Intelligent Inline Protection in Real-Time at Wire-Speed

Threat Defender’s user- and device-centric threat intelligence and protection platform uses a behavior-based inline correlation engine to analyze tens of millions of packets and events in real time. Based on the behavior of users and devices, it dynamically enforces policies. This allows enterprises to respond to security threats much faster than traditional signature-based threat detection using static rules.

Threat Defender’s high-performance active packet processing engine uses the world’s first inline, real-time correlation engine that correlates all of a network’s external and internal communication (Flows, applications, security events, IoCs) to detect changes or abnormal behavior that occur over time and over many distinct flows/packets and allows to detect, block and isolate hidden threats using a flexible dynamic policy engine.

cognitix goes beyond the current network security paradigm of e. g. SIEM, firewalls (Next-Generation or UTM) and Intrusion Detection & Protection Systems (IDS/IPS) by integrating the major functions of each of these systems in an integrated inline real-time Threat Intelligence and Protection platform that uses a high-performance single-pass engine to detect and block threats inline and in real-time.

Behavior-based Correlation for efficient threat detection and defense

cognitix has redefined the language used for firewall rules to include additional conditions and actions, adding a method to track network traffic events over time. Event Tracking Tables monitor the properties of network communication across several traffic flows, and store and aggregate combinations of event properties. The resulting ability to correlate behavior of traffic forms the basis for Threat Defender’s granular and precise risk mitigation.

Threat Defender protects the network from internal and external threats or attacks while operating completely transparent to the existing network infrastructure, regardless of whether it is installed at the perimeter or inside the network. Threat Defender comes in software-only or appliance form factors that can scale up to 40 Gbps.

cognitix packet-core architecture

The inline real time packet engine operates at layers 2 to 7 and is capable of correlating tens of millions of flows in real-time and inline.

It uses an innovative new approach to network segmentation which consists of using Dynamic network objects use machine learning to dynamically segment the network and place devices in different network segments automatically, based on their behavior rather than based on the physical location in the network as legacy solutions do.

Threat Defender collects Threat Intelligence from open source and commercial cyber-security threat feeds, deduplicates and normalizes them to extract IoCs which it then integrates into its real-time inline packet engine. Using Indicators of Compromise ( IPs, URLs, Domains, File Hashes, Emails, etc.) that are updated every few minutes and which represent the latest attacks detected on a global scale, Threat Defender is able to provide network security administrators with actionable cyber-threat intelligence which can be blocked in real-time or used in further behavior correlation.

Main features of Threat Defender

  • Collect IoCs from different open source or commercial Cyber-Threat Feeds to Automatically deliver the latest (2 minute update frequency) actionable threat intelligence to TD’s packet engine for analysis and protection
  • Detect IoCs when infiltrating or when already inside the network
  • Correlate (remembering, relating and connecting past and present network flows, events and activities) in real-time and inline tens of millions network flows to discover hidden relationships in them and to connect seemingly unrelated benign events to reveal the full scope of a potential attack.
  • Enrichment and Contextualization of network data and information by adding to it contexts such as geolocation, User-ID (when available), WHOIS, URLs, Domains, security events (IPS, IoCs, content, IP&URL reputation,…)
  •  Analyze all network, user, security and threat activities
  • Integrate with other systems
  • Act/Protect the network by:
    • Traffic management
    • URL filtering
    • IPS
    • Layer-7 Firewalling
    • Layer-3 Firewalling
    • IoCs blocking
  • Analysis all network, user, security and threat behavior inline and in real-time
  • Detection of IoCs when threats infiltrate the network or if they already inside the network
  • Single-pass engine capable of inline, real-time correlation
  • Intrusion Detection & Prevention
  • Application (Layer 7) firewalling
  • Stateful (Layer 3) firewalling
  • Dynamic Network Segmentation
  • Traffic management
  • URL filtering
  • HTTPS decryption
  • Data Leak Prevention
  • Compatible with other systems (e. g. Splunk, ELK)

Threat Intelligence

Threat Defender permanently updates its IoC feed as well as its IPS and application signatures and URL database.

Threat Analysis

Adding additional contextual parameters like geolocation, User-ID, WHOIS, IoC TTPs to contextualize and enrich network data to provide the user with actionable real-time Threat Intelligence.

Threat Containment

Correlating network flows connects seemingly unrelated events and discovers hidden relationships to reveal the full scope of a potential attack and to block threats inline and in real-time.

Subscriptions

Get Started

1 GBit/s
99 €per month

Features

  • Inline Real-Time Correlation Engine
  • Dynamic Network Segmentation
  • Deep-Drive Drill-Down Reporting System
  • Intrusion Detection and Prevention System
  • Protocol and Application Classification
  • URL Categorization (18+ billion URLs)
  • Real-Time search, analysis and visualization
  • Update Service
  • Email Support

Corporate

10 GBit/s
599 €per month

Features

  • Inline Real-Time Correlation Engine
  • Dynamic Network Segmentation
  • Deep-Drive Drill-Down Reporting System
  • Intrusion Detection and Prevention System
  • Protocol and Application Classification
  • URL Categorization (18+ billion URLs)
  • Real-Time search, analysis and visualization
  • Update Service
  • Hotline Support (Chat)

Enterprise

40 GBit/s
1499 €per month

Features

  • Inline Real-Time Correlation Engine
  • Dynamic Network Segmentation
  • Deep-Drive Drill-Down Reporting System
  • Intrusion Detection and Prevention System
  • Protocol and Application Classification
  • URL Categorization (18+ billion URLs)
  • Real-Time search, analysis and visualization
  • Mission-critical scale and reliability
  • Individual Signatures
  • Update Service
  • Premium Support