IDS & IPS cognitix Threat Defender

High-Performance Attack Detection for Reliable Protection of IT and OT Networks

cognitix Threat Defender provides visibility of all network traffic and supports network security by detecting anomalies, identifying attacks, and providing comprehensive protection against threats.

As an intrusion detection system (IDS), cognitix Threat Defender recognizes attempted attacks and enables targeted countermeasures. Using deep packet inspection, it identifies and inspects data packets and uses micro-segmentation to prevent the spread of external and internal attacks.

With regard to response and recovery, cognitix Threat Defender reacts to anomalies as an intrusion prevention system (IPS) and also provides valuable network information for forensic analyses.

Request advice

Top Highlights

Signature-based real-time anomaly detection (IDS) for IT and OT networks

Lightning-fast automated incident response through behavior-based dynamic event engine (IPS)

Maximum asset protection through reaction-free, non-invasive detection using passive traffic mirroring

On-premises operation and configurable patterns, policies, and modules accessible at any time for sovereign data management

Your Benefits at a Glance

Intrusion detection and filtering at network level (Layer 2) and application level (Layer 7)
Market-leading real-time traffic database with more than 3,700 applications/apps and protocols
Efficient threat detection based on signatures, rules, and behavioral analysis via baselining
Sophisticated threat detection engine examines network traffic by correlating it with up to tens of thousands of threat indicators
Interface for flexible integration of additional federal and private sector MISP databases with signatures and threat indicators
High information value through clear graphical presentation, logging, and drill-down reporting

Local and cross-site monitoring and reporting options through easy connection of third-party software
Interfaces for flexible integration into the Security Operation Center (SOC) and connection to alerting, SIEM, and monitoring tools such as Splunk or Elastic
Support for organizational reviews and audits such as ISO, ISMS, and IEC
Protection of privacy and fundamental rights through legally secure, GDPR-compliant application
The solution and application concept allow customer-specific operation and thus ensure the user 100% data sovereignty
genua promotes digital sovereignty through backdoor-free development "Made in Germany"

Comprehensive Protection

Maximum Availability and Security for Your Assets

With cognitix Threat Defender you increase the security and availability of assets in IT and OT networks within an intrusion detection ecosystem.

As an intrusion detection system (IDS), cognitix Threat Defender correlates network traffic with thousands of attack patterns for accurate anomaly detection. In addition, it can optionally be used as an intrusion prevention system (IPS) to protect your assets in the network at all times without manual intervention and to prevent damage. As a firewall on network level (layer 2) and application level (layer 7), cognitix Threat Defender also enables micro-segmentation of the network structure down to the application level.

Attack Detection & Defense

Correlation of Network Traffic with up to Tens of Thousands of Threat Indicators

IT teams need to stay up-to-date on the current threat situation in order to be able to optimally protect their infrastructure.

cognitix Threat Defender offers an extensive Indicators of Compromise (IoC) database and a Suricata-compatible IDS engine with a predefined and flexibly expandable rule set. Database and IPS rule set are continuously updated.

Its threat detection engine continuously compares network traffic against threat indicators and IPS rules. This can be done for the purpose of network monitoring (IDS), but also, for example, to automatically block suspicious traffic (IPS).

Attack detection and defense with cognitix Threat Defender as IDS/IPS

Anomaly Detection

Attack Detection for Authorities, Critical Infrastructures, and Companies

With cognitix Threat Defender, organizations can significantly improve their IT security situation through visibility, situational awareness, and smart control options.

Use Case "Monitor" Use Case "Sensor" Use Case "Sensor in OT Networks" Use Case "Firewall"

Use Case "Monitor"

Anomaly Detection: cognitix Threat Defender as Monitor

For anomaly detection, cognitix Threat Defender enables comprehensive monitoring for multiple networks, network segments or WAN routes. Anomalies are logged in real time and made visible via detailed graphical representations.

