Security startup Kognos, the latest vendor to tout extended detection and response (XDR), came out of the gate running today with its artificial intelligence (AI)-based XDR platform and interoperability with VMware Carbon Black.

XDR is a newish approach to threat detection and response that Gartner called a top security and risk management trend of 2020. It combines elements of security information and event management (SIEM), security orchestration, automation and response (SOAR), endpoint detection and response (EDR), and network traffic analysis (NTA) in a software-as-a-service (SaaS) platform to centralize security data and incident response. This improves threat detection because it correlates threat intelligence across security products and provides visibility across networks, clouds, and endpoints.

It’s still an emerging security sector, but most major security providers sell some type of XDR that unifies partners’ products via an XDR platform. This includes Cisco, Fortinet, McAfee, Microsoft, Palo Alto Networks, Trend Micro, and Symantec.

And it’s also attracting security startups including Kognos, whose founder and CEO Rakesh Nair is the former head of engineering at RSA where he was responsible for that vendor’s SIEM and EDR teams.

Kognos today launched the Autonomous XDR Investigator, which uses AI to automatically detect, investigate, and respond to attacks. The platform fuses events from companies’ existing EDR, NDR, SIEM, and other telemetry sources and puts them into relationship graphs that tell a unified story about an attack, Nair said.

“If you look at logs, and network metadata, and endpoint metadata, everything you are collecting, most organizations are collecting hundreds of terabytes or even petabytes of data,” he said. “And putting the onus of getting leads from some of these alerts and having to manually investigate and figure out what is happening is what is causing some of these breaches to continue to happen.”

Instead of requiring these manual investigations, Kognos’ XDR platform uses automation to improve security operations teams’ productivity and detection accuracy, Nair said. “We built a platform that can trace the attacker’s path in real time,” he explained. “And we visualize [attacks] as fully formed narratives or storylines on the UI, so that you see it in real time.”

The Kognos XDR platform has API-based adapters for a slew of EDR, NDR, and SIEM products. These include CrowdStrike, Microsoft Windows Defender, Splunk, Sumo Logic, RSA, ServiceNow, Digital Shadows, Tanium, Radar, Rapid7, Blue Coat, Cherwell, Recorded Future, and VMware Carbon Black. The last one is particularly important to Kognos and earned its own announcement detailing the XDR platform’s interoperability with VMware Carbon Black.

It’s also worth noting that Mike Viscuso, co-founder and former CTO of Carbon Black, sits on Kognos’ advisory board.

Kognos and Carbon Black together collect telemetry from various VMware products including the NSX Service-defined Firewall, Workspace ONE, and vSphere. Kognos also integrates with Carbon Black Cloud and applies cross domain autonomous XDR analytics allowing mutual customers to streamline the Security Operations Center (SOC) and prioritize high impact alerts.

“VMware Carbon Black’s robust XDR data and outputs paired with the Kognos ability to ingest data to visually capture attack campaigns will help our mutual customers trace the steps of the adversary and respond in real-time,” said Brendan Hogan, senior director of business development at VMware Carbon Black in a statement. “As we continue to expand the power of our partner ecosystem, this work will enable customers to start building a future ready security operations center, equipped with comprehensive XDR solutions.”