Radar Report
EMA Radar for Network-Based Security Analytics: Q3 2018
Date: 07/31/2018 Length: 55 pages Cost: $795.00

Linked In


The speed of detection and mitigation are the true issues today. How fast is as fast as possible? Over the last few years, research like the Verizon Data Breach Investigation Report demonstrated that "as fast as possible" has not been nearly fast enough. Compromises can happen in hours, but identifying an attack may not take place for months or years.


It is this issue that focused innovators on how to identify and respond to security incidents faster. The first challenge is being able to wade through the incessant and overwhelming noise of alerts, and reduce them to a workable volume of real problems that can be clearly defined and addressed quickly. 


Over the past several years, numerous startup companies were established to address the gap in analytics and visibility of real issues in the sea of alerts. Security analytics solutions were initially designed to perform one or more of three primary types of security-focused analytics: User and Entity Behavior Analytics (UEBA), Anomaly Detection, and Predictive Analytics. Since their inception much of these analytics have merged, leaving only a thin line between combined UEBA/Anomaly Detection and Predictive Analytics.


This report is the second of a two-part series. Part one, released earlier this year, delved into the platforms, solutions, and products supplying log-based security analytics for the express purpose of providing them with fewer actionable alerts without the side effects that can filter out alerts on actual threat activity. This second report focuses on vendors that use network information, such as net flows, deep packet inspection, and forensic packet analysis, to gather telemetry.


This report evaluates vendors across five major categories supported by over 130 KPIs. EMA evaluated and scored each vendor under the same documented criteria. Each participating vendor has a profile that outlines their solution, its strengths and weaknesses, and its performance ratings compared to the other vendors evaluated. It also documents key decision-making factors important to the buying process and ultimately depicts the vendors relationship to each other based on value vs. functionality.

Evaluated Vendors include: 

  1. Awake Security
  2. Balbix
  3. Cisco
  4. Corvil
  5. ExtraHop
  6. HPE Aruba
  7. Preempt
  8. ProtectWise
  9. RedLock
  10. SS8
  11. Vectra Networks 
  12. Versive 




EMA Staff

Other Contributor:

EMA Staff


EMA Services

IT Professionals

EMA can help you:

  • Support your decisions
  • Succeed with key projects
  • Align IT with the business

Learn More!

IT Vendors

EMA can help you:

  • Build the right product
  • Reach the right prospects
  • Establish market credibility

Learn More!

EMA Advisory Notes Service

An Affordable Way to Stay on Top of Key Trends & Industry Events

Subscribe now

EMA Premium Research Service

In-Depth Insight into IT Management Benefits, Challenges & Best Practices in the Enterprise

Subscribe now

©1996-2024 Enterprise Management Associates, Inc. All rights reserved.
EMA™, ENTERPRISE MANAGEMENT ASSOCIATES®, and the mobius symbol are registered trademarks or common-law trademarks of Enterprise Management Associates, Inc.
Site Terms & Conditions | Integrity Policy | Site Map | My Account
Subscribe to EMA RSS Feed