For this purpose, the data traffic is collected at a concentrator and evaluated by cognitix Threat Defender using signatures and advanced analysis protocols. The encryption of the data recorded at the switches and transferred to the concentrator in front of the monitoring instance is highly secure and, if necessary, using solutions with classification level "German VS-NfD" approval.

Due to separate reaction strategies, cognitix Threat Defender does not actively intervene in this scenario. The solution enables data forensics through a copy of data traffic.

cognitix Threat Defender as monitor — Network monitoring with cognitix Threat Defender

Use Case "Sensor"

Anomaly Detection: cognitix Threat Defender as Sensor according to the German "IT-Grundschutz Manual"

cognitix Threat Defender can gradually increase the security in a network of an authority, a critical infrastructure organization or a company that is structured according to the German "IT-Grundschutz Manual". As the basis for internal network protection, cognitix Threat Defender is placed at the firewall at the zone transition to the internal network. There it analyzes the data traffic in depth for anomalies.

For additional transparency and security, cognitix Threat Defender can also be placed in vulnerable areas – in this use case in DMZ A and in the network segments A and C. If the Internet front end, the servers or the clients have been successfully attacked, this can be detected with cognitix Threat Defender. The affected area can be isolated in real time to prevent lateral movement attacks.

Depending on the reaction strategy, the defensive task can be initiated by an alert (IDS) or an active intervention (IPS) by the particular instance of cognitix Threat Defender.

IT-Grundschutz application of cognitix Threat Defender — cognitix Threat Defender as sensor according to the German "IT-Grundschutz Manual"

Use Case "Sensor in OT Networks"

Anomaly Detection: cognitix Threat Defender as Sensor in OT Networks

With the introduction of the Industrial Internet of Things (IIoT), it is becoming increasingly important to detect anomalies in production networks such as malware or unauthorized activities.

For this purpose, this application scenario provides sensors on the mirror port of the switches with regard to metadata traffic for the next higher network level. At the management level, the sensor data recorded by the cognitix Threat Defender instances is processed and evaluated by a Security Information and Event Management (SIEM).

Due to special security precautions, e.g. with industrial firewalls that isolate certain network segments, no active intervention by cognitix Threat Defender as an intrusion prevention system (IPS) is used in this scenario.

cognitix Threat Defender as sensor — Network sensors on various levels

Use Case "Firewall"

Network Segmentation on Layer 2 and 7: cognitix Threat Defender as Firewall

As a firewall on network level (Layer 2) and application level (Layer 7), cognitix Threat Defender allows micro-segmentation of the network structure. Deep packet inspection (DPI) enables the identification and verification of protocols.

Based on anomaly detection using signatures and advanced analysis protocols, the application scenario offers the possibility of actively intervening in data traffic using a set of rules (policy) and automatically blocking unauthorized activities. This means that assets in the network can be protected and damage prevented at all times without manual intervention.

cognitix Threat Defender as next generation firewall — cognitix Threat Defender as firewall

Dynamic Policies

Dynamic Network Segmentation

Using event-triggered dynamic policies, cognitix Threat Defender groups network participants into dynamic network objects based on their behavior.

It reacts automatically to changed or undesired behavior and can deny conspicuous network participants access to certain resources if anomalies are detected – without manual intervention.

New: cognitix Threat Defender for Intelligent Network Protection

Contact Us for a Trial Period

Request a trial of cognitix Threat Defender to comprehensively evaluate features such as attack detection, automated response to anomalies, or micro-segmentation within your IT and OT infrastructure. We offer consulting, product instruction, service, and support for the implementation according to your individual requirements. Contact us!

Request a trial

Comprehensive Monitoring

Comprehensive Monitoring with Drill Down Reporting

Extensive monitoring and reporting options ensure transparency locally and across locations. Network information can be aggregated and analyzed in cognitix Threat Defender's modern system GUI. In addition, evaluation via connected alerting, SIEM, and monitoring applications is possible.

Comprehensive Security Solution genusecure Suite

Our sales team will be happy to answer your enquiries. Let us advise you!

In our Partner Portal we provide services to support you in your sales activities.

Start Your Career now at the Leading IT Security Specialist genua