The cognitix Threat Defender version 20180413.0 provides various new features and improvements of the layer 2 firewall.
- More hardware is supported
The operating system of Threat Defender was updated with additional driver software to support a wider set of hardware configurations. Most notably, the latest Intel 10G network cards are now supported.
- Reporting contains MAC addresses
The analytics dashboards now display reporting data per source MAC addresses and per destination MAC addresses so that traffic per device can be investigated.
- Enhanced integration of threat intelligence feeds
- The policy engine contains a dedicated IoC subsystem with a dedicated rule condition to filter for IoC events.
- When traffic generates IoC hits, these hits are reported via IPFIX and can be reported via syslog.
- The Threat Defender reporting system contains graphs for threat intelligence data that allow to drill-down by IoC feed.
- Automatic updates
The updates for non-system updates (IPS signatures, threat intelligence feeds) can be auto-installed at predefined times.
- Active reset of dynamic network objects and event tracking tables
Dynamic network objects and event tracking tables can now be actively reset to remove entries and clear correlation scenarios.
- The reporting was improved:
- The dashboards were restructured for more clarity and better visibility.
- URL reputations are contained in the reporting.
- Rules can now be filtered by name.
- The updating functionality was improved:
- When installing updates, users are provided with meaningful information on the update status. If an update fails, a troubleshooting report is created.
- It is now possible to manually check for available updates.
- The update process can be configured to use an HTTP proxy to access the update server.
When creating objects inline, the input in relevant input fields is purged and reset to the last saved state.