Kognos for MSSPs reduces MTTD/MTTR metrics to mere minutes. Learn More.

Menu

DECREASING DWELL TIME FROM MONTHS TO MINUTES

By Rakesh Nair

Decreasing Dwell Time from Months to Minutes

In today’s hyper-distributed security environment, organizations have to assume their environments are already breached or will be breached. The only way to stay secure in this new world is to reduce the amount of time we let attackers dwell within our environments.

What if we could have a system that traces the attackers path in real-time, allowing us to mitigate threats when and as they are happening, and ultimately reduce dwell time to zero?

What is dwell time?

Dwell time signifies how long an adversary has been in your environment without being detected. Today, the average undetected dwell time is 60 days. While the average undetected dwell time is dropping each year, an average measured in months is still far too long to be considered acceptable. Two months is more than enough time for an adversary to create a multitude of undetected vectors into the network, compromise centralized authentication, and exfiltrate sensitive data or hold it for ransom.

How do we reduce dwell time?

Even with the enormous amount of innovation and investment in the cybersecurity space, there is no security product that can fully track the attacker’s behavior in real-time. At best, what today’s solutions are doing is generating alerts for suspicious events pushing them on analysts to create full attack stories through manual investigations, which can take hours to days.

This status quo is no longer tenable with the amount of telemetry we are collecting from EDR, NDR and SIEM platforms reaching terabytes, making it humanly impossible to mine through this data. This is leading to attackers spending months undetected in most environments.

We need a new and disruptive approach to solving this problem.

We need an approach that lets machines understand what’s happening, as opposed to leaving it to manual interpretation. An approach that allows the machine to do autonomous investigations to generate complete stories of what the attacker is doing at machine speeds.

Kognos is an Autonomous Threat Hunting platform that fuses events from existing EDR, NDR, SIEM and other telemetry sources into semantic relationship graphs. Kognos then continuously monitors billions of these relationships to detect suspicious behavior.

Once detected, Kognos uses an AI powered inquiry engine to ask thousands of forensic questions per second mining these relationships to autonomously track malicious actors throughout the network and present the findings as visual attack campaigns, allowing the analyst to respond in real-time.

The Kognos Autonomous Threat Hunter as a result can:

  • Improve fidelity of detection multifold as it detects event the subtlest threats
  • Reduce alert triage/investigations time to zero
  • Eliminate false positives by 95%
  • Expedite hunting time from hours to minutes
  • Reduce post-breach response time from days/weeks to minutes/hours
"...When it comes to alerts, security teams no longer have to choose between lower false positives and lower false negatives, they get both. Even when their environment is completely changed over night. Kognos automates the alert triage process eliminating manual investigation time completely."

Mike Viscuso, Co-Founder & Ex-Chief Strategy Officer
Carbon Black
Kognos continuously monitors billions of relationships to detect suspicious behavior. Once detected, Kognos uses an AI powered inquiry engine to ask thousands of forensic questions per second to fully contextualize the attack and present the findings as complete attack campaigns, allowing the analyst to respond in real-time.

Contact

Oxygen Icon Box

2064 Walsh Ave, STE C1
Santa Clara, 
California - 95050

Oxygen Icon Box

info@kognos.io

Copyright © 2021 Kognos, Inc. All Rights Reserved.
envelopemap-markercross linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram