IBM Resilient vs ThreatConnect Threat Intelligence Platform (TIP) comparison

Comparison Buyer's Guide

Executive Summary

We performed a comparison between IBM Resilient and ThreatConnect Threat Intelligence Platform (TIP) based on real PeerSpot user reviews.

Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed IBM Resilient vs. ThreatConnect Threat Intelligence Platform (TIP) Report (Updated: May 2024).

Buyer's Guide

IBM Resilient vs. ThreatConnect Threat Intelligence Platform (TIP)

May 2024

Download the complete report

Helped 787,817 peers since 2012

Categories and Ranking

Microsoft Sentinel

Mindshare comparison

As of June 2024, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Microsoft Sentinel is 20.2%, up from 17.6% compared to the previous year. The mindshare of IBM Resilient is 2.1%, down from 3.0% compared to the previous year. The mindshare of ThreatConnect Threat Intelligence Platform (TIP) is 3.0%, up from 2.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Orchestration Automation and Response (SOAR)

Unique Categories:

Security Information and Event Management (SIEM)

13.7%

Microsoft Security Suite

5.3%

Security Incident Response

20.0%

Threat Intelligence Platforms

6.1%

Featured Reviews

reviewer2017212

Security Engineer at Zensar

Nov 9, 2022

The solution prioritizes threats, integrates easily with other Microsoft products, and can be deployed within half an hour

The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook. The cost is not straightforward and would benefit from a single charge model. The UI is not impressive, we need to train our analysts to conduct the investigation. Unlike IBM QRadar which has a different UI for searching, there is no UI where we can conduct searches with Sentinel. With Sentinel, all our searches require a KQL query, and if our analysts are not familiar with KQL queries, we have to train them. The data ingestion can use improvement. There are a few scenarios where we have experienced a delay in data ingestion.

Read full review

Jaliya Bandara

SOC Manager at a comms service provider with 5,001-10,000 employees

Jan 26, 2023

It has a complete stack, so you don't need to use different OEM products because you have all you need under one umbrella

What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products. In a way, IBM Resilient is an orchestration platform, so it should allow you to orchestrate other OEMs or products from non-IBM vendors. If there were a pre-built function that lets you integrate third-party solutions with IBM Resilient, the initial setup for the solution would become easier and more flexible. Implementing or integrating other platforms with IBM Resilient would also take less time. After the solution is implemented, that's the time my company can give more recommendations on which features to add to improve IBM Resilient.

Read full review

Sai-Charan

Information Technology Security Specialist at LTIMindtree

Nov 27, 2023

The tool could be integrated into any environment, but it was expensive, and the deployment process was complex

The solution was used for publishing artefacts and threat intel data. We gathered data from the internet and uploaded it to the platform. It was integrated into every aspect of our cybersecurity network, like endpoints, SOC management, patch management, and vulnerability management tools TIP and…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."

"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."

"The UI of Sentinel is very good and easy to use, even for beginners."

"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."

"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."

"Free ingestion for Azure logs (with E5 licence)"

"The solution offers a lot of data on events. It helps us create specific detection strategies."

"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."

More Microsoft Sentinel pros

"IBM Resilient is scalable."

"Its flexibility is the most valuable."

"The product is very good at incident response."

"The most valuable features of IBM Resilient are its flexibility and customization options for incident response."

"It's really simple and has a flexible interface."

"The initial setup of IBM Resilient is not that complex since my company already has a support license that we use internally. In general, the product's deployment phase is not that complex."

"The solution is very easy to use."

"As a whole, the product is stable...Technical support is very good."

More IBM Resilient pros

"The most valuable features are ease of use and the ability to customize it."

"The product automatically generated a threat score based on the maliciousness of an IP."

"The tool's installation, integration, and playbooks are very straightforward."

"It's a solid platform and is stable enough. It is not complicated and is easy to use."

"ThreatConnect has a highly user-friendly interface."

Cons

"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."

"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."

"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."

"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."

"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."

"The on-prem log sources still require a lot of development."

"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."

"We are invoiced according to the amount of data generated within each log."

