The cognitix Threat Defender version 20180201.0 provides various new features and improvements of the layer 2 firewall.
Integration of Indicators of Compromise (IoC)
The Threat Defender now integrates Threat Intelligence feeds with Indicators of Compromise. They allow you to monitor information from these feeds in the reporting dashboards and to create firewall rules to specify reactions, such as blocking or logging.
Reporting contains IP names
The analytics dashboards now display resolved IP names where possible.
New DLP pattern types
Using data leakage protection profiles, you can now scan filenames and file contents for hexadecimal patterns in addition to string patterns.
New features for network objects
Static network objects can now store MAC addresses in addition to IP addresses.
There is a new filter feature for network objects: You can now filter static and dynamic network objects by name. In addition, static network objects can be filtered by the IP addresses and/or MAC addresses they include or exclude.
Using event tracking tables, you can now track more data types: IPS IDs, MAC addresses, VLAN tags and domains.
Updates of the Threat Defender are now faster.
When you create or edit rules, you can now access various settings screens (static network objects, schedules, etc.) from the rule screen.
- Custom URL categories may now contain non-ASCII characters.
- When you install an update, any additionally available updates are removed from the updates list. However, they are displayed again as soon as the system carries out the next update check.