Devo Technology on Thursday announced Thursday that the cloud-native logging and security analytics company would acquire autonomous threat-hunting pioneer Kognos for an undisclosed sum.
The two companies aim to deliver the “Autonomous SOC,” which promises to automate the most important aspects of the threat lifecycle: detection, triage, investigation and hunting, potentially eliminating the repetitive manual tasks that lead to analyst burnout and SOC inefficiency.
Devo collects data from across the entire attack surface from any source at scale and delivers the advanced analytics and detections that feed directly into the Kognos artificial intelligence engine. Kognos knows the questions and data that analysts use and then applies AI to automatically triage and investigate alerts and create attack stories.
“For analysts to have any chance of keeping up with today’s adversaries, we need to shift the SOC’s focus from weeding through thousands of alerts every day to actionable attack stories: the full sequence of steps taken to carry out an attack and an understanding of its impact,” said Devo CEO Marc van Zadelhoff. “Pairing Kognos with Devo enables analysts to move beyond focusing on just alerts and empowers them to take quick, decisive action against threats.”
The Devo Technology acquisition of Kognos makes a lot of sense, said Frank Dickson, program vice president for security and trust at IDC. Dickson said Devo Technologies brings logging and analytics. Kognos brings threat hunting. Logging and analytics are the foundational technologies of the "holy grail" commonly referred to as XDR, said Dickson.
“This acquisition also speaks to a macro trend in the security industry: platformization,” Dickson said. “Frankly, digital transformation has introduced new attack surfaces to defend; we acquired new security tools to defend those surfaces. The problem is that the number of security tools has ballooned, which aggravates the security staffing problem. Organizations are choosing to not play the role of systems integrator, choosing to not own the responsibility of making sure that separate tools work together. CISOs are responding by increasingly selecting offerings that are more comprehensive and pre-integrate products into solutions.”
While it’s easy to be skeptical of “fully autonomous” threat hunting, there’s a clear value proposition, said Rick Holland, CISO and vice president of strategy at Digital Shadows. Holland said many security teams are short-staffed, underskilled, and overwhelmed by the threat landscape, so there’s benefit in complementing and automating as much of the threat hunting process as possible.
“We saw a similar acquisition in 2019 when Sumo Logic acquired JASK, which marketed itself as autonomous security operations center software,” Holland said. “We aren't talking about a 'Skynet-esque' automated SOC that removes all humans and automates ‘all the things.' The automation of security operations is a journey. Enriching data and automating specific tasks is a step in this very long journey. Credibility and confidence in the solution will be essential to see how widely it’s adopted and implemented."
Phil Neray, vice president of cyber defense strategy at CardinalOps, said modern SOCs are challenged by constant change in the threat landscape, business priorities, and infrastructures — plus an exponential increase in the volume of data they collect to spot suspicious or unauthorized activities.
“This acquisition makes sense because it applies AI-powered automation to the critical task of hunting for threats in all that data at a large scale, as well as building attack stories to help incident responders quickly mitigate them,” Neray said.