisements, media, content, and banners.
Government	Content that is maintined by governmental or military organizations, departments, or agencies, including: police departments, fire departments, customs bureaus, emergency services, civil defense, counterterrorism organizations, and public hospitals.
Conversational AI	AI systems that engage in natural, human-like dialogues to answer questions, provide information, or perform tasks.
Spyware	Spyware and Adware that gather or track end-user information without explicit consent. Also includes advertisement pop-up windows and software installed on the user's computer.
Authentication Services	Services that help authenticate users with login and password.
Email	Email applications
Violence and Hate	Advocating , depticting, and explaining violence, includes: games, comic violence and suicide. Also content related to racism and hate crimes, such as Nazis, neo-Nazis, Ku Klux Klan, and so on.
Productivity	AI tools that support a wide range of tasks to improve efficiency and productivity in the organization.
AI Media Generators	AI applications that create or edit media content, including images, audio, video, and graphics.
Business Information	Corporate websites and content that is related to economics, marketing, and business management
Illegal Drugs	Content related to illegal, controlled, or abused drugs, such as: heroin, cocaine, and other street drugs. Also includes information on 'legal highs', such as: glue sniffing, misusing perscription drugs, and abusing other legal substances.
Health and Medicine	Information about health, healthcare services, fitness and well-being. Includes information about medical equipment, hospitals, drugstores, nursing, medicine, procedures, prescription medications, and so on.
Remote Access	Remote access tools that let other parties control network devices remotely. For example: RDP, VPN, TeamViewer, and so on.
Uncategorized	Content that is not assigned to a specific category.
Business Systems	Sites and apps that are used primarily for businesses. For example, CRMs.
Religion	Content related to faith, human spirituality or religious beliefs. Including: churches, synagogues, mosques and other houses of worship.
Voip Video	Voip and Video
Office Programs And Services	Apps and services used for productivity and office-work.
Generative AI Tools	Artificial Intelligence(AI) related tools and applications
SPAM	Refers to unsolicited and often irrelevant or deceptive electronic messages, typically sent in bulk, with the intention of advertising, phishing, or spreading malware
Travel	Travel and tourism information, including: online booking, airlines, hotels and accomodations, car rentals, regional and city information.
Questionable	Inappropriate humor, money-making schemes, and content that tries use the browser to manipulate the user in an unusual, unexpected, or suspicious manner.
Greeting Cards	Allows people to send and receive a wide variety of greeting cards over the Internet.
Beauty	Fashion or glamour magazines, beauty, clothes, cosmetics, and style.
File Sharing	Online storage and file sharing web sites and applications.
Online Storage	Storing data in the cloud and on the Internet.
Phishing	Phishing, pharming, and other sites that pretend to be a reputable site, usually to harvest personal information from users. We cannot provide examples because this content is generally taken down quickly.
Cults	Content related to interpreting, or influenceing real events through supernatural means including: astrology, spells, curses, magic powers, satanic, and supernatural beings. Also includes horoscope sites.
Hacking	Sites that promote or advise about computer hacking to gain unauthorized access to proprietary computer systems. Activities include: stealing information, perpetrating fraud, creating viruses, or illegal activities related to stealing digital information.
ERP And CRM	Apps that are used for ERP (Enterprise Resource Planning) and CRM (Customer-relationship management)
Military	Information on military branches, armed services, and military history.
Botnets	URLs, generally IP addresses, that are most likely part of a Bot network and are used to launch malware attacks. These attacks include: SPAM messages, DOS, SQL injections, proxy jacking, and other contacts.
Business Operations AI	AI systems that optimize workflows, automate processes, and enhance decision-making for businesses.
Personal Sites	Content about or hosted by specific individuals. Includes content hosted on commercial sites such as Blogger, and AOL.
Cheating	Related to academic cheating including: school essays and papers, copies of exams, plagiarism, and so on.
Writing Assistants	AI tools that help generate, improve, or edit text content for various purposes like emails, blogs, or creative writing.
Internet Conferencing	Audio and video conferences over the Internet.
Politics	Politics, philosophy, discussions, promotion of a particular philosophical viewpoint or position to promote a political cause.
Anonymizers	Enables anonymous surfing to other websites. Users may be trying to bypass web filtering or other purposes.
Hiring	Information about job listings, careers, job searches, resume writing, interviewing tips, employment agencies or head hunters.
Tasteless	Content that is offensive and inappropriate.
Web Hosting	Free or paid hosting services for web pages, and how to create, publish and promote them.
Healthcare AI	AI solutions that support medical diagnosis, patient care, and administrative tasks in the healthcare industry.
Vehicles	Vehicle reviews, purchasing, parts catalogs, trading, publications, journals, photos and discussions. Includes: motorcycles, boats, cars, trucks and RVs.
Compromised	Sites and apps that are known to be compromised in the previous 12 months.
General	Content that is a regular part of typical Internet surfing, including: research, kids, legal, and society
Database	Database applications such as MySQL, MsSQL, MongoDB, etc...
Parked domains	Parked sites: These are inactive, and generally reserved for later use. They most often do not contain their own content, and may display advertisements or say "Under construction," "Purchase this domain"
Software Updates	Related to agents that update apps and programs.
News	News and current events. Including: newspapers, newswire services, personalized news services, broadcasting sites, and magazines.
Network Utilities	Tools and utilities that are related to network communication.
Sports	Content related to sports teams, fan clubs, scores, and news. Includes professional, amateur and recreational sports.
PDF Converters	Websites and applications used for converting PDF files.
Alcohol and Tobacco	Content that promotes, or supports the sale of alcoholic beverages, or tobacco products and associated paraphernalia.
Web Posting	Web Posting sites such as Pastebin.
P2P	Peer to peer clients and access. Includes torrents, music and movie download programs.
DNS over HTTPS	DNS over HTTPS protocol and usage
Translation	Automatic language translation, especially content that allows users to see sites in other languages and bypass URL Filtering because the context is the URL for the translation service. Similar to the Anonymizers category.
Finance	Banking services and other types of financial information, such as loans, accountancy, actuaries, banks, mortgages, and general insurance companies. Does not include sites that offer market information, brokerage or trading services.
Malware	Malicious content including: executables, drive-by infection sites, malicious scripts, viruses, trojans, and code.

