cognitix Threat Defender is incorporated as a next generation firewall into a layer 2 device. This new approach makes the firewall a part of the very fabric of the network. Threat Defender is invisible, or transparent to the network. It acts as a “bump in the wire” with no perceptible effect on the throughput or latency. The device is inserted in the cable between existing devices at any point within the network. It still accesses the layer 7 classification, IPS, URL classification, inline real-time correlation and enhanced reporting capabilities on all, or only targeted, segments of the network. Working on layer 2 within the network, Threat Defender delivers the required and focused response immediately and directly to the identified devices.
Introducing security within a network often comes at a cost because it adds complexity to the communication system. This complexity reduces flexibility, stifles migration, inhibits virtualization, throttles performance, increases costs and raises the risk of configuration errors.
The cognitix approach avoids adding an extra layer of complexity to the communication system and keeps the network topology as flat as possible.
The transparency on layer 2 allows Threat Defender to be inserted throughout the network, not just at the network segment interfaces. Security is added as an overlay network, separating the network topology from security relationships. This flexibility mitigates the need to constantly create or modify network segmentation to reflect changing security requirements. The ability to place Threat Defender at each source of communication is the equivalent of a security level with a network segmented for each individual device. cognitix accomplishes this without the need to change the existing network configuration.
The freedom that transparency offers in placing the devices anywhere within the network increases the granularity of the security instructions. Targeting specific devices with specific rules eliminate the risk of collateral damage. There is no need to “throw the baby out with the bathwater” to stop compromised devices on the same layer 2 network from accessing other devices on the same network. The conventional solution to avoid this problem is to add complex features to switches, such as VLANs. This comes at the cost of also blocking legitimate traffic between devices. A more elegant solution allows hosts to communicate with each other freely, while ensuring that their access can be automatically monitored and automatically restricted using context policies on layer 7. This is implemented on layer 2 to solely target the identified devices and activities.
Dynamic network objects rely on access to the all the devices in the network to target and describe the connection between the individual devices.
Activity-based rules need to identify all the communication activities between the devices in the network regardless of the segment location.