Info-Tech Research Group 7Info-Tech Research Group 7
Advanced Features are the capabilities that allow for granular
differentiation of market players and use case performance
Vendor Landscape Overview
Info-Tech scored each vendor’s
features on a cumulative four-
point scale. Zero points are
awarded to features that are
deemed absent or
unsatisfactory, one point is
assigned to features that are
partially present, two points are
assigned to features that require
an extra purchase in the
vendor’s product portfolio or
through a third-party, three
points are assigned to features
that are fully present and native
to the solution, and four points
are assigned to the best-of-
breed native feature.
Scoring Methodology
Feature What we looked for:
Advanced Data
Enrichment
Advanced CAN from various log and non-log data sources
(identity, database, application, configuration, netflow,
cloud, file integrity, etc.) with full packet capture ability
Advanced Correlation
Advanced pre-built policies, user-defined policies,
behavioral policies, machine learning style policies, and
host criticality information inclusion
Big Data Analytics
Use of big-data-style analytics through integration into
purpose-built big data tools or native capabilities, all based
on advanced security style analytic methods
Advanced Reporting and
Alerting
Pre-built reporting and alerting libraries, customizable
dashboards, compliance use-case support, various alerting
options, and integration into external reporting and third-
party workflow tools
Forensic Analysis
Support
Advanced query capabilities against all collected data with
pre-built and custom drill down, pivot, and parsing with
export functions and event session reconstruction
Data Management
Security and Retention
Granular access controls to system data, protection of
SIEM data, system access monitoring, external storage
integration and efficient data compression