Protecting your network only at the outer perimeter is not enough anymore. The static network segmentation within a company to form smaller groups of trust and to introduce micro-perimeters is a step towards better network security, but sadly the additional protection achieved is only limited. A better way to contain threats and block attacks is needed within our networks. To assign or revoke permissions and to isolate threats effectively a behavior based and dynamic way of segmenting the network and applying policies is needed instead of only using the physical location within a layer 3 network segment to assign rules at the perimeter firewall. To answer this need for dynamic policies and effective segmentation in a transparent way cognitix developed the concept of dynamic network objects within its threat intelligence and protection platform.


What are dynamic network objects?

At its core a dynamic network object is a simple list of devices (identified by IPv4-, IPv6- or MAC addresses) within the policy engine that can be edited by the policies during runtime. A rule in cognitix extended rule language is not limited to the classical actions of ACCEPT/DROP/REJECT when a flow is matched, it can also add the source or the destination of the flow into a dynamic network object. These dynamic network objects are then used to match source or destination of further flows in other rules and policies and thereby the effective policy set for a device is changed dynamically.

In combination with the threat intelligence and the behavior-based correlation, the policies that are in effect for a certain device can be changed automatically based upon the behavior or upon changes of behavior of the device. For example it is possible to completely isolate a device after detecting the malicious behavior of an infection. Also other detected behaviors can be used to change network permissions, for example when users or devices that access private applications like facebook or twitter are placed into a dynamic network object for ‘insecure operations’ and thereby denied access to company critical resources like production databases.


Dynamic network objects within the network

As cognitix threat intelligence and protection platform is working transparently on layer 2 within the network, the dynamic network segmentation with the behavior based correlation and dynamic network objects proves as an effective way to:

  • isolate infected devices completely without disrupting the other parts of the network

  • form static and dynamic mirco-perimeters based on behavior of devices and without changing the network infrastructure

  • detect and prevent lateral movement of threats within the network

  • apply security policies based upon user- and device behavior instead of static attributes like physical placement in the network



Get our newsletter

Subscribe to our mailing list

* indicates required

cognitix GmbH will use the information you provide on this form to be in touch with you and to provide updates and marketing. Please let us know all the ways you would like to hear from us:

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at noreply@cognitix.de. We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms.

We use MailChimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to MailChimp for processing. Learn more about MailChimp's privacy practices here.