Let me tell you a story. Not a bedtime story or the sort of happy-ending story you’d read to your kids. This is a darker, much more serious story. It’s a story about cybersecurity. Specifically, it’s a story about attack stories.
You may be asking yourself, what is an attack story? Every cyberattack has a story. And that story consists of a sequence of steps adversaries take to learn, access and control the resources and data of the victims they’re pursuing.
What makes identifying these stories so challenging for security operations center teams is today’s SOC tools don’t focus on stories, they focus on alerts. And focusing on alerts — individual point-in-time indicators of malicious activity — forces SOC analysts to spend precious time working to uncover the attack stories behind the myriad threats that cross their screens every day.
That is not a sustainable approach in an era of increasingly clever, relentless and well-equipped threat actors. Imagine what analysts could do if they had the attack story right from the start. That’s why Devo is providing our customers with the market’s most advanced artificial intelligence security technology by acquiring Kognos, which we announced today.
The Kognos team created the industry’s first autonomous threat hunting solution. The combination of Kognos, the leader in autonomous threat hunting, and Devo, the industry’s most scalable and performant security analytics platform, will work to deliver the first elements of what we call the “autonomous SOC.”
What is the Autonomous SOC?
Today, security analysts begin with an alert and then perform largely manual triage, investigation and hunting of the threat. It’s a time-consuming, pressure-packed process that takes its toll on analysts and puts organizations at risk.
The autonomous SOC will automate those key foundational steps. Rather than starting with alerts, we will build the autonomous SOC around AI that knows the scenarios, questions and data that analysts use to triage, investigate and hunt threats. Even more, the autonomous SOC will automatically deliver a blueprint of the full attack story as the starting point for analysts to launch their work.
Instead of struggling to manually uncover the attack stories behind the thousands of daily alerts, SOC analysts will have new AI-powered tools to make their work faster and more effective. This will improve organizations’ cybersecurity postures making them less vulnerable to whatever attackers throw at them.
Combining Devo and Kognos
Now, back to those attack stories. From its launch in 2020, the Kognos team has built pioneering attack-tracing AI that mirrors the way analysts work. Kognos asks analytical questions and delivers the answers analysts urgently need, enabling them to shift from alerts to attack stories.
The Kognos AI now will leverage Devo’s market-leading ability to collect and process data across the entire attack surface— from any source and at unmatched speed — to build attack stories for analysts to use so they can focus their skills on the threats that matter most to their business. Devo’s advanced analytics and detections will feed directly into the Kognos attack-tracing AI engine.
Kognos CEO Rakesh Nair, who formerly was head of engineering for NetWitness/RSA, has joined Devo as VP of engineering. As he likes to say, Kognos set out to give analysts an incredibly efficient “second brain” to not only automate but truly amplify their ability to hunt the most critical threats their organizations confront. Combining Kognos and Devo is the ideal way to empower analysts to take fast, decisive action against threats.
Where We Go from Here
The road to the autonomous SOC is a multistep journey. The acquisition of Kognos is an exciting first step, but we’re not finished yet. The combined Devo and Kognos team already is working on completing the journey and delivering its many benefits to our customers and partners. Our goal is to eliminate the repetitive manual tasks that lead to analyst fatigue and result in SOC inefficiency, which is a huge problem, as you can see from the latest Devo SOC Performance ReportTM.
By using the industry’s most advanced technologies to focus on attack stories as the way to stop damaging cyberattacks, SOC analysts — and everyone in your organization — will be able to sleep with at least one eye closed.
Read our solution brief to learn how Devo and Kognos can help your organization achieve the autonomous SOC by fusing AI, automation and the industry’s most scalable SIEM.