Network segmentation is implemented in networks to contain threats, reduce the attack surface and to provide points of control. Segmentation uses the physical network topology. It is typically enforced on layer 3 using firewalls in routers to manage the lateral traffic flows within the network. cognitix Threat Defender uses enriched network objects to add a logical overlay network to provide additional segmentation. Enriched network objects are static and offer a multilayered categorization of devices in the network based on the inclusion or exclusion of one or a combination of individual IP addresses and whole CIDR-notated networks in IPv6 and IPv4, the physical network interface on the firewall, VLAN tags and MAC addresses.


Additional logical segmentation allows a flatter topology, reducing the number of segmentations needed on layer 3.  Fewer segmentation on layer 3 simplifies the network management. Devices can be added and removed without the need to change the network topology. The additional segmentation using enriched network objects isolates devices to dramatically reduce the attack surface of the network. The additional points of control provide additional information to enable greater transparency of the activity within the network. The additional information allows for a comprehensive security posture. The overlay network manages the flows within the layer 3 segment to ensure the hygiene within it, not just between segments. This disrupts the cyber kill chain by quarantining affected devices. Isolating devices on an individual level prevents the propagation of malware within the network.


Dynamic segmentation using device attributes and categories to group devices is flexible. A device can be assigned membership to multiple groups. This ability to overlap segments allows a granular application of firewall policies down to the single device. Group membership also ensures consistent firewall policies and simplifies the roll-out of new policies throughout the network. The use of intuitive group membership based on functions and behavior simplifies the assignment of devices to a policy to eliminate implementation errors.

Get our newsletter

Subscribe to our mailing list

* indicates required

cognitix GmbH will use the information you provide on this form to be in touch with you and to provide updates and marketing. Please let us know all the ways you would like to hear from us:

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms.

We use MailChimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to MailChimp for processing. Learn more about MailChimp's privacy practices here.