To successfully counteract and prevent attacks, it helps to know when you’re being targeted in the first place.

cognitix Threat Defender enhances its IPS capabilities with Indicators of Compromise (IoC) feeds to identify a range of possible attacks. This threat intelligence is used in conjunction with behavior-based rules and inline real-time correlation to prevent these attacks. Threat Defender introduces a paradigm shift by applying IoCs in real time to the security policies.

IoC consist of one or several artifacts (e.g. IP addresses, domain names) that provide a reliable indication that certain security incidents have occurred. To achieve this reliability, an IoC places observables (measurable events and stateful properties) in their relevant context (e.g. time range).


IoCs are powerful tools to determine whether a network has been subjected to a security incident. They help to identify and implement suitable countermeasures.

As IoCs can be shared within the community, resources are pooled to document and publicize threats. This increases the effectiveness of IoCs in detecting and mitigating zero-day attacks.

cognitix Threat Defender integrates IoC feeds in its set of IPS categories. The IoC feeds are included in firewall rules and in correlation scenarios. These scan the network traffic for the indicators in real time. If an IoC is discovered, the affected devices are isolated immediately using dynamic network objects. Threat Defender reacts to threats while they are still in progress, disrupting the kill chain before it is too late.

Rules and correlation scenarios can also be defined in advance using the IoC information. This supports a proactive posture to prevent attacks before they actually take place.

Context is essential to provide meaningful cyber threat intelligence. For example, you need to know which user or service caused the IoC and also to collect timestamps, geolocation data and other metadata. Without this data, it is impossible to identify and eliminate false positives and investigate suspected attacks in detail.

An activated logging function exports detailed information from the syslog to external services to facilitate the documentation and sharing of IoC information.

Get our newsletter

Subscribe to our mailing list

* indicates required

cognitix GmbH will use the information you provide on this form to be in touch with you and to provide updates and marketing. Please let us know all the ways you would like to hear from us:

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms.

We use MailChimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to MailChimp for processing. Learn more about MailChimp's privacy practices here.