Needless to say, this has led to an increased risk of infiltration from unprotected networks outside the purview of the organization. In such a scenario, many organizations are opting for threat hunting-as-a-solution to strengthen their security landscape using their endpoint, application, and network telemetry. The growing demand for threat hunting solutions, coupled with the vast amounts of data collected by organizations, complicates the process of wading through all that information to detect malicious activities proactively.
At the confluence of this loggerhead stands Kognos, one of the leading threat hunting partners for enterprises in the U.S. The company offers a fully autonomous AI-powered cyber threat hunting platform that eliminates the manual investigation of data and seamlessly identifies suspicious activity within one’s organization. “We have imbibed an AI engine with the security knowledge to ask the appropriate forensic questions about adversary activity and investigate it on behalf of security teams. Our engine allows clients to get a holistic view of the attacker’s path and activity within the company,” states Rakesh Nair, the CEO at Kognos.
In most cases, the SIEM, EDR, and NDR platforms are extremely event-centric and concentrate on an individual event in isolation, without accounting for its past or future. Kognos, on the contrary, takes a different approach with its story generation engine and provides a more fundamental outlook to analyze the data by building contextual relationships across all events. This engine generates a complete graph of the activities taking place across the organization, including all the network connections, files, and registry access. The contextual mapping enables the Kognos AI to trace the attacker’s path and determine whether an actor is malicious or not. If the machine finds an action to be suspicious, it adds evidence of the cumulative risk to the actor and traces the actor’s activities to bring the entire story to the forefront.
Another aspect of automating the threat hunting process is asking the right questions and sifting through all the telemetry to identify a particular threat or malware.Kognos’s XDR Hunter has effectively replaced the inefficiency of manual data investigation methods. It helps clients mine through massive volumes of data, ask several appropriate questions to determine the malicious activities, and then trace the attacker’s path in real-time while delivering pre-investigated attacks.
We have imbibed an AI engine with the security knowledge to ask the appropriate forensic questions about adversary activity and investigate it on behalf of security teams. Our engine allows clients to get a holistic view of the attacker’s path and activity within the company
Its AI capabilities enable the system to figure out the questions that need to be asked based on the observations on the current responses, both for external infiltrations and internal access. “Our AI engine is purpose-built with domain expertise. It acts as a reasoning and discovery tool that knows the semantics of how attackers behave and uses that to its advantage to ask the right questions,” adds Nair. After collecting all the required evidence, Kognos’s engine aggregates all of this information in a way that portrays the attacker’s behavior appropriately. The findings are presented to clients as storylines, allowing them to identify threats and act upon them in real-time.
In addition to its comprehensive threat hunting solutions, Kognos also fosters a community-driven approach to tackle cyber threats more effectively. It allows thought leaders and industry experts to share their ideas, opinions, and knowledge about cyber threats via its threat hunting hypotheses sharing mechanism. It also focuses on assisting MSSPs by helping them improve their efficiency with Kognos’ industry-leading threat hunting and increase their margins. This it does by offering a mechanism by which MSSPs can upsell autonomous threat hunting as a service to their end-consumers, using Kognos’ threat hunting engine. Moving ahead, Kognos will offer automation services to clients on top of their existing SIEM, EDR, and NDR platforms to allow all siloed datasets to sync into one source of information.
“We are delivering a powerful set of automation capabilities to clients by automating threat hunting, alert investigations, and incident response. Our community-driven, machine-assisted cyber threat hunting platform is designed to be a weapon of choice for threat hunters and security analysts for eliminating cyber threats in real-time,” concludes Nair.