The Matrix

A scoring matrix for security data tools.

Candidate tools scored per component, weighted by your workload. Public methodology and catalog below. The scored version — with reasoning, vendor-claim-vs-shipped-reality deltas, and recommended bundles — is the paid output.

PDF Download the methodology 1-pager (118 KB, 2 pages) →

Components

0

Substrate Pattern

Composed vs. Managed (Databricks, AWS Security Lake, Snowflake)
1

Lakehouse / Storage Format

Iceberg · Delta Lake · Hudi
2

Catalog / Metadata

Hive Metastore · Polaris · Nessie · Unity · Glue
3

Query Engine

ClickHouse · Dremio · StarRocks · Trino · DuckDB
4

Ingestion / Route

Tenzir · Vector · Cribl · Kafka Connect · native shippers
5

Graph / Visualization / Analyst UX

Splunk SH federated · Grafana · Superset · custom · vendor SOC UIs
6

Storage Tier

S3 (Standard / IA / Glacier) · MinIO · Wasabi · NetApp · Dell ECS

Methodology

Each component is scored against weighted criteria specific to your environment.
Scores: 1–5 (5 = best fit).
Weights sum to 100, assigned per engagement based on workload.
Final scores are weight-adjusted; ties broken by documented qualitative reasoning.
Cross-component dependencies are explicit (catalog choice constrains query engine, etc.).

Client materials

The four-phase decision framework, the per-component scoring criteria, the 90-vendor evaluation database, and the architecture decision records are gated for clients and engaged prospects.

Access client materials →