Cybersecurity Engineering: The Next Application for AI-Powered Automation
We’re excited to announce our investment in cybersecurity startup CardinalOps, led by successful serial entrepreneurs Michael Mumcuoglu and Yair Manor.
With this new company, they are applying AI-based analytics and automation to a relatively unaddressed cybersecurity challenge. We have had the pleasure to lead the seed investment at Michael’s prior startup, LightCyber, acquired by Palo Alto Networks (NYSE: PANW), so it’s our honor to work with him again.
As early stage cybersecurity venture investors, we frequently meet entrepreneurs leveraging novel AI and automation techniques, but for only minor incremental benefits or narrow addressable market opportunities. We were pleasantly surprised to find upon our due diligence for CardinalOps, that novel automation has never been applied to the mundane tasks of engineering the Security Operations Center (SOC), despite the fact that the SOC is the heart and lungs of security operations that determines threat coverage effectiveness. While there’s a multitude (literally hundreds) of vendors with automated threat detection products (EDR/UEBA/NTA/NBAD) and vendors with automated orchestration and incident response products (SOAR), there has been nearly zero AI or automation applied to the critically important security engineering tasks of configuring the various SIEM and SOC tools that determine operational threat coverage. Our reference calls with CISOs confirmed that security engineers typically rely upon spreadsheets and checklists to manually continuously configure and maintain their SIEM correlation rules as well other products within the security stack.
Really?
Really.
Billions of dollars are spent on automated threat prevention and detection tools that fire thousands of alerts per day…and then managing the output from those systems manually? Does that seem like a good return on security investment? CardinalOps says “no.” and provides a solution. The usage of advanced AI technologies to continuously monitor the SIEM rules and make changes on the fly are a huge addition to the level of security the current infrastructure provides. In addition, CardinalOps adheres to the MITRE ATT&CK framework, providing focused guidance as to where the Security engineers’ priorities reside. Within a short period of time after our seed investment, CardinalOps has already been installed with a few F500 companies with great results.