Kognos helps detect and investigates propagating attacks in real time

Launched in 2020, Kognos is the cybersecurity industry’s first and only autonomous XDR investigator platform that detects, investigates, and responds to attack campaigns. Founded on the principle that attacker behavior is indicative of attack methodology, attribution, and data for exfiltration, Kognos leverages the power of relationships using security aware AI to fundamentally reduce dwell time by tracing the attacker’s path in real-time.

More and more enterprises are tuning out low and medium severity alerts or turning off systems that generate high volume of alerts because there is too much to handle. Without an automated process, an astounding 90% of alerts are overlooked by security teams as they are forced to spend increasingly less time investigating each event in order to try to maximize the number of alerts they triage and investigate.

Automated Alert Triage

No More Alert Deluge: The Kognos solution is built with an arsenal of security questions running through AI that understands security, and the investigative XDR autonomously tackles the alert triage process.

Instead of focusing on alerts, analysts are now able to address the complete attack campaigns the Kognos solution discovers, reducing the cost of investigations without compromising the number of alerts investigated.

Leveraging Relationships is the Key to Ending Alert Fatigue: Traditionally, security products are built with detection as the primary goal and not investigations, and by design are event-centric systems. These systems, however, are limited to flagging alerts as they are unequipped to do investigations, leaving investigations to the security teams. In turn, this forces security teams to limit the number of alerts investigated. 

The Kognos approach is different. Kognos Autonomous XDR Investigator looks at the relationships between events to understand attack campaigns versus individual alerts alone. Autonomously triaging events from existing EDR, NDR, SIEM, and other telemetry sources and connecting them together to build complete attack campaigns. Reducing the cost of investigations by reducing the time it takes your analysts to investigate malicious activity.

Autonomous Threat Hunting

Turbocharge Your Threat Hunting Team: There is finally an end to mining through terabytes of siloed data coming from endpoint events, network metadata, applications, and cloud logs. A fully autonomous approach to threat hunting allows security teams to overcome the data overload and hunt down leads autonomously. This system takes initial leads from the threat hunter and can autonomously mine through terabytes of data asking thousands of questions to fully understand the adversaries’ activities. This allows the threat hunter to review pre-investigated and fully contextualized attacks and campaigns and mitigate them, as opposed to drowning in data mining and chasing false leads. Kognos helps threat hunters to level the playing field against sophisticated adversaries and drastically reduce adversary dwell time.

No More Manual Hunting: The effectiveness of a threat hunting team relies on the ability to identify new leads and chase them down as quickly as possible. There is also a never ending deluge of leads from threat intel sources, IOCs from threat reports and anomalies using simple statistical aggregation. Threat hunters often also look for behavioral leads like invocation of persistence mechanisms, use of lateral movement tools, use of living off the land binaries, and more. How many of these leads can be hunted down is limited by threat hunter’s bandwidth as the manual data mining process is extremely cumbersome.

Autonomous Threat Hunting: Kognos has the key to solving data overload that is drowning threat hunters. The autonomous XDR investigator constantly looks for new leads as well as hunt down leads entered by threat hunters. The system autonomously drives the hunt process by interpreting and fusing siloed events from SIEM, NDR, EDR, and cloud infrastructures to form relationship graphs and asking thousands of questions to understand the adversary's path within the environment. The system generates attack and campaign stories that are fully substantiated with evidence.

Kognos’ fully autonomous threat hunting approach eliminates cumbersome data mining, allowing security teams to hunt a wider selection of leads, and hunt them down at machine speeds thereby cutting down adversary dwell time drastically.

Rakesh Nair, CEO

“We help you trace the attacker's path in real-time”

“The Kognos XDR Investigator is the only solution that allows organizations to trace laterally moving campaigns, living off the land binaries, and insider threats–regardless if they are active campaigns, attempted campaigns, or failed campaigns.”