The provision of timely, accurate and comprehensive data is essential for network hygiene. The traffic data is accessed at neuralgic points within the network to paint a complete picture of the behavior of each device. Detecting the communication activities of each device ensures the quality of the data, its completeness, accuracy, recency and location. Capturing data at source, on layer 2, guarantees this quality. This data is processed, correlated, and analyzed to determine which actions are taken. The appropriate response is pushed out immediately to isolate the contaminated part of the network.
Gathering information on layer 2 avoids the limitations of relying solely on information collected for behavior at the perimeter, delineated network segment boundaries and endpoint logging. Classic layer 3 segmentation only divides large blind spots in the network into smaller blind spots. Accessing external and internal traffic flows results in a reporting system that details over 600 parameters and metric combinations with virtually endless drill-down. Informed decisions for network policies are based on real device behavior, not on assumptions or an incomplete or false understanding of the situation.
It has long been understood that layer 2 switches are the ideal place for reporting. However, the lack of processing power on layer 2 to sensibly analyze and process the captured traffic has stalled the implementation of a solution at this layer. cognitix Threat Defender resides on layer 2 with enough processing power to determine all the actionable intelligence of layers 2 to 7. Data is aggregated in intervals ranging from one minute to one month. Network operators use the historic information for retrospective analysis to create targeted policies. The real-time data is processed automatically to enforce policies to counteract any potential threat as soon as it emerges.
Deep network intelligence can collect valuable additional information at source to localize and confine inappropriate behaviors
Dynamic network objects rely on information from all the devices in the network to target and describe the connection between the individual devices
Activity-based rules need to identify all the communication activities between the components in the network regardless of the segment location