CardinalOps raises $17.5M for AI threat detection solution

Today, AI threat detection provider CardinalOps announced it had raised $17.5 million as part of a Series A funding round led by Viola Ventures, to expand its go-to-market and product innovation. 

The company’s solution provides enterprises with a cloud-based AI platform that automatically generates best practice recommendations in the native query language of tools like Splunk, Sentinel, IBM QRadar and Crowdstrike, and suggests new detection rules mapped to the MITRE ATT&CK framework. 

In other words, CardinalOps aims to provide enterprises and decision makers with greater analytics and insights into how to scale and enhance their defenses to protect against increasingly advanced modern threats. 

Working smarter, not harder 

For years, the complexity of cyberthreats and enterprise security solutions has increased to the point where even the most productive human SOC teams can’t keep up. 

Research shows that today, more than 80% of security professionals rate their SOC’s complexity as very high, and 70% of SOC teams admit they are emotionally overwhelmed by the volume of security alerts. 

The reality is that most security teams don’t have enough hours in the day to manage the alerts and manual admin needed to rapidly detect threats. 

“The security industry is building more and more tools to help organizations protect themselves, but the problem is that complexity is growing exponentially,” said Michael Mumcuoglu, CEO and cofounder of CardinalOps. 

“It has become so hard to implement all those 50-60-70-80 different security tools, that the biggest gap and weakest link is their inability to operate all the tools they already have while simultaneously keeping up with constantly evolving adversary techniques and business requirements, such as cloud transformation and remote work.” 

“I heard over and over again from CISOs their frustration and knew we had to solve this problem, because it leads to under-utilized tools and big gaps in threat coverage which in turn leaves their organizations exposed,” Mumcuoglu said.

CardinalOps attempts to address the challenge of complexity by enabling security teams to work smarter rather than harder, by using an AI to provide security analysts with information on how to upscale their defenses to offer maximum threat coverage, so they can catch more threats with less manual admin. 

This approach also has the knock on effect of increasing cost-efficiency by helping security operations teams better leverage existing SIEM/IDR investments. 

Becoming a global leader in threat coverage optimization 

As CardinalOps aims to become a global category leader in the cybersecurity industry, the security tools it aims to enhance are also in a state of growth. The SIEM tools market is on target to rise from $4.21 billion in 2021 to reach $6.62 billion by 2028 and as the intrusion detection and prevention systems market is projected to grow from $4.8 billion in 2020 to $6.2 billion by 2025. 

However, CardinalOps isn’t the only vendor developing solutions to enhance the threat coverage of security operations teams.  

For instance, cybersecurity provider Hunters offers enterprises a security operations platforms that can ingest operations data from security tools throughout the environment  and automate threat investigation.

This approach has proved successful enough to have raised $68 million in Series C funding last year, up to a total of $118 million in total funding. 

The provider is also indirectly competing with other AI-driven tools that automate threat detection, such as Vectra, with an AI that can identify threats retrospectively and organization data to streamline incident investigation, which raised $130 million and achieved a $1.2 billion valuation last year. 

However, Mumcuoglu believes that the solution’s automation sets it aside from the crowd. “We are proactively and continuously improving our customers’ readiness to protect themselves from the next attack. We automate the process end-to-end — for example, we don’t simply identify gaps (and create more work for already small and understaffed teams); we also automatically remediate the gaps in production,” he said.