The Taegis platform is a Bolt-On Solution, incorporating 6+ product acquisitions. It utilizes a Red Cloak Agent-based approach, relying heavily on Internet connectivity for effective threat detection and response. While the Big Data architecture claims to be open, most third-party integrations focus solely on log ingestion. Unfortunately, managing third-party solutions and triaging through the Taegis platform is often not feasible. Cross-tenant threat intelligence remains a challenge. It is worth noting that the legacy CTP Counter Threat Platform is still utilized.

The isensor (IPS) - appliance box and Red Cloak endpoint (agent) are deployed on the client's premises. Opening multiple firewall ports necessitates multiple change management requests. Note that Secureworks is not liable for any outages or bandwidth congestion resulting from deployment.

The Bolt On Architecture creates a fragmented security operations environment. When data points are segregated, the platform is at risk of overwhelming alerts, potentially resulting in the overlooking of critical alerts that could impact threat detection. Furthermore, there is a lack of functionality to monitor Advanced Network Behavior, Deception Strategy, and User Behavior analytics.

Using fancy dashboards for third-party data ingestion is not as helpful as it used to be. When data from multiple sources is kept isolated, it becomes challenging for operations to efficiently address alerts, ultimately impacting their effectiveness.

True response occurs when an Analyst collaborates with you in person, effectively managing crises. However, in the case of Secureworks, the actual response time consistently exceeds 30 minutes. Furthermore, the functionality of Threat Response is limited to systems where the Red Cloak agent is utilized. Working with 3rd party APIs to execute automated or manual response functions from the Taegis Platform presents ongoing challenges.

Bolt On XDR solution with more Open Architecture and No Native components making overall XDR ineffective.

Hunts are only performed on ingested log data, which limits the overall scope of the hunt. There is also a risk of overlooking important artifacts if the log data is not completely collected, especially considering that a majority of logs are never stored in the data lake. It's important to note that threat hunts are not real-time and do not rely on behavioral analysis. Also, Hunts are manual & are expensive without real outcomes.

No functionality to fetch live forensics post Incident Response / remediation compromising on assurance.

Not so flexible wokring with 3rd party vendors, erratic Service Level Agreements especially when it comes to Response SLA's.
‍
No dedicated point of contact, you have access to analysts who are most of times are collage graduates..

Functionality not available

Contracts are pushing for a Vendor lock-in.

Deployment is relatively fast - however, tuning the system & making it operational takes months of effort impacting operational cost and value deficit.

Rigid working with competetor products / solutions.

High - the coverage is limited to end point and security analytics only.

Data unavailable