We performed a comparison between IBM Resilient and ServiceNow Security Operations based on real PeerSpot user reviews.
Find out in this report how the two Security Incident Response solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The product can integrate with any device."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Free ingestion for Azure logs (with E5 licence)"
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The product is very good at incident response."
"The solution is simple to use and to integrate with IBM QRadar."
"IBM Resilient is scalable."
"What I like most about IBM Resilient is that it has a complete stack, which means you don't need to use different OEM products because you have all you need under the IBM Resilient umbrella. You don't need to worry much about integrations and components because you're working with tested and proven architecture."
"The solution is easy to use."
"The most valuable features of IBM Resilient are its flexibility and customization options for incident response."
"The initial setup of IBM Resilient is not that complex since my company already has a support license that we use internally. In general, the product's deployment phase is not that complex."
"The most valuable thing about it is how easy it is to navigate the user interface."
"Integration to other security tools allows for a consolidated view of all vulnerabilities, incidents, etc. for all sorts of leverage in a single platform to assess governance risk and compliance as well as an enhanced, enriched intelligence."
"ServiceNow Security Operations also takes care of GRC, governance, risk and compliance, enabling it to provide risk assessment."
"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."
"The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product."
"It's stable."
"The solution is available over the cloud and is easy to manage."
"The "follow" feature is really good. If the user is not responding, there's an option to "follow". Just click on the button, and it will automatically trigger an email to the end user."
"The product has a very simple UI."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"The playbook is a bit difficult and could be improved."
"The product can be improved by reducing the cost to use AI machine learning."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"We'd like to see more connectors."
"It is not very straightforward to set up custom integrations, especially with services like Azure. You need an additional server for integration."
"One thing to improve is how it handles data formats, which currently might require scripting for conversion to CSV before uploading."
"The initial setup is complex."
"IBM Resilient could integrate better with my tools."
"Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution."
"The ability to analyze incidents needs to be improved in the solution."
"The product needs a bit more development."
"What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products."
"It is challenging for the customers to understand the processes for SecOps. It needs to be simplified."
"There is room for improvement in terms of developer support and documentation."
"They should stick to the roadmap and continue to build plugins and integrations with other third parties, enhance the UI, and enhance the reporting. It's all good. They should just continue enhancing the releases."
"We'd like customization to be easier in terms of the UI and using the dashboards."
"The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better."
"There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution."
"Process framework and best practices for ease of integration between IT and security teams via incident, problem, and change."
"The initial setup is difficult."
More ServiceNow Security Operations Pricing and Cost Advice →
IBM Resilient is ranked 4th in Security Incident Response with 17 reviews while ServiceNow Security Operations is ranked 3rd in Security Incident Response with 14 reviews. IBM Resilient is rated 7.6, while ServiceNow Security Operations is rated 8.0. The top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". On the other hand, the top reviewer of ServiceNow Security Operations writes "Mature with nice UI and customizable workflows". IBM Resilient is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, Fortinet FortiSOAR, IBM Cloud Pak for Security and IBM Security QRadar, whereas ServiceNow Security Operations is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, Fortinet FortiSOAR, Swimlane and ThreatConnect Threat Intelligence Platform (TIP). See our IBM Resilient vs. ServiceNow Security Operations report.
See our list of best Security Incident Response vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.