Devo acquires Kognos to build a next-gen 'Autonomous SOC'.  Learn more!


By Rakesh Nair

Democratizing The Knowledge and Expertise of The World’s Best Threat Hunters

With sophisticated, state-sponsored threats, skill-set shortages, overwhelming amounts of data, and the impacts of the remote work model on cyber-hygiene continuing to drive change in our industries, organizations are pushing department budgets and resources to their limits in an effort to identify and mitigate risks. On average, it takes companies close to 200 days to identify a threat and the average cost to an organization for a single breach is close to $4M, according to IBM

To reduce dwell time, passive monitoring needs to be complemented with proactive threat hunting. While few organizations have established threat hunting teams, most companies are struggling to set up a threat hunting practice as they lack the resources and bandwidth needed.

The Cybersecurity Skills Shortage That Just Won’t Budge

TechRepublic, in an August 2021 article, discusses the recently released report from the Information Systems Security Association (ISSA) and analyst Enterprise Strategy Group ESG, The Life and Times of Cybersecurity Professionals 2021.

“The report, which surveyed 489 cybersecurity employees, shows that a heavier workload (62%), unfilled positions (38%) and worker burnout (38%) are contributing to the skills gap. Nearly all surveyed (95%) believe the gap has not improved in recent years."

To add even more challenge, great threat hunters are widely considered to be the “unicorns of the security space.” Their unique mindsets and highly specialized skills form an expertise that can’t be easily replicated. And the few that we do have in the industry are spread sparsely across many organizations and - as described above -  are overwhelmed with escalations of threats and the weight of supporting the rest of the security team. 

Democratizing The OODA Loop?

Let’s look at threat hunting from the perspective of the Observe, Orient, Decide, and Act (OODA) loop. 

The OODA loop for threat hunting includes: 

  1. Looking for suspicious activity using various hunt hypotheses - backed by a multitude of techniques
  2. Deep investigations of any suspicious activity
  3. Arranging the evidence to form a narrative or storyline, and; 
  4. Responding, based on the ascertained risk and behaviors associated with the storyline.

Every proficient threat hunter will conduct these activities, but scaling these activities and using manual processes as building blocks is nearly impossible, as it takes complete transfer of knowledge and expertise for others to participate. 

By analyzing the analyst, we've discovered deeper, repeatable, logical patterns within the expert analytical workflow. Within these patterns are mechanisms to divide-and-conquer complex analytical tasks in an asynchronous way - as well as tailor each question from previously gathered evidence. 

So, if we can push this OODA loop to an AI powered autonomous engine, it opens up the possibility of now replicating this OODA loop elsewhere, while the best threat hunters can contribute constantly to improving such a system.

The Network Effect to Threat Hunting Realized

At Kognos, we have pioneered an autonomous threat hunting system that executes hunts for threats as a threat hunter would - from start to finish - delivering complete attack stories in minutes that document everything of analytical interest. 

With Kognos, threat hunters can quickly remediate attacks and get ahead of emerging threats, knowing nothing was missed and nothing is left unanswered. This allows threat hunters to focus on creating additional hunt hypotheses, questions, and actions to be fed into the Kognos autonomous system. Threat hunters can also share successful hunt hypotheses, via the Kognos content cloud, allowing other threat hunters to take advantage of them at the click of a button.

Kognos is also collaborating with world-class threat hunters from our MSSP partners to develop new hunt hypotheses that can also be shared similarly. This will - for the first time in the industry - create a network effect to cyber threat hunting, allowing threat hunters to take advantage of the collective wisdom to detect sophisticated adversaries, and reduce MTTD and MTTR metrics considerably.

"...if you have automated hunting, and you have recipes you can share with the community, you don't have the challenges with IP or the risk of sharing threat intel - and the community can get stronger and share these hunts with each other."

Seth Robbins, Chief Revenue Officer
HYPR | The Passwordless Company™

Kognos continuously monitors billions of relationships to detect suspicious behavior. Once detected, Kognos uses an AI powered inquiry engine to ask thousands of forensic questions per second to fully contextualize the attack and present the findings as complete attack campaigns, allowing the analyst to respond in real-time.


Oxygen Icon Box

2064 Walsh Ave, STE C1
Santa Clara, 
California - 95050

Oxygen Icon Box

Copyright © 2021 Kognos, Inc. All Rights Reserved.
envelopemap-markercross linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram