Autonomous Threat Hunting

The Kognos autonomous XDR investigator is the only solution to reduce threat hunting time from hours to minutes, even as adversaries are getting more sophisticated and their attack campaigns harder to detect. Learn more about this completely autonomous solution.

There is finally an end to mining through terabytes of siloed data coming from endpoint events, network metadata, applications, and cloud logs. A fully autonomous approach to threat hunting allows security teams to overcome the data overload and hunt down leads autonomously. This system takes initial leads from the threat hunter and can autonomously mine through terabytes of data asking thousands of questions to fully understand the adversaries’ activities. This allows the threat hunter to review pre-investigated and fully contextualized attacks and campaigns and mitigate them, as opposed to drowning in data mining and chasing false leads. Kognos helps threat hunters to level the playing field against sophisticated adversaries and drastically reduce adversary dwell time.

The effectiveness of a threat hunting team relies on the ability to identify new leads and chase them down as quickly as possible. There is also a never ending deluge of leads from threat intel sources, IOCs from threat reports and anomalies using simple statistical aggregation. Threat hunters often also look for behavioral leads like invocation of persistence mechanisms, use of lateral movement tools, use of living off the land binaries, and more. How many of these leads can be hunted down is limited by threat hunter’s bandwidth as the manual data mining process is extremely cumbersome.

Kognos has the key to solving data overload that is drowning threat hunters. The autonomous XDR investigator constantly looks for new leads as well as hunt down leads entered by threat hunters. The system autonomously drives the hunt process by interpreting and fusing siloed events from SIEM, NDR, EDR, and cloud infrastructures to form relationship graphs and asking thousands of questions to understand the adversary's path within the environment. The system generates attack and campaign stories that are fully substantiated with evidence.

Kognos’ fully autonomous threat hunting approach eliminates cumbersome data mining, allowing security teams to hunt a wider selection of leads, and hunt them down at machine speeds thereby cutting down adversary dwell time drastically.