IBM Resilient vs NetWitness XDR comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo
16,285 views|9,028 comparisons
IBM Logo
2,107 views|1,386 comparisons
NetWitness Logo
228 views|170 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between IBM Resilient and NetWitness XDR based on real PeerSpot user reviews.

Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed IBM Resilient vs. NetWitness XDR Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running.""It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment.""The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases.""The automation feature is valuable.""If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications.""One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service.""The initial setup is very simple and straightforward.""Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"

More Microsoft Sentinel Pros →

"The solution is very easy to use.""IBM Resilient is scalable.""The UBA, User Behavior Analytics, is very good.""The solution is simple to use and to integrate with IBM QRadar.""It's really simple and has a flexible interface.""The product is very good at incident response.""The solution is easy to use.""The initial setup of IBM Resilient is not that complex since my company already has a support license that we use internally. In general, the product's deployment phase is not that complex."

More IBM Resilient Pros →

"RSA NetWitness does market analysis in a more granular form. It gives you full visibility.""This solution allows us to locate the malware in real-time.""It is stable. We have been using it for some time, without any issues.""We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues.""The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good.""It helps our security team respond more accurately when there are threats, then we get less false positives or negatives.""The log correlation is good.""The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."

More NetWitness XDR Pros →

Cons
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules.""There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it.""The AI capabilities must be improved.""For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons.""The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results.""We'd like to see more connectors.""They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome.""Add more out-of-the-box connectors with other SaaS platforms/applications."

More Microsoft Sentinel Cons →

"Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution.""One thing to improve is how it handles data formats, which currently might require scripting for conversion to CSV before uploading.""There are shortcomings with IBM Resilient's technical support team that can be considered for improvement in the future.""IBM Resilient could integrate better with my tools.""The ability to analyze incidents needs to be improved in the solution.""The product must provide more integration with other tools.""The product needs a bit more development.""The integration could be improved so that it is easy to integrate with other solutions."

More IBM Resilient Cons →

"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious.""Threat detection could be better.""The solution lacks a reporting engine.""This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available.""The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution.""The contamination feature could be improved.""We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues.""The initial setup requires a high level of skill."

More NetWitness XDR Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
  • More Microsoft Sentinel Pricing and Cost Advice →

  • "It is very expensive."
  • "There is a license you need to pay for in order to use this product."
  • "The licensing cost for IBM Resilient is not too expensive, but it's not affordable, so it's moderately expensive. Regarding price, I'm rating the solution seven out of ten. The company pays for the license yearly, based on the number of users. Apart from the cost of the license you need to pay for each user, you also need to spend an initial investment for the base platform. You also have to pay for IBM Resilient support."
  • "We could create unlimited users using the license we had purchased."
  • "I would rate the tool’s pricing a three out of ten. The tool’s pricing is on a yearly basis."
  • "Pricing for the solution is good, in my opinion."
  • "The cost of the product is quite high."
  • "I feel it is an expensive product when my company pays annually for renewal, support, and follow-up."
  • More IBM Resilient Pricing and Cost Advice →

  • "With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."
  • "They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
  • "It is highly scalable. It can be bought based on your requirements."
  • "I do not have any opinion on the pricing or licensing of the product."
  • "The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
  • "It is an expensive product."
  • "The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
  • "The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."
  • More NetWitness XDR Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Top Answer:It is a stable solution...It is a scalable solution.
    Top Answer:The product is expensive. There is a need to make yearly payments towards the licensing costs attached to the solution… more »
    Top Answer:The configuration area to deal with during the very beginning or initial stages of the product can be the hardest part… more »
    Top Answer:Technical support is knowledgeable.
    Top Answer:The solution is expensive. I'd rate it at a one or two out of five. They need to adjust it to keep up with the… more »
    Top Answer:I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat… more »
    Comparisons
    Also Known As
    Azure Sentinel
    RSA ECAT, NetWitness Network
    Learn More
    IBM
    Video Not Available
    NetWitness
    Video Not Available
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    The Resilient Incident Response Platform (IRP) is the leading platform for orchestrating and automating incident response processes.

    The Resilient IRP quickly and easily integrates with your organization’s existing security and IT investments. It makes security alerts instantly actionable, provides valuable intelligence and incident context, and enables adaptive response to complex cyber threats.

    Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness XDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Golden Living, Health Equity, USA Funds
    ADP, Ameritas, Partners Healthcare
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Comms Service Provider8%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Comms Service Provider29%
    Financial Services Firm29%
    University14%
    Government14%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company12%
    Government8%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Financial Services Firm16%
    Computer Software Company15%
    Government8%
    Manufacturing Company7%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise60%
    REVIEWERS
    Small Business47%
    Midsize Enterprise12%
    Large Enterprise41%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise15%
    Large Enterprise62%
    REVIEWERS
    Small Business59%
    Midsize Enterprise24%
    Large Enterprise18%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise16%
    Large Enterprise68%
    Buyer's Guide
    IBM Resilient vs. NetWitness XDR
    March 2024
    Find out what your peers are saying about IBM Resilient vs. NetWitness XDR and other solutions. Updated: March 2024.
    765,234 professionals have used our research since 2012.

    IBM Resilient is ranked 6th in Security Orchestration Automation and Response (SOAR) with 17 reviews while NetWitness XDR is ranked 15th in Security Orchestration Automation and Response (SOAR) with 15 reviews. IBM Resilient is rated 7.6, while NetWitness XDR is rated 8.0. The top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". IBM Resilient is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, ServiceNow Security Operations, Fortinet FortiSOAR and IBM Security QRadar, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, Microsoft Defender for Endpoint and SentinelOne Singularity Complete. See our IBM Resilient vs. NetWitness XDR report.

    See our list of best Security Orchestration Automation and Response (SOAR) vendors.

    We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.