CardinalOps, the AI-powered detection engineering company, today announced that its SOC detection management platform is being extended to support CrowdStrike’s latest centralized logging offering, Falcon LogScale, Microsoft Defender for Endpoint, and VMware Carbon Black Endpoint, in addition to its current support for major SIEMs including Splunk, Microsoft Sentinel, and IBM QRadar.
CardinalOps uses AI and automation to address some of the biggest complexity headaches that organizations have in managing their SOC detection solutions, without requiring them to walk away from the significant investments they’ve made in their existing security stacks. The company’s SaaS platform:
- Provides a visual MITRE ATT&CK heat map with metrics to track and report on ATT&CK coverage across all of an organization’s SIEM/EDR/XDR detection solutions, for both custom and out-of-the-box detections.
- Maximizes MITRE ATT&CK coverage by delivering high-fidelity detections for the ATT&CK techniques most relevant to the organization’s business priorities and infrastructure – including for the latest high-profile threats and vulnerabilities – that are automatically customized to the organization’s environment.
- Eliminates hidden detection gaps organizations may not even know they have by continuously auditing their detection solutions to identify broken, noisy, and missing rules that can be automatically remediated with a single click. Additionally, the platform identifies misconfigured data sources and recommends new log sources that can be onboarded to remove control gaps.
“CISOs and SOC leaders understand they need a holistic and continuously-updated view of their MITRE ATT&CK coverage across SOC tools to confidently answer questions like ‘How prepared are we to detect the highest priority threats?’ – but they’re still relying on spreadsheets and manual tagging to understand their current posture, plus manual detection engineering processes and limited staff resources to improve it over time,” said Michael Mumcuoglu, CEO and co-founder of CardinalOps. “Our mission is to dramatically simplify and accelerate our customers’ processes around operationalizing MITRE ATT&CK to reduce risk. Our vision is to give customers a continuous and comprehensive view of their MITRE ATT&CK coverage across all core SOC solutions, along with automation and analytics to rapidly eliminate detection coverage gaps that leave them exposed.”