cognitix redefines the network security paradigm by changing the focus of inline active network security platforms: from just the perimeter, where protection becomes less and less efficient, to both the perimeter as well as the inside of the network. With a suite of integrated products of Threat Defender, Threat Central and Threat Graph, you will gain deep insights into internal and external threats. You will be able to protect your network using an inline high performance single-pass packet processing engine that can correlate tens of millions of packets and events across time and dynamically allocate users and devices to different network segments based on their behavior.
Four Steps to Effective Cybersecurity
Each industry faces its own challenges when it comes to network security. Whether it’s the special demands of IoT landscapes or the complex infrastructure in large corporate networks, all need to go through the same four steps to implement effective cybersecurity.
Detect threats using a multitude of threat feeds, context and sources such as IDS signatures, layer 7 protocols and applications, URLs/domains, DLP and, more importantly, layer 7 Indicators of Compromise.
Gain visibility into the network by visualizing and reporting layer 2 to layer 7 network intelligence, security intelligence, user intelligence and threat intelligence.
Protect the network inline and in real time by enforcing dynamic policies that detect and sanction behavior and can either block threats from entering the network or neutralize them if they are already inside.
Analyze all network activities to detect, investigate and discover hidden and unusual behavior and patterns.
Three products for four steps
cognitix implements the above four steps using its integrated suit of products that consists of:
Threat Defender: The one-stop platform for detection, analysis and protection of threats. It uses Behavior-based correlation in real-time and inline to uncover hidden threats, prevent infections and stop horizontal spread of malware inside the network.
Threat Central: The central management, reporting and analysis platform that manages a fleet of Threat Defenders, distributes new behavior based policies, collects traffic logs, aggregates traffic reporting and allows in-depth log search, analysis with visualization and forensics across the entire network.
Threat Graph: Machine learning-based graph analytics platform for the investigation, detection, discovery and analysis of hidden relationships, associations, patterns and anomalies in otherwise seemingly disparate sets of data. Using temporal graph analytics algorithms it allows for going back and forth in time to see the behavior of the graph pre-incident as well as post-incident, therefore making it possible to see the real impact and spread of the incident.
Technologies for Threat Intelligence and Protection
To achieve unparalleled Threat Intelligence and Protection, cognitix uses innovative and award-winning technologies such as:
Behavior-based correlation of all network traffic, both internal and external, which is the key to the future of network security. Individual flows or events are no longer the sole indicators of malicious behavior as threats hide in seemingly harmless network traffic and can only be detected by correlating flows and events from disparate entries over time to detect hidden and anomalous behavior and APTs.
Dynamic network segmentation, which applies policies and segments the network dynamically based on the detected behavior of users and/or devices instead of placing them statically within the network infrastructure. Dynamic network segmentation is the basis for blocking threats and other policy deviations and protecting the network without impact on the business productivity. With dynamic network segmentation it is possible to place offenders and infected entities and their associated hosts in dedicated network segments that are quarantined while allowing uninfected entities to communicate freely.
To implement the dynamic actions of the policy engine, we at cognitix extended the rule language to flexibly and dynamically describe the malicious and suspicious behavior and the actions taken to fight threats. Tracking attributes of different flows over time and acting on them allows you to describe complex behavior patterns and to take preventive measures as soon as the first suspicious packet is received.
Machine learning and graph analytics are used to help process the overwhelming amount of network and traffic information collected and
find unusual and possibly malicious behavior in the communication graph of the network. The important actors
and changes in the network communication when incidents occur are highlighted to help security administrators to find the real causes, assess the risk,
plan countermeasures and detect new attacks and behaviors that have no corresponding patterns in the existing threat intelligence feeds, yet.
A high-performance single-pass packet processing engine allows to analyze the entire internal and external network traffic and act using dynamic policies in real time. With the processing speed provided by current technologies, such as Intel's DPDK, it is now possible to have a network security appliance inside the network that acts like a switch but provides security enforcement to act on threats inline and in real time.