Today is an important day for Command Zero as a young company. After two and a half years of discovery, development and testing (or “using with anger “as we like to call it with our design partners), Command Zero is ready to revolutionize security operations.
I'm excited to announce our launch out of stealth as well as our seed round of $21M. This funding round was led by Andreessen Horowitz with participation from Insight Partners and over 60 cyber industry thought leaders and executives, further validating our vision and the significance of the problem we set out to solve.
Command Zero is the industry’s first autonomous & user-led cyber investigations platform. It is built to tackle the most significant bottleneck in security operations: investigations.
Our why
All escalations in security operations require thorough human analysis before a decision can be made. Analyzing these cases is a highly manual process with a lot of grunt work, and the universal shortage of talent for this advanced skillset makes it the most significant bottleneck.
Supercharging tier-2, and tier-3 analysts (the scarcest talent in security operations) is the most impactful project a CISO can take on. Command Zero is built to deliver this transformative project at scale.
The investigation platform uplifts tier-2, tier-3 analysts, incident responders and threat hunters (tier-2+ for short) by combining expert questions, autonomous and user-led methods on a federated data model. It also helps these most valuable analyst resources to focus on the most impactful areas of work by removing the toil from the investigation process, powering all analysts with expert knowledge, automation and collaboration tools.
Our co-founders & team
Having the right founding team was the first step on our journey as a company. I consider myself fortunate to build again with Dean De Beer and Al Huger, two extraordinary cyber veterans with proven track records, including 7 combined successful exits to Symantec, McAfee, Sourcefire, Cisco and IBM among the three of us.
We’ve known each other for over twenty years in the industry and we’ve previously worked together at Cisco, ThreatGrid and Symantec. Before we embarked on Command Zero, we spent the last six years at Cisco’s Security Business Group where we all held strategic roles.
We also brought some of our best engineering, design and research team members together again from previous experiences to form the strong team we have today. Our core team members have over twenty years of experience building successful products in cyber. They also bring the harmony of being a well-established team, working together for over ten years in previous companies. We have expanded the core team with some of the best talent in our industry to set Command Zero up for success.
Every day is filled with excitement and a sense of responsibility to the cyber community as we drive towards helping enterprises prevail against attacks.
Why focus on tier-2+ and why now?
Despite increasing investments in cybersecurity, adversaries outpace most organizations when it comes to adopting innovation.This leaves defenders stuck in reactive mode with limited coverage struggling with the fundamentals in increasingly complex environments. The adoption of cloud, SaaS and AI brings new threats and stretches the abilities of all security teams every day.
Conducting effective cyber investigations has always been the ultimate challenge for security operations, but we are seeing this even more acutely these days. The adoption of automation in most areas of security operations has improved detection and triaging capabilities, yet all escalated cases still require thorough investigations – making them the choke point for teams.
The important and potentially devastating incidents all require human touch for analysis. And when analysts start investigating these cases, they are limited by manual methods and individual knowledge. Manually investigating all escalated cases by tier-2 and tier-3 analysts is an impossible task for most organizations with cloud, SaaS and high volumes of attacks.
Running these escalations to ground truth requires advanced investigations knowledge, admin-level technology-specific expertise at target systems and direct access to all relevant systems.
The universal talent gap is hurting all aspects of cyber today, but the sophisticated requirements for tier-2+ analyst roles make them some of the hardest talent to find, retain and nurture. It is unlikely for any organization to get enough tier-2+ head count to tackle all escalations, but even if it did, filling those roles with the right talent is an insurmountable challenge.
As an industry, we are benefiting from leaps of innovation for SOC and tier-1 automation, but these improvements only intensify the need for improved tier-2+ capabilities. Tier-2 and tier-3 analysts, along with incident responders are an extremely talented cohort who is currently under-served and can highly benefit from automation, collaboration and expert content. The closest solutions trying to solve some of the problems for tier-2+ analysts are AI chatbots. While these solutions are helpful to speed up some queries and summarization, they are far from solving the problem.
Autonomous & user-led cyber investigations
The work done by tier-2 and tier-3 analysts is bespoke by nature, so a programmatic approach or a one-size-fits-all approach is doomed to fail in the face of complex infrastructure and sophisticated cases. While there are a lot of steps in the investigation process that can benefit from automation, one of the design decisions we’ve made early on for Command Zero was to combine autonomous and user-led capabilities to deliver a flexible experience for analysts. By removing many labor-intensive and low value steps in the investigation process, analysts get extra bandwidth and regain the curiosity to interrogate data sources. In simple terms, analysts get to be more accurate and efficient - they can now deliver their best work.
Command Zero distills the expert knowledge of decades of investigation, incident response, threat hunting and security operations experience into a compelling user interface.
The platform comes with integrations with the questions you need to ask to each data source and the sequences you need to run a multi-faceted investigation or threat hunt. This knowledge removes the groundwork of collecting data from all individual resources, while making the data available for analysis in a single interface. In addition to manual investigations and threat hunts, analysts can use fully autonomous sequences, review verdicts, steps and responses. They can then further the investigation with additional questions and sequences, getting to conclusions in a predictable way.
The platform removes drudgery from analysts and does the hard repetitive work for them, including data collection, interpretation, timeline and report generation. Analysts can now ask pointed questions to get to the bottom of cases in minutes with confidence.
Command Zero also makes previous investigations and notes available to the team. This helps analysts to quickly get the complete context and make better informed decisions.
Multiple analysts can collaborate on the same case and work on different branches of investigations simultaneously. They can also review each other’s work, coach and improve on the existing work of the team.
Organizations can build custom facets (no-code dynamic investigative sequences) to ensure consistent flows for certain types of investigations. This not only improves efficiency, but also improves consistency while providing auditability.
Conclusion
Command Zero can deliver all this and so much more for your organization. We have been receiving outstanding feedback from our early adopters and prospects. I am proud of what we have built so far, and the exciting new capabilities we are shipping soon.
I am confident Command Zero will be a game-changer for all organizations looking to improve capabilities for investigations and threat hunting. We look forward to hearing your feedback and seeing you on the platform soon!
Please visit https://www.cmdzero.io to learn more.