ざっとシステムカテゴリ（はじめから設定されているカテゴリ）を見ていただいたのですが、まずはこれだけあれば十分なカテゴリフィルターが設定できるかと思います。
必要に応じてカスタムカテゴリも作成できるので、あくまでも上記のカテゴリはシステム標準として見てください。（カテゴリは変動することがあります）

また個人的には注目しておきたいカテゴリとして、"Generative AI Tools"（生成AIツール）のカテゴリです。

Catoの特徴として、上記のシステムカテゴリはあらゆるフィルターで併用されるシステムカテゴリです。もちろんCatoのインターネットファイアウォールと呼ばれるWebフィルター、TLSインスペクションのバイパス設定のためのカテゴリとしても利用可能ですが、こちらはCASBやDLPといった機能でも同様にこちらのカテゴリ機能使っていきます。（単なるWebフィルター用のカテゴリではありません）

また、これらのカテゴリは日々アップデートしているため、数やカテゴリ表記は変わる可能性があります。

CatoのCASB（アプリケーション）ダッシュボード

CASB機能を保有している場合に利用できるダッシュボードでInline CASBにおいてCatoを経由したクラウドのアプリケーションを可視化することができます。
アプリケーションのリスク評価、シャドーITの有無など、CASB設定をしなくてもCatoを経由したアプリが自動的に可視化されるところがポイントです。

GenAI専用の可視化ダッシュボード

CASB機能を保有している場合、その中でも生成AIに関して検知したアプリを抽出するダッシュボードが作られています。
昨今ビジネスにおいて多くの生成AIが使われるようになり、現に5000以上の生成AIが存在するとも言われています。

ビジネスにおいて、生成AIを使わずに生産性を上げることは今後難しいですが、逆に個人での生成AIの利用は把握し、正しく利用できる状態にしておかなければ、ユーザーが組織では承認されない生成AIを使ってコンテンツを作り出す可能性があります。

特定のGenAIに対しての制御がしたい

生成AIアプリ自体を禁止することも重要ですが、やはり生産性向上の為には使う必要も出てきます。
例えば簡単なプロンプトを許可することや、生成AI上で作成されたコンテンツのダウンロードを禁止するなど要件が多岐に渡ります。

以下ChatGPTを制御する際のアクティビティ設定

ChatGPTについては、多くのアクティビティ（動作）を指定して制御することが可能

特定のGenAIに対して制御する例

参考までに例えば特定のGenAI（例ではDeepseek）を使ってファイルのアップロードだけをブロックしたいというケース。
話題の生成AIは使ってみないとわからないので、完全禁止とはいかないかもしれませんが、プライベートな情報を生成AIへ提供するのは危険な場合もあります。

以下のようにCatoのCASB機能を使えば簡単に特定のアプリを指定して、その中のActivitiy（動作）のみを選択し制御することができます。
このActivityはアプリによってCato側であらかじめ定義されています。

生成AIアプリ自体を使わせないのではなく、アプリによってはファイルアップロードなどを禁止することで個人情報や組織情報の流出を防ぐ対策も必要となります。

まとめ

今後SASEの選択肢には間違いなく、生成AIに対するコントロールは機能搭載の有無が重要なポイントとなると思っています。

単純な可視化、DLPによる情報漏えいはもとより、先進的なアプローチとしてLLMを使った自然言語による検知やAIモデルなどに対する可視化、制御などにも波及するかと思っています。
しかしまずは現状の可視化自体ができていなければそもそも更に先のアプローチも難しいです。
そのためにはインターネットへ抜ける通信をSASEですべて集めて、SWGやCASBといった機能によって可視化がとても重要です。（特に生成AIのアプリについては準備は始めたほうが良いでしょう）

今回はCatoの中でもシステムカテゴリに関するお問い合わせは増えている中で、SWGやWebフィルターとして利用することから始められるケースが増えてきましたが、やはり時代とともにAI利用についても先手を打つ対応が必要となるため、システムカテゴリに加えて、生成AIの可視化についても合わせて情報として乗せてみました。