| A | B | C | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Command Zero | Subcategory | Vendor answer | ||||||||||||||||||||||
2 | Demonstrated efficiency improvements | Reduced MTTR from 7-20 hours to 5-20 minutes, increase of quality and cost reductions across all facets of security operations work | |||||||||||||||||||||||
3 | Alert escalation rate, True/False positive accuracy and verification method | Tracking of TP/FP accuracy on a per ivnestigation basis by automated retesting, user feedback, manual analysis and red teaming exercises | |||||||||||||||||||||||
4 | Investigation speed, Scalability and performance during peak load | 7-15 min investigation time depending on API response time and investigation complexity. Case study of 160 000 alerts/month with comprehensive caching and data back off mechanism to prevent API rate limiting. | |||||||||||||||||||||||
5 | Context enrichment and artifact analysis | Customers can bring in their own API keys to support built in integrations with Recorded Future, Flashpoint and other similar intelligence sources. No sandboxing capability. | |||||||||||||||||||||||
6 | Detection of novel/unknown threats/AI evastion handling | Detection of novel threats possible through threat hunting modules and AI assisted analyses. | |||||||||||||||||||||||
7 | Explainability, Human feedback integration and learning speed | Explainability is built in, human feedback possible, feedback is then fed back to the Command Zero team for recalibration. Alerts can be set to automatically accept verdict if a customer wants that | |||||||||||||||||||||||
8 | Time to full operation | Under two hours in most customer environment. | |||||||||||||||||||||||
9 | Integrations (out of the box, headless, custom) | Biggest players have out of the box integrations, headless mode supported where analysts can work from a SIEM without the need to rely on the platform | |||||||||||||||||||||||
10 | Multi-tenancy, data retention, export, governance, delection control | Multi tenancy and full data control supported. | |||||||||||||||||||||||
11 | Additional capabilities beyond detection and response | Threat hunting and analyst led investigations | |||||||||||||||||||||||
12 | Compliance with security standards | SOC 2 type 2 | |||||||||||||||||||||||
13 | Licensing model, Total cost of ownership and hidden costs | Licensed per user, no hidden costs | |||||||||||||||||||||||
14 | Roadmap visibility and feature requestability | Roadmap is communicated, feature requests are supported. | |||||||||||||||||||||||
15 | Support availability and SLAs | Every customer has a dedicated Slack or Teams chat where they can interact with the engineering team of Command Zero. Those are monitored 24/7. | |||||||||||||||||||||||
16 |