Try our new research platform with insights from 80,000+ expert users

IBM Resilient vs ServiceNow Security Operations vs VMware Carbon Black Cloud comparison

IBM and ServiceNow are both solutions in the Security Incident Response category. IBM is ranked #4 with an average rating of 7.0, while ServiceNow is ranked #1 with an average rating of 8.1. IBM holds a 7.2% mindshare in IRP, compared to ServiceNow’s 7.5% mindshare. Additionally, 75% of IBM users are willing to recommend the solution, compared to 95% of ServiceNow users who would recommend it.
IBM Resilient
Read 18 IBM Resilient reviews
  • 1,451 Views
  • 377 Comparison Views
75% willing to recommend
ServiceNow Security Operations
Read 22 ServiceNow Security Operations reviews
  • 2,477 Views
  • 396 Comparison Views
95% willing to recommend
VMware Carbon Black Cloud
Read 19 VMware Carbon Black Cloud reviews
  • 1,166 Views
  • 303 Comparison Views
93% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between IBM Resilient, ServiceNow Security Operations, and VMware Carbon Black Cloud based on real PeerSpot user reviews.

Find out what your peers are saying about ServiceNow, Proofpoint, Trellix and others in Security Incident Response.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Security Incident Response Report (Updated: January 2026).
Buyer's Guide
Security Incident Response
January 2026
Download the complete report
Helped 881,757 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Mindshare comparison

As of February 2026, in the Security Incident Response category, the mindshare of IBM Resilient is 7.2%, down from 11.3% compared to the previous year. The mindshare of ServiceNow Security Operations is 7.5%, down from 19.4% compared to the previous year. The mindshare of VMware Carbon Black Cloud is 7.5%, up from 7.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Incident Response Market Share Distribution
ProductMarket Share (%)
ServiceNow Security Operations7.5%
IBM Resilient7.2%
VMware Carbon Black Cloud7.5%
Other77.8%
Security Incident Response
 

Featured Reviews

Usman Bhatti - PeerSpot reviewer
Usman Bhatti
Senior Officer Security Operations Center at a financial services firm with 10,001+ employees
Simple deployment, scalable, but lacking third-party solution compatibility
Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution. It's worth noting that many third-party add-on applications needed to be purchased separately to integrate with IBM Resilient. While there were built-in applications available for incident remediation, the selection was limited. Additionally, integrating third-party applications was often a difficult and time-consuming process due to the technical complexity involved.
Read full review
KK
Kalyan Kothali
Associate Vice President at Wissen infotech
Effectively manages vulnerabilities and reduces false positives
ServiceNow Security Operations provides significant control over vulnerabilities, allowing users to mark false alarms as false positives and ignore them, which is important because many vulnerabilities are not real but appear as such. There are many aspects that we could handle. For certain vulnerabilities, remediation requires spending extra on hardware or OS upgrades, or purchasing new versions, which implies a cost. For that reason, we can take an exception for a couple of months or days, and once that exception expires, that vulnerability automatically reappears. These features help us ensure that everything is under control, and when we discuss vulnerabilities, we can consolidate them into one central category, which means working on one vulnerability automatically resolves the rest, making it efficient with the features provided.
Read full review
reviewer2771742 - PeerSpot reviewer
reviewer2771742
Sec consultant at a tech services company with 5,001-10,000 employees
Has supported consistent deployment across departments but needs better OS compatibility and detection performance
I am not really looking for a new solution, actually, I was preparing for an interview and wanted to have a comparison between both tools. I have not worked with any of these products before, but we had a training demonstration yesterday with Dynatrace, and I have investigated the Wiz solution better. In terms of experience, it will be my first time with CDR. I am working with something for EDR, specifically, we have an EDR, it's VMware Carbon Black Cloud. They have a hybrid environment, both on-prem and cloud. I would usually recommend this product for big companies, because it's not cheap, so only big companies would I expect to pay for that. The review rating for VMware Carbon Black Cloud is 6 out of 10.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The product is very good at incident response."
"The solution is easy to use."
"As a whole, the product is stable...Technical support is very good."
"It is a stable solution...It is a scalable solution."
"It's really simple and has a flexible interface."
"The most valuable thing about it is how easy it is to navigate the user interface."
"What I like most about IBM Resilient is that it has a complete stack, which means you don't need to use different OEM products because you have all you need under the IBM Resilient umbrella. You don't need to worry much about integrations and components because you're working with tested and proven architecture."
"The most valuable features of IBM Resilient are its flexibility and customization options for incident response."
More IBM Resilient pros
"It gives you the ability to bring data into the system. The workflows are out of the box, and it gives you the ability to auto-assign the incidents based on criteria and vulnerabilities."
"The solution is stable."
"ServiceNow is a convenient platform to raise tickets, and the respective support team will contact us to resolve any issues."
"My favorite feature is the application vulnerability scanner."
"The solution is available over the cloud and is easy to manage."
"ServiceNow Security Operations provides significant control over vulnerabilities, allowing users to mark false alarms as false positives and ignore them, which is important because many vulnerabilities are not real but appear as such."
"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."
"Reduces time to closure and closure metrics for vulnerabilities."
More ServiceNow Security Operations pros
"VMware Carbon Black Cloud is a user-friendly solution that can isolate machines from the rest of the network."
"The most valuable features are its lightweight design, ensuring minimal impact on end-users, and its real-time protection."
"Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption."
"I would usually recommend this product for big companies, because it's not cheap, so only big companies would I expect to pay for that."
"Setting up and managing the setup for this solution is okay. It is stable, scalable, and it runs just fine. No issues with technical support."
"The most valuable feature of VMware Carbon Black Cloud is the possibility of securing any PC worldwide."
"It is nice when you're in a situation where you think someone's device is compromised and that there's some malware getting into your fleet."
"​The ability to isolate an endpoint with only the host name and a click of a button is a major time saver."
More VMware Carbon Black Cloud pros
 

