July 9, 2024
6
min read

Introducing Command Zero & Why focusing on tier-2+ is the best investment for security operations

Today, Command Zero is coming out of stealth, ready to revolutionize security operations. Command Zero is the industry’s first autonomous & user-led cyber investigations platform. It is built to tackle the most significant bottleneck in security operations: investigations. Supercharging tier-2, and tier-3 analysts (the scarcest talent in security operations) is the most impactful project a CISO can take on. Command Zero is built to deliver this transformative project at scale.

No items found.
Dov Yoran
Cofounder & CEO
In this article

Today is an important day for Command Zero as a young company. After two and a half years of discovery, development and testing (or “using with anger “as we like to call it with our design partners), Command Zero is ready to revolutionize security operations.

I'm excited to announce our launch out of stealth as well as our seed round of $21M. This funding round was led by Andreessen Horowitz with participation from Insight Partners and over 60 cyber industry thought leaders and executives, further validating our vision and the significance of the problem we set out to solve.

Command Zero is the industry’s first autonomous & user-led cyber investigations platform. It is built to tackle the most significant bottleneck in security operations: investigations.

Our why

All escalations in security operations require thorough human analysis before a decision can be made. Analyzing these cases is a highly manual process with a lot of grunt work, and the universal shortage of talent for this advanced skillset makes it the most significant bottleneck.

Supercharging tier-2, and tier-3 analysts (the scarcest talent in security operations) is the most impactful project a CISO can take on. Command Zero is built to deliver this transformative project at scale.

The investigation platform uplifts tier-2, tier-3 analysts, incident responders and threat hunters (tier-2+ for short) by combining expert questions, autonomous and user-led methods on a federated data model. It also helps these most valuable analyst resources to focus on the most impactful areas of work by removing the toil from the investigation process, powering all analysts with expert knowledge, automation and collaboration tools.

Our co-founders & team

Having the right founding team was the first step on our journey as a company. I consider myself fortunate to build again with Dean De Beer and Al Huger, two extraordinary cyber veterans with proven track records, including 7 combined successful exits to Symantec, McAfee, Sourcefire, Cisco and IBM among the three of us.

We’ve known each other for over twenty years in the industry and we’ve previously worked together at Cisco, ThreatGrid and Symantec. Before we embarked on Command Zero, we spent the last six years at Cisco’s Security Business Group where we all held strategic roles.

We also brought some of our best engineering, design and research team members together again from previous experiences to form the strong team we have today. Our core team members have over twenty years of experience building successful products in cyber. They also bring the harmony of being a well-established team, working together for over ten years in previous companies. We have expanded the core team with some of the best talent in our industry to set Command Zero up for success.

Every day is filled with excitement and a sense of responsibility to the cyber community as we drive towards helping enterprises prevail against attacks.  

Why focus on tier-2+ and why now?

Despite increasing investments in cybersecurity, adversaries outpace most organizations when it comes to adopting innovation.This leaves defenders stuck in reactive mode with limited coverage struggling with the fundamentals in increasingly complex environments. The adoption of cloud, SaaS and AI brings new threats and stretches the abilities of all security teams every day.

Conducting effective cyber investigations has always been the ultimate challenge for security operations, but we are seeing this even more acutely these days. The adoption of automation in most areas of security operations has improved detection and triaging capabilities, yet all escalated cases still require thorough investigations – making them the choke point for teams.  

The important and potentially devastating incidents all require human touch for analysis. And when analysts start investigating these cases, they are limited by manual methods and individual knowledge. Manually investigating all escalated cases by tier-2 and tier-3 analysts is an impossible task for most organizations with cloud, SaaS and high volumes of attacks.

Running these escalations to ground truth requires advanced investigations knowledge, admin-level technology-specific expertise at target systems and direct access to all relevant systems.

The universal talent gap is hurting all aspects of cyber today, but the sophisticated requirements for tier-2+ analyst roles make them some of the hardest talent to find, retain and nurture. It is unlikely for any organization to get enough tier-2+ head count to tackle all escalations, but even if it did, filling those roles with the right talent is an insurmountable challenge.

