Cybersecurity Engineering: The Next Application for AI-Powered Automation

Arik Kleinstein, Founder and Managing PartnerArik Kleinstein

January 21, 2021 • 2 min read

 

Cybersecurity infrastructure

We’re excited to announce our investment in cybersecurity startup CardinalOps, led by successful serial entrepreneurs Michael Mumcuoglu and Yair Manor.

With this new company, they are applying AI-based analytics and automation to a relatively unaddressed cybersecurity challenge. We have had the pleasure to lead the seed investment at Michael’s prior startup, LightCyber, acquired by Palo Alto Networks (NYSE: PANW), so it’s our honor to work with him again.

As early stage cybersecurity venture investors, we frequently meet entrepreneurs leveraging novel AI and automation techniques, but for only minor incremental benefits or narrow addressable market opportunities. We were pleasantly surprised to find upon our due diligence for CardinalOps, that novel automation has never been applied to the mundane tasks of engineering the Security Operations Center (SOC), despite the fact that the SOC is the heart and lungs of security operations that determines threat coverage effectiveness. While there’s a multitude (literally hundreds) of vendors with automated threat detection products (EDR/UEBA/NTA/NBAD) and vendors with automated orchestration and incident response products (SOAR), there has been nearly zero AI or automation applied to the critically important security engineering tasks of configuring the various SIEM and SOC tools that determine operational threat coverage. Our reference calls with CISOs confirmed that security engineers typically rely upon spreadsheets and checklists to manually continuously configure and maintain their SIEM correlation rules as well other products within the security stack.

Really?
Really.

Billions of dollars are spent on automated threat prevention and detection tools that fire thousands of alerts per day…and then managing the output from those systems manually? Does that seem like a good return on security investment? CardinalOps says “no.” and provides a solution. The usage of advanced AI technologies to continuously monitor the SIEM rules and make changes on the fly are a huge addition to the level of security the current infrastructure provides. In addition, CardinalOps adheres to the MITRE ATT&CK framework, providing focused guidance as to where the Security engineers’ priorities reside. Within a short period of time after our seed investment, CardinalOps has already been installed with a few F500 companies with great results.

Arik Kleinstein, Founder and Managing Partner

Written by

Arik Kleinstein

Co-Founder & Managing Partner

Related posts

Re-Inventing Product-Market Fit – Announcing Glilot Mach5
  • Strategy

Re-Inventing Product-Market Fit – Announcing Glilot Mach5

August 21, 2022 • 4 mins to read

Dorin Baniel, Head of Value CreationDorin Baniel

5 Key Takeaways from RSA Conference 22’
  • Cyber

5 Key Takeaways from RSA Conference 22’

June 26, 2022 • 5 min read

Kobi Samboursky, Founder and Managing PartnerKobi Samboursky