+24 Commodity PressureMeaningful commodity pressure — marketed as managed AI-backed detection and uses commodity vendor platforms, making core detection appear copyable even though operations add value.
Marketing leans on 'cutting-edge' and 'holistic protection' language that reads like commoditized security copy.Offers Managed dSOC services 'underpinned by Darktrace’s ActiveAI Security Platform' — detection framed as a vendor-provided capability.
+24 Model DependencyHigh dependency on third‑party models and vendor tech — key offerings explicitly 'underpinned by' external AI platforms and multiple vendor partnerships form core capability.
'Managed dSOC Services underpinned by Darktrace’s ActiveAI Security Platform'.Multiple vendor partnerships: Darktrace, Fortinet, Microsoft, Armis, Varonis — service composition relies on external stacks.
-18 Workflow OwnershipExceptional workflow ownership — 24/7 SOC operations, managed SIEM, incident response retainers and continuous monitoring make this central to customers' daily security ops.
'Our six SOCs ... ensuring 24x7 protection against cyber attacks'.Services include MDR, Managed SIEM, incident response retainers and ongoing compliance reporting — implies continuous, hard-to-replace workflows.
-8 Distribution EmbeddednessStrong embeddedness — regional SOC footprint plus formal partnerships with major security vendors and enterprise channels.
Six regional SOCs and international presence.Partnerships and managed services for vendors like Darktrace, Fortinet, Microsoft and Armis indicate channel entanglement.
-8 Integration DepthDeep operational integrations — managed SIEM, CNAPP, and vendor-specific managed services suggest real technical and operational coupling rather than a thin UI layer.
Managed SIEM and Managed Cloud Native Application Protection Platform (CNAPP).Named managed vendor services (managed Fortinet service, Managed dSOC) and integrations with Varonis/Armis.
-12 Enterprise TrustExceptional enterprise trust signals — SOC 2, CREST accreditation, Gartner recognition and regulatory compliance services clearly positioned for regulated buyers.
SOC 2 certification completed.CREST accreditation for Incident Response and 'Gartner Recognised' mentions.Industry-specific compliance services (PCI DSS, ISO, DORA, GDPR).
-18 Switching CostVery high switching cost — retained incident response, continuous log/SIEM history, compliance mappings and 24/7 SOC relationships create real data and operational gravity.
Incident response retainers and ongoing managed SIEM imply historical log data and established playbooks.24/7 SOC operations distributed across regions — operational relationships and SLAs increase friction to move.
-6 Monetization MaturityMature enterprise monetization — variety of managed services, professional services and partner-led offerings show commercial seriousness, though pricing is hidden.
Broad services portfolio (MDR, SIEM, CTEM, incident response, vulnerability testing, professional services).Enterprise proof (Gartner mentions, certifications) but 'pricing visibility' is hidden.
+4 Category BaselineVertical workflow products start safer than generic assistants.
vertical workflow
+4 Relative PlacementSlight upward adjustment — heavy reliance on vendor AI and 'managed' wraps raise copyability despite strong SOC workflow moats and enterprise creds.
Explicitly markets Managed dSOC 'underpinned by Darktrace’s ActiveAI Security Platform' — indicates core detection is vendor‑sourced/wrapped.Multiple vendor partnerships (Darktrace, Fortinet, Microsoft, Armis, Varonis) suggest service composition rather than proprietary model/IP.Commodity security marketing language ('cutting-edge', 'holistic protection', 'optimise their AI investment') increases risk of copyable positioning.