The Cognitive Analyst is a family of products and services that uses Network Behavior Analysis principles. This solution analyzes NetFlow or IPFIX data produced by routers, switches or specialized probes, and allows clients to discover  anomalous behavior, advanced persistent attacks, or zero day attacks in near real-time.  The Cognitive Analyst protects clients by analyzing these types of advanced and modern attack vectors, and further complements a companies security ecosystem consisting of advanced security tools such as Intrusion Detection and Prevention Systems (IDS & IPS), web security, and event management and monitoring.  This is achieved by providing a quicker diagnosis of threats, therefore allowing security administrators to quickly act to mitigate against these threats.

Cognitive Analyst also complements classical firewalls, email security, and deep packet inspection tools which are used to identify threats based on known attack patterns, through the use of signatures. In contrast to this traditional approach, Cognitive Analyst does not use signatures, but rather identifies the disruptions in the network traffic, analyzes them over time, and decides whether they correspond to random fluctuations or were caused by an actual attack.

Cognitive₁ is the ideal solution for enterprise clients looking for a robust and cost effective network behavior analysis platform.  The features of Cognitive₁ include:

• Software Support & Maintenance – the Cognitive Security support team is proactive in helping clients with ensuring that they receive the maximum benefit from our product family.
• Regular Software Updates – Cognitive Security continues to provide clients with expertise in software development, with updates issued at least once per quarter.  Competing security devices are reliant on timely and inefficient signature updates.  With Cognitive Analyst, tests have shown resilience in our software releases, maintaining the effectiveness of modern threat detection over a much longer timeframe.  Our mission in Cognitive Security is to stay ahead of threats, whereby signature based solutions, struggle to not fall too far behind their attackers.
• Cognitive₁ is designed for Networks up to 2.5 Gbps

Cognitive₁₀ is targeted toward clients with a high volume of data, which may include Telecommunication providers, Network Service Providers (NSP), or data hosting providers.  The features of Cognitive₁₀ include those of Cognitive₁ and expand to these additional capabilities:

• Cognitive₁₀ is designed for Networks up to 10 Gbps – thus ensuring compatibility with clients that have a higher demand in line speeds, and data throughput.
• Adaptive sampling for high-speed networks – this feature ensures that data classification remains accurate as higher volumes of data are processed and analyzed.
• Adaptive sensitivity levels – Cognitive₁₀ has the ability to adapt to the severity of data classification over a longer period of time, based on the type and volume of data flows which are analyzed. Thus provides administrators with a higher accuracy in threat classification across their client base.

Cognitive_Expert specializes on clients that have a requirement for high resolution and data analysis sensitivity.  Cognitive_Expert is provided to a select group of clients which have bespoke security requirements, such as government organizations, financial services sector, and critical infrastructure providers.  These clients typically have smaller data throughput requirements, but need a highly accurate platform for the detection of sophisticated network attacks.  Cognitive_Expert is only available with a mandatory hardware probe for data provisioning.  Capabilities of Cognitive_Expert include:

• User Data analysis – using deep packet inspection, user data greatly enhances accuracy in threat detection, but better understanding the attacker’s details.
• MAC address analysis – by analyzing details at OSI layer two, further levels of granularity can be analyzed in specific attack vectors which utilize these methods to penetrate a company’s network.
• Dedicated Account Management – as an option for Cognitive_Expert clients, Cognitive Security can provide expertise and analyst resources to help clients understand the severity of events at a granular level

Mitigate Attacks Before They Spread

The ability to protect clients against state-of-the-art breaches such as self-modifying and adaptive malware is crucial. Current versions of malware can already evade detection by a classic Intrusion Detection System (IDS).  Modern malware samples have the ability to morph and apply complex decision rules that are almost impossible to be identify by traditional security devices.

It is therefore crucial to develop next-generation security solutions that would refrain from using clearly specified attack signatures or profiles, and move towards the solutions that are more robust with respect to learning and strategically identifying a breach with no known pattern of identification.

Despite the many shortcomings of Intrusion Detection, Cognitive Security actively address them with the use of self-monitoring and self-optimizing features in the Cognitive Analyst platform. These unique features offer clients near real-time detection of relevant of attacks and through self-optimization, decreasing system management costs.

Various Artificial Intelligence techniques are combined in the Cognitive Analyst platform to progressively reduce the error rates. For example, traditional Intrusion Detection algorithms are tuned to typical output a high number of false alarms.  These false alarm rates can be  improved through constant tuning and human analysis.    In live tests Cognitive Analyst has been shown to reduces an IDS’s false alarm rates by a factor of fifty (50:1) between algorithms. This ratio is further reduced through incident classification and processing rules in the management dashboard.

Cognitive Security serves to provide robust protection against threats such as:

• New Malware variants and self-modifying malware, which may not yet have a defined signature for use in an IDS, email security, or firewalls.  This may consist of Trojans which have bypassed a corporationsperimeter defenses,  introduced through a wireless networks, laptop, or flash-drive.  Then the criminal has free reign to use the computer as a botnet, contributing to a much larger distributed network threat.

• Customized Malware targetinga specific user or organization.  These may be attacks that are attempting to mimic the normal network behavior, so as to avoid early detection

• Advanced Persistent Threats (APT) deployed by hackers that may spend months of reconnaissance before deploying multiple attack vectors.

• Denial of Service (DOS) or distributed denial of service (DDOS) attacks serving to crash a server or bring down a larger IT infrastructure.

• Ciphered Attacks network traffic (e. g. encrypted attacks using HTTPS, SSL, SSH)

Summary

Virtually every corporate, non-profit institution, or government organization in the world is dependent on network access and information services.  Securing these networks and systems against automated and human-driven attacks is becoming critically important with the growing number of information and asset misuse. Current security solutions are surprisingly fragile when facing today's sophisticated adversaries.  Cognitive Security differentiates itself by providing clients with an advanced platform built on artificial intelligence, and sophisticated layers of algorithms and agents.

Cognitive Security offers solutions designed to fill the security gaps left by the current generation of network security tools.  Our advanced Network Behavior Analysis platform accurately exposes both known and unknown attacks.  Our solution to be ideally suited for the detection, prioritization and handling of modern-day attack patterns that would typically bypass or evade a client’s defenses.

Disclaimer:  As an expert security system that processes network traffic statistics alone, Cognitive Security does not claim the ability to detect all the attacks. Our solution is effective against classes of attacks that are observable in  NetFlow data, and helps to complement other security devices which provide intelligence around deep packet inspection, or other granular data analysis.  Cognitive Analyst's efficient error suppression algorithm allows clients to significantly increase the sensitivity of attack detection.