We performed a comparison between IBM Resilient and ServiceNow Security Operations based on real PeerSpot user reviews.
Find out in this report how the two Security Incident Response solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The initial setup is very simple and straightforward."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"It has basic out-of-the-box integrations with multiple log sources."
"The solution is reliable in our usage."
"What I like most about IBM Resilient is that it has a complete stack, which means you don't need to use different OEM products because you have all you need under the IBM Resilient umbrella. You don't need to worry much about integrations and components because you're working with tested and proven architecture."
"It's really simple and has a flexible interface."
"The initial setup of IBM Resilient is not that complex since my company already has a support license that we use internally. In general, the product's deployment phase is not that complex."
"The most valuable features of IBM Resilient are its flexibility and customization options for incident response."
"The UBA, User Behavior Analytics, is very good."
"The solution is simple to use and to integrate with IBM QRadar."
"The most valuable thing about it is how easy it is to navigate the user interface."
"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."
"ServiceNow Security Operations also takes care of GRC, governance, risk and compliance, enabling it to provide risk assessment."
"It gives you the ability to bring data into the system. The workflows are out of the box, and it gives you the ability to auto-assign the incidents based on criteria and vulnerabilities."
"The solution is available over the cloud and is easy to manage."
"The ease of use is great."
"It has helped optimize security costs by consolidating multiple tools into one platform."
"Integration to other security tools allows for a consolidated view of all vulnerabilities, incidents, etc. for all sorts of leverage in a single platform to assess governance risk and compliance as well as an enhanced, enriched intelligence."
"It's stable."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"The solution could improve the playbooks."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"The solution should allow for a streamlined CI/CD procedure."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"The troubleshooting has room for improvement."
"It is not very straightforward to set up custom integrations, especially with services like Azure. You need an additional server for integration."
"There are shortcomings with IBM Resilient's technical support team that can be considered for improvement in the future."
"IBM Resilient could integrate better with my tools."
"The product must provide more integration with other tools."
"The product needs a bit more development."
"IBM Resilient is quite complex, including its configuration."
"The initial setup is complex."
"One thing to improve is how it handles data formats, which currently might require scripting for conversion to CSV before uploading."
"It doesn't interact with things very well."
"It is challenging for the customers to understand the processes for SecOps. It needs to be simplified."
"The threat intelligence module needs a better dashboard."
"The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better."
"There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution."
"An area for improvement I observed in ServiceNow Security Operations is the need to maintain correct CMDB data because if you're unable to do this, you can't perfectly maintain the vulnerability data. CMDB data in ServiceNow Security Operations needs to be accurate. As I've been working on ServiceNow Security Operations for only seven months, I still need more time to try all its modules before I can give recommendations regarding additional features I'd like to see in the solution."
"We'd like customization to be easier in terms of the UI and using the dashboards."
"They should stick to the roadmap and continue to build plugins and integrations with other third parties, enhance the UI, and enhance the reporting. It's all good. They should just continue enhancing the releases."
More ServiceNow Security Operations Pricing and Cost Advice →
IBM Resilient is ranked 4th in Security Incident Response with 17 reviews while ServiceNow Security Operations is ranked 2nd in Security Incident Response with 15 reviews. IBM Resilient is rated 7.6, while ServiceNow Security Operations is rated 8.0. The top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". On the other hand, the top reviewer of ServiceNow Security Operations writes "Mature with nice UI and customizable workflows". IBM Resilient is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, IBM Security QRadar, Fortinet FortiSOAR and IBM Cloud Pak for Security, whereas ServiceNow Security Operations is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, Swimlane, Fortinet FortiSOAR and ThreatConnect Threat Intelligence Platform (TIP). See our IBM Resilient vs. ServiceNow Security Operations report.
See our list of best Security Incident Response vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.