Company Research Report on CardinalOps
Company Overview
- Name: CardinalOps
- Mission: To cut the complexity and noise in cybersecurity by maximizing detection coverage and rule fidelity using automation and the MITRE ATT&CK framework.
- Founded By: Michael Mumcuoglu (CEO) and Yair Manor (CTO), veterans of Unit 8200, the Israeli equivalent of the NSA, where they worked on offensive and defensive cybersecurity.
- Founded: No information is available
- Key People:
- Michael Mumcuoglu (Co-founder & CEO)
- Yair Manor (Co-founder & CTO)
- Adi Sapir (CFO)
- Tom Kish (VP of Marketing)
- Rony Kaufman (Director of Global HR)
- Headquarters: No information is available
- Number of Employees: Over 24,000 employees
- Revenue: No information is available
- What the Company is Known For:
- Maximizing detection coverage and rule fidelity in existing detection stacks.
- Integration with MITRE ATT&CK-based analytics and automation.
- High-fidelity detection rules and managing SIEM detections effectively.
Products
- Detection Posture Management Platform
- Description: A SaaS platform that maximizes the effectiveness of existing SIEM tools by improving rule and detection management.
- Key Features:
- Mapping Engine: Automatically maps all existing rules, including custom ones, to the MITRE ATT&CK framework.
- Prioritization Engine: Identifies high-fidelity detections to fill gaps in existing rules.
- Rule Simulation Engine: Tests rules before deployment to ensure they are effective and correctly configured.
- Analysis Engine: Identifies broken and noisy rules and recommends fixes.
- Reporting Engine: Provides continuous feedback on detection posture and improvements.
- Integrations: Works with popular SIEMs such as Splunk, IBM QRadar, Microsoft Sentinel, Google Chronicle, and others.
Recent Developments
- CardinalOps Launches TI-Ops
- Description: TI-Ops operationalizes adversary intelligence with AI and automation to turn TTP-level threat intelligence into actionable detection rules.
- New Features:
- Converts adversary behaviors into actionable detection insights.
- Leverages real-time adversary intelligence from sources like CrowdStrike and Google/Mandiant.
- Provides a customized set of detections ready for deployment.
- Contributions to MITRE ATT&CK Version 14 (Nov 28, 2023)
- Updates: New sub-techniques added to bolster Wi-Fi security on Windows, MacOS, and Linux.
- New Techniques: For Mobile, covering Defense Evasion (Data Destruction) and Impact (Masquerading).
- Partnerships and Deployments
- Tel Aviv Stock Exchange (TASE): Deployed CardinalOps to improve detection coverage and reduce the risk of breaches due to undetected attacks.
- Repsol: Selected CardinalOps to enhance detection posture and support digital transformation initiatives.
- Awards and Recognition
- 2023 CyberSecured Award Winner: In the Automated Security Controls Assessments (ASCA) category.
- Gartner Recognition: Identified as a Sample Vendor for Automated Security Controls Assessment (ASCA) in multiple Gartner Hype Cycles.
- 2024 Prediction Insights
- CEO Michael Mumcuoglu's Predictions for 2024: Highlighted trends in cybersecurity including the impact of Generative AI, SEC disclosure rules, and prominence of nation-state sponsored actors.
Summary
CardinalOps focuses on enhancing the effectiveness and efficiency of existing security stacks within organizations by leveraging automation, AI, and the MITRE ATT&CK framework. Its product, the Detection Posture Management Platform, provides continuous assessment, enhancement, and fixing of detection rules in SIEM systems, thereby reducing risks and improving security operations' efficiency and effectiveness. Key customers include the Tel Aviv Stock Exchange and Repsol, among others, demonstrating the platform's applicability across various industries.
