Disclaimer: Opinions expressed are solely my own and do not reflect the views or opinions of my employer or any other affiliated entities. Any sponsored content featured on this blog is independent and does not imply endorsement by, nor relationship with, my employer or affiliated organisations.
It has been almost a month since my last post. The reason is simple: I have been heads-down on the new version of the SecOps Unpacked AI for SecOps Vendor Landscape.
(Apologies for sending the email with the wrong title) :
The list now has over 110 vendors. A month ago it had around 50. At this rate it could reach 150 by the end of the year.
How this started
The first version was meant to be a simple tracker. Nothing more than a list I maintained for my own reference.
Then practitioners started reaching out. They wanted better filtering. They wanted more depth. They were using the list to scope vendors for evaluation, which was not what I built it for, but it was exactly the kind of use that made me pay attention. Around the same time, engagement on the ARMM framework started climbing, and I noticed SecOps Unpacked showing up near the top of Google results for AI SOC vendor lists.
That last part is what pushed me. If the list was going to rank that well, it needed to be good enough to deserve it. So I decided to take it seriously and build it into a proper app.
Who this is for
Three groups, really.
Practitioners use it to scope vendors for evaluation. You are shortlisting tools, sizing the market, or figuring out which platform to demo or PoC next. This is the primary audience and the reason the list exists.
Investors use it to compare the landscape. If you are doing diligence on a category or a specific vendor, the structured view shows you who is doing what, where the overlaps are, and where the white space is.
Vendors use it for competitive intelligence. If you are building in this space, the landscape is a fast way to see how the market is structured and where you sit relative to everyone else.
The list is free for everyone. No gated content.
I do ask you to subscribe. It keeps you up to date as the list evolves, and it gives me a clearer picture of who is actually reading and using this. That feedback shapes what I build next.
What you get as a practitioner
A structured list of every vendor doing AI for SecOps in some form. I originally wanted to scope it to AI SOC only, but that was too narrow. The market is broader than one category.
To get the structure right, I worked with practitioners I trust: Rafal Kitab, Cristian Miron, and Andrei Cotaie. The category work was also shaped by the writing of Oliver Rochford and Anton Chuvakin, whose thinking on this space is worth reading if you have not already.
What came out of that is a set of categories and definitions covering the full landscape. Each platform is tagged by capability so you can see what it actually does. This is a live list. Capability tagging will be maintained as the market shifts, which is harder than it sounds: for most vendors I need to go through a demo to understand the platform well enough to map it accurately.
Each vendor also has key elements built for evaluation. Easier to see by browsing than to describe here.
I added several visualizations, because that is how I like to consume data. If you have an idea for a visualization that would help, tell me.
Advanced filtering is in the backlog. I am holding it until more vendors claim their profiles and the data is rich enough to make filtering worthwhile.
Why not just scrape vendor websites
Some people have asked why I do not just scrape vendor sites and auto-generate profiles. It is not that simple, at least not the way I want to do it.
I want vendors to share what they think is worth highlighting. Every profile goes through a review where I add editorial notes. In a future version you will be able to see which vendors I have seen a live demo of and which I have not, so you know how much weight to put on each profile.
What is coming
A few things on the roadmap:
An evaluation layer, in two forms. One connected to the ARMM framework. One built as a standalone way to test and evaluate AI SOC vendors, closer to a golden-standard benchmark. This needs a solid plan and the right partners to build the infrastructure around it, so it will take time.
A product release feed, plus a dedicated newsletter for anyone who wants vendor product updates in one place, separate from the main newsletter.
The longer-term goal is to turn this into the evaluation platform for SecOps. Not just a list. A place where you can actually evaluate.
For vendors
Vendors can claim their profile and start filling in information about their company and product. There is also an option for full access, which is subscription based. That covers the maintenance work each profile needs and a few additional perks.
If you are a vendor, claim your profile and I will share the details on the full offering.
So far over 20 vendors have claimed their profile, and over 10 have joined as founding members to support the development of the platform. That early support means a lot and it is what makes the bigger roadmap possible.
That is it for now
If you found this useful, share it. The more practitioners who use the landscape, the better it gets for everyone.
Join as a top supporter of our blog to get special access to the latest content and help keep our community going.
As an added benefit, each Ultimate Supporter will receive a link to the editable versions of the visuals used in our blog posts. This exclusive access allows you to customize and utilize these resources for your own projects and presentations.