Blog Post

EMA Names Awake “Value Leader” in Network Security Analytics

ema radar value leader network traffic analysisAwake Security’s Network Detection and Response Platform provides the greatest balance between features and costs when compared to other network traffic analysis solutions. But you don’t have to take our word for it – that’s what Enterprise Management Associates (EMA) found in a recent report assessing network traffic analysis and other network-based security analytics technologies.

The report’s co-authors, David Monahan and Paula Musich, evaluated solutions from 12 vendors based on more than 100 attributes collected from a combination of publicly-available information, a vendor questionnaire and customer interviews. Awake was not only classified as a leader in the market but came out as #1 for delivering the best time to ROI and value at the lowest ongoing operational effort and cost. What is very heartening for Awake is that EMA spoke to several customers for each participating vendor so their analysis is based on real-world customer experience.


“Network traffic analysis is proving to be a critical tool for organizations grappling with early detection and defense of continuously evolving threats,” said David Monahan, managing research director at EMA. “In our analysis, we found that Awake’s platform is well-suited for detecting and responding to modern threats. It had outstanding ROI and was ranked #1 in cost-efficiency based on price vs. features, thus delivering great value for the cost.”

ema radar most cost effective network traffic analysisAwake’s fast ROI and ability to help organizations detect modern, non-malware threats can be attributed to Awake’s multi-dimensional approach to detection and response:

  • No Initial Training Period. Most network traffic analysis vendors rely on baselining past behavior to detect anomalies and run their behavioral analytics. Awake’s approach is to compare behaviors across entities in real-time. This means Awake requires no initial training period and can show value in a couple of hours, while also keeping false positives and negatives down.
  • A Platform That Learns New Skills. Only Awake allows security analysts to also easily express known tactics, techniques and procedures (TTPs) as detection rules. This allows for far more efficient detection of known bad behavior (“known unknown threats”). Importantly, these detections do not require modification of ML models or constant retraining to keep up with the attacker’s changing TTPs. Instead, the detection logic is codified using, our behavioral query language (QueryIQ™) that enables Awake to provide libraries (DetectIQ™) that uncover advanced TTPs such as ephemeral command and control infrastructure. This mechanism gives security teams the transparency to tweak these libraries and create their own.
  • Third-Party Intel. Awake can also ingest third-party threat intel (“known threats”) and perform retrospective / historical detection based on a “memory” of the network.

If you’d like to hear more or see this for yourself, contact us for a demo. Or, if you’d like a complimentary copy of the report, EMA Radar Summary for Network-Based Security Analytics: Q3 2018, visit


If you liked what you just read, subscribe to hear about our threat research and security analysis.

Rudolph Araujo
Rudolph Araujo

VP, Security Strategy, Business Development and Marketing