• Home
  • DFLabs IncMan SOAR vs. IBM Cloud Pak for Security

DFLabs IncMan SOAR vs IBM Cloud Pak for Security comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo
Microsoft Sentinel
Read 85 Microsoft Sentinel reviews
17,715 views|9,994 comparisons
92% willing to recommend
DFLabs Logo
DFLabs IncMan SOAR
Read 1 DFLabs IncMan SOAR review
258 views|158 comparisons
0% willing to recommend
IBM Logo
IBM Cloud Pak for Security
Read 1 IBM Cloud Pak for Security review
32 views|18 comparisons
0% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
April 2024
Executive Summary

We performed a comparison between DFLabs IncMan SOAR and IBM Cloud Pak for Security based on real PeerSpot user reviews.

Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR).
To learn more, read our detailed Security Orchestration Automation and Response (SOAR) Report (Updated: April 2024).
Download the complete report
769,479 professionals have used our research since 2012.
Featured Review
Hari Shankar
It's a plug-and-play solution, so you can start seeing benefits quickly using the out-of-the-box analytics rules and...
Sentinel has reduced our mean time to resolution, one of our KPIs, by about 30 to 40 percent and enabled us to identify vulnerabilities faster. The... Read more →
Anonymous User
Protects an organization from the threat of a data breach or cyberattack
Anonymous User
Great user-friendly interface; provides many functionalities and many free applications
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system.""One of the most valuable features of Microsoft Sentinel is that it's cloud-based.""The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware.""Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information.""The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage.""Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself.""Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions.""The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."

More Microsoft Sentinel Pros →

"The vendors themselves will actually help with any customizations a client may require"

More DFLabs IncMan SOAR Pros →

"The interface is good and very user-friendly."

More IBM Cloud Pak for Security Pros →

Cons
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work.""Microsoft Sentinel is relatively expensive, and its cost should be improved.""They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome.""Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes.""There is room for improvement in entity behavior and the integration site.""It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more.""The solution could be more user-friendly; some query languages are required to operate it.""We'd like also a better ticketing system, which is older."

More Microsoft Sentinel Cons →

"The support is not 24/7."

More DFLabs IncMan SOAR Cons →

"Lacks sufficient technical support."

More IBM Cloud Pak for Security Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

    Information Not Available
    Information Not Available
    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
    See Recommendations
    769,479 professionals have used our research since 2012.
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Read all 2 answers   →
    Ask a question

    Earn 20 points

    What do you like most about IBM Cloud Pak for Security?
    Top Answer:The interface is good and very user-friendly.
    What is your experience regarding pricing and costs for IBM Cloud Pak for...
    Top Answer:The pricing is reasonable and it's a lot easier to make the calculation than it used to be. Of course the cost increases… more »
    What needs improvement with IBM Cloud Pak for Security?
    Top Answer:Some of our customers would like to have more technical support from the vendor.
    Comparisons
    Also Known As
    Azure Sentinel
    DFLabs IncMan Incident Response
    Learn More
    Microsoft
    DFLabs
    IBM
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    DFLabs' Security Orchestration, Automation and Response (SOAR) platform, IncMan SOAR, is designed for SOCs, CSIRTs and MSSPs to automate, orchestrate and measure security operations and incident response processes and tasks, all from within one single, intuitive platform. By integrating security tools, fusing intelligence, sharing knowledge and implementing seamless workflows, IncMan SOAR enables every security incident to be detected, responded to, and remediated in the fastest possible time frame.

    DFLabs IncMan SOAR is the only Security Orchestration, Automation and Response (SOAR) platform capable of full incident lifecycle automation, that includes built-in, automated threat intelligence gathering, risk assessment, triage and notification, context enrichment, hunting and investigating, threat containment and more. This feature rich, unique and scalable SOAR platform provides context to security incidents, automates actions, orchestrates response to activities, while enabling full reporting and measurement functionality across all stakeholders.

    DFLabs covers the entire spectrum of security orchestration, automation and response components as outlined by Gartner, with a unique combination of features and capabilities, driven through continuous improvement and innovation. IncMan SOAR is the only platform to offer full incident response lifecycle management with machine learning and threat hunting. Acting as a force multiplier, it enables security teams to do more with less, empowering security analysts, while ensuring organizations stay one step ahead of any potential threat.

    Automate. Orchestrate. Measure.

    IncMan SOAR provides three critical functions as an enabler to your security program. Automation and orchestration which in turn enables response, as well as measurement.

    Automate

    Augment analysts by automating common, repetitive and menial tasks driven by machine learning for faster response to all alerts.

    Orchestrate

    Establish repeatable, enforceable, measurable and effective incident response workflows, orchestrating your security tool set into one seamless response process.

    Measure

    Measure, benchmark and optimize security operations and incident response activities and performance from one intuitive and collaborative platform.

    Seamlessly Integrate and Orchestrate Your Tools Together as One.

    Improve efficiencies by enabling your security analysts to access and manage all tools, technologies and processes from one intuitive platform. IncMan SOAR supports hundreds of 3rd party security technologies via QIC, API, CEF, Syslog and Email, with a constantly growing list of certified bidirectional integrations and Open Integration Framework for custom integrations.

    Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

    See IncMan SOAR in Action.

    IBM Cloud Pak for Security is comprised of containerized software pre-integrated with Red Hat OpenShift. The platform connects to your existing security tools – and through the use of open standards – allows you to search for threat indicators across your hybrid, multicloud environment.

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    University of Advancing Technology, Cybersecurity Ventures
    Information Not Available
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Comms Service Provider8%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Financial Services Firm20%
    Energy/Utilities Company15%
    Government11%
    Insurance Company10%
    VISITORS READING REVIEWS
    Government13%
    Retailer13%
    Real Estate/Law Firm10%
    Financial Services Firm9%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    VISITORS READING REVIEWS
    Small Business31%
    Midsize Enterprise15%
    Large Enterprise54%
    VISITORS READING REVIEWS
    Small Business39%
    Midsize Enterprise15%
    Large Enterprise46%
    Buyer's Guide
    Security Orchestration Automation and Response (SOAR)
    April 2024
    Download Free Report
    Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: April 2024.
    DOWNLOAD NOW
    769,479 professionals have used our research since 2012.

    DFLabs IncMan SOAR is ranked 28th in Security Orchestration Automation and Response (SOAR) while IBM Cloud Pak for Security is ranked 21st in Cloud and Data Center Security with 1 review. DFLabs IncMan SOAR is rated 0.0, while IBM Cloud Pak for Security is rated 0.0. The top reviewer of DFLabs IncMan SOAR writes "Protects an organization from the threat of a data breach or cyberattack". On the other hand, the top reviewer of IBM Cloud Pak for Security writes "Great user-friendly interface; provides many functionalities and many free applications ". DFLabs IncMan SOAR is most compared with IBM Resilient and Palo Alto Networks Cortex XSOAR, whereas IBM Cloud Pak for Security is most compared with IBM Security QRadar and IBM Resilient.

    We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.