Benefit from more accurate reporting and more precise rule creation with our new DPI engine.


Find out below what’s new in cognitix Threat Defender version 20200519.0. For instructions on how to update your Threat Defender installation to the newest version, see Updating Threat Defender

For further information on cognitix Threat Defender, visit www.genua.de/home/cognitix.

If you have any questions or suggestions, contact us at support@cognitix.de.


Attention
Upgrading to version 20200519.0 may cause problems with rule evaluation due to the change of the DPI engine. Follow the instructions below to ensure a smooth migration.


Upgrading to cognitix Threat Defender version 20200519.0

We changed the DPI engine used by Threat Defender to improve the reporting and rule evaluation. However, when upgrading from Threat Defender version 20200130.0 or older, policy rules that use protocol/application classification cannot be migrated automatically. Therefore, proceed as follows:

  1. When you install the update, correlation scenarios and/or rules that use Classification conditions will be automatically disabled. You will be notified which scenarios and/or rules have been disabled.
  2. After completing the installation of the update, navigate to Policy > RulesIn the overview table, you can see all scenarios and rules configured on the system.     

  3. Check the setup and the Classification conditions of the affected scenarios and rules.
    Note that the names of protocols/applications will vary slightly with the new DPI engine., e.g. lower-case instead of upper-case spelling. Therefore, you need to manually select the required protocols/applications. The auto-complete function will help you find the protocol you’re looking for.

  4. Save the rule and/or scenario and enable it again.

Make sure to check all correlation scenarios and policy rules that use DPI before you reintegrate Threat Defender into your network. Otherwise, network security may be at risk.


If you have any questions or problems, do not hesitate to contact us at support@cognitix.de.


Improvements

  • Qosmos ixEngine
    cognitix Threat Defender now uses the Qosmos ixEngine. With this DPI engine we will be able to extract additional metadata from the traffic flows. This allows for more accurate reporting and therefore more precise rule creation. From a user’s perspective the general handling of Threat Defender will not change as soon as the migration of rules is completed (see above).

        
  • Upgrade to CentOS 8
    The cognitix Threat Defender operating system was upgraded from CentOS 7 to CentOS 8. For detailed     information on the improvements of the operating system, see the Red Hat documentation.

        
  • cognitix Threat Defender Supports Upcoming genua Hardware
    cognitix Threat Defender will support the upcoming dedicated hardware systems provided by genua GmbH. For further information, see www.genua.de.

        
  • Password Complexity Test
    A new password complexity test for system users helps you verify if your selected password is secure.
        
  • User Session Timeout
    You can now configure individual session timeouts for system users after which the respective users will be logged out automatically from Threat Defender if they remain inactive. This allows us to integrate the dashboards into screens on the wall of security operation centers.

        
  • Improved Asset Handling
    We simplified the handling of asset IP and MAC addresses and fixed inconsistencies that could be caused during editing.

  • Better NTP Usability
    We now use chrony as our NTP backend. We can therefore display more detailed information on the time servers and provide an option to manually force time synchronization.

Solved Issues

  • The tables under Inventory > Assets can now be sorted by all columns.

        
  • SSL certificates generated for the administration interface of cognitix Threat Defender now match the configured hostname.

  • Applying an empty bridge configuration can no longer cause a segmentation fault resulting in a system crash.