Better, in more ways than one

Explore the features of the BluSapphire solution as they compare with equivalent features in Secureworks

BluSapphire
Secureworks
Architecture
Open data platform with native threat detection functionalities and agentless architecture. Our Big Data lake enables seamless correlation and effortless log ingestion welcoming third-party solution management, making triage through the BluSapphire platform easy. With our multi-tenant architecture, cross-intelligence sharing becomes effortless. Discover our comprehensive in-house threat detection and response functionality.
The Taegis platform is a Bolt-On Solution, incorporating 6+ product acquisitions. It utilizes a Red Cloak Agent-based approach, relying heavily on Internet connectivity for effective threat detection and response. While the Big Data architecture claims to be open, most third-party integrations focus solely on log ingestion. Unfortunately, managing third-party solutions and triaging through the Taegis platform is often not feasible. Cross-tenant threat intelligence remains a challenge. It is worth noting that the legacy CTP Counter Threat Platform is still utilized.
Deployment
Sensor, Log Collector - A simple VM or commodity hardware to ingest network traffic.No Firewall ports to open if outbound communication is open for all.Less than 2% of Network bandwidth consumption. BluSapphire's components do not sit in line hence, no risk of outage.
The isensor (IPS) - appliance box and Red Cloak endpoint (agent) are deployed on the client's premises. Opening multiple firewall ports necessitates multiple change management requests. Note that Secureworks is not liable for any outages or bandwidth congestion resulting from deployment.
Detection
The Comprehensive One platform eliminates security operations silos by seamlessly integrating native threat detection components and consolidating third-party telemetry. With effortless triage capabilities, it incorporates Native Threat detection components built on NBAD, UEBA, EDR, Deception.
The Bolt On Architecture creates a fragmented security operations environment. When data points are segregated, the platform is at risk of overwhelming alerts, potentially resulting in the overlooking of critical alerts that could impact threat detection. Furthermore, there is a lack of functionality to monitor Advanced Network Behavior, Deception Strategy, and User Behavior analytics.
Advanced Analytics
The open platform enables seamless data ingestion from any third-party source. BluSapphire's data lake operates on an open schema, ensuring a consistent data structure across different onboarded sources. This common schema facilitates efficient data management and analysis, simplifying the handling of complex data. The horizontally scalable data lake allows unrestricted data ingestion, with no limits commercially on the number of queries or dashboards for analysis and problem-solving purposes.
Using fancy dashboards for third-party data ingestion is not as helpful as it used to be. When data from multiple sources is kept isolated, it becomes challenging for operations to efficiently address alerts, ultimately impacting their effectiveness.
Response
Response functions are distributed across various components including endpoints, networks, Active Directory (AD), third-party security, and network devices or applications. There are no restrictions when working with Third Party APIs to execute response functions. REST APIs are available to facilitate seamless data exchange with third-party systems.
True response occurs when an Analyst collaborates with you in person, effectively managing crises. However, in the case of Secureworks, the actual response time consistently exceeds 30 minutes. Furthermore, the functionality of Threat Response is limited to systems where the Red Cloak agent is utilized. Working with 3rd party APIs to execute automated or manual response functions from the Taegis Platform presents ongoing challenges.
XDR
The Hybrid XDR solution is built from the ground up with native components along with Third Party integrations,  providing a unified platform to detect malicious signals across cloud, endpoints, users, and networks. By significantly reducing false positives, it greatly enhances the efficiency and effectiveness of security operations.
Bolt On XDR solution with more Open Architecture and No Native components making overall XDR ineffective.
Threat Hunt
Experience industry-first agent-less hunts directly on hosts. Eliminate the risk of overlooking any artifacts during hunt exercises. Execute hunts guided by the MITRE framework and hypotheses. Create and search for your own indicators/artifacts without limitations. BluSapphire offers meticulously curated threat intelligence from over 110+ sources. You are also free to consume threat intelligence of your choice. Effortlessly conduct hunts on data stored in your data lake.
Hunts are only performed on ingested log data, which limits the overall scope of the hunt. There is also a risk of overlooking important artifacts if the log data is not completely collected, especially considering that a majority of logs are never stored in the data lake. It's important to note that threat hunts are not real-time and do not rely on behavioral analysis. Also, Hunts are manual & are expensive without real outcomes.
Remote Forensics
Can fetch remote forensics real time from computer devices while staying completely agentless enabling analysts for analysis and or build assurance.
No functionality to fetch live forensics post Incident Response / remediation compromising on assurance.
Managed Detection and Response
Powered by BluHawk team - offers you a dedicated Point of contact and access to professional analyst, threat hunters, Incident response teams.
Not so flexible wokring with 3rd party vendors, erratic Service Level Agreements especially when it comes to Response SLA's.

No dedicated point of contact, you have access to analysts who are most of times are collage graduates..
Unlimited Storage
Offers unlimited hot data storage. In Addition, BluSapphire offers flexibility in storing your data within your AWS S3 / Azure Blurb. Your data, your control at an affordable cost.
Functionality not available
Contract Flexibility
No Contacting anymore - no lock-in. Pay monthly, move on if you do not like.
Contracts are pushing for a Vendor lock-in.
Time to Value
(Deployment + Tune + Ops Timeline)
Deployment closes in <48 hours, tune up & system operational in 3 days.
Deployment is relatively fast - however, tuning the system & making it operational takes months of effort impacting operational cost and value deficit.
Interoperability
Open to work with any existing technology deployed within the organisation. With or without integration. 
Rigid working with competetor products / solutions.
TCO
Low, One platform offers you holistic coverage by identification of threat signals across user, network, cloud.
High - the coverage is limited to end point and security analytics only.
ROI
High, On Average >145%
Data unavailable
Our cyber-detection capabilities increased drastically. Agentless Quarantine has improved our response times
CTO, Large Investment Firm in NYC
Dramatically improved our SOC visibility and response times, while cutting our costs significantly.
VP – Security, Tier II MSSP