We performed a comparison between IBM Resilient and ThreatConnect Threat Intelligence Platform (TIP) based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The UBA, User Behavior Analytics, is very good."
"The solution is simple to use and to integrate with IBM QRadar."
"The most valuable features of IBM Resilient are its flexibility and customization options for incident response."
"The initial setup of IBM Resilient is not that complex since my company already has a support license that we use internally. In general, the product's deployment phase is not that complex."
"The solution is reliable in our usage."
"It is a stable solution...It is a scalable solution."
"The solution is easy to use."
"As a whole, the product is stable...Technical support is very good."
"The product automatically generated a threat score based on the maliciousness of an IP."
"It's a solid platform and is stable enough. It is not complicated and is easy to use."
"The most valuable features are ease of use and the ability to customize it."
"ThreatConnect has a highly user-friendly interface."
More ThreatConnect Threat Intelligence Platform (TIP) Pros →
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"The solution could be more user-friendly; some query languages are required to operate it."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution."
"There are shortcomings with IBM Resilient's technical support team that can be considered for improvement in the future."
"What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products."
"The ability to analyze incidents needs to be improved in the solution."
"The product needs a bit more development."
"The integration could be improved so that it is easy to integrate with other solutions."
"IBM Resilient could integrate better with my tools."
"IBM Resilient is quite complex, including its configuration."
"It would be good to have more feeds and more integrated sources for enrichment."
"They should make it a little bit easier to generate events and share them with the community"
"I couldn’t get any training videos online when I was working with the tool."
"Integration is an area that could use some improvement."
More ThreatConnect Threat Intelligence Platform (TIP) Cons →
More ThreatConnect Threat Intelligence Platform (TIP) Pricing and Cost Advice →
IBM Resilient is ranked 7th in Security Orchestration Automation and Response (SOAR) with 17 reviews while ThreatConnect Threat Intelligence Platform (TIP) is ranked 19th in Security Orchestration Automation and Response (SOAR) with 4 reviews. IBM Resilient is rated 7.6, while ThreatConnect Threat Intelligence Platform (TIP) is rated 8.0. The top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". On the other hand, the top reviewer of ThreatConnect Threat Intelligence Platform (TIP) writes "The tool could be integrated into any environment, but it was expensive, and the deployment process was complex". IBM Resilient is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, ServiceNow Security Operations, Fortinet FortiSOAR and DFLabs IncMan SOAR, whereas ThreatConnect Threat Intelligence Platform (TIP) is most compared with Anomali ThreatStream, Recorded Future, ThreatQ, Palo Alto Networks Cortex XSOAR and Anomali Match. See our IBM Resilient vs. ThreatConnect Threat Intelligence Platform (TIP) report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.