Kognos for MSSPs reduces MTTD/MTTR metrics to mere minutes. Learn More.

Why We Started Kognos

By Rakesh Nair

Prior to Kognos, our founding team was working at RSA, McAfee, Juniper, and Dell with a combined experience of 100+ years in cyber security. We all noticed how our customers’ skilled analyst teams were struggling to manage and understand exploding numbers of alerts that our event-based products generated. We also saw bad actors evolving, using new and innovative techniques including much stealthier tools and masquerading as standard processes. They were living off the land and they were hopping from machine to machine, department to department, propagating towards critical resources, over long periods of time, without getting detected.

The reality is, the existing event-based detection products are failing because they cannot fully understand relationships in the data they collect, and as a result, a SIEM and EDR cannot detect or investigate these newly evolved multi-hop attacks. This causes either the threats to go undetected or generates sparse alerts putting the burden on the analysts to try and investigate.

Instead of running a bunch of static rules against all the incoming events, our founding team knew that focusing on the relationships between events was the only way to empower the security analyst, and help detect and investigate propagating attacks in real time. Bad actors are evolving, so our means to remediate and understand their attacks must evolve too.

We built Kognos, prioritizing a relationship-centric approach:

  • An approach that is fully autonomous
  • An approach that asks intelligent questions to explore the relationships forming in the infrastructure
  • An approach that makes digesting multi-hop attack campaigns simple

Our solution automatically traces relationships to detect suspicious behavior and tells you what’s happening, what’s the impact, and how to stop it. Once we detect a suspicious behavior, it triggers a fully autonomous AI driven inquiry engine that asks 1000s of questions, per second, to explore billions of relationships. We autonomously look for the real scope and impact, and enumerate all the compromised machines, suspect binaries, external domains, etc to trigger the right actions to remediate attack campaigns.

Built by security practitioners for security practitioners, our platform identified fully formed multi-level attack campaigns that can be easily understood from various levels: 

  • From the perspective of departments or locations to see how the threat is forming and propagating
  • From a multi-hop level to see what’s really happening across multiple machines and the impact of the attack
  • From an intra-device level to look for detailed evidence and behaviors

The Kognos autonomous XDR investigator platform is built to trace the subtlest of suspicious behavior. Given we are tracing the entire activity of the user as related incidents, we can cumulatively look at the insider’s activity to bubble up possible threats to see the complete picture of an attack. This is the power of relationships.

Kognos continuously monitors billions of relationships to detect suspicious behavior. Once detected, Kognos uses an AI powered inquiry engine to ask thousands of forensic questions per second to fully contextualize the attack and present the findings as complete attack campaigns, allowing the analyst to respond in real-time.


Oxygen Icon Box

2064 Walsh Ave, STE C1
Santa Clara, 
California - 95050

Oxygen Icon Box


Copyright © 2021 Kognos, Inc. All Rights Reserved.
envelopemap-markercross linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram