We performed a comparison between D3 Security and IBM Resilient based on real PeerSpot user reviews.
Find out what your peers are saying about VMware, ServiceNow, IBM and others in Security Incident Response."The product can integrate with any device."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The features that stand out are the detection engine and its integration with multiple data sources."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"It is an out-of-the-box automated integration with our 20 departments. We perform L1 LiveOps automatically through the portal."
"IBM Resilient is scalable."
"The solution is easy to use."
"It is a stable solution...It is a scalable solution."
"It's really simple and has a flexible interface."
"As a whole, the product is stable...Technical support is very good."
"The solution is simple to use and to integrate with IBM QRadar."
"The solution is very easy to use."
"The initial setup of IBM Resilient is not that complex since my company already has a support license that we use internally. In general, the product's deployment phase is not that complex."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"The product can be improved by reducing the cost to use AI machine learning."
"We'd like to see more connectors."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"Reporting needs improvement. MTTR and MTTD metrics aren't directly available in playbooks and require manual effort to achieve."
"IBM Resilient could integrate better with my tools."
"The tool needs to improve its documentation on license scripts."
"The integration could be improved so that it is easy to integrate with other solutions."
"There are shortcomings with IBM Resilient's technical support team that can be considered for improvement in the future."
"The implementation could be a bit simpler."
"This product could be improved with better customization. This product isn't the best on the market like QRadar, but it's actually a good solution. However, some competitors' solutions contain more integration, support, automation, or flexibility."
"Its price needs improvement."
"Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution."
D3 Security is ranked 8th in Security Incident Response with 1 review while IBM Resilient is ranked 4th in Security Incident Response with 17 reviews. D3 Security is rated 8.0, while IBM Resilient is rated 7.6. The top reviewer of D3 Security writes "Offers open API for integrating any available tools without any recurring costs". On the other hand, the top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". D3 Security is most compared with Palo Alto Networks Cortex XSOAR, Fortinet FortiSOAR and Splunk SOAR, whereas IBM Resilient is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, ServiceNow Security Operations, Fortinet FortiSOAR and IBM Security QRadar.
See our list of best Security Incident Response vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.