cognitix redefines the network security paradigm by changing the focus of inline active network security platforms: from just the perimeter, where protection becomes less and less efficient, to both the perimeter as well as the inside of the network. With a suite of integrated products of Threat Defender, Threat Central and Threat Graph, you will gain deep insights into internal and external threats and will be able to protect your network using an inline high performance single-pass packet processing engine that can correlate tens of millions of packets and events across time and dynamically allocate users and devices to different network segments based on their behavior.
Four Steps to Effective Cybersecurity
Each industry faces their own challenges when it comes to network security. Whether it’ll be the special demands of IoT landscapes or the complex infrastructure in large corporate networks, all need to go through the same four steps to implement effective cybersecurity.
Detect Threats using a multitude of Threat Feeds, context and sources such as IDS signatures, Layer-7 protocols and applications, URL/Domains, DLP and more importantly, layer-7 Indicators of Compromise.
Gain visibility into the network by visualizing and reporting layer-2 to layer-7 network intelligence, security intelligence, user intelligence and threat intelligence.
Protect the network inline and in real-time by enforcing dynamic policies that detect and sanction behavior and can block threats from either entering the network or neutralizing them if they are already inside.
Analyze all network activities to detect, investigate and discover hidden and unusual behavior and patterns.
Three products for four steps
cognitix implements the above four steps using its integrated suit of products that consists of:
Threat Defender: The one-stop platform for detection, analysis and protection of threats. It uses Behavior-based correlation in real-time and inline to uncover hidden threats, prevent infections and stop horizontal spread of malware inside the network.
Threat Central: The central management, reporting and analysis platform that manages a fleet of Threat Defenders, distributes new behavior based policies, collects traffic logs, aggregates traffic reporting and allows in-depth log search, analysis with visualization and forensics across the entire network.
Threat Graph: Machine learning-based graph analytics platform for the investigation, detection, discovery and analysis of hidden relationships, associations, patterns and anomalies in otherwise seemingly disparate sets of data. Using temporal graph analytics algorithms it allows for going back and forth in time to see the behavior of the graph pre-incident as well as post-incident, therefore making it possible to see the real impact and spread of the incident.
Technologies for Threat Intelligence and Protection
To achieve unparalleled Threat Intelligence and Protection, cognitix uses innovative and award-winning technologies such as:
Behavior based correlation of all network traffic, both internal and external which is the key to the future of network security. A single flow or event is no longer the sole indicator of malicious behavior as threats hide in seemingly harmless network traffic and can only be detected by correlating flows and events from disparate entries over time to detect hidden and anomalous behavior and APTs.
Dynamic network segmentation which applies policies and segments the network based on the detected behavior of a user or device and not by a static placement of users or devices within the network infrastructure. Dynamic network segmentation ensures blocking threats and other policy deviations and protect the network without impacting on the business productivity as it enables to place offenders and infected entities, and their associated hosts, in network segments that are quarantined while allowing non infected entities to communicate freely.
To achieve the dynamic actions of the policy engine, we at cognitix extended the rule language to describe flexible and dynamic the malicious or questionable behavior and the actions taken to fight threats. Tracking attributes of different flows over time and acting upon it allows to describe complex behaviors and act to prevent threats from the first packet.
Machine learning and graph analytics are used to help reduce the overwhelming amount of network and traffic information collected and
find the unusual and possible malicious behavior within the communication graph of the network. Highlighting the important actors
and the changes in the networks communication when incidents occur helps the security administrator to find the real causes, assess the risk,
plan countermeasures and detect new attacks and behaviors that have no corresponding patterns yet in the existing threat intelligence feeds.
A high-performance single pass packet processing engine allows to analyze all the internal and external network traffic and act with dynamic policies in real-time. With the processing speed possible with current technologies like Intels DPDK it is now possible to have a network security appliance within the network acting like a switch but with security enforcement to act upon threats inline and in real-time.