In the cybersecurity market, we’ve seen fairly dramatic innovation over the past decade related to AI-based technologies–with much of that technology applied towards threat-detection techniques. Literally hundreds of startups have been funded in areas including endpoint (EDR), user and network (UEBA, NTA and NBAD) threat detection, as well as incident response (SOAR). These have all contributed to greater situational awareness for security operators.
Unfortunately, the security-information and event-management (SIEM) technology that aggregates and analyzes the event output from these AI-based detection systems is managed and maintained like it was two decades ago—manually, inefficiently and ineffectively. The configuration and maintenance of the SIEM and related systems is done with spreadsheets, lists . . . and some chewing gum (figuratively)! So, operators are faced with literally hundreds of highly valuable, AI-based threat detection events being aggregated and prioritized by totally manual, suboptimized event-management systems. It’s comparable to managing a Tomahawk missile launch facility with American Revolution-era, human Minutemen—good intentions don’t translate.
I’m proud to be involved with a new company called CardinalOps*—led by serial entrepreneurs Michael Mumcuoglu and Yair Manor—that is attacking this problem. Today, CardinalOps, which has just raised $6 million in seed financing from Battery and others, is announcing the introduction of the industry’s first “Threat Coverage Optimization Platform”, which is designed to automate security-engineering functions and ensure comprehensive threat management with SIEM systems. The company’s main innovation is leveraging AI-based analytics and automation to identify the gaps between optimal threat coverage represented by the industry benchmark MITRE ATT&CK and actual threat coverage of existing SOC configurations. Essentially, the company is creating a new market category applying AI-based analytics and automation to a core security function that still remains shockingly manual and inefficient.
Specifically, the company’s platform provides prioritized configuration change recommendations to improve threat coverage that are optimized according to the distinct assets and threats posed to the particular organization. It also automates the deployment of the recommended changes by leveraging modern CI/CD techniques like staging, validation and rollback.
It seems pretty clear now that the security industry has more than enough high-powered threat-detection tools to detect attackers, but we frequently miss the signals of attack because of a suboptimal and overwhelmed security infrastructure. We are excited to see CardinalOps create new technology in this new product domain by applying AI and automation to deliver comprehensive threat coverage for the SOC. Michael’s previous company, LightCyber*, was an early innovator in AI-based security, and that company’s advanced behavioral analytics are now embedded in Palo Alto Networks’ Cortex XDR product. (LightCyber was acquired by Palo Alto in 2017.)
We expect that this will be the first of many growth chapters for CardinalOps and the new Threat Coverage Optimization category they have created.
This material is provided for informational purposes, and it is not, and may not be relied on in any manner as, legal, tax or investment advice or as an offer to sell or a solicitation of an offer to buy an interest in any fund or investment vehicle managed by Battery Ventures or any other Battery entity.
The information and data are as of the publication date unless otherwise noted.
Content obtained from third-party sources, although believed to be reliable, has not been independently verified as to its accuracy or completeness and cannot be guaranteed. Battery Ventures has no obligation to update, modify or amend the content of this post nor notify its readers in the event that any information, opinion, projection, forecast or estimate included, changes or subsequently becomes inaccurate.
The information above may contain projections or other forward-looking statements regarding future events or expectations. Predictions, opinions and other information discussed in this video are subject to change continually and without notice of any kind and may no longer be true after the date indicated. Battery Ventures assumes no duty to and does not undertake to update forward-looking statements.
*Denotes a Battery portfolio company. For a full list of all Battery investments, please click here.