IBM Resilient vs Microsoft Sentinel comparison

IBM Resilient
Read 17 IBM Resilient reviews
  • 1,960 Views
  • 1,249 Comparison Views
80% willing to recommend
Microsoft Sentinel
Read 86 Microsoft Sentinel reviews
  • 17,297 Views
  • 9,622 Comparison Views
92% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between IBM Resilient and Microsoft Sentinel based on real PeerSpot user reviews.

Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed IBM Resilient vs. Microsoft Sentinel Report (Updated: May 2024).
Buyer's Guide
IBM Resilient vs. Microsoft Sentinel
May 2024
Download the complete report
Helped 787,061 peers since 2012
 

Categories and Ranking

IBM Resilient
Ranking in Security Orchestration Automation and Response (SOAR)
8th
Average Rating
7.6
Number of Reviews
17
Ranking in other categories
Security Incident Response (4th)
Microsoft Sentinel
Ranking in Security Orchestration Automation and Response (SOAR)
1st
Average Rating
8.2
Number of Reviews
86
Ranking in other categories
Security Information and Event Management (SIEM) (2nd), Microsoft Security Suite (5th)
 

Market share comparison

As of June 2024, in the Security Orchestration Automation and Response (SOAR) category, the market share of IBM Resilient is 2.2% and it decreased by 27.8% compared to the previous year. The market share of Microsoft Sentinel is 20.3% and it increased by 15.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
Unique Categories:
Security Incident Response
20.0%
Security Information and Event Management (SIEM)
13.7%
Microsoft Security Suite
5.3%
 

Featured Reviews

Jaliya Bandara - PeerSpot reviewer
Jan 26, 2023
It has a complete stack, so you don't need to use different OEM products because you have all you need under one umbrella
What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products. In a way, IBM Resilient is an orchestration platform, so it should allow you to orchestrate other OEMs or products from non-IBM vendors. If there were a pre-built function that lets you integrate third-party solutions with IBM Resilient, the initial setup for the solution would become easier and more flexible. Implementing or integrating other platforms with IBM Resilient would also take less time. After the solution is implemented, that's the time my company can give more recommendations on which features to add to improve IBM Resilient.
Read full review
MA
Nov 9, 2022
The solution prioritizes threats, integrates easily with other Microsoft products, and can be deployed within half an hour
The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook. The cost is not straightforward and would benefit from a single charge model. The UI is not impressive, we need to train our analysts to conduct the investigation. Unlike IBM QRadar which has a different UI for searching, there is no UI where we can conduct searches with Sentinel. With Sentinel, all our searches require a KQL query, and if our analysts are not familiar with KQL queries, we have to train them. The data ingestion can use improvement. There are a few scenarios where we have experienced a delay in data ingestion.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The product is very good at incident response."
"The initial setup of IBM Resilient is not that complex since my company already has a support license that we use internally. In general, the product's deployment phase is not that complex."
"It is a stable solution...It is a scalable solution."
"The solution is easy to use."
"The UBA, User Behavior Analytics, is very good."
"IBM Resilient is scalable."
"What I like most about IBM Resilient is that it has a complete stack, which means you don't need to use different OEM products because you have all you need under the IBM Resilient umbrella. You don't need to worry much about integrations and components because you're working with tested and proven architecture."
"As a whole, the product is stable...Technical support is very good."
More IBM Resilient pros
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"The UI of Sentinel is very good and easy to use, even for beginners."
More Microsoft Sentinel pros
 

Cons

"The product needs a bit more development."
"Its price needs improvement."
"What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products."
"The initial setup is complex."
"This product could be improved with better customization. This product isn't the best on the market like QRadar, but it's actually a good solution. However, some competitors' solutions contain more integration, support, automation, or flexibility."
"The integration could be improved so that it is easy to integrate with other solutions."
"IBM Resilient could integrate better with my tools."
"The ability to analyze incidents needs to be improved in the solution."
More IBM Resilient cons
"I would like to be able to monitor applications outside of the Azure Cloud."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
More Microsoft Sentinel cons
 

Pricing and Cost Advice

"There are no costs except for the support services that our company pays in addition to the licensing charges attached to the solution."
"We could create unlimited users using the license we had purchased."
"I would rate the tool’s pricing a three out of ten. The tool’s pricing is on a yearly basis."
"The licensing cost for IBM Resilient is not too expensive, but it's not affordable, so it's moderately expensive. Regarding price, I'm rating the solution seven out of ten. The company pays for the license yearly, based on the number of users. Apart from the cost of the license you need to pay for each user, you also need to spend an initial investment for the base platform. You also have to pay for IBM Resilient support."
"The cost of the product is quite high."
"It is very expensive."
"Pricing for the solution is good, in my opinion."
"There is a license you need to pay for in order to use this product."
More IBM Resilient pricing and cost advice
"Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
"Sentinel can be expensive. When you ingest data from sources that are outside of the cloud, you're paying a fair amount for that data ingestion. When you're ingesting data sources from within the cloud, depending on what your retention periods are, it's not that expensive."
"Microsoft can enhance the licensing side. I feel there is confusion sometimes... They should have a single license in which we have the opportunity to use the EDR or CASB solution."
"It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
"Microsoft Sentinel is pretty expensive, and they recently announced that they will increase the price of all Microsoft services running in Azure by 11 percent. Luckily, I'm not responsible for the financial side. For one of my clients, the estimated cost is 880,000 euros for one year. There are additional costs for the service agreement."
"Microsoft is costlier. Some organizations may not be able to afford the cost of Sentinel orchestration and the Log Analytics workspace. The transaction hosting cost is also a little bit on the high side, compared to AWS and GCP."
"There are no additional costs other than the initial costs of Sentinel."
"Microsoft Sentinel's pricing is relatively expensive and extremely confusing."
More Microsoft Sentinel pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
See recommendations
787,061 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
18%
Computer Software Company
13%
Government
9%
Manufacturing Company
8%
Computer Software Company
16%
Financial Services Firm
10%
Government
9%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about IBM Resilient?
It is a stable solution...It is a scalable solution.
See all answers
What is your experience regarding pricing and costs for IBM Resilient?
The product is expensive. There is a need to make yearly payments towards the licensing costs attached to the solution. There are no costs except for the support services that our company pays in a...
See all answers
What needs improvement with IBM Resilient?
The configuration area to deal with during the very beginning or initial stages of the product can be the hardest part for users. Dealing with the configuration part in the beginning stages can be ...
See all answers
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
See all answers
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
See all answers
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
See all answers
 

Comparisons

Palo Alto Networks Cortex XSOAR vs IBM Resilient Logo
Palo Alto Networks Cortex XSOAR vs IBM Resilient
Compared 36% of the time
Splunk SOAR vs IBM Resilient Logo
Splunk SOAR vs IBM Resilient
Compared 21% of the time
ServiceNow Security Operations vs IBM Resilient Logo
ServiceNow Security Operations vs IBM Resilient
Compared 11% of the time
IBM Security QRadar vs IBM Resilient Logo
IBM Security QRadar vs IBM Resilient
Compared 8% of the time
IBM Cloud Pak for Security vs IBM Resilient Logo
IBM Cloud Pak for Security vs IBM Resilient
Compared 4% of the time
More IBM Resilient Competitors
AWS Security Hub vs Microsoft Sentinel Logo
AWS Security Hub vs Microsoft Sentinel
Compared 17% of the time
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Compared 12% of the time
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Compared 6% of the time
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
Compared 5% of the time
Microsoft Defender for Cloud vs Microsoft Sentinel Logo
Microsoft Defender for Cloud vs Microsoft Sentinel
Compared 5% of the time
More Microsoft Sentinel Competitors
 

Product Reports

Buyer's Guide
IBM Resilient
June 2024
IBM Resilient reportDownload IBM Resilient product report
Buyer's Guide
Microsoft Sentinel
May 2024
Microsoft Sentinel reportDownload Microsoft Sentinel product report
 

Also Known As

No data available
Azure Sentinel
 

Learn More

Video not available
IBM
Microsoft
 

Overview

The Resilient Incident Response Platform (IRP) is the leading platform for orchestrating and automating incident response processes.

The Resilient IRP quickly and easily integrates with your organization’s existing security and IT investments. It makes security alerts instantly actionable, provides valuable intelligence and incident context, and enables adaptive response to complex cyber threats.

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

 

Sample Customers

Golden Living, Health Equity, USA Funds
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Buyer's Guide
IBM Resilient vs. Microsoft Sentinel
May 2024
Free Report: IBM Resilient vs. Microsoft Sentinel
Find out what your peers are saying about IBM Resilient vs. Microsoft Sentinel and other solutions. Updated: May 2024.
DOWNLOAD NOW
787,061 professionals have used our research since 2012.
See our IBM Resilient vs. Microsoft Sentinel report.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.