December 19, 2024
7
min read

2024 Learnings and 2025 Predictions Through Frequently Asked Questions

Disclaimer: This is not yet another 2025 predictions post where the author states the obvious (or the outrageous). Instead, we cover three frequently asked questions about Command Zero, what these questions taught us about 2024 and how they shaped our predictions for 2025. In this post, we will cover three frequently asked questions and responses: Who is Command Zero is for? How does Command Zero complement existing security operations investments? How is Command Zero similar to or different from AI-powered SOC analysts? AI-powered chatbots? We will also share our three predictions for 2025 based on these questions and observations. Happy holidays and we hope you enjoy this format!

Erdem Menges
VP of Product Marketing
In this article

Introduction

As 2024 comes to a close, I wanted to share a quick recap through the top frequently asked questions we’ve been asked and share our predictions for 2025 based on what we are observing in the market.  

2024 made its mark on our journey as we launched out of stealth, earned our first paying customers and significantly grew the number of organizations using the platform. Through weekly engineering iterations, security research content, practical implementations of automation and AI; the platform evolved into the invaluable investigations solution that it is today.

Why focus on frequently asked questions?

Questions are wonderful embodiments of human curiosity and make for the most interesting part of an interaction. Personally, asking questions and being asked questions are some of the highlights of our customer interactions. The questions and how they are worded (along with timing, delivery and context of the conversation) reveal a lot about how our customers see the world, and how we can help them overcome some of the challenges they may be facing.

In this context, questions shed light to how our customers see the market and Command Zero’s role in it. Let’s go through three frequently asked questions (FAQs) and our responses.  

Here are three top FAQs we received this year and our responses:

1. Who is Command Zero for?

Medium to large size enterprises with security operations teams. If you have an in-house team of tier-2 and tier-3 analysts (tier-2+ analysts) who tackle escalated cases, you can benefit from streamlining investigations.

Most of our customers and early adopters work with MDRs/MSSPs who take care of their tier-1 processes. We also work with organizations who use automated triage (SOAR, hyper automation or similar) and/or in-house tier-1 analyst teams.  

In essence, Command Zero helps tier-2+ analyst teams run threat hunts and sophisticated investigations in complex environments. Command Zero augments tier-2+ analysts with embedded expert knowledge, abstracted access to universal data sources, advanced LLMs, automation and collaboration capabilities. As a result, they can get to conclusions fast, accurately and in a repeatable way.

2. How does Command Zero complement existing security operations investments?

Command Zero complements your existing security operations investments, specifically SIEM, SOAR, EDR/XDR and threat intelligence among others.  

Command Zero connects to security and non-security resources using a federated data model. With Command Zero, tier-2+ teams get unrestricted access to data sources and technology specific content to interrogate them. In many cases, investigations are triggered by alerts from SIEMs, SOARs, threat intelligence feeds and more. These resources provide valuable insights for the initial steps of investigations, yet not all relevant data can be funneled to these resources (due to licensing, storage and operational cost, infrastructure and privacy concerns). So complex investigations require analysts to reach out individually to each data source to fill in the gaps. This is where Command Zero helps gather and interpret the relevant data, streamline decision making and reporting of these investigations.  

By making these data useful to analysts, the platform capability helps uncover new details that extract more value and insights from existing security operations solutions as well as non-security solutions.

Another example is operationalizing threat intelligence data. Command Zero streamlines querying your infrastructure for reported threat actors, behavior patterns and compromised objects.  

3. How is Command Zero similar to or different from AI-powered SOC analysts? AI-powered chatbots?

The short answer is, Command Zero is a dedicated solution for tier-2+ analysis. AI-powered SOC analysts and AI-powered chatbots mainly focus on very simple tasks or tier-1 processes.  

AI-powered SOC analysts are focused on tier-1 analyst tasks. They are valuable for processing high volume of alerts and identifying alerts that need analysts’ attention. Based on customer feedback, they provide good solutions for simplistic tasks yet need supervision and analyst interactions for complicated tasks.  

AI-powered SOC chatbots are focused on interpreting analysts’ requests to queries and commands, then summarizing the data they fetch. This is valuable at each step, but these solutions do not provide a solution for complex cases. Specifically, they don't provide an end-to-end investigation experience, and they require users (in this case analysts) to know which questions to ask, or what prompts to use to guide the LLM.  

Command Zero leverages encoded knowledge base and structured LLMs to deliver complete investigation experiences in a transparent, scalable and collaborative way. It is an expert platform with all the mechanisms built-in for investigating, it does not require the user to be a technical expert in all systems within scope.  

What these FAQs taught us in 2024

Security Operations teams, like every technical buyer, want to understand where a new solution fits into their process. Is it replacing an existing solution? Is it a net new solution? Understanding where Command Zero fits and how it can get to answers fast help overcome initial (and natural) skepticism about our platform.  