More Microsoft Sentinel cons

"The tool needs to improve its documentation on license scripts."

"The response time of the support is an area of concern where improvements are required."

"The product needs a bit more development."

"The initial setup is complex."

"The ability to analyze incidents needs to be improved in the solution."

"The product must provide more integration with other tools."

"There are shortcomings with IBM Resilient's technical support team that can be considered for improvement in the future."

"Its price needs improvement."

More IBM Resilient cons

"It would be good to have more feeds and more integrated sources for enrichment."

"Support is an area with which nobody is ever fully satisfied, so it can be improved."

"Integration is an area that could use some improvement."

"I couldn’t get any training videos online when I was working with the tool."

"They should make it a little bit easier to generate events and share them with the community"

Pricing and Cost Advice

"From a cost perspective, Microsoft Sentinel is quite costly."

"No license is required to make use of Sentinel, but you need to buy products to get the data. In general, the price of those products is comparable to similar products."

"Sentinel is a pay-as-you-go solution. To use it, you need a Log Analytics workspace. This is where the logs are stored and the cost of Log Analytics is based on gigabytes... On top of that, there is the cost of Sentinel, which is about €2 per gigabyte. If a customer has an M365 E5 license, the logs that come from Microsoft Defender are free."

"I'm not happy with the pricing on the integration with Defender for Endpoint. Defender for Endpoint is log-rich. There is a lot of information coming through, and it is needed information. The price point at which you ingest those logs has made a lot of my customers make the decision to leave that within the Defender stack."

"The pricing is based on how much you ingest, so it's pretty straightforward. There are no tiers, and you pay for what you use unlike with other types of SIEM solutions that are usually based on tiers."

"Microsoft Sentinel is expensive."

"Sentinel can be expensive. When you ingest data from sources that are outside of the cloud, you're paying a fair amount for that data ingestion. When you're ingesting data sources from within the cloud, depending on what your retention periods are, it's not that expensive."

"Some of the licensing models can be a little bit difficult to understand and confusing at times, but overall it's a reasonable licensing model compared to some other SIEMs that charge you a lot per data."

More Microsoft Sentinel pricing and cost advice

"We could create unlimited users using the license we had purchased."

"The cost of the product is quite high."

"There are no costs except for the support services that our company pays in addition to the licensing charges attached to the solution."

"It is very expensive."

"I would rate the tool’s pricing a three out of ten. The tool’s pricing is on a yearly basis."

"The licensing cost for IBM Resilient is not too expensive, but it's not affordable, so it's moderately expensive. Regarding price, I'm rating the solution seven out of ten. The company pays for the license yearly, based on the number of users. Apart from the cost of the license you need to pay for each user, you also need to spend an initial investment for the base platform. You also have to pay for IBM Resilient support."

"There is a license you need to pay for in order to use this product."

"I feel it is an expensive product when my company pays annually for renewal, support, and follow-up."

More IBM Resilient pricing and cost advice

"The price could be better."

"I rate the product price as six on a scale of one to ten, where one is extremely expensive, and ten means it is cheap."

"The tool is expensive."

"The price of this product is in the mid-range, not too expensive, nor inexpensive."

See which vendors are best for you

Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.

See recommendations

787,817 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

10%

Government

Manufacturing Company

Financial Services Firm

18%

Computer Software Company

13%

Government

Manufacturing Company

Computer Software Company

16%

Financial Services Firm

15%

Government

11%

Manufacturing Company

10%

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?

Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel an...

See all answers

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingest...

See all answers

Which is better - Azure Sentinel or AWS Security Hub?

We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...

See all answers

What do you like most about IBM Resilient?

It is a stable solution...It is a scalable solution.

See all answers

What is your experience regarding pricing and costs for IBM Resilient?

The product is expensive. There is a need to make yearly payments towards the licensing costs attached to the solutio...

See all answers

What needs improvement with IBM Resilient?

The configuration area to deal with during the very beginning or initial stages of the product can be the hardest par...

See all answers

What do you like most about ThreatConnect Threat Intelligence Platform (TIP)?

The product automatically generated a threat score based on the maliciousness of an IP.

