Competitive Analysis — Ironframe GRC
Summary for sales and product. Full analysis: competitive-landscape.md.
Market context
Legacy GRC and IRM platforms (Archer, ServiceNow IRM, MetricStream, etc.) optimize for workflow tickets and qualitative ratings. Ironframe competes on financial defensibility, zero-trust ingest, and observable agent orchestration.
Ironframe differentiators
| Dimension | Legacy GRC | Ironframe |
|---|---|---|
| Risk quantification | Heatmaps, qualitative tiers | BigInt ALE cents, tenant-frozen baselines |
| External ingest | Often direct to DB/API | Irongate DMZ — sanitize before persist |
| AI / automation | Bolt-on chatbots | 19 named agents, LangGraph checkpoints |
| Multi-tenant | Add-on or separate instances | Native Command Center + RLS + Ironguard |
| ESG | Checkbox / spend proxies | Physical units (kWh, gCO₂eq); Ironbloom gates |
| Evidence | Attachments | WORM path, SHA-256 forensic manifests, Ironquery exports |
| Ops resilience | Manual failover | Ironwatch heartbeat, LKG pulse, stale lockdown with waiver |
Agent-level competitive map
| Agent | Solves legacy failure |
|---|---|
| Irongate (14) | Poisoned data lakes |
| Irontrust (3) | Qualitative guesswork |
| Ironwatch (13) | Undetected API / insider anomaly |
| Ironguard (12) | Secret leakage, scope violations |
| Ironlock (6) | Slow manual lockdown |
| Kimbot (17) | Greenwashing / monetary ESG proxies |
| Ironquery | Black-box AI reports → exportable analyst packs |
Win themes by competitor type
vs. spreadsheet / Notion programs
Governance at scale: audit log, tenant isolation, automated ingest.
vs. enterprise GRC suite
Faster time-to-value on serverless; transparent agent math; lower services lock-in when exports and TAS are open.
vs. exposure management / ASM point tools
Ironframe connects telemetry → financial impact → compliance mapping in one Command Center.
Risks / honest gaps (GA)
- Full 19-agent roster still expanding (Epic 10 ~90%)
- WORM productization in progress (Epic 12)
- DEI salted pipeline early (Epic 14)
- Pricing/packaging not yet public SKU sheet
Use gaps as roadmap transparency, not oversell.