The Kognos platform identifies fully formed multi-level attack campaigns that can be easily understood from various levels:
Prior to Kognos, our founding team was working at RSA, McAfee, Juniper, and Dell with a combined experience of 100+ years in cyber security. We all noticed how our customers’ skilled analyst teams were struggling to manage and understand exploding numbers of alerts that our event-based products generated. We also saw bad actors evolving, using new and innovative techniques including much stealthier tools and masquerading as standard processes. They were living off the land and they were hopping from machine to machine, department to department, propagating towards critical resources, over long periods of time, without getting detected.
The reality is, the existing event-based detection products are failing because they cannot fully understand relationships in the data they collect, and as a result, a SIEM and EDR cannot detect or investigate these newly evolved multi-hop attacks. This causes either the threats to go undetected or generates sparse alerts putting the burden on the analysts to try and investigate.
Instead of running a bunch of static rules against all the incoming events, our founding team knew that focusing on the relationships between events was the only way to empower the security analyst, and help detect and investigate propagating attacks in real time. Bad actors are evolving, so our means to remediate and understand their attacks must evolve too.
We built Kognos, prioritizing a relationship-centric approach:
Our solution automatically traces relationships to detect suspicious behavior and tells you what’s happening, what’s the impact, and how to stop it. Once we detect a suspicious behavior, it triggers a fully autonomous AI driven inquiry engine that asks 1000s of questions, per second, to explore millions of relationships. We autonomously look for the real scope and impact, and enumerate all the compromised machines, suspect binaries, external domains, etc to trigger the right actions to remediate attack campaigns.