We performed a comparison between Galvanize IncidentBond, ServiceNow Security Operations, and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about VMware, ServiceNow, IBM and others in Security Incident Response."The customization and the transparency of data while still maintaining a mostly user-friendly UI, are key features. It allows for me, as an engineer, to evolve the individual components and modules, and to create a much more meaningful picture than the individual pieces in isolation ever could."
"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."
"The solution is stable."
"What I found most valuable in ServiceNow Security Operations is that it's very useful for any incoming vulnerability. For example, if my team finds any vulnerability on servers such as the CA and CMDB integrated with ServiceNow Security Operations, my team can make some changes. My team can map the vulnerabilities found on the CA server, make the changes required, and resolve the vulnerabilities before the system is attacked. You can avoid vulnerability attacks through ServiceNow Security Operations, so this is the best feature of the solution. ServiceNow Security Operations is beneficial mainly for vulnerability response and engagement purposes."
"My favorite feature is the application vulnerability scanner."
"The "follow" feature is really good. If the user is not responding, there's an option to "follow". Just click on the button, and it will automatically trigger an email to the end user."
"It's stable."
"ServiceNow Security Operations also takes care of GRC, governance, risk and compliance, enabling it to provide risk assessment."
"Reduces time to closure and closure metrics for vulnerabilities."
"The most valuable feature is its ability to seek out abnormal activity and to create alerts."
"The ability to isolate an endpoint with only the host name and a click of a button is a major time saver."
"Carbon Black insures the probability that any ransomware will be stopped before spreading."
"We are able to remotely isolate exploited endpoints in seconds and perform a live deep dive of any endpoint into its running processes (as necessary) without the need for extra scripts."
"Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption."
"We also took full advantage of its incident response reporting capabilities to act as a “black box” for our infrastructure around strings of suspicious activity. The reporting and incident response capabilities were incredibly helpful during active security concerns."
"They're highly stable in comparison with other solutions I have."
"Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread."
"Stable – Release – Experimental" system with their releases, and all the proper checks and balances, I’d be an incredibly happy individual. I can appreciate the cause and affect, wherein the customization of the tool drives rapid release schedules, and the paradox that creates with the idea of stable releases. I’d also like more transparency about known bugs and issues."
"It doesn't interact with things very well."
"It's very slow. When you click a button or update a field, it takes forever to actually react."
"The initial setup is difficult."
"An area for improvement I observed in ServiceNow Security Operations is the need to maintain correct CMDB data because if you're unable to do this, you can't perfectly maintain the vulnerability data. CMDB data in ServiceNow Security Operations needs to be accurate. As I've been working on ServiceNow Security Operations for only seven months, I still need more time to try all its modules before I can give recommendations regarding additional features I'd like to see in the solution."
"It is challenging for the customers to understand the processes for SecOps. It needs to be simplified."
"Process framework and best practices for ease of integration between IT and security teams via incident, problem, and change."
"The threat intelligence module needs a better dashboard."
"The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better."
"They have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents"
"One area for improvement is the maturity of its vulnerability features."
"It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another."
"The solution needs to simplify the process of adding custom watchlists, as well as embrace YARA for rule creation."
"The cloud console has a lot of bugs and issues in the analysis part."
"There have been some performance issues when deploying on Windows Server, but I believe Carbon Black is working on that."
"The dashboard should be more user-friendly."
"Additionally, it is complex to use, and the pricing should be improved."
More ServiceNow Security Operations Pricing and Cost Advice →
Earn 20 points