We performed a comparison between Galvanize IncidentBond, ServiceNow Security Operations, and VMware Carbon Black Endpoint based on real PeerSpot user reviews.
Find out what your peers are saying about VMware, ServiceNow, IBM and others in Security Incident Response."The customization and the transparency of data while still maintaining a mostly user-friendly UI, are key features. It allows for me, as an engineer, to evolve the individual components and modules, and to create a much more meaningful picture than the individual pieces in isolation ever could."
"Integration to other security tools allows for a consolidated view of all vulnerabilities, incidents, etc. for all sorts of leverage in a single platform to assess governance risk and compliance as well as an enhanced, enriched intelligence."
"What I found most valuable in ServiceNow Security Operations is that it's very useful for any incoming vulnerability. For example, if my team finds any vulnerability on servers such as the CA and CMDB integrated with ServiceNow Security Operations, my team can make some changes. My team can map the vulnerabilities found on the CA server, make the changes required, and resolve the vulnerabilities before the system is attacked. You can avoid vulnerability attacks through ServiceNow Security Operations, so this is the best feature of the solution. ServiceNow Security Operations is beneficial mainly for vulnerability response and engagement purposes."
"The solution is available over the cloud and is easy to manage."
"The solution is stable."
"ServiceNow Security Operations also takes care of GRC, governance, risk and compliance, enabling it to provide risk assessment."
"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."
"The product has a very simple UI."
"The ease of use is great."
"I found the offline scanning to be particularly useful."
"What I like the most about it is the dynamic grouping, where you get to group endpoints based on setup criteria. That's pretty cool. I like the simplified policy management and simplified white-listing process."
"The solution has a very nice API on the back end for remoting into a system and executing scripts or utilizing self automation."
"Some of the valuable features I have found are the online documentation of the solution is well organized and thorough. I like the simplicity of bypass and the visualization of the active components."
"I like its reporting."
"The product's most valuable feature is its ability to be fully integrated with the VMware environment."
"The product allows us to focus on endpoint and antivirus protection."
"It is stable and easy to set up."
"Stable – Release – Experimental" system with their releases, and all the proper checks and balances, I’d be an incredibly happy individual. I can appreciate the cause and affect, wherein the customization of the tool drives rapid release schedules, and the paradox that creates with the idea of stable releases. I’d also like more transparency about known bugs and issues."
"We'd like customization to be easier in terms of the UI and using the dashboards."
"It doesn't interact with things very well."
"They should stick to the roadmap and continue to build plugins and integrations with other third parties, enhance the UI, and enhance the reporting. It's all good. They should just continue enhancing the releases."
"The initial setup is difficult."
"It is challenging for the customers to understand the processes for SecOps. It needs to be simplified."
"There is room for improvement in terms of developer support and documentation."
"In future releases, I would like to add a follow-up and reminder feature. For the tickets in our queue, we could set reminders. This would help us prioritize older tickets before moving on to new ones."
"The product is called SecOps, but it is not security operations in terms of SIEM solutions."
"Integration is difficult, but CB Defense is more powerful than others. It is difficult to implement but easy to pick up many detections."
"It could be a bit complicated. You have to be very familiar with Carbon Black to understand what it is doing and why it is doing. I would like to have more explanations and simplification in the user interface. It would be good to get help and see more explanations. It should tell us that a software is blocked and the reason for it. It would be good to be able to build chains in terms of what caused what, what worked, and what caused an issue. We are now moving from Carbon Black to Cortex XDR. While choosing antivirus software, we were also looking at Carbon Black because it also has an antivirus package, and it is next-generation, but we were told that Carbon Black doesn't support firewalls. We have Palo Alto firewalls. We would have chosen this solution if it supported firewalls, in particular next-generation firewalls, but unfortunately, it doesn't. Therefore, we decided on Cortex XDR because it integrates with Palo Alto firewalls."
"In my company, we face issues sometimes when there is a need to write custom rules or we want to write for some rules that are different from the standard rules provided by the solution."
"The solution needs expanded endpoint query tools."
"Carbon Black CB Defense has helped improve my organization by allowing us to have better data so that we can do correlation and get visibility into the alerts."
"When you view the triage, it will show you everything within a given time frame, and not only the attack that caused the alert, which is what I want to see. It shows you all the events during that time, and that can be quite confusing."
"With the on-prem one, the bug has been reported by the community in early January or February, something like that, at the beginning of the year, and it's still not addressed. They have released two versions since then, and yet neither of them addresses this specific issue."
"The EDR portion could be better. I'm not a big fan, but it works."
More ServiceNow Security Operations Pricing and Cost Advice →
Earn 20 points
