High-Performance Attack Detection for Reliable Protection of IT and OT Networks
cognitix Threat Defender provides visibility of all network traffic and supports network security by detecting anomalies, identifying attacks, and providing comprehensive protection against threats.
As an intrusion detection system (IDS), cognitix Threat Defender recognizes attempted attacks and enables targeted countermeasures. Using deep packet inspection, it identifies and inspects data packets and uses micro-segmentation to prevent the spread of external and internal attacks.
With regard to response and recovery, cognitix Threat Defender reacts to anomalies as an intrusion prevention system (IPS) and also provides valuable network information for forensic analyses.
Easy Integration as a Flexible Software Solution with Hardware Options
cognitix Threat Defender is available as software and can be operated flexibly either on high-performance genua hardware or on compatible customer platforms. Integration into your network is easy, as it does not require any adjustments to the existing routing infrastructure. We support you with consulting, customer service, technical support, and product training.
Top Highlights
-
Signature-based real-time anomaly detection (IDS) for IT and OT networks
-
Lightning-fast automated incident response through behavior-based dynamic event engine (IPS)
-
Maximum asset protection through reaction-free, non-invasive detection using passive traffic mirroring
-
Micro-segmentation on network level (layer 2) and application level (layer 7)
-
On-premises operation and configurable patterns, policies, and modules accessible at any time for sovereign data management
Maximum Availability and Security for Your Assets
With cognitix Threat Defender you increase the security and availability of assets in IT and OT networks within an intrusion detection ecosystem.
As an intrusion detection system (IDS), cognitix Threat Defender correlates network traffic with thousands of attack patterns for accurate anomaly detection. In addition, it can optionally be used as an intrusion prevention system (IPS) to protect your assets in the network at all times without manual intervention and to prevent damage. As a firewall on network level (layer 2) and application level (layer 7), cognitix Threat Defender also enables micro-segmentation of the network structure down to the application level.
Correlation of Network Traffic with up to Tens of Thousands of Threat Indicators
IT teams need to stay up-to-date on the current threat situation in order to be able to optimally protect their infrastructure.
cognitix Threat Defender offers an extensive Indicators of Compromise (IoC) database and a Suricata-compatible IDS engine with a predefined and flexibly expandable rule set. Database and IPS rule set are continuously updated.
Its threat detection engine continuously compares network traffic against threat indicators and IPS rules. This can be done for the purpose of network monitoring (IDS), but also, for example, to automatically block suspicious traffic (IPS).
- Intrusion detection and filtering at network level (Layer 2) and application level (Layer 7)
- Market-leading real-time traffic database with more than 3,700 applications/apps and protocols
- Efficient threat detection based on signatures, rules, and behavioral analysis via baselining
- Sophisticated threat detection engine examines network traffic by correlating it with up to tens of thousands of threat indicators
- Interface for flexible integration of additional federal and private sector MISP databases with signatures and threat indicators
- High information value through clear graphical presentation, logging, and drill-down reporting
- Local and cross-site monitoring and reporting options through easy connection of third-party software
- Interfaces for flexible integration into the Security Operation Center (SOC) and connection to alerting, SIEM, and monitoring tools such as Splunk or Elastic
- Support for organizational reviews and audits such as ISO, ISMS, and IEC
- Protection of privacy and fundamental rights through legally secure, GDPR-compliant application
- The solution and application concept allow customer-specific operation and thus ensure the user 100% data sovereignty
- genua promotes digital sovereignty through backdoor-free development "Made in Germany"
Dynamic Network Segmentation with Artificial Intelligence and Data Analytics
With artificial intelligence and data analytics, cognitix Threat Defender groups network participants into dynamic network objects according to their behavior.
It reacts automatically to changed or undesired behavior and can deny conspicuous network participants access to certain resources if anomalies are detected – without manual intervention.
Comprehensive Monitoring with Drill Down Reporting
Extensive monitoring and reporting options ensure transparency locally and across locations. Network information can be aggregated and analyzed in cognitix Threat Defender's modern system GUI. In addition, evaluation via connected alerting, SIEM, and monitoring applications is possible.
Contact Us for a Trial Period
Request a trial of cognitix Threat Defender to comprehensively evaluate features such as attack detection, automated response to anomalies, or micro-segmentation within your IT and OT infrastructure. We offer consulting, product instruction, service, and support for the implementation according to your individual requirements. Contact us!
Anomaly Detection: cognitix Threat Defender as Monitor
For anomaly detection, cognitix Threat Defender enables comprehensive monitoring for multiple networks, network segments or WAN routes. Anomalies are logged in real time and made visible via detailed graphical representations.
For this purpose, the data traffic is collected at a concentrator and evaluated by cognitix Threat Defender using signatures and advanced analysis protocols. The encryption of the data recorded at the switches and transferred to the concentrator in front of the monitoring instance is highly secure and, if necessary, using solutions with classification level "German VS-NfD" approval.
Due to separate reaction strategies, cognitix Threat Defender does not actively intervene in this scenario. The solution enables data forensics through a copy of data traffic.
Anomaly Detection: cognitix Threat Defender as Sensor according to the German "IT-Grundschutz Manual"
cognitix Threat Defender can gradually increase the security in a network of an authority, a critical infrastructure organization or a company that is structured according to the German "IT-Grundschutz Manual".
As the basis for internal network protection, cognitix Threat Defender is placed at the firewall at the zone transition to the internal network. There it analyzes the data traffic in depth for anomalies.
For additional transparency and security, cognitix Threat Defender can also be placed in vulnerable areas – in this use case in DMZ A and in the network segments A and C. If the Internet front end, the servers or the clients have been successfully attacked, this can be detected with cognitix Threat Defender. The affected area can be isolated in real time to prevent lateral movement attacks.
Depending on the reaction strategy, the defensive task can be initiated by an alert (IDS) or an active intervention (IPS) by the particular instance of cognitix Threat Defender.
Network Segmentation on Layer 2 and 7: cognitix Threat Defender as Firewall
As a firewall on network level (Layer 2) and application level (Layer 7), cognitix Threat Defender allows micro-segmentation of the network structure. Deep packet inspection (DPI) enables the identification and verification of protocols.
Based on anomaly detection using signatures and advanced analysis protocols, the application scenario offers the possibility of actively intervening in data traffic using a set of rules (policy) and automatically blocking unauthorized activities. This means that assets in the network can be protected and damage prevented at all times without manual intervention.
Anomaly Detection: cognitix Threat Defender as Sensor in OT Networks
With the introduction of the Industrial Internet of Things (IIoT), it is becoming increasingly important to detect anomalies in production networks such as malware or unauthorized activities.
For this purpose, this application scenario provides sensors on the mirror port of the switches with regard to metadata traffic for the next higher network level. At the management level, the sensor data recorded by the cognitix Threat Defender instances is processed and evaluated by a Security Information and Event Management (SIEM).
Due to special security precautions, e.g. with industrial firewalls that isolate certain network segments, no active intervention by cognitix Threat Defender as an intrusion prevention system (IPS) is used in this scenario.
Knowledge Base
As a collaborative learning company, it is our mission to continuously improve and share our knowledge of IT Security with you. In our Knowledge Base we offer you articles, white papers, analyst reports, research results, videos and more in the field of IT security.