Latest news with #Crogl
Forbes
24-06-2025
- Business
- Forbes
The Future (E)State Of SecOps
Monzy Merza is the Cofounder and CEO of Crogl with deep expertise in security strategy, threat intelligence and go-to-market execution. If your security operations are understaffed, it's about to get much worse. The time arc of business computing and security operations indicates that, over time, technology dependency will increase, and business requirements will become more diverse. This will expand the business' risk surface, allowing attackers to exploit it. And this will, in turn, create more work for security teams. The SecOps work will require data from a larger number of systems across multiple footprints. I conducted a thought exercise on the future of businesses and their security teams, considering the aggregated inflection points. I was curious to explore how highly constrained security professionals will work in a few years' time. SecOps Is A Function Of A Business User's Productivity Bandwidth A modern business user is significantly more productive than their predecessor 10 years ago. Today's business user would be lost without high-speed internet connectivity in planes, apps that remind, autorespond, mine, connect, autocorrect and generate documents in a flash. Five years from now, we will see even greater bandwidth and computing power in the hands of individuals. Businesses will accomplish a lot more with each augmented human, to the point that the future users may become super agents enhanced by AI. We see a glimpse of that in today's meetings: participants are screen sharing, chatting, taking notes, resolving problems and making decisions—all while ordering lunch online. These observations indicate an increase in the volume of output, a rise in the variety of work and a diversification in the modes of work. We envision a future where businesses will have increased flexibility in terms of work locations and devices used. And this will give rise to the types of decisions they make—both for work and for device/tool use. Think of sprawling environments spanning multiple cloud and on-premise locations, complex segmentation and asset classification and varying levels of roles, permissions and access. For teams that are in charge of managing, orchestrating and safeguarding humans, AIs, customers and data—this means an explosion of complexity. Complexity of data, complexity of processes, complexity of interaction, complexity of translation from one system, location or individual to another. This means that any type of work that requires analysis and decision making, as opposed to automation, will need to depend on semantic and knowledge layers rather than robotic AI. What Does This Mean For Your Cybersecurity Team? The security teams will be challenged to safeguard a complex footprint of usage. Devices, networks, clouds, servers, and data stores, agents and LLMs will need monitoring, compliance, threat detection, investigation and remediation. With this larger footprint, they'll be dealing with complicated threat patterns and the ability to translate information from one system to another, map activities and queries, trace back to connect differently named items and adapt to a continuously shifting threat landscape—contemporary analysis systems will be insufficient. Operationally, this is a data and process problem. If the business user's bandwidth has increased significantly, then the security team's bandwidth must increase, too. So, what is the core bandwidth bottleneck for the security teams? My view: It's the knowledge of the data and the tool competency to apply the knowledge to a given problem. Today's security teams have tens of tools and fragmented data lakes. It's natural to say, 'Just put all your data in one place and use a single system for data analysis.' However, I assure you that there is no example in nature or technology where that notion has been successful in a complex system. What's needed is a bandwidth multiplier. A knowledge system. A self-learning, self-adjusting knowledge layer that records and translates semantics, learns processes, adapts to a continuously changing environment, and can be used to orchestrate various defenses, allowing security teams to stop being overwhelmed and control their own destiny. This isn't some made-up, fabricated expression of complexity. Business users are using knowledge systems already, whether it's a chatbot in a spreadsheet or delivery predictor in a supply chain operation. Those systems are multipliers because they are tightly focused on the user's "jobs to be done." A knowledge engine that focuses on the security operator's job can be a multiplier, too. How CIOs And CISOs Can Prepare Today For What's Coming When considering all the changes that are likely to occur, think about the gravitational forces that exist within organizations. While technology changes can influence the what, how and where the work is done, some constants exist. Systems that get work done will continue to exist, and they will need to be maintained, enhanced and updated to constantly changing customer or organizational needs. Those processes will, therefore, need to be maintained, enhanced and updated. Customer data, business/organizational confidential data, sensitive payment data and trade secrets will continue to need protection. The know-how and relationships that make each organization unique will both evolve and need to be continually updated. As a result, making investments that are steeped in data, process and continuous learning will be imperative. CIOs and CISOs must invest in products, technologies and services that are both flexible and build a foundational augmentative knowledge layer for your organization. Use this lens for your next technology investments—how well does it enhance the efficiency of my processes, how well does it safeguard the privacy of my organization's assets, and how well can it adapt to the changing nature of the technology landscape and business needs? Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Yahoo
