Founded Year



Series A | Alive

Total Raised


Last Raised

$17.5M | 3 mos ago

About CardinalOps

CardinalOps provides AI-based analytics and automation to the core security engineering functions that drive security infrastructure efficacy.

CardinalOps Headquarter Location

Tel Aviv,


CardinalOps's Product Videos

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

CardinalOps's Products & Differentiation

See CardinalOps's products and how their products differentiate from alternatives and competitors

  • CardinalOps Platform

    Derived from CardinalOps' proprietary graph database of best practice detection rules, the platform continuously delivers AI-powered recommendations to eliminate risky gaps in threat coverage. Recommendations are automatically mapped to standard MITRE ATT&CK threat models, customized according to organizations’ business priorities and infrastructure, and rapidly deployed via API-driven automation with a push of a button to their existing security analytics solution.


    The platform delivers 10x more recommendations per month than a skilled SOC analyst with years of experience (which are currently in short supply). By replacing manual and error-prone processes with… 

Research containing CardinalOps

Get data-driven expert analysis from the CB Insights Intelligence Unit.

CB Insights Intelligence Analysts have mentioned CardinalOps in 1 CB Insights research brief, most recently on Mar 9, 2022.

Expert Collections containing CardinalOps

Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.

CardinalOps is included in 2 Expert Collections, including Artificial Intelligence.


Artificial Intelligence

8,717 items

This collection includes startups selling AI SaaS, using AI algorithms to develop their core products, and those developing hardware to support AI workloads.



4,902 items

Latest CardinalOps News

08:00 EDT Data Shows Enterprise SIEMs Detect Fewer Than 5 of the Top 14 MITRE ATT&CK Adversary Techniques Used in the Wild

May 18, 2022

USA - English Share this article Share this article CardinalOps' data-driven report analyzes thousands of detection rules from production SIEM instances to reveal how prepared we are to defend against the latest threats TEL AVIV, Israel and BOSTON, May 18, 2022 /PRNewswire/ -- CardinalOps , the AI-powered detection engineering company, today released its 2022 Report on the State of SIEM Detection Risk . The company's second annual report analyzed aggregated and anonymized data from production SIEM instances to understand SOC preparedness to detect the latest adversary techniques in MITRE ATT&CK , the industry-standard catalog of common adversary behaviors based on real-world observations. This is important because detecting malicious activity early in the intrusion lifecycle is a key factor in preventing material impact to the organization. 2022 Report on State of SIEM Detection Risk 2022 Report on State of SIEM Detection Risk 2022 Report on State of SIEM Detection Risk The analysis shows that actual detection coverage remains far below what most organizations expect, and that many organizations are unaware of the gap between their assumed theoretical security and the defenses they actually have in place. The data set for this analysis spanned diverse SIEM solutions – including Splunk, Microsoft Sentinel, and IBM QRadar – encompassing more than 14,000 log sources, thousands of detection rules, and hundreds of log source types, spanning diverse industry verticals including financial services, manufacturing, telecommunications, and MSSP/MDR service providers. Using MITRE ATT&CK as the baseline, CardinalOps found that, on average: Enterprise SIEMs contain detections for fewer than 5 of the top 14 ATT&CK techniques employed by adversaries in the wild1 SIEMs are missing detections for 80% of the complete list of 190+ ATT&CK techniques 15% of SIEM rules are broken and will never fire, primarily due to fields that are not extracted correctly or log sources that are not sending the required data Only 25% of organizations that forward identity logs such as Active Directory and Okta to their SIEM, actually use them in their detection rules – which is concerning because identity monitoring is one of the most critical data sources for strengthening zero trust 75% of generic out-of-the-box detection content provided by SIEM vendors is disabled due to noisiness and customization challenges experienced by detection engineering teams These major gaps in detection coverage can be attributed to a number of challenges faced by SOCs and detection engineering teams. At the top of the list is constant change in the threat landscape, organizational attack surfaces, and business priorities, combined with an exponential increase in configuration complexity resulting from an ever-increasing number of log source types and telemetry from diverse data sources (endpoint, identity, cloud, etc.). Difficulty in recruiting and retaining skilled security personnel is also a major factor. And many enterprises are still relying on manual and error-prone processes for developing new detections, which makes it difficult for engineering teams to scale effectively and reduce their backlogs. "Organizations need to become more intentional about detection in their SOCs. What should we detect? Do we have use cases for those scenarios? Do they actually work? Do they help my SOC analysts effectively triage and respond?" said Dr. Anton Chuvakin, Head of Security Solution Strategy, Google Cloud. "Detection use cases are the core of security monitoring activities. Having structured and repeatable processes is essential for prioritization, aligning monitoring efforts to security strategy, and maximizing the value obtained from your security monitoring tools." To help organizations address their detection challenges, the 2022 CardinalOps report includes a series of best practices to help SOC teams measure and increase the robustness of their detection coverage, so they can continuously improve their detection posture over time. "Our goal with creating this report was not to shame security teams for having blind spots, but rather to draw management-level attention to the disparity between perceived security and actual detection quality and coverage, using MITRE ATT&CK as the benchmark," said Michael Mumcuoglu, CEO and co-founder at CardinalOps. "If we're spending all this time and money on more security tools, why are we still being hacked? We believe the answer lies in the need to apply automation and analytics to identify and fix misconfigurations in existing tools, and remediate the riskiest detection gaps, in order to free detection engineers to focus on more strategic activities such as investigating new and novel attack scenarios." You can download the full report here . About CardinalOps CardinalOps' cloud-based platform continuously ensures your SIEM/XDR has high-fidelity detections for the adversary techniques most relevant to your business priorities and infrastructure, as measured by the MITRE ATT&CK framework. Leveraging AI-powered analytics and API-driven automation, the platform continuously delivers customized detection content and metrics enabling your SOC team to stay ahead of constant change in the attack surface and threat landscape – plus continuously identify and remediate misconfigured data sources and broken or noisy rules – so you can eliminate the highest risk MITRE ATT&CK gaps that leave your organization exposed. Founded in early 2020, CardinalOps is led by serial entrepreneurs whose previous companies were acquired by Palo Alto Networks, HP, Microsoft Security, IBM Security, and others. The company's advisory board includes Dr. Anton Chuvakin, recognized SIEM expert and Head of Security Solution Strategy at Google; Dan Burns, former Optiv CEO and founder of Accuvant; and Randy Watkins, CTO of Critical Start. For more information, please visit . 1 In our analysis, we chose to exclude two ATT&CK techniques that SIEMs are ill-equipped to address: Process Injection and Credential Dumping. For Media Inquiries:

