See What Others Cannot See

Most next-generation firewalls provide basic reporting of network statistics. This includes top ten lists, most visited URLs or IPs with the most traffic yesterday. A complete drill down from top to bottom is missing in almost all NGFWs. Today’s administrators and CISOs need to see who is doing what on their network. After interviewing experts in the field of network security and network operations, cognitix became convinced that this problem is not addressed properly. We at cognitix developed a new breed of next-generation firewall – the cognitix Threat Defender – that provides in-depth insights into the network using interactivity between various reports and charts as well as multiple levels of drill-down reporting using sophisticated dashboards.

The Hard Life of an Administrator

Today’s IT faces a heterogeneous SaaS landscape, BYOD and multi-vendor software and hardware products installed. SaaS addresses each problem with a dedicated service, most of them using HTTP/HTTPS as a transport protocol. User’s devices run multiple apps, most of which are unknown and to make a complicated situation even worse, devices in the network aren’t always under the full control of the Administrator.

Administrators try to mitigate security problems with the help of firewalls but it is like searching in dense fog. Most firewalls do not provide enough insights into the network’s traffic and activities to provide the administrator with reliable visibility into the network
and a solid understanding of user’s behavior in the network to make timely and informed decisions. As an example, instead of blindly blocking applications, it would be more effective to see who is using what application, when they are using them and whom they are communicating with using that application before any policies are enforced. The admin wants to figure out, who uses the greater part of the company’s network resources (internet bandwidth, internal bandwidth) and address the resulting issues directly. In today’s firewalls, the admin must blindly block applications, protocols and ports he believes are not needed. This is not the right approach since the administrator is blindly blocking application without fully realizing their impact on the network’s reliability, availability, and security. The correct approach would be to first understand what is happening in the network and then act. You cannot protect what you don’t understand, you cannot understand what you cannot see.

The Solution

With cognitix Threat Defender we have developed a next-generation firewall with sophisticated drill-down and interactive reporting capabilities.

Threat Defender’s reporting is not limited to just applications and protocols. More than 600 reporting combinations, graphs, and matrixes are available. Starting with four pre-defined dashboards, the administrator has a fast overview of what’s going on in the network he is responsible for. The pre-defined dashboards cover network intelligence, user intelligence, security intelligence and system overview. The network dashboard gives brief information about the traffic distribution over the interfaces, the send and receive traffic over time and the distribution of applications and protocols detected in the network. Different time ranges are selectable, from live view (last minute in second resolution) up to the last month (6 hours resolution). From the dashboard, you can drill-down into the use of a specific protocol and you get a brief overview of which includes the top source- and destination-IPs as well as destination-countries. From there, detailed information about a single IP is just another click away.

Read the paper to learn more