As an industry, we are benefiting from leaps of innovation for SOC and tier-1 automation, but these improvements only intensify the need for improved tier-2+ capabilities. Tier-2 and tier-3 analysts, along with incident responders are an extremely talented cohort who is currently under-served and can highly benefit from automation, collaboration and expert content. The closest solutions trying to solve some of the problems for tier-2+ analysts are AI chatbots. While these solutions are helpful to speed up some queries and summarization, they are far from solving the problem.

Autonomous & user-led cyber investigations

The work done by tier-2 and tier-3 analysts is bespoke by nature, so a programmatic approach or a one-size-fits-all approach is doomed to fail in the face of complex infrastructure and sophisticated cases. While there are a lot of steps in the investigation process that can benefit from automation, one of the design decisions we’ve made early on for Command Zero was to combine autonomous and user-led capabilities to deliver a flexible experience for analysts. By removing many labor-intensive and low value steps in the investigation process, analysts get extra bandwidth and regain the curiosity to interrogate data sources. In simple terms, analysts get to be more accurate and efficient - they can now deliver their best work.

Command Zero distills the expert knowledge of decades of investigation, incident response, threat hunting and security operations experience into a compelling user interface.

The platform comes with integrations with the questions you need to ask to each data source and the sequences you need to run a multi-faceted investigation or threat hunt. This knowledge removes the groundwork of collecting data from all individual resources, while making the data available for analysis in a single interface. In addition to manual investigations and threat hunts, analysts can use fully autonomous sequences, review verdicts, steps and responses. They can then further the investigation with additional questions and sequences, getting to conclusions in a predictable way.

The platform removes drudgery from analysts and does the hard repetitive work for them, including data collection, interpretation, timeline and report generation. Analysts can now ask pointed questions to get to the bottom of cases in minutes with confidence.

Command Zero also makes previous investigations and notes available to the team. This helps analysts to quickly get the complete context and make better informed decisions.

Multiple analysts can collaborate on the same case and work on different branches of investigations simultaneously. They can also review each other’s work, coach and improve on the existing work of the team.

Organizations can build custom facets (no-code dynamic investigative sequences) to ensure consistent flows for certain types of investigations. This not only improves efficiency, but also improves consistency while providing auditability.

Conclusion

Command Zero can deliver all this and so much more for your organization. We have been receiving outstanding feedback from our early adopters and prospects. I am proud of what we have built so far, and the exciting new capabilities we are shipping soon.

I am confident Command Zero will be a game-changer for all organizations looking to improve capabilities for investigations and threat hunting. We look forward to hearing your feedback and seeing you on the platform soon!

Please visit https://www.cmdzero.io to learn more.

Dov Yoran
Cofounder & CEO

Continue reading

launch
Highlight

Fuel cyber investigations with expert questions

Universal talent gap is a challenge we must operate with in cyber. To combat this, we need to shift from platforms for advanced users only to intrinsically skilled platforms that augment all users. Command Zero delivers the expert platform for cyber investigations. Expert investigative questions and investigative flows (facets in our terminology) are the investigative fuel of the Command Zero platform. By leveraging this expert content, all tier-2+ users (tier-2, tier-3, incident responders and threat hunters) can deliver expert outcomes every time.
Eric Hulse
Jul 17, 2024
12
min read
launch
Highlight

Transforming cyber investigations: The power of asking the right questions

What if we could create a team of investigators with the ability to collect and harvest the right information, to determine the scope and track investigations in real-time? Command Zero’s question-based investigative approach, combined with automation, ensures no detail is overlooked. This method makes expert knowledge accessible to all analysts. Discover how this empowers Tier-2+ analysts with expert system capabilities in our latest blog. It’s not enough to just provide the query. We need to ask those questions for them, driving deeper investigations and educating analysts continuously. This ensures they understand the process, reasoning, and outcomes, leading to better, repeatable techniques.
Dean De Beer
Jul 10, 2024
10
min read
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.