We performed a comparison between IBM Resilient and ServiceNow Security Operations based on real PeerSpot user reviews.
Find out in this report how the two Security Incident Response solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"Stability-wise, I rate the solution a ten out of ten...Scalability-wise, I rate the solution a ten out of ten."
"The most valuable features of IBM Resilient are its flexibility and customization options for incident response."
"This is a good solution that we recommend for customers."
"Its flexibility is the most valuable."
"As a whole, the product is stable...Technical support is very good."
"IBM Resilient is scalable."
"It's really simple and has a flexible interface."
"The solution is easy to use."
"The product has a very simple UI."
"ServiceNow Security Operations also takes care of GRC, governance, risk and compliance, enabling it to provide risk assessment."
"What I found most valuable in ServiceNow Security Operations is that it's very useful for any incoming vulnerability. For example, if my team finds any vulnerability on servers such as the CA and CMDB integrated with ServiceNow Security Operations, my team can make some changes. My team can map the vulnerabilities found on the CA server, make the changes required, and resolve the vulnerabilities before the system is attacked. You can avoid vulnerability attacks through ServiceNow Security Operations, so this is the best feature of the solution. ServiceNow Security Operations is beneficial mainly for vulnerability response and engagement purposes."
"Reduces time to closure and closure metrics for vulnerabilities."
"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."
"It has helped optimize security costs by consolidating multiple tools into one platform."
"The solution is stable."
"It gives you the ability to bring data into the system. The workflows are out of the box, and it gives you the ability to auto-assign the incidents based on criteria and vulnerabilities."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The on-prem log sources still require a lot of development."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"The only thing is sometimes you can have a false positive."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"The response time of the support is an area of concern where improvements are required."
"The implementation could be a bit simpler."
"The tool needs to improve its documentation on license scripts."
"Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution."
"The ability to analyze incidents needs to be improved in the solution."
"The integration could be improved so that it is easy to integrate with other solutions."
"It is not very straightforward to set up custom integrations, especially with services like Azure. You need an additional server for integration."
"There are shortcomings with IBM Resilient's technical support team that can be considered for improvement in the future."
"It's very slow. When you click a button or update a field, it takes forever to actually react."
"There is room for improvement in terms of developer support and documentation."
"The threat intelligence module needs a better dashboard."
"There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution."
"Customer awareness and understanding of ServiceNow's SecOps capabilities could be improved."
"The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better."
"It doesn't interact with things very well."
"In future releases, I would like to add a follow-up and reminder feature. For the tickets in our queue, we could set reminders. This would help us prioritize older tickets before moving on to new ones."
More ServiceNow Security Operations Pricing and Cost Advice →
IBM Resilient is ranked 4th in Security Incident Response with 17 reviews while ServiceNow Security Operations is ranked 3rd in Security Incident Response with 15 reviews. IBM Resilient is rated 7.6, while ServiceNow Security Operations is rated 8.0. The top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". On the other hand, the top reviewer of ServiceNow Security Operations writes "Mature with nice UI and customizable workflows". IBM Resilient is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, Fortinet FortiSOAR, IBM Security QRadar and IBM Cloud Pak for Security, whereas ServiceNow Security Operations is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, Swimlane, Fortinet FortiSOAR and ThreatConnect Threat Intelligence Platform (TIP). See our IBM Resilient vs. ServiceNow Security Operations report.
See our list of best Security Incident Response vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.