Threat Intelligence is the gathering and assessment of strategic, tactical, and operational threat information. The cognitix Threat Intelligence Team collects threat information from a multitude of open source and commercial threat feeds and analyses millions of Indicators of Comprise (IOCs) using machining learning technology to provide the users of Threat Defender with up to the minute actionable Threat Intelligence.

In addition to the IP, URL, Domain, File hashes and email IoCs that cognitix collects and process it also uses URL classification, protocol and layer-7 application detection, IDS signatures and URL or IP reputation. The combination of all these cyber-threat information enables Threat Defender to detect and block inline and in real-time the majority of threats trying to penetrate the network or those which are already inside the network.

cognitix’ suite of products which consists of Threat Defender, Threat Central and Threat Graph provide network security administrators with a comprehensive, varied and holistic up to the minute cyber-threat feed which enables them to act at strategic, tactical or operational levels.

There are three levels of intelligence:

Strategic

At a strategic level cognitix’ products enable the network security administrator to gain visibility into understanding the network behavior and obtaining a high-level view of the entire network’s attack surface.

Tactical

At a tactical level cognitix’ in-depth and real-time intelligence reporting systems enables the network security administrator to use interactive visualizations and graph analytics to peer into the details of networking and security events down to the level of individual flows, events and/or IoCs to detect and investigate suspicious patterns and behaviors.

Operational

At an operational level cognitix Threat Defender provides network security administrators with an innovative flexible rule configuration language to create dynamic policies that use a high-performance inline packet processing and correlation engine to detect and enforce dynamic policies to enforce behavior and block IoCs and other malware and threats.

Threat Radar

  • Collects and integrates feeds of cyber threats (indicators of compromise and attack; IoC/IoA)
  • Gets context about threats and threat-interaction (TTPs)
  • Correlates behavior of the devices in a network with behavior seen from threats to assess risk and detect infections