CardinalOps Web Traffic

Page Views per User (PVPU)
Page Views per Million (PVPM)
Reach per Million (RPM)
CBI Logo

CardinalOps Rank

  • When was CardinalOps founded?

    CardinalOps was founded in 2020.

  • Where is CardinalOps's headquarters?

    CardinalOps's headquarters is located at Tel Aviv.

  • What is CardinalOps's latest funding round?

    CardinalOps's latest funding round is Series A.

  • How much did CardinalOps raise?

    CardinalOps raised a total of $24M.

  • Who are CardinalOps's competitors?

    Competitors of CardinalOps include Hunters and 2 more.

  • What products does CardinalOps offer?

    CardinalOps's products include CardinalOps Platform.

You May Also Like

Exeon Analytics

Exeon Analytics fights advanced cyber attacks using big data analytics. The company's ExeonTrace flagship product relies on big data algorithms and machine learning to identify covert APT attacks and malware infections hiding in regular web traffic. ExeonTrace connects to existing SIEM solutions such as Splunk and Elasticsearch and identifies anomalies in the collected data.

ExtraHop Logo

ExtraHop provides real-time wire data analytics through the company's digital platform. The company's operational intelligence platform analyzes all L2-L7 communications, including full bidirectional transactional payloads.

Blue Hexagon Logo
Blue Hexagon

Blue Hexagon provides enterprise security solutions that use artificial intelligence.

Exabeam Logo

Exabeam complements existing security information and event management and log management systems with machine-learning technology that focuses on attacker behavior rather than malware and tools to detect modern cyberattacks. Exabeam's user behavior analytics solution leverages existing log data to quickly detect advanced attacks, prioritize incidents and guide effective response. The company's Stateful User Tracking automates the work of security analysts by resolving individual security events and behavioral anomalies into a complete attack chain. This reduces response times and uncovers attack impacts that would otherwise go unseen.

Confluera Logo

Confluera offers a real-time attack interception and defense platform built to detect and stock attacks navigating a company's infrastructure.

Securonix Logo

Securonix provides enterprises with a security analytics platform that uses Hadoop and machine learning technology to consume, enrich and analyze massive volumes of data to detect and prioritize the highest insider threat, cyber threat, cloud, and fraud attacks automatically and accurately. The company was founded in 2017 and is based in Addison, TX.

Discover the right solution for your team

The CB Insights tech market intelligence platform analyzes millions of data points on vendors, products, partnerships, and patents to help your team find their next technology solution.

Request a demo

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.