2024 was an interesting year for the SIEM market with two mega acquisitions: Cisco acquired Splunk and Palo Alto acquired IBM’s QRadar. These movements increased vendor and investor interest in this space as customers re-evaluate their SIEM investments. We had numerous conversations where the customer was planning to migrate from one SIEM solution to another. We also see other customers evaluating big data or data lake-based solutions instead of traditional commercial SIEM solutions.

As our research indicated earlier this year, SIEMs deliver a valuable service but do not deliver the best investigation experience for complex analyses. Command Zero complements SIEMs with dedicated investigation capabilities. This is how we  help customers who have invested in SIEMs, MDR/MSSP services and SOAR/Hyper automation solutions.

AI-powered tier-1 analysts and AI-powered chatbots were a very popular topic in 2024 and these themes came up repeatedly in our customer interactions. As the year comes to a close, there is increasing skepticism about these solutions’ ability to deliver. While both approaches have a lot of potential, anecdotal customer feedback suggested underwhelming results compared to their expectations from these new solutions.  

What we predict for 2025 based on these FAQs

This is our list of predictions based on the FAQs above along with our market observations this year:  

  1. Mature SecOps teams will look for ways to innovate with their current SIEM or look for alternative solutions. Managing license and operational costs while incorporating AI capabilities will be key drivers for these initiatives.  
  1. MDRs/MSSPs and in-house tier-1 teams will continue to be the right solution for most organizations. AI will not completely replace tier-1 processes anytime soon. AI tier-1 analysts and AI-powered chatbots will need to reach maturity to become the top choice for the average organization.
  1. SecOps teams will look for ways to get more value from existing investments. SecOps remains to be one of the largest items in CISOs’ budgets. And these budgets are not likely to increase during the first half of 2025. Teams will look for ways to improve efficiency and increase their use of existing solutions.  

Conclusion

2025 seems to be a promising year for innovation in cybersecurity and security operations. Command Zero will continue delivering our vision, serving more customers and collaborating with more partners. Here’s to making a meaningful impact for all SecOps teams!  

Happy holidays!

Erdem Menges
VP of Product Marketing

Continue reading

Investigations
Highlight

Control Validation: Uncovering Tactical Drift in SecOps

Control validation addresses a critical vulnerability in modern security operations—the gap between deployed security measures and their actual effectiveness. This post explores how tactical drift occurs when security controls appear compliant but fail in practice due to system updates, infrastructure changes, and oversight. Security teams face overwhelming volume, knowledge barriers, and process complexity that prevent effective validation. Command Zero transforms this landscape by democratizing expertise, connecting cross-system data, and accelerating investigations through AI-powered tools. Organizations without robust control validation operate with a false sense of security, leaving critical vulnerabilities exposed. The most dangerous security gaps aren't those you're monitoring—they're the control failures hiding in plain sight that you haven't validated.
Eric Hulse
Mar 20, 2025
5
min read
Investigations
Highlight

GitHub Investigations: Securing the Foundation of Modern Innovation

As software development accelerates through DevOps processes, GitHub repositories have become both invaluable intellectual property stores and potential attack vectors. Threat actors increasingly exploit these environments through sophisticated techniques—from hijacking GitHub Actions for cryptocurrency mining to poisoning open-source libraries with backdoors. Security analysts face significant challenges when investigating GitHub activities: logs designed for developers rather than security teams, uncertainty about effective investigation approaches, and overwhelming noise from normal development activities. Command Zero addresses these challenges through an innovative platform that transforms complex investigations into accessible questions, enables seamless pivoting between data sources, and accelerates investigations through AI-powered analysis. By democratizing GitHub security expertise, Command Zero empowers every analyst to conduct sophisticated investigations without specialized knowledge—closing critical security gaps in the DevOps pipeline and establishing comprehensive visibility across interconnected systems.
Eric Hulse
Feb 27, 2025
5
min read
Investigations
Highlight

Email Investigations: The Epicenter of Security Analysis

Email remains at the heart of most security investigations, from phishing alerts, insider threats to business email compromise (BEC for both internal and third-party emails) incidents. While many teams focus solely on whether a malicious link was clicked, the real challenge lies in understanding email activities and other user behaviors in the big picture - what users do after an incident occurs. This post explores how email credentials represent full user identities and why this makes them prime targets for attackers. Using real examples, like the case of an Acme Corp administrator with extensive system access, we demonstrate how attackers can easily identify and target high-value accounts through LinkedIn and other public sources. Traditional email investigations face significant challenges: time-consuming manual correlation, complex access requirements across multiple systems, and difficulty in assessing the full blast radius of compromised accounts. Command Zero addresses these challenges through unified data analysis, AI-guided investigations, automated timeline analysis, and intelligent narrative building. The post concludes by emphasizing that email investigations can't be treated as checkbox exercises - they require sophisticated tools that can handle complex data correlation while guiding investigators toward meaningful conclusions. This approach transforms email investigations from time-consuming manual processes into rapid, comprehensive analyses that any investigator can conduct effectively.
Alfred Huger
Feb 20, 2025
12
min read
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.