Startup Command Zero Inc. launched today with $21 million in funding and a platform designed to help companies investigate data breaches faster.

Andreessen Horowitz led the investment. According to Command Zero, the venture capital firm was joined by Insight Partners and more than 60 angel investors from the cybersecurity industry.

Austin-based Command Zero was founded in 2022 by Dov Yoran, Dean De Beer and Alfred Huger. The trio previously held senior technical roles at Cisco Systems Inc.’s cybersecurity business. They earlier founded several cybersecurity startups that were acquired by IBM Corp., McAfee Corp. and other market players.

Modern breach detection tools automate much of the work historically involved in spotting hacking attempts. They also ease several related tasks, such as ranking cyberattacks based on their severity. However, the process of mapping out how hackers gained network access and what systems were affected by the breach remains a largely manual process.

Command Zero hopes to change that with its namesake software platform. To understand the scope of a cyberattack, cybersecurity teams must analyze data from a variety of sources including the affected systems and their company’s breach detection tools. According to Command Zero, its platform speeds up the task by enabling users to run analyses using natural language prompts.

“Running escalations to ground truth has always been the biggest challenge in cyber,” said Chief Executive Yoran. “Command Zero removes technology expertise barriers, dramatically reduces repetitive manual work and speeds up investigations.”

The software can analyze data generated by cybersecurity products such as authentication systems and threat intelligence feeds. It also collects information from other systems, such as the cloud applications in which a company keeps its business records. The company’s platform retrieves data using read-only programming interfaces that don’t permit edits to sensitive files.

Breach investigations comprise multiple steps. After a developer’s GitHub account is compromised by hackers, the cybersecurity team might begin its investigation by finding the IP address from which the account was accessed. From there, administrators can check if the IP address is associated with a known cybercrime group and, if it is, study the group’s tactics to gain a better understanding of the breach.

Mapping out the systems compromised in a cyberattack is also a multistep process. Moreover, once that task is complete, administrators must determine which of the records stored in those systems might have been accessed by the hackers.

Command Zero visualizes the different phases of an investigation in a diagram. The drawing displays the systems that were affected by the breach, the questions that cybersecurity professionals asked Command Zero as part of their investigation and the findings they uncovered. The company says that the diagram makes it easier for members of a breach analysis team to share incident data.

For added measure, Command Zero includes a built-in knowledge base tool. Cybersecurity professionals can use it to share questions that are often asked during breach investigations. Alongside each question, Command Zero’s knowledge base displays an explanation of the hacking tactic it’s designed to uncover.

The platform also includes a set of prepackaged breach investigation workflows. Some are designed to speed up the analysis of common cyberattack scenarios. Others have a narrower focus, such as making the data generated by a certain breach detection tool easier to understand. 

“The platform comes with integrations with the questions you need to ask to each data source and the sequences you need to run a multi-faceted investigation or threat hunt,” Yoran explained in a blog post. “This knowledge removes the groundwork of collecting data from all individual resources, while making the data available for analysis in a single interface.”

Image: Unsplash