| A | B | C | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Mate | Subcategory | Vendor answer | ||||||||||||||||||||||
2 | Demonstrated efficiency improvements | MTTD/MTTR - investigations that took 45+ minutes t complete now complete in minutes. Major decrease in false positives across the board. Majority of T1 alerts resolved automatically. 25% more SOC throughput when it comes to alert handling. | |||||||||||||||||||||||
3 | Alert escalation rate, True/False positive accuracy and verification method | Most of T1 closed automatically, reduction in FPs, verification of verdict not as important as Mate replays investigation steps taken by analysts therefore ensuring a degree of implied trusts in its actions. | |||||||||||||||||||||||
4 | Investigation speed, Scalability and performance during peak load | Alerts resolved in minutes, Mate is not concerned with load or performance and ensures it can handle large workloads for really big enterprises. | |||||||||||||||||||||||
5 | Context enrichment and artifact analysis | The solution collects organizations' data to build a knowledgebase - this includes past tickets, wikis, cyber insurance policies etc. Artifacts are analysed same way analysts would analyse them due to the way Mate works. | |||||||||||||||||||||||
6 | Detection of novel/unknown threats/AI evastion handling | Novel threats detected by integrating with Thraet Intelligence sources curated specifically based on real world activity and by correlating existing data at scale. | |||||||||||||||||||||||
7 | Explainability, Human feedback integration and learning speed | Explainability, humand feedback and learning speed are not a concern since this is a record - replay type of work where actual human analysis is recorded and then replayed at scale. | |||||||||||||||||||||||
8 | Time to full operation | Immediate value from day 1 | |||||||||||||||||||||||
9 | Integrations (out of the box, headless, custom) | Not reliant on intergrations as it uses the same security tools as analysts do. No need for background API calls, but those are possible. (Has ~15 integrations) | |||||||||||||||||||||||
10 | Multi-tenancy, data retention, export, governance, delection control | Multi tenancy, data governance and control are possible | |||||||||||||||||||||||
11 | Additional capabilities beyond detection and response | On-prem integration possible including air gapped environments | |||||||||||||||||||||||
12 | Compliance with security standards | working on SOC 2 report type 2 report | |||||||||||||||||||||||
13 | Licensing model, Total cost of ownership and hidden costs | Based on EDR licences | |||||||||||||||||||||||
14 | Roadmap visibility and feature requestability | Roadmap visible, shared with founding customers | |||||||||||||||||||||||
15 | Support availability and SLAs | Support available through Slack and Teams channels, experts available on demand to assist in operational issues and with investigaitons | |||||||||||||||||||||||
16 |