We performed a comparison between IBM Resilient and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The analytic rule is the most valuable feature."
"We have no complaints about the features or functionality."
"IBM Resilient is scalable."
"This is a good solution that we recommend for customers."
"The UBA, User Behavior Analytics, is very good."
"The most valuable features of IBM Resilient are its flexibility and customization options for incident response."
"The most valuable thing about it is how easy it is to navigate the user interface."
"As a whole, the product is stable...Technical support is very good."
"Stability-wise, I rate the solution a ten out of ten...Scalability-wise, I rate the solution a ten out of ten."
"It is a stable solution...It is a scalable solution."
"It has an extensive list of integrations that are available out of the box which makes it easy to start."
"It is quite scalable. I would rate it a ten out of ten."
"The repository of playbooks and the integration between Palo Alto and IBM QRadar are some useful features"
"I am satisfied with the product overall."
"From the security team's standpoint, the solution has improved our organization's overall cybersecurity."
"The most valuable features of Palo Alto Networks Cortex XSOAR are the remote controller from the workstation that can execute commands and isolate the systems outside of the network. Only the system with an internet connection can execute the task because the main console is in the cloud."
"What I like most about Palo Alto Networks Cortex XSOAR is how user-friendly it is for development. It is much simpler to work with compared to similar tools I've used."
"Its agility and scalability are valuable."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"The only thing is sometimes you can have a false positive."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Sentinel's reporting is complex and can be more user-friendly."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"One key area that can be improved is by building a strong integration with our XDR platform."
"This product could be improved with better customization. This product isn't the best on the market like QRadar, but it's actually a good solution. However, some competitors' solutions contain more integration, support, automation, or flexibility."
"The integration could be improved so that it is easy to integrate with other solutions."
"One thing to improve is how it handles data formats, which currently might require scripting for conversion to CSV before uploading."
"Its price needs improvement."
"The tool needs to improve its documentation on license scripts."
"It is not very straightforward to set up custom integrations, especially with services like Azure. You need an additional server for integration."
"The ability to analyze incidents needs to be improved in the solution."
"The response time of the support is an area of concern where improvements are required."
"I would like to see Cortex become less dependent on Active Directory and group policies to manage the deployment. Maybe I need to update my understanding of how to deploy it, but that's the way I know how to use it."
"XSOAR could have more integration options."
"Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners."
"Previously, when Demisto was, there was a community edition; we could use it, reinstall it, and customize it. Since Palo Alto took over, it has become more financially oriented. It's business, but they could offer a pro model and a lighter model for different needs."
"Its dashboard features need improvement."
"The formats are not compatible, are readily not available, and are not readable."
"The configuration of the solution could improve it is difficult."
"The solution is complicated to learn."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
IBM Resilient is ranked 7th in Security Orchestration Automation and Response (SOAR) with 17 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews. IBM Resilient is rated 7.6, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". IBM Resilient is most compared with Splunk SOAR, ServiceNow Security Operations, Fortinet FortiSOAR, IBM Security QRadar and IBM Cloud Pak for Security, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and ServiceNow Security Operations. See our IBM Resilient vs. Palo Alto Networks Cortex XSOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.