Turbocharge Carbon Black Deployments with Kognos Autonomous Threat Hunting
The combination of Carbon Black and Kognos redefines your security posture to stop attacks before they can cause serious harm.
Point and click hunting across terabytes of data with fully automated hunts and investigations.
Out of the box hunt hypotheses
Attack-Tracing AI powered inquiry engine
Visual storylines - with interactive summary views
Real-time attack tracing and response
Collaboration with team and community via shared hypotheses
15 minutes to install - 30 minutes to value
How It Works
Kognos connects to Carbon Black data via APIs, and takes less than 15 mins to setup. Once connected, Kognos starts automatically hunting for adversary activity - and generates stories within 30 minutes, using out of the box hunt hypotheses.
1
Point-and-Click Hunting
The Kognos platform allows threat hunters to do point and click hunting using Carbon Black data via hundreds of hunt hypotheses. The system will look for behaviors associated with these hypotheses and investigate autonomously using the Attack-Tracing AI powered inquiry engine to ask millions of forensic questions at machine speeds.
2
Tracing Attackers in real-time
Once a hunt hypothesis is triggered, the Kognos Attack-Tracing AI engine will start the interrogation of Carbon Black data to trace attacker’s every step and present them as visual storylines - with interactive summary views for your security team to review and understand the adversary activity in mere minutes.
3
Real-time Response
The command sequences and detailed attack activity executed in each device is traced and enumerated for complete context. The multi-machine storyline, timeline and the command context provide multiple perspectives for the security team to understand the story in minutes and respond to it in real-time.
Kognos continuously monitors billions of relationships to detect suspicious behavior. Once detected, Kognos uses an AI powered inquiry engine to ask thousands of forensic questions per second to fully contextualize the attack and present the findings as complete attack campaigns, allowing the analyst to respond in real-time.
