Command Zero Launches with USD 21 M to Investigate Data Breaches

Highlights:

• Modern breach detection software now automates most of the labor previously involved in identifying hacking attempts.
• Command Zero comes with an integrated knowledge base tool as an extra precaution.

Startup Command Zero Inc. launched with USD 21 million in funding and a platform to assist businesses in investigating data breaches quickly.

Andreessen Horowitz led the investment. As per Command Zero, Insight Partners and over sixty angel investors from the cybersecurity sector have joined the venture capital business.

Dean De Beer, Dov Yoran, and Alfred Huger founded Austin-based Command Zero in 2022. Cisco Systems Inc.’s cybersecurity division had previously employed the trio in key technical roles. Earlier, they founded several cybersecurity firms that were bought up by major players in the industry, including IBM Corp. and McAfee Corp.

Modern breach detection software automates most of the labor previously involved in identifying hacking attempts. It also makes several related tasks easier, like classifying cyberattacks according to their severity. However, determining how hackers accessed the network and identifying the systems impacted by the breach is still primarily a manual process.

Command Zero’s software platform has the same name as an attempt to change that. Cybersecurity teams need to examine data from several sources, such as compromised systems and their organization’s breach detection tools, to determine the extent of a cyberattack. Command Zero claims that its technology expedites the process by allowing users to do analyses with natural language prompts.

Chief Executive Yoran said, “Running escalations to ground truth has always been the biggest challenge in cyber. Command Zero removes technology expertise barriers, dramatically reduces repetitive manual work, and speeds up investigations.”

Threat intelligence feeds and authentication systems are two examples of cybersecurity products whose data the software can evaluate. Additionally, it gathers data from other platforms, including cloud apps where a business maintains its records. The platform used by the company retrieves data through read-only programming interfaces, which prevent sensitive file modifications.

Investigations into breaches involve several processes. Once hackers have gained access to a developer’s GitHub account, the cybersecurity team may start investigating by identifying the IP address that was used to access the account. Administrators can next determine whether the IP address is linked to a recognized cybercrime organization and, if so, examine the group’s strategies to learn more about the breach.

Determining which systems have been compromised in a cyberattack also requires a multi-step approach. Administrators also need to identify which of the records kept in such systems may have been accessed by the hackers after finishing that process.

Command Zero uses a diagram to visualize different stages of an investigation. The diagram shows the compromised systems, the queries that cybersecurity experts posed to Command Zero during their investigation, and the conclusions they reached. According to the organization, the diagram facilitates the sharing of incident data among members of a breach analysis team.

As an extra precaution, Command Zero comes with an integrated knowledge base tool. It can be used by cybersecurity experts to exchange frequently asked questions about breach investigations. The knowledge base for Command Zero provides a description of the hacking technique intended to be discovered alongside each question.

The platform also includes a collection of prefabricated workflows for breach investigations. Some are designed to expedite the examination of typical cyberattack scenarios, while others have a more specific goal, such as simplifying the data produced by a particular breach detection tool.

Yoran explained, “The platform comes with integrations with the questions you need to ask to each data source and the sequences you need to run a multi-faceted investigation or threat hunt. This knowledge removes the groundwork of collecting data from all individual resources while making the data available for analysis in a single interface.”