# Key Differentiators

Radiant is built on a different premise than the tools most security teams rely on today. Legacy SIEM tools generate alerts and stop there. Most AI SOC platforms cover a fixed set of pre-trained scenarios. Radiant triages every alert across your connected sources: known threats, unknown threats, and everything in between, and produces a verdict for each one.

This page compares Radiant against two categories of tools across three dimensions: alert coverage, response, and log management. 

### Radiant versus other AI SOC platforms

Most AI SOC platforms are trained on a fixed set of common alert scenarios. Outside those scenarios, they cannot investigate, and alerts either go unprocessed or fall back to analysts. Radiant takes a different architectural approach: rather than matching alerts to pre-built templates, the triage pipeline dynamically generates a plan for every alert — including alert types it has never seen before.

| Capability             | Other AI SOC platforms                                                                                                     | Radiant                                                                                                                                                            |
| ---------------------- | -------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Alert coverage         | <i class="fa-xmark" style="color:$danger;">:xmark:</i> Limited to 6–8 common pre-trained scenarios.                        | <i class="fa-check" style="color:$success;">:check:</i> Triages alerts from all connected sources.                                                                 |
| Novel threats          | <i class="fa-xmark" style="color:$danger;">:xmark:</i> Require retraining; cannot handle unknown attack patterns.          | <i class="fa-check" style="color:$success;">:check:</i> Generates a new plan for any alert type, including ones not seen before.                                   |
| Platform consolidation | <i class="fa-xmark" style="color:$danger;">:xmark:</i> Separate tools for triage, response, and log management.            | <i class="fa-check" style="color:$success;">:check:</i> Unified platform for triage, response, and log management.                                                 |
| Response actions       | <i class="fa-xmark" style="color:$danger;">:xmark:</i> Manual workflows across multiple tools.                             | <i class="fa-check" style="color:$success;">:check:</i> Single-click and fully automated response actions built into the platform.                                 |
| Pricing model          | <i class="fa-xmark" style="color:$danger;">:xmark:</i> Usage-based pricing produces unpredictable costs.                   | <i class="fa-check" style="color:$success;">:check:</i> Priced by security use case for predictable, transparent billing.                                          |
| Log storage cost       | <i class="fa-xmark" style="color:$danger;">:xmark:</i> Logs stored on the vendor's infrastructure with vendor-set pricing. | <i class="fa-check" style="color:$success;">:check:</i> Customers store logs in their own AWS S3 bucket and pay AWS directly, with no storage markup from Radiant. |

### Radiant versus traditional SIEM solutions

Legacy SIEMs were designed to collect and correlate logs, not to investigate or respond to threats. They surface alerts through rule-based correlation and hand those alerts to analysts for manual triage. As environments grow, volume-based pricing forces teams to restrict data ingestion to control costs, which creates coverage gaps. The result is a platform that produces alert noise, constrains visibility, and requires additional tooling to finish workflows it was never built to complete.

| Capability                 | Legacy SIEM solutions                                                                                                                | Radiant                                                                                                                                                                                                          |
| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Alert triage               | <i class="fa-xmark" style="color:$danger;">:xmark:</i> Manual triage of rule-based correlations that require ongoing tuning.         | <i class="fa-check" style="color:$success;">:check:</i> Triages alerts automatically and produces a verdict with full investigative context.                                                                     |
| Data storage and retention | <i class="fa-xmark" style="color:$danger;">:xmark:</i> Per-GB ingestion fees force data sampling and short retention windows.        | <i class="fa-check" style="color:$success;">:check:</i> Customers store logs in their own AWS S3 bucket and pay AWS directly, with no storage markup from Radiant. See Bring your own bucket for Log Management. |
| Response actions           | <i class="fa-xmark" style="color:$danger;">:xmark:</i> Alert generation only. Response requires separate tools and manual workflows. | <i class="fa-check" style="color:$success;">:check:</i> Single-click and fully automated response actions built into the platform.                                                                               |
| Adaptation to new threats  | <i class="fa-xmark" style="color:$danger;">:xmark:</i> Static rules require manual updates for new threat patterns.                  | <i class="fa-check" style="color:$success;">:check:</i> Generates new plans dynamically without retraining or rule updates.                                                                                      |
| Security outcomes          | <i class="fa-xmark" style="color:$danger;">:xmark:</i> High false-positive rates and missed threats despite significant investment.  | <i class="fa-check" style="color:$success;">:check:</i> Resolves benign alerts automatically and surfaces likely-malicious alerts to analysts, reducing mean time to respond (MTTR).                             |

To learn how the triage pipeline produces a verdict for each alert, see the [Triage pipeline stages](/welcome-to-radiant/what-is-radiant-security/the-radiant-data-pipeline.md#triage-pipeline-stages).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/welcome-to-radiant/what-is-radiant-security/key-differentiators.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.