We performed a comparison between D3 Security, ServiceNow Security Operations, and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about VMware, ServiceNow, IBM and others in Security Incident Response."It is an out-of-the-box automated integration with our 20 departments. We perform L1 LiveOps automatically through the portal."
"What I found most valuable in ServiceNow Security Operations is that it's very useful for any incoming vulnerability. For example, if my team finds any vulnerability on servers such as the CA and CMDB integrated with ServiceNow Security Operations, my team can make some changes. My team can map the vulnerabilities found on the CA server, make the changes required, and resolve the vulnerabilities before the system is attacked. You can avoid vulnerability attacks through ServiceNow Security Operations, so this is the best feature of the solution. ServiceNow Security Operations is beneficial mainly for vulnerability response and engagement purposes."
"My favorite feature is the application vulnerability scanner."
"Integration to other security tools allows for a consolidated view of all vulnerabilities, incidents, etc. for all sorts of leverage in a single platform to assess governance risk and compliance as well as an enhanced, enriched intelligence."
"The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product."
"Reduces time to closure and closure metrics for vulnerabilities."
"The "follow" feature is really good. If the user is not responding, there's an option to "follow". Just click on the button, and it will automatically trigger an email to the end user."
"It's stable."
"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."
"They're highly stable in comparison with other solutions I have."
"Setting up and managing the setup for this solution is okay. It is stable, scalable, and it runs just fine. No issues with technical support."
"The most valuable features are the threat-hunting and the batch console."
"The detection response and quarantining are very good features."
"The ability to quickly isolate a system from the network, while still being able to perform some forensics and mitigation work remotely, was of great value to us since we had many mobile and distributed systems."
"We also took full advantage of its incident response reporting capabilities to act as a “black box” for our infrastructure around strings of suspicious activity. The reporting and incident response capabilities were incredibly helpful during active security concerns."
"Threat hunting is the most valuable feature of VMware Carbon Black Cloud."
"The most valuable feature is its ability to seek out abnormal activity and to create alerts."
"Reporting needs improvement. MTTR and MTTD metrics aren't directly available in playbooks and require manual effort to achieve."
"They should stick to the roadmap and continue to build plugins and integrations with other third parties, enhance the UI, and enhance the reporting. It's all good. They should just continue enhancing the releases."
"The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better."
"The initial setup is difficult."
"The threat intelligence module needs a better dashboard."
"We'd like customization to be easier in terms of the UI and using the dashboards."
"In future releases, I would like to add a follow-up and reminder feature. For the tickets in our queue, we could set reminders. This would help us prioritize older tickets before moving on to new ones."
"It's very slow. When you click a button or update a field, it takes forever to actually react."
"It is challenging for the customers to understand the processes for SecOps. It needs to be simplified."
"It's not simple."
"The dashboard should be more user-friendly."
"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."
"The solution can only handle about 500 bans or blocks."
"The cloud console has a lot of bugs and issues in the analysis part."
"It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another."
"Training and education for both partner and customer, including product marketing need to be improved."
"The solution's support could be improved."
More ServiceNow Security Operations Pricing and Cost Advice →