The potency of advanced persistent threats has changed the focus for a robust defense posture. A corrective strategy includes remedial and preventive actions.

Attacks to the network are gaining in sophistication. The potency of advanced persistent threats has changed the focus for a robust defense posture. Malicious content is camouflaged within legitimate behavior, disassembled, time-shifted and sent in innocuous fragments. To be then introduced into the network via a myriad of channels and a number of devices. The perimeter firewall is bypassed. The blind spots within the network are a favorite target from which to launch an attack on the network as a whole. Trojans can lie dormant, quietly accumulating resources over time before infecting the rest of the network. Threat Defender drills down to the device level to reveal the communication activity and eliminate these blind spots.

Cyber resilience assumes a breach when devising appropriate countermeasures for known and unknown attacks. Pattern-based intrusion detection and protection deep within the network is effective for known attacks. A corrective strategy includes remedial and preventive actions. Prevention includes anticipation and is founded on correlating actions with expected behaviors within the network. The data needed to successfully process the analysis must be as comprehensive as possible. Data is needed in depth from layer 2 up to layer 7. Threat Defender’s drill-down reporting accesses all the necessary data. The interactive reporting uses multiple intuitive dashboards and schedules to include historical and current data.

Attacks on the system are increasingly complicated, drawing on assets/devices distributed within the system. cognitix Threat Defender provides all the necessary inputs needed to construct a robust defense. The solution checks indicators of compromise in all incoming and outgoing traffic. This mitigates the behavior of Trojans within the system, seeking to contact their external “command and control” centers using Instagram comments. One attack vector is to re-combine/reassemble disparate code, not just within one physical network segment. Thus, making the information from all segments visible is an important factor to counter this attack.

The interactive reporting, using multiple intuitive predefined and personalized dashboards and schedules, includes historical and current data. More than 600 reporting combinations, graphs and matrices are available. The data is presented to reflect the qualities of malicious attacks to highlight potential threats. Schedules are used to take into account attacks using time lag and accumulation over time. Interaction between the various reports display threats which access different assets, behaviors and protocols within the network.