Five Answers on cognitix Threat Defender

Interview with Arnold Krille, Head of Development for cognitix Threat Defender, about the innovative IT security solution that combines AI, data analytics, and threat intelligence.

In May 2019, genua acquired IT security start-up cognitix, which is now an in-house department at genua in Leipzig and is further developing cognitix Threat Defender. The solution, which uniquely combines artificial intelligence, data analytics, and threat intelligence is now part of genua’s IT security portfolio.

Why is cognitix Threat Defender a perfect match for genua’s range of solutions?

Arnold Krille: genua’s products cover many areas of IT security very successfully. They are used to safeguard a network or network segment against unauthorized external access, or to control and authorize trustworthy outside access. Our focus with cognitix Threat Defender – in conjunction with the existing portfolio of genua – is on security within the actual network segments by way of a totally new approach, namely using AI, data analytics, and threat intelligence. Plus, the development of cognitix Threat Defender paves the way for other promising opportunities for collaboration at product level.

cognitix Threat Defender combines different protection features – what are they and how do they interact with one another?

Arnold Krille: In the first instance, cognitix Threat Defender works on layer 2 of the OSI layer model – a layer that had relatively few protection features so far. In this way, cognitix Threat Defender can monitor all the traffic in the network and consequently the behavior of all the devices. Threat Defender can then compare this information with modeled behavior and respond accordingly. We also call this correlation, because completely different network flows can work together smoothly over extended periods of time. So, we’ve basically extended the policy scope to include tracking of information over time.

Of course, we also provide a great deal of information about the context of network traffic: Layer 7 classification, geo location, asset identification, IDS and threat intelligence indicators, as well as users – the keyword here is ‘Active Directory Integration’. Naturally, all this information is available for reporting and external logging, and of course while taking into account rules and behavior modeling.

"The cognitix Threat Defender could best be described as an 'intrusion detection system on steroids'."

How is cognitix Threat Defender different from solutions that are marketed as intrusion detection or intrusion prevention systems?

Arnold Krille: Although intrusion detection or intrusion prevention systems provide a certain feeling of security against threats in a network, this is only the case if the IDS can monitor the entire traffic in the network via port mirroring on switches. In most cases an IDS/IPS is a module on the firewall, which means that it only identifies threats or patterns that occur across network boundaries.

cognitix Threat Defender is much more than an IDS or IPS. It could best be described as an ‘intrusion detection system on steroids’. The IDS usually only searches for patterns in a data stream. Our cognitix Threat Defender searches the network for patterns in the behavior of the network devices. The results provided by the IDS are only part of the information, and in combination with the remaining context and the policy engine, IDS hits are merely a criterion which is verified through further information and behavior. In this way, overreaction in the case of false positives can be effectively prevented, but completely new correlations can be discovered as well.

What is the biggest benefit for companies that use cognitix Threat Defender?

Arnold Krille: A key benefit in every aspect is greater transparency of their network. Incorrect configurations, network attacks, intentional or unintentional misconduct, as well as other weak areas can be identified through a wide range of analysis methods. The bonus is to be able to respond appropriately to these events and threats, but you only know how to value this once you actually have an overview of your own network.

What are the next milestones in the development of cognitix Threat Defender?

Arnold Krille: Besides continual improvement of the protection features and usability, our next focus is on interoperability: We will make sure that multiple cognitix Threat Defenders in an organization can be managed like an individual system. Our aim is to make protection of the entire network as easy as possible. Naturally these different cognitix Threat Defenders will then also exchange information about context. And other genua products will also be integrated. For example, the High Resistance Firewall genugate, and cognitix Threat Defender can complement each other in regards to behavior and be combined in terms of administration.

In addition, we want to ensure that the administrator has more than just an overview of the organizational network; we also want to provide assistance when it comes to identification, evaluation, and appropriate responses to threats. By way of suitable assistance systems, data analyses, and learning methods we will make administrators’ lives a whole lot easier – without risks to the organization in the sense that AI does not make any inexplicable decisions, but rather ensures organizational IT security that is transparent and useful.

Thank you for your time.