Kognos for MSSPs reduces MTTD/MTTR metrics to mere minutes. Learn More.

Decreasing Dwell Time from Months to Minutes

By Rakesh Nair

In today’s hyper-distributed security environment, organizations have to assume their environments are already breached or will be breached. The only way to stay secure in this new world is to reduce the amount of time we let attackers dwell within our environments.

What if we could have a system that traces the attackers path in real-time, allowing us to mitigate threats when and as they are happening, ultimately reducing dwell time to zero?

What is dwell time?

Dwell time signifies how long an adversary has been in your environment without being detected. Today, the average undetected dwell time is 60 days. While the average undetected dwell time is dropping each year, an average measured in months is still far too long to be considered acceptable. Two months is more than enough time for an adversary to create a multitude of undetected vectors into the network, compromise centralized authentication, and exfiltrate sensitive data or hold it for ransom.

How do we reduce dwell time?

Even with the enormous amount of innovation and investment in the cybersecurity space, there is no security product that can fully track the attacker’s behavior in real-time. At best, what today’s solutions are doing is generating alerts for suspicious events pushing them on analysts to create full attack stories through manual investigations, which can take hours to days.

This status quo is no longer tenable with the amount of telemetry we are collecting from EDR, NDR and SIEM platforms reaching terabytes, making it humanly impossible to mine through this data. This is leading to attackers spending months undetected in most environments.

We need a new and disruptive approach to solving this problem.

An approach that lets machines understand what’s happening, as opposed to leaving it to manual interpretation. An approach that allows the machine to do autonomous investigations to generate complete stories of what the attacker is doing at machine speeds. 

The Kognos security platform is a relationship-centric autonomous XDR investigator platform that fuses events from existing EDR, NDR, SIEM and other telemetry sources into semantic relationship graphs. Kognos then continuously monitors billions of these relationships to detect suspicious behavior.

Once detected, Kognos uses an AI powered inquiry engine to ask thousands of forensic questions per second mining these relationships to autonomously track malicious actors throughout the network and present the findings as visual attack campaigns, allowing the analyst to respond in real-time.

The Kognos autonomous XDR investigator as a result can:

  • Improve fidelity of detection multifold as it detects event the subtlest threats
  • Reduce alert triage/investigations time to zero
  • Eliminate false positives by 95%
  • Expedite hunting time from hours to minutes
  • Reduce post-breach response time from days/weeks to minutes/hours

Trace and respond to malicious actors in real-time and reduce dwell time to minutes instead of months.

Download Our Infographic:

How to Reduce Dwell Time From Months to Minutes
Kognos continuously monitors billions of relationships to detect suspicious behavior. Once detected, Kognos uses an AI powered inquiry engine to ask thousands of forensic questions per second to fully contextualize the attack and present the findings as complete attack campaigns, allowing the analyst to respond in real-time.

Contact

Oxygen Icon Box

2064 Walsh Ave, STE C1
Santa Clara, 
California - 95050

Oxygen Icon Box

info@kognos.io

Copyright © 2021 Kognos, Inc. All Rights Reserved.
envelopemap-markercross linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram