• Home
  • products and services
  • Technology
  • About us
    •

     

    Products

    CognitiveOne system is based on behavioral analysis of network hosts, using the widely available network traffic statistics provided by switches, routers and dedicated probes. This makes the CognitiveOne complementary with classical firewalls, deep packet inspection and intrusion detection systems based on the detection of known attacks described by precise signatures. In contrast to this traditional approach, CognitiveOne identifies the disruptions in the network traffic, analyzes them and decides, whether they correspond to random fluctuations or were caused by an attack. This makes the system effective against:

    • denial of service and distributed denial of service attacks
    • new malware variants and self modifying malware
    • attacks mimicking the normal network operations, typically by insiders
    • malware and trojans introduced on laptops and flash-drives, bypassing the perimeter defenses
    • malware introduced through unsecured wireless networks
    • attacks in ciphered network traffic (e. g. HTTPS, SSL, SSH)

    Product Lines

    Cognitive Security currently offers two distinct product lines, the first one designed for general-purpose network monitoring and behavior analysis, and an OEM software module designed specifically for detection and real-time analysis of denial of service attacks in order to allow quick and effective response.

    Version NBA Enterprise NBA
    Speed < 500 Mbit/sec Gigabit networks
    Distributed, multi-source operation
    Software
    Hardware

    Contact us for pricing information. Please note that special prices are available for U.S. Government use and contractors. We also offer discounts for educational and non-profit organizations.

    Competitive advantage

    CognitiveOne technology is used not only to address the problem of intrusion detection as such, but it also allows easy system integration, management and use:

    • high sensitivity intrusion detection with low alarm rate – uses a dynamically created set of adaptive anomaly detection models to provide the best performance in your network environment
    • low integration costs – uses readily available NetFlow data and does not require integration with any other data sources
    • low configuration and maintenance costs – uses state-of-the-art self-configuration and self-monitoring tools
    • privacy consciousness – performs no content analysis, making its use easier from privacy, policy and legal standpoints
    • reliability - in the case of any system component failure, this don't effect the entire system failure. This avoids the threat of the entire network failure

    Cognitive Security - overview

    Product Features

    Data availability

    The network flow (NetFlow) data, a de-facto standard now being extended and codified as IPFIX by RFC 5101 is available from a wide range of network appliances from all major vendors. The NetFlow data is provided by most enterprise grade Cisco routers, network switches (Entrasys, HP ProCurve) and by dedicated hardware and software probes provided by independent vendors. Network flow data is typically aggregated over the period of several minutes, before being transferred to Flowsharp system for analysis.

    Mode of operation

    CognitiveOne processes the network flow data in on-line mode, with a small delay due to the network flow aggregation period. Each batch of data is processed immediately and the suspected malicious activity discovered in the batch is reported to network administrators via e-mail, alert reporting protocols, logged, and/or displayed in the web interface. The alerts are available in the standard IDMEF format, text format or a rich web format for easy analysis and quick reaction.

    Self-management

    CognitiveOne minimizes the operational costs by the use of self-managing paradigm, which allows the system to perform runtime estimate of its expected sensitivity and false positive rate and to optimize its configuration to ensure optimal performance. This process can be optionally coupled with network security policies and threat models, in order to maximize system effectiveness with respect to the most relevant attacks.

    Attacks classification and filtering

    The CAMNEP system framework offers several generic rules for traffic event classification (e.g. web server, DNS server, web user, SQL server, horizontal scan, vertical scan, …). The events reported by the system are matched against these classes, and can be processed and reported/escalated according to the class-specific rules. Unclassified (previously unknown) events are reported in a separate category for inspection. The system allows the user to define, modify or remove attack classes. Events detected by the system can be classified by source/destination IP, source/destination ports, protocol, traffic statistical characteristics and other features.

    Cognitive Security - events

    Configurable reporting and prevention data export

    CAMNEP is able to report the events either visually (in Analyst desktop interface or via web interface), or using formatted text/XML (IDMEF standard) event reports with configurable level of granularity and reporting target for each attack class. The most severe threats can be forwarded to prevention device for filtering, others can spur tickets in issue management system, and others can be sent by email to specified administrator.

    HOW OUR SOLUTION CAN HELP YOU - read more about unique features of our solution.

    Services

    Consulting & Network Analysis Services

    Our product can be readily deployed by our experts to perform periodic or irregular traffic analysis of your network. This service is oriented towards the organizations with high security requirements, but with limited internal resources for continuous, in-depth network monitoring. Deployment of CognitiveOne as a service can:

     

    • determine the botnet, trojan and other malware infections inside your network
    • verify the effectiveness of the firewall and other perimeter defenses
    • evaluate the SLA (Service Level Agreement) compliance when the network security or management is outsourced
    • provide independent assessment of your network to cover regulatory requirements.

     

    Forensic Analysis


    As a service to departments with a need to understand the network traffic during a suspected attack or network compromise, we offer the traffic analysis and forensic analysis as a service with high added value. The use of advanced versions of our products by our in-house experts allows us to provide highly efficient and effective service at very acceptable price levels. The use of NetFlow data in the forensics investigation allows you to:

     

    • quickly determine the extent of the threat,
    • compartmentalize the network and maintain business continuity in the unaffected departments
    • prioritize the investigation of individual hosts, determine the exploits, follow the command & control actions of the attacker

     

     

    Services are provided directly by Cognitive Security or in collaboration with local partners on selected markets.

    copyright 2010 - cognitivesecurity

    info@cognitivesecurity.cz