Threat mitigation system and method

What is claimed is: 1. A computer-implemented method, executed on a computing device, comprising: obtaining, by a Security Information and Event Management (SIEM) system, consolidated platform information to identify current security-relevant capabilities for a computing platform, including monitoring, by the SIEM system, activity of a plurality of security-relevant subsystems of the computing platform; determining possible security-relevant capabilities for the computing platform; rendering graphical comparison information that illustrates a difference between the current security-relevant capabilities of the computing platform and the possible security-relevant capabilities of the computing platform including level-of-confidence comparison information that illustrates the difference between the current security-relevant capabilities of the computing platform and the possible security-relevant capabilities of the computing platform; identifying coverage gaps in the current security-relevant capabilities, wherein identifying the coverage gaps in the current security-relevant capabilities includes identifying a plurality of inefficiencies in one or more portions of the computing platform; and providing one or more recommendations for mitigating the identified coverage gaps, wherein providing the one or more recommendations for mitigating the identified coverage gaps includes: in response to identifying the plurality of inefficiencies in the one or more portions of the computing platform, determining an efficiency increase for each of the one or more portions of the computing platform that would result from mitigating the identified coverage gaps. 2. The computer-implemented method of claim 1 wherein the possible security-relevant capabilities concern the possible security-relevant capabilities of the computing platform using the currently-deployed security-relevant subsystems. 3. The computer-implemented method of claim 1 wherein the possible security-relevant capabilities concern the possible security-relevant capabilities of the computing platform using one or more supplemental security-relevant subsystems. 4. The computer-implemented method of claim 1 wherein the graphical comparison information that illustrates a difference between the current security-relevant capabilities of the computing platform and the possible security-relevant capabilities of the computing platform includes: multi-axial comparison information that illustrates the difference between the current security-relevant capabilities of the computing platform and the possible security-relevant capabilities of the computing platform. 5. The computer-implemented method of claim 1 wherein the consolidated platform information is obtained from an independent information source. 6. The computer-implemented method of claim 1 wherein the consolidated platform information is obtained from a client information source. 7. The computer-implemented method of claim 1 , wherein providing the one or more recommendations for mitigating the identified coverage gaps includes: identifying a plurality of undeployed rules that are deployable in the computing platform, and ranking the plurality of undeployed rules that are deployable in the computing platform. 8. The computer-implemented method of claim 7 , wherein each of the plurality of undeployed rules are associated with one or more of: a kill chain phase; a severity level; and a performance score based, at least in part, on a probability of detecting one or more false positives. 9. A computer program product residing on a non-transitory computer readable medium having a plurality of instructions stored thereon which, when executed by a processor, cause the processor to perform operations comprising: obtaining, by a Security Information and Event Management (SIEM) system, consolidated platform information to identify current security-relevant capabilities for a computing platform, including monitoring, by the SIEM system, activity of a plurality of security-relevant subsystems of the computing platform; determining possible security-relevant capabilities for the computing platform; rendering graphical comparison information that illustrates a difference between the current security-relevant capabilities of the computing platform and the possible security-relevant capabilities of the computing platform including level-of-confidence comparison information that illustrates the difference between the current security-relevant capabilities of the computing platform and the possible security-relevant capabilities of the computing platform; identifying coverage gaps in the current security-relevant capabilities, wherein identifying the coverage gaps in the current security-relevant capabilities includes identifying a plurality of inefficiencies in one or more portions of the computing platform; and providing one or more recommendations for mitigating the identified coverage gaps, wherein providing the one or more recommendations for mitigating the identified coverage gaps includes: in response to identifying the plurality of inefficiencies in the one or more portions of the computing platform, determining an efficiency increase for each of the one or more portions of the computing platform that would result from mitigating the identified coverage gaps. 10. The computer program product of claim 9 wherein the possible security-relevant capabilities concern the possible security-relevant capabilities of the computing platform using the currently-deployed security-relevant subsystems. 11. The computer program product of claim 9 wherein the possible security-relevant capabilities concern the possible security-relevant capabilities of the computing platform using one or more supplemental security-relevant subsystems. 12. The computer program product of claim 9 wherein the graphical comparison information that illustrates a difference between the current security-relevant capabilities of the computing platform and the possible security-relevant capabilities of the computing platform includes: multi-axial comparison information that illustrates the difference between the current security-relevant capabilities of the computing platform and the possible security-relevant capabilities of the computing platform. 13. The computer program product of claim 9 wherein the consolidated platform information is obtained from an independent information source. 14. The computer program product of claim 9 wherein the consolidated platform information is obtained from a client information source. 15. A computing system including a processor and memory configured to perform operations comprising: obtaining, by a Security Information and Event Management (SIEM) system, consolidated platform information to identify current security-relevant capabilities for a computing platform, including monitoring, by the STEM system, activity of a plurality of security-relevant subsystems of the computing platform; determining possible security-relevant capabilities for the computing platform; rendering graphical comparison information that illustrates a difference between the current security-relevant capabilities of the computing platform and the possible security-relevant capabilities of the computing platform including level-of-confidence comparison information that illustrates the difference between the current security-relevant capabilities of the computing platform and the possible security-relevant capabilities of the computing platform; identifying coverage gaps in the current security-relevant capabilities, wherein identify