CardinalOps takes on the challenge of identifying and remediating riskiest gaps in threat detection coverage, powered by AI and crowd-sourced best practices.

March 7, 2022

4 Min Read

CardinalOps today announced it has secured $17.5 million in Series A funding led by Viola Ventures, with participation from existing investors Battery Ventures, Glilot Capital, Symbol, and top angel investors from the security industry, bringing total capital raised to $24 million. This latest round will fuel aggressive global expansion in go-to-market and product innovation activities. The company is also announcing that industry veteran Phil Neray has joined the company from Microsoft as Chief Marketing Officer (CMO) and Vice President of Cyber Defense Strategy.

Danny Cohen, general partner at Viola Ventures, who is joining the CardinalOps Board of Directors said, “We have a 20-year track record of identifying outstanding teams and supporting them to unicorn status and beyond and we believe CardinalOps has all the right ingredients to become a global category leader in cybersecurity. Led by visionary founders, CardinalOps is helping organizations leverage analytics to scale and optimize their cyber defenses in the face of continuously-increasing sophistication of cyber adversaries worldwide..”

Constant change in the threat landscape, combined with a massive increase in log data collected from diverse sources (endpoint, network, cloud, identity, etc.), are driving exponential growth in complexity for Security Operations Center (SOC) teams. In fact, according to Ponemon, more than 80 percent of security professionals rate the complexity of their SOC as very high, and less than 40 percent assess their SOC as highly effective.

The leading consequence of this complexity is the increased risk of a breach due to delays and backlogs in manually developing new detection rules and threat hunting queries for the latest adversary techniques. By delivering AI-powered recommendations in the native query language of widely used security analytics solutions (such as Splunk, Sentinel, IBM QRadar, CrowdStrike, etc.), the CardinalOps platform does the job of highly-skilled detection engineers with years of training and experience, which are currently in short supply. Derived from CardinalOps’ proprietary knowledge graph of crowd-sourced, best practice detection rules and queries, all recommendations are mapped to standard MITRE ATT&CK threat models, customized according to the organization’s risk-based priorities and infrastructure, and automatically deployed in order to rapidly eliminate gaps in threat coverage.

“With support from our investors, CardinalOps is entering its next phase of growth to achieve our vision of helping customers bring AI-based analytics and automation to the core security engineering functions that inevitably drive security infrastructure effectiveness and efficiency,” said Michael Mumcuoglu, CEO and Co-Founder at CardinalOps. “We have already gained significant traction with our customers across key industries, including manufacturing, financial services, hospitality, media, transportation & logistics, law firms, and managed security services. With our latest investment, we are well-positioned to extend our leadership in global threat coverage optimization for widely-used but under-utlized security tools.”

Having launched in early 2021, CardinalOps protects some of the world’s largest and most complex organizations, including a Fortune 50 consumer products company; a top 10 U.S. law firm; a top 10 cable operator; and a leading MDR/MSSP. Strategic benefits include:

  • Accelerating new cloud initiatives across diverse cloud platforms (AWS, Azure, GCP), each of which has its own security monitoring tools

  • Reducing costs by identifying log sources that are ingested but not contributing to threat coverage

  • Providing independent, board-level metrics to help CISOs answer the question “How prepared are we to detect the highest priority threats?”

“We built a cloud-based AI platform that delivers best practice recommendations in the native query language of these solutions, mapped to standard MITRE ATT&CK controls and customized according to each organization’s risk-based priorities,” said Michael Mumcuoglu. “Our platform is now deployed in production SOCs across key industries, such as manufacturing, financial services, hospitality, media, transportation & logistics, law firms, and managed security services.

Founded in early 2020, CardinalOps is led by serial entrepreneurs whose previous companies were acquired by Palo Alto Networks, HP, Microsoft Security, IBM Security, and others. The company’s advisory board includes Anton Chuvakin, recognized SIEM expert and former Gartner Research VP and Distinguished Analyst (now at Google Chronicle); Dan Burns, former Optiv CEO and founder of Accuvant (also an investor and board member); and Randy Watkins, CTO of Critical Start. 

About CardinalOps

CardinalOps brings AI-based analytics and automation enabling SOC engineering teams to stay ahead of constant change in the threat landscape and their organizational requirements. By continuously updating missing detections in existing SIEM/XDR deployments, as measured by the MITRE ATT&CK framework, and recommending remediations for log source configuration errors and other causes of sub-optimum coverage, it enables organizations to close the riskiest threat coverage gaps that leave them exposed. For more information, please visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights