Product · How It Works

How SecurityStack Works

Five phases, 30–60 minutes, executive-ready output.

SecurityStack turns a six-to-twelve-week security tools rationalization engagement into a 30–60 minute questionnaire. Five phases capture what you own, where it's deployed, and where the gaps are. The coverage engine computes your posture in real time. The AI summary translates findings into executive language. You leave with a Cyber Defense Matrix 2.0 view, a ranked gap list, and — on paid tiers — a PDF report plus a board-ready PPTX deck.

The five phases

Phase 0 — Organization context ~5 min

Eight questions about your organization: headcount band, industry, deployment model (cloud, on-prem, hybrid), compliance frameworks in scope, who owns security decisions, annual security budget range, and whether operational technology or AI/ML systems are in play. These answers drive N/A row logic — if you have no OT, the OT/IoT row is marked Not Applicable automatically.

Phase 1 — Tool inventory ~10–25 min

List the security tools you own. Vendor name and product name are enough for matched tools. The typeahead matches against 156+ vendors and 321+ products (expansion to ~191 / ~366 underway). Unrecognized tools enter a guided self-mapping flow where you pick the CDM 2.0 cell(s) the tool covers. These provisional mappings show up on your matrix with a dashed border; they count toward coverage but are flagged in reports until an admin review confirms or adjusts them.

Phase 2 — Deployment details ~5–10 min

For each tool, select the asset rows it is actually deployed to. A tool licensed enterprise-wide but only rolled out to laptops gets marked Devices-only in this phase. This is the IS side of CAN vs. IS — what your tools are doing, separated from what they could do. The gap between the two drives the "You Already Own the Fix" recommendations.

Phase 3 — Coverage questions ~10–15 min

Adaptive questions fill in coverage the tool inventory alone cannot capture: policy maturity in GOVERN, incident-response process in RESPOND, recovery capability in RECOVER. Questions irrelevant to your environment are skipped automatically based on Phase 0 answers. This phase closes the gaps between tool-encoded coverage and process-encoded coverage.

Phase 4 — Review and report ~5 min

The coverage engine computes your matrix. You see the grid populated in real time, drill into any cell for the tools and NIST subcategories associated, and review AI-generated "Do This Now" recommendations. On Essentials and Expert tiers, export a PDF report (executive summary, matrix, gap analysis, 30/60/90 day roadmap) and a PPTX board deck.

What runs in the background

Three engines do the work.

• The vendor-capability database. Encodes what each product CAN do against the 63-cell matrix. 27 years of field experience reduced to structured data. This is why you can add "CrowdStrike Falcon" and the platform knows which cells it covers without you mapping them manually.
• The CAN-vs-IS coverage engine. Compares what your tools CAN do (from the vendor DB) with what they IS doing (from your questionnaire). Produces the gap list. Computes the headline coverage percentage. Identifies same-cell vendor overlap for consolidation flagging.
• The AI summary layer. Translates the gap data into executive-language recommendations. Lead with "Do This Now" moves you can close without new spend, then new-purchase recommendations where required. Caches the output so results don't drift across page loads.

What you get out

Frequently asked questions