See all answers

What is your experience regarding pricing and costs for ThreatConnect Threat Intelligence Platform (TIP)?

The tool is expensive. It is worth the money, though.

See all answers

What needs improvement with ThreatConnect Threat Intelligence Platform (TIP)?

The building of playbooks could be more refined. The training is not openly available. I couldn’t get any training vi...

See all answers

Comparisons

AWS Security Hub vs Microsoft Sentinel

Compared 17% of the time

IBM Security QRadar vs Microsoft Sentinel

Compared 12% of the time

Wazuh vs Microsoft Sentinel

Compared 6% of the time

Splunk Enterprise Security vs Microsoft Sentinel

Compared 5% of the time

Elastic Security vs Microsoft Sentinel

Compared 5% of the time

More Microsoft Sentinel Competitors

Palo Alto Networks Cortex XSOAR vs IBM Resilient

Compared 36% of the time

Splunk SOAR vs IBM Resilient

Compared 21% of the time

ServiceNow Security Operations vs IBM Resilient

Compared 12% of the time

IBM Security QRadar vs IBM Resilient

Compared 9% of the time

DFLabs IncMan SOAR vs IBM Resilient

Compared 2% of the time

More IBM Resilient Competitors

Anomali ThreatStream vs ThreatConnect Threat Intelligence Platform (TIP)

Compared 17% of the time

Recorded Future vs ThreatConnect Threat Intelligence Platform (TIP)

Compared 16% of the time

ThreatQ vs ThreatConnect Threat Intelligence Platform (TIP)

Compared 10% of the time

Palo Alto Networks Cortex XSOAR vs ThreatConnect Threat Intelligence Platform (TIP)

Compared 9% of the time

Anomali Match vs ThreatConnect Threat Intelligence Platform (TIP)

Compared 6% of the time

More ThreatConnect Threat Intelligence Platform (TIP) Competitors

Product Reports

Buyer's Guide

Microsoft Sentinel

June 2024

Download Microsoft Sentinel product report

Buyer's Guide

IBM Resilient

June 2024

Download IBM Resilient product report

Buyer's Guide

Threat Intelligence Platforms

June 2024

ThreatConnect Threat Intelligence Platform (TIP) report

Download ThreatConnect Threat Intelligence Platform (TIP) product report

Also Known As

Azure Sentinel

No data available

Learn More

Microsoft

Video not available

IBM

Video not available

ThreatConnect

Interactive Demo

Demo not available

Microsoft

Demo not available

IBM

ThreatConnect

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

The Resilient Incident Response Platform (IRP) is the leading platform for orchestrating and automating incident response processes.

The Resilient IRP quickly and easily integrates with your organization’s existing security and IT investments. It makes security alerts instantly actionable, provides valuable intelligence and incident context, and enables adaptive response to complex cyber threats.

The ThreatConnect Threat Intelligence Operations (TIOps) Platform lets organizations operationalize and evolve their cyber threat intel program, enabling cybersecurity operations teams to measurably improve their organization’s resilience to attacks. The TIOps Platform enhances collaboration across teams to drive proactive threat defense, and improve threat detection and response. The AI- and automation-powered TI Ops Platform enables analysts to perform all their work effectively and efficiently in a single, unified platform, allowing threat intel to be aggregated, analyzed, prioritized, and actioned against the most relevant threats.

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.

Golden Living, Health Equity, USA Funds

Oracle, IBM, General Dynamics, Scotiabank, Sony, Athena Health, Berkshire Hathaway Energy, Workday, TikTok

Buyer's Guide

IBM Resilient vs. ThreatConnect Threat Intelligence Platform (TIP)

May 2024

Free Report: IBM Resilient vs. ThreatConnect Threat Intelligence Platform (TIP)

Find out what your peers are saying about IBM Resilient vs. ThreatConnect Threat Intelligence Platform (TIP) and other solutions. Updated: May 2024.

DOWNLOAD NOW

787,817 professionals have used our research since 2012.

See our IBM Resilient vs. ThreatConnect Threat Intelligence Platform (TIP) report.

See our list of best Security Orchestration Automation and Response (SOAR) vendors.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.