VMworld2020 Reaction: How VMware’s Integrations Re-Shape Protecting Your Assets

VMworld2020 Reaction: How VMware's Integrations Re-Shape Protecting Your Assets

Coming out of VMworld2020, it is more clear than ever that the industry is ready for an XDR strategy. This strategy is made up of five pillars: data, analytics, cross-domain, automation, and cloud.

During the session, XDR EDR: How VMware's Integrations Re-Shape Protecting Your Assets, it is clear that in order to build a successful XDR strategy, organizations should look at supporting their ecosystem from multiple different dimensions of the XDR pillars and not from a single product. This is a refreshing take on XDR that Kognos is in full agreement with: integrations are key to building comprehensive XDR strategy.

A key point of focus that was discussed in the session was the need for the 5 pillars to fully address key challenges an organization’s intrinsic security strategy are facing today. According to Tom Corn & Brad Doctor, the main points of focus should surround the detection challenge, the investigation challenge, the incident response challenge, the time challenge, and the newly distributed enterprise challenge.

As an official partner with VMware Carbon Black, our integration directly addresses and resolves issues presented by the instricic security challenges and acts as a piece of the puzzle to build a complete XDR strategy.

The Detection Challenge:

As bad actors are continuously evolving, there is an increase in volume and variance of attacks. This creates a deluge of alerts, across siloed data sets, with too little context to quickly and easily understand the activity that is executable.

The Detection Remediation:

In order to provide the complete context of attack narratives, organizations need to capture every step an attacker makes across multiple different telemetry sources in their environment. As VMware Carbon Black is solving the problem of converging the telemetry sources with their XDR offering, Kognos is partnering to provide the complete context of attack narratives by tracing the attacker’s path through security-aware AI. Kognos mines the XDR data forging billions of relationships that exist across the different telemetry in a matter of seconds to detect suspicious behavior. Whether it be ransomware, living off the land binaries, insider threats and laterally moving campaigns, Kognos captures the relationship between every event an attacker makes in your environment, no matter the volume and variance of attacks.

The Investigation Challenge:

To gain full understanding of attack campaigns, XDR products need to look at activities, not alerts. Security teams need to find exactly where the suspicious activity is located, how they got there, and where it is trying to go, but current detection and response platforms only give event data.

The Investigation Remediation:

To address this challenge, VMware Carbon Black XDR offering consolidates robust data from telemetry outputs while Kognos autonomous XDR investigator ingests that data and visualizes the relationship between events to hunt for complete attack campaigns, in real-time. Kognos uniquely understands the importance of identifying the attack campaign’s directionality, scope and impact, and most importantly, intent, regardless if the attack campaign is active, passive, or failed.

The Time Challenge:

The time it takes to detect and investigate attacks is measured in days to months and requires heavy manual labor to triage alerts and piece together attacker movements. The longer an attacker has a foot hold in your environment, the more harm it can do.

The Time Remediation:

The VMware Carbon Black and Kognos partnership solves the time challenge. As the Carbon Black XDR aggregates all telemetry data, Kognos autonomously tackles alert triage and the investigation process to reduce dwell time to minutes. Leveraging the consolidated data with real-time investigation to provide visibility into complete attack campaigns cuts out manual hunting time so security analysts can remediate and respond as attacks are still in action.

The Distributed Enterprise Challenge:

The increase in use in private and public clouds means there is an increase in attack surface area needing to be protected that is not observable on corporate networks.

The Distributed Enterprise Remediation:

As VMware Carbon Black is solving the problem of consolidating hyper-distributed network data with their XDR offering, Kognos is partnering to identify the subtlest of attacker behavior, investigate the attacker movements, and trace complete attack campaigns in real-time across a distributed environment.

The right way to build a complete XDR strategy is less about addressing events and more about understanding the activity that's happening in an environment and the behavior that caused it. The VMware Carbon Black and Kognos partnership is taking the right steps to build a cohesive XDR strategy. Through Carbon Black’s robust XDR offering to consolidate data with Kognos autonomous XDR investigator, the joint solution autonomously connects the dots between event data so organizations have the timeline of complete attack campaigns.