06-03-2025
- Business
- Yahoo
Crogl, armed with $30M, takes the wraps off a new AI 'Iron Man suit' for security analysts
AI agents are marching across the world of IT, and on Thursday a startup called Crogl is debuting its contribution to the field: an autonomous assistant for cybersecurity researchers to help them analyse thousands of daily network alerts to find and fix actual security incidents. The assistant — described by Crogl's CEO and co-founder Monzy Merza as an 'Iron Man suit' for researchers — has quietly been in deployment already with a number of large enterprises and other big organizations. With today's move out of private beta, the startup is also announcing $30 million in funding. The $30 million is coming in two tranches: a $25 million Series A led by Menlo Ventures; and a previous $5 million Seed led by Tola Capital. Albuquerque, New Mexico-based Crogl will be using the funding to continue building out its product, and its customer base. Security tools, including those aimed at helping parse and remediate the many alerts of potential issues thrown up by existing security software, today number in the hundreds. Sometimes it feels as if there are nearly as many tools as there are security alerts. Crogl, however, is a little different, in part because of who cooked up the idea in the first place. See for yourself — The Yodel is the go-to source for daily news, entertainment and feel-good stories. By signing up, you agree to our Terms and Privacy Policy. Merza has a long and interesting background in the security industry. Out of university, he worked in security for the U.S. government's Sandia atomic research lab. Later he went to Splunk, where he built and led its security business. He then moved to Databricks to do the same. When Merza started thinking of doing his own thing, instead of launching a startup, he chose to back to industry, taking a job at HSBC, to work among end users to get a sense of pain points from their perspective. With all of that under his belt, he then tapped former longtime Splunk colleague David Dorsey (now Crogl's CTO) and they got to work. That was exactly two years ago, with the last year spent building up a customer base in a private beta. As Merza explained it to me, the name Crogl is a portmanteau of three different other words and ideas. Cronus, the leader of the titans and the god of time, accounts for the first three letters of the name. The 'g' comes from gnosis, which means knowledge or awareness. The 'l' at the end stands for logic, he added. And in a sense, all that encapsulates what Crogl the startup is setting out to do. The crux of the problem, as Merza sees it, is that security analysts in operations teams typically can look at and resolve, at maximum, around two dozen different security alerts in a day, but typically they might see as many as 4,500 in that same period. The tools that have been built up to now, in his view, are not up to the task of being able to evaluate alerts as well as a human can in part because they are coming at the problem in the wrong way. His and Dorsey's observation was that security leaders typically like it when their teams see a lot of alerts, because on the principle of reinforcement learning, it means that they are experience and understanding more with each alert they triage. Of course, that is also untenable, and that is what has driven a lot of security product up to now. 'The security industry has been telling people to reduce the number of alerts,' Merza said. 'So what if you could have this scenario where every alert was actually a multiplier, and security teams became actually anti-fragile by by having this ability to analyze whatever they want?' That is effectively what Crogl attempts to address with its approach. Leaning into big data and the idea of the outsized parameters that drive Large Language Models, the startup has built what Merza describes as a 'knowledge engine' to power its platform (think 'Large Security Model' here). Not only is the platform flagging suspicious activity, it's learning more about what signals might constitute suspicious activity. And critically, it allows the researchers also to query, using natural language if they want, all alerts to pull out and understand trends and to do more of their work. Over time, there is potential for Crogl to take on more than just alerts — remediation is a very obvious area, for example, for it to tackle, noted Tim Tully, the Menlo partner who led its investment into the startup. Tully's familiarity with the team at Crogl — with also includes founding member Brad Lovering, who had been the chief architect at Splunk, among other impressive roles elsewhere — goes back years: he had been the CTO at Splunk overseeing all their work there. 'I knew what they capable of building. I know that they know the space well. And so it's that, sort of like the hook in the mouth is just the team in of itself. And I think it's pretty rare from a venture side that you have like, such experience,' he said. He added that he'd missed the chance to invest at seed stage, and then kept hearing about the product and thought, 'enough is enough.' He flew down to Albuquerque, and saw a demo for himself and that sealed the deal. 'It felt like the product was like a mapping of Monzy's security brain in terms of how the problem was solved.'
