HOME Resources Blog Applying AI and Automation to a Surprisingly Unaddressed Security Function


Applying AI and Automation to a Surprisingly Unaddressed Security Function

In the cybersecurity market, we’ve seen fairly dramatic innovation over the past decade related to AI-based technologies–with much of that technology applied towards threat-detection techniques. Literally hundreds of startups have been funded in areas including endpoint (EDR), user and network (UEBA, NTA and NBAD) threat detection, as well as incident response (SOAR). These have all contributed to greater situational awareness for security operators. 

Unfortunately, the security-information and event-management (SIEM) technology that aggregates and analyzes the event output from these AI-based detection systems is managed and maintained like it was two decades ago—manually, inefficiently and ineffectively.The configuration and maintenance of the SIEM and related systems is done with spreadsheets, lists . . . and some chewing gum (figuratively)! So, operators are faced with literally hundreds of highly valuable, AI-based threat detection events being aggregated and prioritized by totally manual, suboptimized event-management systems. It’s comparable to managing a Tomahawk missile launch facility with American Revolution-era, human Minutemen—good intentions don’t translate.


I’m proud to be involved with a new company called
CardinalOps*led by serial entrepreneurs Michael Mumcuoglu and Yair Manor—that is attacking this problem. Today, CardinalOps, which has just raised $6 million in seed financing from Battery and others, is announcing the introduction of the industry’s first “Threat Coverage Optimization Platform”, which is designed to automate security-engineering functions and ensure comprehensive threat management with SIEM systems. The company’s main innovation is leveraging AI-based analytics and automation to identify the gaps between optimal threat coverage represented by the industry benchmark MITRE ATT&CK and actual threat coverage of existing SOC configurations. Essentially, the company is creating a new market category applying AI-based analytics and automation to a core security function that still remains shockingly manual and inefficient.

Specifically, the company’s platform provides prioritized configuration change recommendations to improve threat coverage that are optimized according to the distinct assets and threats posed to the particular organization. It also automates the deployment of the recommended changes by leveraging modern CI/CD techniques like staging, validation and rollback.

It seems pretty clear now that the security industry has more than enough high-powered threat-detection tools to detect attackers, but we frequently miss the signals of attack because of a suboptimal and overwhelmed security infrastructure. We are excited to see CardinalOps create new technology in this new product domain by applying AI and automation to deliver comprehensive threat coverage for the SOC. Michael’s previous company, LightCyber*, was an early innovator in AI-based security, and that company’s advanced behavioral analytics are now embedded in Palo Alto Networks’ Cortex XDR product. (LightCyber was acquired by Palo Alto in 2017.)   

We expect that this will be the first of many growth chapters for CardinalOps and the new Threat Coverage Optimization category they have created.

Battery Ventures provides investment advisory services solely to privately offered funds. Battery Ventures neither solicits nor makes its services available to the public or other advisory clients. For more information about Battery Ventures’ potential financing capabilities for prospective portfolio companies, please refer to our website.

*Denotes a past or present Battery portfolio company. For a full list of all Battery investments, please click here. No assumptions should be made that any investments identified above were or will be profitable. It should not be assumed that recommendations in the future will be profitable or equal the performance of the companies identified above.

Content obtained from third-party sources, although believed to be reliable, has not been independently verified as to its accuracy or completeness and cannot be guaranteed. Battery Ventures has no obligation to update, modify or amend the content of this post nor notify its readers in the event that any information, opinion, projection, forecast or estimate included, changes or subsequently becomes inaccurate.