Devo acquires Kognos to build a next-gen 'Autonomous SOC'.  Learn more!

a New era in solving dwell time is here

By Rakesh Nair

Putting an End to Data Wrangling

In today’s hyper-distributed security environment, organizations have to assume their environments are already breached or will be breached. The only way to stay secure in this new world is to reduce the amount of time we let attackers dwell within our environments.

What if we could have a system that traces the attackers path in real-time, allowing us to mitigate threats when and as they are happening, and ultimately reduce dwell time to zero?

Dwell time: the danger that lurks beneath

Dwell time signifies how long an adversary has been in your environment without being detected. Today, the average undetected dwell time is 60 days. While the average undetected dwell time is dropping each year, an average measured in months is still far too long to be considered acceptable. Two months is more than enough time for an adversary to create a multitude of undetected vectors into the network, compromise centralized authentication, and exfiltrate sensitive data or hold it for ransom.

Even with the enormous amount of innovation and investment in the cybersecurity space, there is no security product that can fully track the attacker’s behavior in real-time. At best, what today’s solutions are doing is generating alerts for suspicious events pushing them on analysts to create full attack stories through manual investigations, which can take hours to days.

The status quo is no longer tenable

The reality for most security teams is that lurking in the vast ocean of events are but a few hidden threats - and it takes an enormous amount of data wrangling to properly investigate each alert. With the amount of telemetry collected from EDR, NDR and SIEM platforms reaching terabytes, it's unrealistic - and dangerous - to expect highly skilled analysts to wrangle this much data every day.

The era of SIEM rules alerting on anomalies or EDR flagging suspicious behaviors followed by manual investigating IS OVER. We are seeing a new breed of adversaries, who are skilled and stealthy - and who too easily hide in the complexity of your environment.

We need a new approach.  

Consider this: What if you had machines that could 1) investigate; 2) identify ground truth and causality; and 3) tell you pre-investigated storylines of what’s happening?

You could then move your highly skilled security analysts to focus on these stories and let them do what they do best: decide on the risk associated with a storyline and respond in real-time.

And let the machines do the data wrangling.

The new era of autonomous threat hunting is here

"I finally started to believe that the elimination of alert fatigue was actually possible."

~ Mike Viscuso explains the benefits for SOC teams that transition to autonomous threat hunting.

"...When it comes to alerts, security teams no longer have to choose between lower false positives and lower false negatives, they get both. Even when their environment is completely changed over night. Kognos automates the alert triage process eliminating manual investigation time completely."

Mike Viscuso, Co-Founder & Ex-Chief Strategy Officer
Carbon Black

Kognos continuously monitors billions of relationships to detect suspicious behavior. Once detected, Kognos uses an AI powered inquiry engine to ask thousands of forensic questions per second to fully contextualize the attack and present the findings as complete attack campaigns, allowing the analyst to respond in real-time.


Oxygen Icon Box

2064 Walsh Ave, STE C1
Santa Clara, 
California - 95050

Oxygen Icon Box

Copyright © 2021 Kognos, Inc. All Rights Reserved.
envelopemap-markercross linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram