IBM Resilient vs ServiceNow Security Operations comparison

Comparison Buyer's Guide

Executive Summary

We performed a comparison between IBM Resilient and ServiceNow Security Operations based on real PeerSpot user reviews.

Find out in this report how the two Security Incident Response solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed IBM Resilient vs. ServiceNow Security Operations Report (Updated: May 2024).

Buyer's Guide

IBM Resilient vs. ServiceNow Security Operations

May 2024

Download the complete report

Helped 787,779 peers since 2012

Categories and Ranking

Microsoft Sentinel

Mindshare comparison

As of June 2024, in the Security Incident Response category, the mindshare of Microsoft Sentinel is 35.0%, up from 22.6% compared to the previous year. The mindshare of IBM Resilient is 20.0%, up from 3.8% compared to the previous year. The mindshare of ServiceNow Security Operations is 25.0%, up from 9.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Incident Response

Unique Categories:

Security Information and Event Management (SIEM)

13.7%

Security Orchestration Automation and Response (SOAR)

20.2%

Risk-Based Vulnerability Management

1.7%

Featured Reviews

reviewer2277912

Integrator, Microsoft Security Advisor at Hitachi Data Systems

Sep 15, 2023

Easy to integrate, offers good documentation, and the setup is simple

All of the features are great. In fact, when they add new features they are always valuable and interesting. There are so many features on offer. I really appreciate that it is very well documented. I also use Defender 365, including Defender for Endpoint. It's easy to integrate with Sentinel. In two clicks we can integrate them together. I have experience with Defender for Cloud. I'm actually getting into the Center for Cloud right now, so I'm just Learning about it. Sentinel enables us to ingest data from our entire ecosystem. It's important to have data visibility for our security operations. Sentinel enables us to investigate the threats and respond from one place. That is very important for operations. We need to be able to easily look and have visibility over what's happening. Sentinel enabled us to automate routine tasks. It helps us automate the handling of trivial tasks related to alerts. With the solution, we no longer have to look at multiple dashboards. I wouldn't say it has completely eliminated looking at different dashboards. As it stands right now, there are two dashboards that we will have to look at. One is Sentinel, and the other one is a ticketing system. Compared to what's being used, it's saved us some time overall. The ease of use and the clear documentation are helpful in that regard. Someone who doesn't know how to use it can easily go in and find out.

Read full review

Jaliya Bandara

SOC Manager at a comms service provider with 5,001-10,000 employees

Jan 26, 2023

It has a complete stack, so you don't need to use different OEM products because you have all you need under one umbrella

What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products. In a way, IBM Resilient is an orchestration platform, so it should allow you to orchestrate other OEMs or products from non-IBM vendors. If there were a pre-built function that lets you integrate third-party solutions with IBM Resilient, the initial setup for the solution would become easier and more flexible. Implementing or integrating other platforms with IBM Resilient would also take less time. After the solution is implemented, that's the time my company can give more recommendations on which features to add to improve IBM Resilient.

Read full review

reviewer1013835

Director Delivery and ServiceNow Practice Lead at a computer software company with 51-200 employees

Jun 1, 2022

Streamlines processes, collects data, and allows you to manage the solution through dashboards

I would rate setup 4 out of 5. It could be simpler. Our implementation plan just depends. We use an agile process and we do iterative development and let people try and see how it works in the organization and then tweak it. That was the approach, on a spectrum of incremental improvement or continuous improvement. The amount of staff needed for deployment and maintenance depends on the scale of what you're rolling out. You could implement it with three people, or you could implement it with a team of five or six. It depends on how you want to support it.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."

"The main benefit is the ease of integration."

"The product can integrate with any device."

"It has basic out-of-the-box integrations with multiple log sources."

"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."

"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."

"It has a lot of great features."

"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."

More Microsoft Sentinel pros

"The solution is very easy to use."

"IBM Resilient is scalable."

"What I like most about IBM Resilient is that it has a complete stack, which means you don't need to use different OEM products because you have all you need under the IBM Resilient umbrella. You don't need to worry much about integrations and components because you're working with tested and proven architecture."

"The most valuable thing about it is how easy it is to navigate the user interface."

"The product is very good at incident response."

"As a whole, the product is stable...Technical support is very good."

"Its flexibility is the most valuable."

"The solution is simple to use and to integrate with IBM QRadar."

More IBM Resilient pros

"It's stable."

"The "follow" feature is really good. If the user is not responding, there's an option to "follow". Just click on the button, and it will automatically trigger an email to the end user."

"The solution is available over the cloud and is easy to manage."

"My favorite feature is the application vulnerability scanner."

"The SOAR module of ServiceNow Security Operations is the most valuable feature"

"The solution is stable."

"The ease of use is great."

"It has helped optimize security costs by consolidating multiple tools into one platform."

More ServiceNow Security Operations pros

Cons

"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."

"The on-prem log sources still require a lot of development."

"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."

"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."

"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."

"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"

"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."

"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."

More Microsoft Sentinel cons

"What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products."

"The product must provide more integration with other tools."

"IBM Resilient could integrate better with my tools."

"Its price needs improvement."

"The ability to analyze incidents needs to be improved in the solution."

"The product needs a bit more development."

"The implementation could be a bit simpler."

"The initial setup is complex."

More IBM Resilient cons

"There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution."

"Process framework and best practices for ease of integration between IT and security teams via incident, problem, and change."

"The product is called SecOps, but it is not security operations in terms of SIEM solutions."

"There is room for improvement in terms of developer support and documentation."

"The threat intelligence module needs a better dashboard."

"The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better."

"Customer awareness and understanding of ServiceNow's SecOps capabilities could be improved."

"It doesn't interact with things very well."

More ServiceNow Security Operations cons

Pricing and Cost Advice

"From a cost perspective, there are some additional charges in addition to the licensing."

"Sentinel's price is comparable to pretty much everything out there. None of it is cheap, but we didn't think we could save money by going a different route. Sentinel was part of our Azure expenditures, so it was easier to add the expense instead of having a completely separate vendor."

"I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."

"I don't know yet because they gave us a 30-day test window for free."

"I have worked with a lot of SIEMs. We are using Sentinel three to four times more than other SIEMs that we have used. Azure Sentinel's only limitation is its price point. Sentinel costs a lot if your ingestion goes up to a certain point."

"Sentinel is pretty competitive. The pricing is at the level of other SIEM solutions."

"The product is costly compared to Splunk."

"Sentinel is expensive relative to other products of the class, so it often isn't affordable for small-scale businesses. However, considering the solution has more extensive capabilities than others, the price is not so high. Pricing is based on GBs of ingested daily data, either by a pay-as-you-go or subscription model."

More Microsoft Sentinel pricing and cost advice

"There are no costs except for the support services that our company pays in addition to the licensing charges attached to the solution."

"There is a license you need to pay for in order to use this product."

"The licensing cost for IBM Resilient is not too expensive, but it's not affordable, so it's moderately expensive. Regarding price, I'm rating the solution seven out of ten. The company pays for the license yearly, based on the number of users. Apart from the cost of the license you need to pay for each user, you also need to spend an initial investment for the base platform. You also have to pay for IBM Resilient support."

"Pricing for the solution is good, in my opinion."

"The cost of the product is quite high."

"I would rate the tool’s pricing a three out of ten. The tool’s pricing is on a yearly basis."

"I feel it is an expensive product when my company pays annually for renewal, support, and follow-up."

"We could create unlimited users using the license we had purchased."

More IBM Resilient pricing and cost advice

"Compared to competitor tools, ServiceNow Security Operations is more affordable"

"The solution is more expensive than BMC Remedy, the other ITSM tool available in the market."

"This product is a good value for the money."

"It is an expensive product."

"If you're going to implement it on your own, there would be internal costs. If you're going to implement it through a contractor or consultant, you have to pay for that."

See which vendors are best for you

Use our free recommendation engine to learn which Security Incident Response solutions are best for your needs.

See recommendations

787,779 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

10%

Government

Manufacturing Company

Financial Services Firm

18%

Computer Software Company

13%

Government

Manufacturing Company

Financial Services Firm

20%

Computer Software Company

12%

Government

10%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?

Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel an...

See all answers

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingest...

See all answers

Which is better - Azure Sentinel or AWS Security Hub?

We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...

See all answers

What do you like most about IBM Resilient?

It is a stable solution...It is a scalable solution.

See all answers

What is your experience regarding pricing and costs for IBM Resilient?

The product is expensive. There is a need to make yearly payments towards the licensing costs attached to the solutio...

See all answers

What needs improvement with IBM Resilient?

The configuration area to deal with during the very beginning or initial stages of the product can be the hardest par...

See all answers

What do you like most about ServiceNow Security Operations?

The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product.

See all answers

What is your experience regarding pricing and costs for ServiceNow Security Operations?

I'm not aware of the pricing. I don't handle licensing.

See all answers

What needs improvement with ServiceNow Security Operations?

There is room for improvement in terms of developer support and documentation. While they offer some assistance, a mo...

See all answers

Comparisons

AWS Security Hub vs Microsoft Sentinel

Compared 17% of the time

IBM Security QRadar vs Microsoft Sentinel

Compared 12% of the time

Wazuh vs Microsoft Sentinel

Compared 6% of the time

Splunk Enterprise Security vs Microsoft Sentinel

Compared 5% of the time

More Microsoft Sentinel Competitors

Palo Alto Networks Cortex XSOAR vs IBM Resilient

Compared 36% of the time

Splunk SOAR vs IBM Resilient

Compared 21% of the time

IBM Security QRadar vs IBM Resilient

Compared 9% of the time

Fortinet FortiSOAR vs IBM Resilient

Compared 7% of the time

IBM Cloud Pak for Security vs IBM Resilient

Compared 3% of the time

More IBM Resilient Competitors

Palo Alto Networks Cortex XSOAR vs ServiceNow Security Operations

Compared 25% of the time

Splunk SOAR vs ServiceNow Security Operations

Compared 21% of the time

Swimlane vs ServiceNow Security Operations

Compared 6% of the time

Fortinet FortiSOAR vs ServiceNow Security Operations

Compared 5% of the time

ThreatConnect Threat Intelligence Platform (TIP) vs ServiceNow Security Operations

Compared 3% of the time

More ServiceNow Security Operations Competitors

Product Reports

Buyer's Guide

Microsoft Sentinel

June 2024

Download Microsoft Sentinel product report

Buyer's Guide

IBM Resilient

June 2024

Download IBM Resilient product report

Buyer's Guide

ServiceNow Security Operations

May 2024

Download ServiceNow Security Operations product report

Also Known As

Azure Sentinel

No data available

Learn More

Microsoft

Video not available

IBM

Video not available

ServiceNow

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

The Resilient Incident Response Platform (IRP) is the leading platform for orchestrating and automating incident response processes.

The Resilient IRP quickly and easily integrates with your organization’s existing security and IT investments. It makes security alerts instantly actionable, provides valuable intelligence and incident context, and enables adaptive response to complex cyber threats.

ServiceNow Security Operations is a cutting-edge security solution designed to elevate organizations' security incident response (SIR) processes through automation and orchestration. Going beyond traditional SOAR, this comprehensive Security Operations Suite integrates seamlessly with other ServiceNow products and offers a wide array of features. Its components include Security Incident Response (SIR), which automates incident workflows and offers pre-built playbooks; Security Configuration Compliance (SCC), continuously scanning and automating compliance tasks; Vulnerability Response (VR), prioritizing and remediating vulnerabilities; Threat Intelligence (TI), aggregating threat data for proactive threat hunting; and additional features like IT Service Management integration, Machine Learning and AI, reporting, and a mobile app. The benefits span improved incident response speed, reduced mean time to resolution, increased security posture, enhanced compliance, collaborative synergy between security and IT teams, and operational cost reductions.

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.

Golden Living, Health Equity, USA Funds

DXC Technology, Freedom Security Alliance, Prime Therapeutics, Seton Hall University, York Risk Services

Buyer's Guide

IBM Resilient vs. ServiceNow Security Operations

May 2024

Free Report: IBM Resilient vs. ServiceNow Security Operations

Find out what your peers are saying about IBM Resilient vs. ServiceNow Security Operations and other solutions. Updated: May 2024.

DOWNLOAD NOW

787,779 professionals have used our research since 2012.

See our IBM Resilient vs. ServiceNow Security Operations report.

See our list of best Security Incident Response vendors and best Security Orchestration Automation and Response (SOAR) vendors.

We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.