Using cognitix Threat Defender in Industrial Networks

In the age of Industry 4.0, industrial networks, such as SCADA networks, are not isolated anymore. They need to be open so that they can be easily connected to other industrial networks, industrial control systems but also the central process management and accounting like in SAP systems. Additionally, collaborations in processing and automation across companies and continents require de facto a connection to the Internet. This makes these industrial networks vulnerable to various types of network attacks. Since industrial networks often control critical processes, such electricity and water distribution, it is crucial that they are protected in the best possible way. This is where cognitix Threat Defender comes in.

Threat Defender can be installed at all interconnection points in an Industry 4.0, SCADA and other production network. This means Threat Defender can be deployed on all layers of an industrial network and also between the layers:

• On the Enterprise & Planning layer, Threat Defender monitors, analyzes and protects the Enterprise IT network.

• On the Control & Monitoring layer, it monitors, analyzes and protects SCADA networks.

• On the Production layer, it monitors, analyzes and protects production systems from external and internal threats.

cognitix Threat Defender uses its low latency, layer-2-based packet processing core to enforce behavior-based policies. If it is set up in whitelisting mode, Threat Defender only allows specified protocols and signals to pass through the network. This effectively blocks any undesired traffic. Threat Defender also uses behavior anomaly detection based on machine learning to detect abnormal machine to machine communication.

Multiple Threat Defenders installed in an industrial network can upload their monitoring logs to Threat Central, the cognitix central management and reporting platform to analyze incidents. With the additional Threat Analytics, machine learning is used to detect hidden patterns in the traffic. Based on the analysis results, security experts can make predictions and devise suitable strategies to enhance the security and operation of the system.


Threat Defender supports (detects and understands) the most common M2M protocols such as SCADA, Siemens S7Comm, IEC61850, OPC UA, Modbus, MQTT, AMQP, BACnet, DNP3, JBK3000 and many more in addition to the >10.000 'standard' layer 7 applications and protocols. Individual extensions and support for vendor-specific protocols and protocol extensions can also be easily added.

Get our newsletter

Subscribe to our mailing list

* indicates required

cognitix GmbH will use the information you provide on this form to be in touch with you and to provide updates and marketing. Please let us know all the ways you would like to hear from us:

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms.

We use MailChimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to MailChimp for processing. Learn more about MailChimp's privacy practices here.