LevelBlue was acknowledged as a Main Participant within the IDC MarketScape: Worldwide Prolonged Detection and Response Software program 2025 Vendor Evaluation ( September 2025, IDC #US52997325e.)
This recognition follows the analyst agency earlier this month naming Trustwave a Chief within the IDC MarketScape: APEJ Managed Detection and Response Providers 2025 Vendor Evaluation (doc #AP52998725, September 2025). LevelBlue acquired Trustwave in August 2025.
The IDC MarketScape famous, “LevelBlue is an evolution of each AT&T Cybersecurity approaches and a neat legacy firm in AlienVault. AT&T (and now LevelBlue) traditionally competed as an MSSP in opposition to standalone cybersecurity suppliers and AlienVault focused midsize companies.”
In response to the report, “The LevelBlue USM Anyplace Platform is each extremely customizable and simply personalised as properly. The tiered pricing is smart as midsize companies fluctuate from auto portray retailers to on-line retailers that require a various diploma of digital presence. As well as, the eye that LevelBlue pays to FIPS 140-2 helps its companions provide merchandise to the U.S. federal authorities. Midsize companies, managed SPs, and MDRs are the candy spot for LevelBlue.”
IDC MarketScape Highlights LevelBlue’s USM Anyplace Strengths
- The LevelBlue USM Anyplace is multifaceted. Owing to its AlienVault legacy, the platform contains an asset scanner, a tool vulnerability scanner, consumer scanner, community and host (Home windows/Linux/Mac) intrusion detection and response (NIDS/HIDS), world compliance reporting, a guidelines correlation engine, a centralized investigations panel, and visibility into on-premises and multicloud environments. All of those capabilities are included within the XDR resolution and don’t require further modules.
- LevelBlue has sturdy integration partnerships. LevelBlue has 895 integrations and contains free builds — 60 of those integrations are bidirectional. Maybe a very powerful of those integrations is with SentinelOne for endpoint EPP/EDR. This integration with LevelBlue supplies identification safety with one-click machine rollback functionality but in addition provides LevelBlue detection guidelines and NIDS/HIDS detection for higher alert granularity.
- To help integrations, LevelBlue gives webhooks and different a number of knowledge collections for each integration into LevelBlue USM Anyplace and the creation of BlueApps. The platform gives totally different strategies of integrations, together with APIs, syslog-esque forwarded knowledge, webhooks, and cloud connectors. API authentication schemes supported embrace Primary Auth, OAuth, HMAC, and API Keys and return codecs embrace JSON, XML, and CSV. If taken as an entire, the varied types of interconnectedness enable LevelBlue USM Anyplace to incorporate use circumstances for community monitoring, danger evaluation, and extra telemetry akin to firewall, utility, and identification and entry administration logs to be included in detection and response guidelines. BlueApps are kinds of pre-integrations which can be out there akin to BlueApps with Qualys and Tenable for vulnerability administration and Akamai and Cloudflare for points of community safety.
- The LevelBlue USM Anyplace gives over 2,500 detection and response guidelines. A bonus of being an MDR is that it has developed intensive in-the-field detection and response capabilities. Person behavioral analytics can also discover anomalies even earlier than a menace is formally outlined. The LevelBlue USM Anyplace platform tracks “alarms by intent.” The alarm sorts are categorised by system compromise, exploitation and set up, supply and assault, reconnaissance and phishing, and environmental consciousness.
- The top consumer receives high-fidelity alerts. LevelBlue maps to the MITRE ATT&CK framework encompassing 14 ways and 135 subtechniques. The LevelBlue USM Anyplace platform contains the power to customise detection and response guidelines. Drop-down menu choices for rule creation embrace fields akin to supply title, vacation spot title, and occasion exercise. The foundations will be carried out discretely or chained collectively. As well as, the tip consumer can add suppression guidelines to cut back noise.
- Risk intelligence is a crucial element of the LevelBlue USM Anyplace. LevelBlue maintains the 15-year legacy of each LevelBlue Labs (previously Alien Labs) and the OTX menace alternate. The open supply OTX has 450,000 subscribers, and roughly one-third of these are from cybersecurity distributors. Roughly 20 million menace indicators, 400,000 menace artifacts, and 250,000 suspicious information are contributed or investigated every day. Risk intelligence libraries embrace charting industry-specific threats and mapping threats to malicious actors.
- USM Anyplace detection and response capabilities embrace on premises, AWS, Azure, and GCP. The identical dashboard/platform supplies visibility and actions in on-premises and the foremost cloud environments.
- AI and safety automation flip insights into actions. The AI engine contains behavioral analytics that makes detections akin to lateral motion and inconceivable journey doable. Response actions allow an agent to create an motion, provoke a scan from an occasion, add a blocklist from an alarm, and disconnecting an asset from the community are automation prepared.
- A tiered pricing mannequin supplies worth for finish customers. There are 4 several types of pricing: Necessities, Commonplace, Premium, and Risk Detection and Response for Gov. The vital differentiators between providers embrace the variety of days that scorching storage is offered, bodily storage itself from gigabyte to terabyte, and entry to BlueApps. For the Response for Gov service, FIPS 140-2–encrypted sensors are included, and it’s U.S. FedRAMP approved, with knowledge storage within the AWS GovCloud (U.S.-West area) to deal with particular regulatory necessities.
The content material supplied herein is for basic informational functions solely and shouldn’t be construed as authorized, regulatory, compliance, or cybersecurity recommendation. Organizations ought to seek the advice of their very own authorized, compliance, or cybersecurity professionals concerning particular obligations and danger administration methods. Whereas LevelBlue’s Managed Risk Detection and Response options are designed to help menace detection and response on the endpoint degree, they aren’t an alternative to complete community monitoring, vulnerability administration, or a full cybersecurity program.
