We performed a comparison between IBM Resilient and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product can integrate with any device."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The initial setup is very simple and straightforward."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The machine learning and artificial intelligence on offer are great."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The UI-based analytics are excellent."
"The product is very good at incident response."
"The most valuable thing about it is how easy it is to navigate the user interface."
"It's really simple and has a flexible interface."
"Stability-wise, I rate the solution a ten out of ten...Scalability-wise, I rate the solution a ten out of ten."
"The solution is reliable in our usage."
"The most valuable features of IBM Resilient are its flexibility and customization options for incident response."
"It is a stable solution...It is a scalable solution."
"IBM Resilient is scalable."
"The solution provides threat intelligence with EDR."
"I have no complaints about Cortex's stability."
"The product’s stability is good."
"Its agility and scalability are valuable."
"The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."
"Many different playbooks are available and can be customized."
"What I like most about Palo Alto Networks Cortex XSOAR is how user-friendly it is for development. It is much simpler to work with compared to similar tools I've used."
"Palo Alto has gotten the investigators more presence to actually go in the report because being that the platform will email the investigator that it's been assigned to, now the investigators will jump in there and start going through the review process a lot quicker."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"I think the number one area of improvement for Sentinel would be the cost."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"The solution should allow for a streamlined CI/CD procedure."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution."
"One thing to improve is how it handles data formats, which currently might require scripting for conversion to CSV before uploading."
"The ability to analyze incidents needs to be improved in the solution."
"The implementation could be a bit simpler."
"IBM Resilient could integrate better with my tools."
"What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products."
"There are shortcomings with IBM Resilient's technical support team that can be considered for improvement in the future."
"The response time of the support is an area of concern where improvements are required."
"It is been decommissioned by Palo Alto."
"Palo Alto Networks Cortex XSOAR could improve the Panorama feature. We had to turn it off because it was not working properly."
"I would love to see more flexibility on what we can display and design on the dashboards."
"The price of the solution could be improved."
"It's only one cloud right now. It might be helpful for some companies to have an on-premies option."
"The solution's technical support could be better."
"With Palo Alto Networks Cortex XSOAR, managing its setup phase can be a complicated task."
"They should provide integration with machine learning platforms."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
IBM Resilient is ranked 7th in Security Orchestration Automation and Response (SOAR) with 17 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews. IBM Resilient is rated 7.6, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". IBM Resilient is most compared with Splunk SOAR, ServiceNow Security Operations, Fortinet FortiSOAR, IBM Security QRadar and IBM Cloud Pak for Security, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and ServiceNow Security Operations. See our IBM Resilient vs. Palo Alto Networks Cortex XSOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.