We performed a comparison between IBM Resilient and NetWitness XDR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The automation feature is valuable."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The initial setup is very simple and straightforward."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The solution is very easy to use."
"IBM Resilient is scalable."
"The UBA, User Behavior Analytics, is very good."
"The solution is simple to use and to integrate with IBM QRadar."
"It's really simple and has a flexible interface."
"The product is very good at incident response."
"The solution is easy to use."
"The initial setup of IBM Resilient is not that complex since my company already has a support license that we use internally. In general, the product's deployment phase is not that complex."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"This solution allows us to locate the malware in real-time."
"It is stable. We have been using it for some time, without any issues."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"The log correlation is good."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"The AI capabilities must be improved."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"We'd like to see more connectors."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution."
"One thing to improve is how it handles data formats, which currently might require scripting for conversion to CSV before uploading."
"There are shortcomings with IBM Resilient's technical support team that can be considered for improvement in the future."
"IBM Resilient could integrate better with my tools."
"The ability to analyze incidents needs to be improved in the solution."
"The product must provide more integration with other tools."
"The product needs a bit more development."
"The integration could be improved so that it is easy to integrate with other solutions."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"Threat detection could be better."
"The solution lacks a reporting engine."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"The contamination feature could be improved."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"The initial setup requires a high level of skill."
IBM Resilient is ranked 6th in Security Orchestration Automation and Response (SOAR) with 17 reviews while NetWitness XDR is ranked 15th in Security Orchestration Automation and Response (SOAR) with 15 reviews. IBM Resilient is rated 7.6, while NetWitness XDR is rated 8.0. The top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". IBM Resilient is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, ServiceNow Security Operations, Fortinet FortiSOAR and IBM Security QRadar, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, Microsoft Defender for Endpoint and SentinelOne Singularity Complete. See our IBM Resilient vs. NetWitness XDR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.