Platform capabilities

Cloud-Native App Protection Platform (umbrella over CSPM+CWPP+CIEM+DSPM+KSPM)

Our position:We ingest Wiz/Prisma findings; we don't claim CNAPP parity natively.

Cloud Security Posture Management — misconfig and compliance checks against cloud APIs

Our position:Azure-native via Defender + Policy + assessments.

Cloud Workload Protection Platform — runtime + posture for VMs/containers/serverless

Our position:Partial — playbooks for AKS, App Service, Functions. Runtime depth needs CrowdStrike/Dynatrace agent.

Cloud Infrastructure Entitlement Management — least privilege for cloud roles

Our position:Azure RBAC enumeration native. Attack-path walker roadmap.

Data Security Posture Management — discover, classify, protect data at rest

Our position:Structure tags + storage exposure native; classification via Wiz.

SaaS Security Posture Management — config of SaaS apps (M365, Salesforce, etc.)

Application Security Posture Management — code-to-runtime correlation

Kubernetes Security Posture Management

Our position:K8s connector + lateral-movement playbook.

Cyber Asset Attack Surface Management — unified asset inventory

Our position:Azure Resource Graph native; multi-cloud roadmap.

External Attack Surface Management — internet-exposed asset discovery

Our position:We surface PublicIP + Storage publicAccess. External recon via Wiz.

Security Information & Event Management — log aggregation + correlation

Our position:We ingest Sentinel/Splunk events into investigations; we never replace them.

Security Orchestration, Automation & Response — playbook execution

Our position:We are advisory only — read-only constitutional. SOAR execution is out of scope by design.

Extended Detection & Response — cross-source detection

Endpoint Detection & Response

Network Detection & Response

Threat Intelligence Platform

Cloud Detection & Response

Our position:Defender for Cloud + Activity Log + our own correlation engine.

Identity Threat Detection & Response

Our position:Entra-native; richer with CrowdStrike Falcon Identity.

Managed Detection & Response — delivery model, not a product

Identity & Access Management

Our position:Entra native; Okta/Ping/Auth0 via connector.

Privileged Access Management — session audit + vaulting

Our position:CyberArk/Delinea ingest.

Identity Governance & Administration — entitlement reviews

Our position:SailPoint/Saviynt ingest.

Multi-Factor Authentication enrollment / enforcement

FIDO2 / WebAuthn / OS-bound credentials

Identity Provider — SSO source-of-truth

Customer Identity & Access Management

Directory services (AD, LDAP, Entra)

Cross-domain trust (SAML, OIDC, WS-Fed)

Identity Security Posture Management — config + risk of the IdP itself

CVE-level vulnerability scanning

Aggregated risk across CVE + config + identity + topology

Continuous Threat Exposure Management

Our position:Our investigation engine + lateral-movement playbook serves this lens.

Breach & Attack Simulation

Multi-step exploit chain modelling

Our position:Entitlement graph walk + lateral-movement playbook.

Application Performance Monitoring (Dynatrace/Datadog/New Relic)

Network Performance Monitoring

Our position:Network Watcher + flow logs native.

Umbrella for metrics/logs/traces

Log aggregation + search (Splunk/Elastic/Sumo)

Time-series metric stores

Distributed tracing

Digital Experience Monitoring — synthetic + real-user

AI-driven correlation + RCA on ops signals

Our position:Our investigation orchestrator is the start; clustering is roadmap.

Incident lifecycle (PagerDuty/Opsgenie/ServiceNow ITSM)

Root Cause Analysis

Our position:Strict-JSON LLM with evidence chain + guardrails.

Tying alerts together into incidents

Site Reliability Engineering toolchain (SLOs, error budgets)

Our position:Module roadmap.

Discover which apps depend on which infrastructure

Service-to-service dependency graph

Configuration Management Database (ServiceNow)

Live mirror of the production estate

Unified resource+identity+app graph

Our position:Neo4j backed; viewer roadmap.

Searchable inventory of every cloud resource

Our position:Resource Graph native for Azure.

Birth → change → retirement of assets

Declarative policy (Azure Policy, OPA, Sentinel)

Mapping findings to control frameworks (CIS, NIST, ISO, SOC2, PCI, HIPAA)

Preventive vs detective controls inventory

Cloud cost management + optimisation

Our position:Cost recommendations module roadmap.

Budget + chargeback + showback

Well-architected landing zone scoring

Discover + assess architecture patterns

Sparx / LeanIX / Avolution

Read-only advisory recommendations

Five-pillar assessment (security, reliability, cost, performance, ops)

Argo / Flux read

Backstage read

Conversational + reasoning copilot grounded in customer graph

Inventory + policy for AI workloads + endpoints

AI-specific risk scoring (model drift, prompt injection, data egress)