- InvestigationsInvestigating Risky Sign-ins: Getting to the right answers fast
Investigative challenges around risky sign-ins
March 2025 · 7 min readRead → - Control Validation: Uncovering Tactical Drift in SecOps
Control validation addresses a critical vulnerability in modern security operations—the gap between deployed security measures and their actual effectiveness. This post explores how tactical drift occ
March 2025 · 5 min readRead → - InvestigationsInvestigating Locked Accounts: Making sense of the canary in the coal mine
Streamlining locked account investigations with Command Zero
March 2025 · 5 min readRead → - GitHub Investigations: Securing the Foundation of Modern Innovation
As software development accelerates through DevOps processes, GitHub repositories have become both invaluable intellectual property stores and potential attack vectors. Threat actors increasingly expl
February 2025 · 5 min readRead → - ProductEmail Investigations: The Epicenter of Security Analysis
The hard truth: Emails are full user identities
February 2025 · 6 min readRead → - AISecuring LLM-Backed Systems: A Guide to CSA’s Authorization Best Practices
How Command Zero secures LLM-backed systems
February 2025 · 7 min readRead → - ThreatOperationalizing threat intelligence at scale: Challenges and solutions
The Command Zero experience vs. legacy investigation flows
January 2025 · 8 min readRead → - 2024 Learnings and 2025 Predictions Through Frequently Asked Questions
What we predict for 2025 based on these FAQs
December 2024 · 6 min readRead → - ProductNavigating complexity with structure: Using pre-built sequences for security investigations
Running facets within investigations
December 2024 · 7 min readRead → - AwardsTop challenges in security operations and recommendations for SecOps leaders
This post wraps up our blog series for Command Zero's recent research report. The report exposed critical cybersecurity investigation challenges across 15 industries. Key findings from 352 professiona
December 2024 · 6 min readRead → - InvestigationsInvestigations lack consistency, documentation and auditabilityNovember 2024 · 8 min readRead →
- Current SecOps tools are hard to operate and investigate
Despite the early and sincere focus on search/investigations, modern SIEM and SOAR capabilities have evolved to satisfy compliance/regulatory requirements. Today, these technologies do not provide ded
October 2024 · 7 min readRead → - An interview with Eric Hulse: Insights from recent Command Zero engagements
In this interview, we dive deep into the world of cybersecurity investigations with Eric Hulse, Head of Research at Command Zero. Eric shares invaluable insights from some of the recent customer engag
October 2024 · 6 min readRead → - ResearchUncertain security alerts: Common hurdles and recommendations
A typical day in the life of a security analyst
October 2024 · 9 min readRead → - ResearchUniversal talent gap in cybersecurity hinders the ability to run investigationsOctober 2024 · 6 min readRead →
- IdentityThe Goal, Scope and Methodology of Command Zero’s Recent Research on Cyber Investigations
Command Zero published its first research report: “Top Challenges in Cyber Investigations & Recommendations for SecOps Leaders” on September 10, 2024. The report is based on 352 interviews with cyber
October 2024 · 4 min readRead → - Leveraging RAG for question selection in cyber investigations
The integration of RAG-based question selection has significantly improved our cybersecurity investigation capabilities. By leveraging AI to intelligently select and prioritize investigative questions
September 2024 · 5 min readRead → - SOCPost Black Hat USA 2024: What’s next for cyber
SOC automation and SIEM segments in flux
August 2024 · 2 min readRead → - AwardsBlack Hat USA 2024 recap: Key take aways and observations
Black Hat USA 2024 provided a clear picture of where we stand as an industry and where we need to go. As we navigate these challenges, collaboration, innovation, and a renewed focus on resilience will
August 2024 · 6 min readRead → - Accelerate Okta investigations – sample account takeover analysis
Okta is one of the most used identity providers with various identity and access management solutions. Like other IDAM providers, Okta is a valuable resource for starting identity investigations. Impa
August 2024 · 4 min readRead → - Investigate Microsoft EntraID identities in minutes
Identity-based investigations are one of the most common analyses for security operations. These leads get under the spotlight because of an HR event (various watchlists or user’s last day), a potenti
July 2024 · 4 min readRead → - Context and intent for AI enable effective cyber investigations
Our general philosophy towards AI is simple. We use LLMs to augment the capabilities of our platform. We structure our content (Questions, Facets, Metadata, Prompts, Answers, Relationships) to improve
July 2024 · 6 min readRead → - Identifying Midnight Blizzard and other password spray attacks using Command Zero
For identifying Midnight Blizzard or any password spraying attack in your environment, there are multiple paths you can take with Command Zero: 1) Tracking unusual application consents 2)Tracking pass
July 2024 · 12 min readRead → - Fuel cyber investigations with expert questions
Universal talent gap is a challenge we must operate with in cyber. To combat this, we need to shift from platforms for advanced users only to intrinsically skilled platforms that augment all users. Co
July 2024 · 14 min readRead →
See what your team can achieve.
Live in under an hour. No migration. No friction.
Book a Demo