We performed a comparison between D3 Security and ServiceNow Security Operations based on real PeerSpot user reviews.
Find out in this report how the two Security Incident Response solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The connectivity and analytics are great."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The solution's valuable feature is its GUI. It has more than 450 connectors, which are excellent for connecting devices and automating integration. The solution has all the features we need. We deployed it in our environment, and it's fully integrated. Thanks to their open APIs, the seamless integration makes everything work well together."
"It is an out-of-the-box automated integration with our 20 departments. We perform L1 LiveOps automatically through the portal."
"The ease of use is great."
"Integration to other security tools allows for a consolidated view of all vulnerabilities, incidents, etc. for all sorts of leverage in a single platform to assess governance risk and compliance as well as an enhanced, enriched intelligence."
"The solution is stable."
"Reduces time to closure and closure metrics for vulnerabilities."
"The "follow" feature is really good. If the user is not responding, there's an option to "follow". Just click on the button, and it will automatically trigger an email to the end user."
"It gives you the ability to bring data into the system. The workflows are out of the box, and it gives you the ability to auto-assign the incidents based on criteria and vulnerabilities."
"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."
"My favorite feature is the application vulnerability scanner."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The reporting could be more structured."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"One key area that can be improved is by building a strong integration with our XDR platform."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"The reporting, especially custom reporting, needs to be improved. Additionally, it would be better if it could be hosted on Linux."
"Reporting needs improvement. MTTR and MTTD metrics aren't directly available in playbooks and require manual effort to achieve."
"It is challenging for the customers to understand the processes for SecOps. It needs to be simplified."
"In future releases, I would like to add a follow-up and reminder feature. For the tickets in our queue, we could set reminders. This would help us prioritize older tickets before moving on to new ones."
"The initial setup is difficult."
"There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution."
"It's very slow. When you click a button or update a field, it takes forever to actually react."
"An area for improvement I observed in ServiceNow Security Operations is the need to maintain correct CMDB data because if you're unable to do this, you can't perfectly maintain the vulnerability data. CMDB data in ServiceNow Security Operations needs to be accurate. As I've been working on ServiceNow Security Operations for only seven months, I still need more time to try all its modules before I can give recommendations regarding additional features I'd like to see in the solution."
"There is room for improvement in terms of developer support and documentation."
"They should stick to the roadmap and continue to build plugins and integrations with other third parties, enhance the UI, and enhance the reporting. It's all good. They should just continue enhancing the releases."
More ServiceNow Security Operations Pricing and Cost Advice →
D3 Security is ranked 8th in Security Incident Response with 2 reviews while ServiceNow Security Operations is ranked 3rd in Security Incident Response with 15 reviews. D3 Security is rated 9.0, while ServiceNow Security Operations is rated 8.0. The top reviewer of D3 Security writes "Offers open API for integrating any available tools without any recurring costs". On the other hand, the top reviewer of ServiceNow Security Operations writes "Mature with nice UI and customizable workflows". D3 Security is most compared with Palo Alto Networks Cortex XSOAR, Fortinet FortiSOAR and Splunk SOAR, whereas ServiceNow Security Operations is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, IBM Resilient, Swimlane and Fortinet FortiSOAR. See our D3 Security vs. ServiceNow Security Operations report.
See our list of best Security Incident Response vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.