We performed a comparison between DFLabs IncMan SOAR and IBM Resilient based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The vendors themselves will actually help with any customizations a client may require"
"It's really simple and has a flexible interface."
"The solution is very easy to use."
"The solution is easy to use."
"The product is very good at incident response."
"The solution is reliable in our usage."
"It is a stable solution...It is a scalable solution."
"IBM Resilient is scalable."
"The most valuable thing about it is how easy it is to navigate the user interface."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"The solution could be more user-friendly; some query languages are required to operate it."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"The support is not 24/7."
"The tool needs to improve its documentation on license scripts."
"The initial setup is complex."
"There are shortcomings with IBM Resilient's technical support team that can be considered for improvement in the future."
"The ability to analyze incidents needs to be improved in the solution."
"IBM Resilient is quite complex, including its configuration."
"What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products."
"Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution."
"The product must provide more integration with other tools."
Earn 20 points
DFLabs IncMan SOAR is ranked 28th in Security Orchestration Automation and Response (SOAR) while IBM Resilient is ranked 7th in Security Orchestration Automation and Response (SOAR) with 17 reviews. DFLabs IncMan SOAR is rated 0.0, while IBM Resilient is rated 7.6. The top reviewer of DFLabs IncMan SOAR writes "Protects an organization from the threat of a data breach or cyberattack". On the other hand, the top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". DFLabs IncMan SOAR is most compared with Palo Alto Networks Cortex XSOAR, whereas IBM Resilient is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, ServiceNow Security Operations, Fortinet FortiSOAR and Swimlane.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.