Anvilogic grabs $4.4m

Anvilogic, a collaborative security operations center content platform, has raised $4.4 million in funding.

Anvilogic, a collaborative security operations center content platform, has raised $4.4 million in funding. Foundation Capital led the round.


SAN FRANCISCO, Calif. — Anvilogic, a collaborative security operations center (SOC) content platform, has raised $4.4M to further build its SIEM-agnostic SOC content platform that provides out-of-the-box threat detection content (detection rules and algorithms) for high priority use cases vis-a-vis the MITRE ATT&CK framework, a code-less UI-driven content-builder for SOC and Threat Analysts, and a secure collaboration-led content sharing environment to accelerate the time to detect and triage threats in an enterprise. The $4.4M seed round was led by Foundation Capital, with participation from Point72 Ventures and two angel investors – Dan Warmenhoven (ex CEO/Chairman of NetApp) and Nikesh Arora (CEO/Chairman of Palo Alto Networks), and will be used primarily to deepen the team skills, specifically in R&D and in the cyber-security domain.

Made primarily for the SOC’s domain experts (rather than developer/IT personas or SIEM tool experts) such as threat research analysts, security practitioners and critical business owners, Anvilogic’s content-builder environment empowers the SOC’s security experts to create, manage and tune content for their dynamic priorities, owning and driving the SOC content lifecycle themselves without needing to be developers or SIEM/tool programming experts. This not only allows SOC analysts to own and control their environment but also makes it possible to react to fast-breaking attacks in quick turn-around times as well as breaks away from the traditional paradigm of a single, central SIEM that all data in a SOC needs to pass through thereby being a bottleneck.

“With a constantly evolving cyberthreat landscape, even the $45+ billion spent annually on SIEM products and associated security services to build and implement content on these SIEM products hasn’t been enough to equip enterprise SOCs to deal with threat detection and response,” said Karthik Kannan, Founder and CEO of Anvilogic. “The lack of quality threat detection leads to high-volume noisy alerts and compounds triage, leading to low rates of automation downstream. The world has been trying to solve these problems in the last mile such as culling noisy alerts, which is akin to merely treating the symptoms of the problem, but Anvilogic addresses the problem upstream at the detection layer within the SOC rather than attempting to cull or prioritize alerts after the fact, thus saving companies valuable time, money and resources.”

After decades of experience in cybersecurity and talking to hundreds of SOC professionals, the Anvilogic team identified three key problems with today’s SOCs that the company solves for:
1. Coverage and Content Shortfalls: Companies and security professionals need continuously updated threat detection content in order to best protect their networks and many are lacking the necessary content to do so. Additionally, today’s SOCs are not collaborative, with no consistent workspace for professionals to share their best practices or content. Anvilogic gives professionals the building blocks they need to best protect their company, providing machine learning-led recommendations for content tailored to unique SOC environments. Anvilogic’s secure collaboration capability allows SOC personnel from all over the world to share methods and customizations through Trusted Group channels, resulting in easily downloaded and deployed plug-and-play content delivered to the SIEM via a convenient client-side app.
2. Noisy Alerts: Companies are drowning in alerts and spending precious time and money to fix noisy alerts rather than using their time to build core protocols to protect themselves better, earlier in the threat lifecycle. Instead of trying to address the problem in the last mile, Anvilogic believes that better detection upstream is a better solution. Anvilogic’s framework-led scenario builder environment lets companies build sharper content that leads to fewer actionable alerts, helping detect and avoid threats quicker and sharper, rather than waiting to solve the problem in the triage phase. This allows SOC teams to be proactive, abreast of the latest threat techniques, and achieve higher rates of automation downstream.
3. Rising Costs of a SOC & talent shortage: As consulting services and other products get more expensive, so does running a SOC internally. The Anvilogic innovative platform and no-code/low-code environment empower security domain experts to handle more on their own, cuts down on recurring consulting costs, and allows a company’s resources and investments to be diverted to higher order incident detection and response.

“The SOC/SIEM structure has needed to be reimagined for years, and Anvilogic’s cloud native core platform is the solution this industry needs to empower security professionals to better protect their companies,” said Ashu Garg, general partner at Foundation Capital. “Backing Karthik and his team was an easy decision for us, and they are already helping companies save valuable time and resources right out of the gate.”

The Anvilogic team, led by Kannan, formerly the founder of Caspida (acquired by Splunk), supported by CTO, Deb Banerjee, formerly Chief Architect at Proofpoint, and Symantec prior to that, comprises proven leaders in platform engineering as well as security expertise, from the likes of top-tier financial services SOCs, as well as red-team experience from the U.S. Cyber Command and Fortune 500 SOCs. The team is poised to solve complex customer problems by not only building the product itself, but testing versions internally in the company’s own “SOC” like an enterprise environment would.

Anvilogic is committed to solving today’s security problems while also constantly looking into new trends like the emergence of security-oriented silos. Anvilogic’s neutral content platform is built for this pending new world, with the ability to create one unified view of security oriented islands comprising of multiple SIEMs, including next-gen cloud-based ones, as well as XDR technologies – Anvilogic acts as a federated content fabric across of all of these disparate detection (& response) technologies such that a SOC is empowered with a single, correlated detection content coverage view of the entire enterprise.

For more information, visit