incident response

The first and only platform that allows incident responders
to do point and click investigations across petabytes of telemetry

Manage and Respond to Incidents in Hours

In the event of a security incident, the highest priority for any organization is to understand and contain the breach before further damage is done. It takes close to 200 days to identify the threat and the average cost to an organization for a single breach is close to $4 million. Given the long dwell time, the adversary has the ability to laterally move, persist on multiple devices and execute various tools and malware. Understanding the full scope and impact of the threat is crucial to respond to these incidents but unfortunately it can take days and weeks to go through hundreds of terabytes if not petabytes of telemetry.

Machine-assisted investigations can reduce both the cost and time to respond to these incidents by autonomously tracing the attacker's every step in the environment.

Trace the attacker's path and contain the incident with Kognos

The Kognos platform seamlessly connects with the organization’s endpoint, network, and application telemetry, performs retroactive hunts over months of data, and traces the attacker’s every step in a matter of hours.

Incident responders can use suspicious artifacts or malicious behaviors to seed the system to do machine-assisted investigations.
Based on the seed information, the Kognos platform autonomously traces the attacker’s activities and fully contextualizes the attack, presenting the findings as complete attacks/campaigns.
Incident responders as a result can review machine-investigated storylines and contain the threat by taking appropriate mitigation steps.
The findings can also be used to generate full incident response reports in seconds to share the attack/campaign with the security team and to help with other incident response activities.

HOW IT WORKS

RELATIONSHIP GRAPH ENGINE

The relationship graph engine fuses and interprets high fidelity EDR, SIEM and NDR events and forms relationship graphs which are essential in understanding the full scope and impact of the attack as it allows the system to cumulatively look at risk across the entire adversarial activity

AI-DRIVEN INQUIRY ENGINE

The AI-driven inquiry engine will investigate hundreds of billions of relationships by asking thousands of forensic questions per second to identify relevant evidence highlighting the entire attacker’s path

STORY GENERATION ENGINE

The story generation engine continuously fuses the evidence collected to form easily understandable attack stories and timelines of the complete attack allowing the incident responders to quickly contain the threat.

By using machine-assisted incident response, security teams can now execute incident response at machine speeds, fully understand the extent of given threats, and enable proactive hunts to continuously monitor the environment to prevent attackers from regaining access.

How Incident Responders Leverage Kognos

Enable incident responders to mine through petabytes of data in a matter of hours
Mitigate threats with point and click incident response
Respond and manage incident in hours
Share findings and create catalogues of repeatable hunts
Prevent the attacker's regaining access using continuous autonomous hunts

Learn More

Download the Kognos Machine-Assisted Incident Reponse datasheet for more details about:

Easy set up
Fully autonomous incident response
Review historical profiles
Proactively monitor users and devices
API Integrations
SIEM Integrations
NDR Integrations
Endpoint data integrations

Download Kognos Incident Response Datasheet

Kognos continuously monitors billions of relationships to detect suspicious behavior. Once detected, Kognos uses an AI powered inquiry engine to ask thousands of forensic questions per second to fully contextualize the attack and present the findings as complete attack campaigns, allowing the analyst to respond in real-time.

Request a Demo