We performed a comparison between CRITICALSTART and ServiceNow Security Operations based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The automation feature is valuable."
"Free ingestion for Azure logs (with E5 licence)"
"The dashboard that allows me to view all the incidents is the most valuable feature."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The main difference between the other options and this one is the quality of the personnel within the SOC. It's their knowledge and depth and the way they handle customers."
"I also use their mobile app. It's very easy to use and very convenient to be able to respond to alerts wherever you are. I love the app. You can respond and communicate, per ticket, with their SOC in near real-time. The response is very quick."
"From where we were prior to going into them, the service has increased our analysts’ efficiency to the point that they can focus on other areas of the business. It gives me the ability to allow analysts to do Level 3 and 4 work and stay out of the weeds of the alerts, where you tend to get alert fatigue. The service takes care of much of the Tier 1 and Tier 2 triage. It is more effective than what we had been used to, because it allows the filtering of Level 1 and Level 2 type alerts to be taken care of. This leaves less for us to handle, which is a good thing."
"There are two parts of CRITICALSTART's services that are most valuable to us. The MDR solution where they monitor our computers, laptops, and users across the board; and their knowledge of Palo Alto firewalls."
"The way that the user interface presents data enables our team to be able to make decisions significantly quicker, rather than have to dig into the details or go back to the original tools."
"Their Zero Trust Analytics Platform (ZTAP) engine, which is kind of their correlation engine, is by far and away one of the best in the business. We can filter and utilize different lists to build out different alerts, such as, what to alert on and when not to alert. This engine helps reduce our number of alerts and false positives."
"The quick interaction between the agents is the most valuable feature. If we have questions, they're quick to answer. If we make a change to our system, they quickly make the changes that are necessary to filter the logs correctly."
"The most valuable feature of their service is their tuning... If we were getting 1,000 alerts a day without them, they tune it until they know what to do for 999 of them, and one will make it through to us per day. That tuning is the most valuable part of their solution."
"The solution is stable."
"ServiceNow Security Operations also takes care of GRC, governance, risk and compliance, enabling it to provide risk assessment."
"Integration to other security tools allows for a consolidated view of all vulnerabilities, incidents, etc. for all sorts of leverage in a single platform to assess governance risk and compliance as well as an enhanced, enriched intelligence."
"My favorite feature is the application vulnerability scanner."
"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."
"It's stable."
"Reduces time to closure and closure metrics for vulnerabilities."
"The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The on-prem log sources still require a lot of development."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"The UI has become slower but it's not something I would call them out on."
"In terms of responsiveness, when I open up an alert, sometimes it takes a bit of time to load. However, it only happened once or twice."
"There is room for improvement with the new UI, and that's about it. I would like to see a more intuitive design."
"The updated UI is actually pretty bad. Regarding the intuitiveness, it is fairly easy to use, but the responsiveness, on a scale of one to 10, is a one. It's really poor performance."
"It has frustrated us that they don't have a native Slack integration, because most things do now. That's something we've asked for, for years, and it just doesn't really seem like it's a priority."
"They just did a user interface overhaul to the website portal that you use for troubleshooting tickets. The old one was fine. The new one is not intuitive..."
"They could dig a little bit deeper into the Splunk alerts when they feel like they need to be escalated to us. For example, if a locked account shows up, they could do a little extra digging to verify that the locked account was due to a bad password on the local system. They could just do a little extra digging within the Splunk environment instead of pushing it onto us to go do that extra little digging."
"The biggest room for improvement is not necessarily in their service or offering, but in the products that they support. I would like them to further their knowledge and ability to integrate with those tools. They have base integrations with everything, and we haven't come across anything. They should just continue to build on that API interface between their applications and other third-party consoles."
"It is challenging for the customers to understand the processes for SecOps. It needs to be simplified."
"It doesn't interact with things very well."
"It's very slow. When you click a button or update a field, it takes forever to actually react."
"We'd like customization to be easier in terms of the UI and using the dashboards."
"They should stick to the roadmap and continue to build plugins and integrations with other third parties, enhance the UI, and enhance the reporting. It's all good. They should just continue enhancing the releases."
"The product is called SecOps, but it is not security operations in terms of SIEM solutions."
"There is room for improvement in terms of developer support and documentation."
"Process framework and best practices for ease of integration between IT and security teams via incident, problem, and change."
More ServiceNow Security Operations Pricing and Cost Advice →
Earn 20 points
CRITICALSTART is ranked 29th in Security Orchestration Automation and Response (SOAR) while ServiceNow Security Operations is ranked 8th in Security Orchestration Automation and Response (SOAR) with 14 reviews. CRITICALSTART is rated 9.4, while ServiceNow Security Operations is rated 8.0. The top reviewer of CRITICALSTART writes "Offers the ability to close review tickets or alerts through a mobile phone and to interact with engineers on their side via the app". On the other hand, the top reviewer of ServiceNow Security Operations writes "Mature with nice UI and customizable workflows". CRITICALSTART is most compared with Arctic Wolf Managed Detection and Response, BlueVoyant CORE, ReliaQuest GreyMatter, CrowdStrike Falcon Complete and Red Canary, whereas ServiceNow Security Operations is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, IBM Resilient, Swimlane and Fortinet FortiSOAR.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
