What is our primary use case?
IBM Resilient is used primarily for security, particularly cybersecurity in operation centers. My company uses it to monitor the data security-related aspects of the IT infrastructure.
How has it helped my organization?
IBM Resilient is beneficial to my company because it gives endpoint visibility through the system's audited security and data logs. At the same time, you can monitor the communication between the systems at the network and endpoint level through IBM Resilient. Using the data from the solution, you can coordinate security data and activities, and you can audit activities from all angles, from different perspectives.
What is most valuable?
What I like most about IBM Resilient is that it has a complete stack, which means you don't need to use different OEM products because you have all you need under the IBM Resilient umbrella.
You don't need to worry much about integrations and components because you're working with tested and proven architecture.
I also like that IBM Resilient is feature-rich and has undergone a lot of iterations in different types of environments, which means that the solution is one of the most mature SIEMs in the market today.
What needs improvement?
What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products.
In a way, IBM Resilient is an orchestration platform, so it should allow you to orchestrate other OEMs or products from non-IBM vendors. If there were a pre-built function that lets you integrate third-party solutions with IBM Resilient, the initial setup for the solution would become easier and more flexible. Implementing or integrating other platforms with IBM Resilient would also take less time.
After the solution is implemented, that's the time my company can give more recommendations on which features to add to improve IBM Resilient.
For how long have I used the solution?
My experience with IBM Resilient is four years.
What do I think about the scalability of the solution?
Scalability depends on the infrastructure, not IBM Resilient as a product, but my company set up the platform so that it can scale for future requirements.
Scalability-wise, my company has some challenges because of the unavailability of experts or lack of the required expertise, so if scalability is part of the initial implementation challenges, that's a five. Still, if it's more of a product capability, then I'm giving IBM Resilient an eight in terms of how scalable it is.
How are customer service and support?
My company raised some tickets with IBM Resilient technical support, and the team gave good responses. The technical support side is okay, but the support from the business side could be better.
Technical support-wise, my rating for IBM Resilient is eight out of ten.
How would you rate customer service and support?
How was the initial setup?
A SIEM solution has two sides, security information and event management, and in SIEM, implementing the system isn't an issue. However, to get visibility, you must onboard your platforms, so the complexity level for that varies.
Depending on the vendor, a SIEM solution usually has pre-built normalization or passes, but many small customizations will be needed. Onboarding, particularly getting the visibilities, is not a big deal, but you'll face some challenges with the implementation because of the lack of deployment experts. In my part of the world, it's tough to find top-level experts because the experts typically leave and go to other parts of the world. It's a real challenge to retain people in this space. If you're careful and able to manage that challenge, it would be easy to onboard the platforms and implement a SIEM product.
For the SOAR side, the same problem exists, but with a higher level of intensity because SOAR is new to security operations. It's the latest development, so implementing it is a massive challenge because it requires a lot of expertise and experience in different areas of IT operations. SIEM implementation is easier to manage than SOAR implementation.
Implementation would be more straightforward if you have initial awareness or get good training from an experienced team. However, training newbies in the field will be challenging because the newcomers only have product knowledge. Newbies won't know the exact requirements of the IT world or have enough IT experience, so the deployment task should be entrusted to experienced people.
It isn't easy to give a generic or worldwide applicable rating for IBM Resilient because it has a lot of customizations and integrations. Still, based on my experience, I found the initial setup challenging, so it's a five out of ten.
Six months passed, and the implementation for IBM Resilient is still incomplete. It's ongoing, but if you include the time it took to source hardware and other steps, it's more than six months. It's been challenging to gather resources and source hardware because my country is facing a terrible financial crisis. The environment is difficult right now, affecting my rating of IBM Resilient setup-wise, but it's a good product.
What about the implementation team?
My company hired a service partner to implement IBM Resilient, and that service partner works back-to-back with some experts from outside the country. Still, the implementation had some challenges, and it's still ongoing.
What was our ROI?
It's too early to talk about ROI from IBM Resilient, and it's challenging to compute the ROI without first ensuring that my company has the expertise needed for the product to work.
What's my experience with pricing, setup cost, and licensing?
The licensing cost for IBM Resilient is not too expensive, but it's not affordable, so it's moderately expensive. Regarding price, I'm rating the solution seven out of ten.
The company pays for the license yearly, based on the number of users.
Apart from the cost of the license you need to pay for each user, you also need to spend an initial investment for the base platform. You also have to pay for IBM Resilient support.
What other advice do I have?
My company has not provided IBM Resilient to customers, but it proposed the solution to some. Right now, IBM Resilient is being implemented internally for the company.
My company uses the latest product version.
Based on its features and capabilities, my rating for IBM Resilient is a nine out of ten. Overall, as a solution, it's a nine.
IBM Resilient requires enrollment from different teams in operations, implementation, etc., because the process involves more integrations and customizations. In the current environment, forty to fifty engineers enrolled part-time, with ten people full-time, and then another forty contribute from the operations side. I work in Telco, so the IBM Resilient project is enormous and requires a lot of infrastructure. It's been challenging resource-wise and time-wise.
IBM Resilient, or any SOAR product, can be operated as a standalone product. Right now, my company hasn't observed any capacity limitations because it only has a limited number of users. Eventually, the company will add more users to IBM Resilient when it integrates the solution to the ticketing system that handles many people.
My advice to anyone looking into using IBM Resilient is to find good resources to implement the solution, particularly one with experience in general IT, a product of the same type as IBM Resilient, and he should have some scripting and programming experience, mainly because IBM Resilient runs on Python programming. The implementer should have Python programming experience or at least general programming and scripting experience.
My company is an end user of IBM.
Which deployment model are you using for this solution?
On-premises
*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