Cons

"IBM Resilient is quite complex, including its configuration."
"The tool needs to improve its documentation on license scripts."
"It is not very straightforward to set up custom integrations, especially with services like Azure. You need an additional server for integration."
"IBM Resilient could integrate better with my tools."
"The ability to analyze incidents needs to be improved in the solution."
"Integration with some devices, including Cisco PowerPower and certain antivirus products, has limitations."
"The response time of the support is an area of concern where improvements are required."
"One thing to improve is how it handles data formats, which currently might require scripting for conversion to CSV before uploading."
More IBM Resilient cons
"They should stick to the roadmap and continue to build plugins and integrations with other third parties, enhance the UI, and enhance the reporting. It's all good. They should just continue enhancing the releases."
"The product is called SecOps, but it is not security operations in terms of SIEM solutions."
"The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better."
"The dashboard and playbook creation will need to improve"
"It doesn't interact with things very well."
"Report generation within ServiceNow can take some time. Additionally, there are occasional issues when raising a ticket, which can also consume time."
"There is room for improvement in terms of developer support and documentation."
"An area for improvement I observed in ServiceNow Security Operations is the need to maintain correct CMDB data because if you're unable to do this, you can't perfectly maintain the vulnerability data. CMDB data in ServiceNow Security Operations needs to be accurate. As I've been working on ServiceNow Security Operations for only seven months, I still need more time to try all its modules before I can give recommendations regarding additional features I'd like to see in the solution."
More ServiceNow Security Operations cons
"Additionally, it is complex to use, and the pricing should be improved."
"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."
"It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another."
"They have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents"
"The cloud console has a lot of bugs and issues in the analysis part."
"The solution needs to simplify the process of adding custom watchlists, as well as embrace YARA for rule creation."
"Technical support for the solution should be improved because there is a scarcity of support teams in the Middle East."
"The support team of Carbon Black CB Response needs improvement. At present, they need a lot of information. Then they give you an answer that they already gave you. You tell them it didn't work, and then they take a long time."
More VMware Carbon Black Cloud cons
 

Pricing and Cost Advice

"There are no costs except for the support services that our company pays in addition to the licensing charges attached to the solution."
"There is a license you need to pay for in order to use this product."
"It is very expensive."
"I would rate the tool’s pricing a three out of ten. The tool’s pricing is on a yearly basis."
"Pricing for the solution is good, in my opinion."
"The licensing cost for IBM Resilient is not too expensive, but it's not affordable, so it's moderately expensive. Regarding price, I'm rating the solution seven out of ten. The company pays for the license yearly, based on the number of users. Apart from the cost of the license you need to pay for each user, you also need to spend an initial investment for the base platform. You also have to pay for IBM Resilient support."
"I feel it is an expensive product when my company pays annually for renewal, support, and follow-up."
"We could create unlimited users using the license we had purchased."
More IBM Resilient pricing and cost advice
"If you're going to implement it on your own, there would be internal costs. If you're going to implement it through a contractor or consultant, you have to pay for that."
"This product is a good value for the money."
"The solution is more expensive than BMC Remedy, the other ITSM tool available in the market."
"Compared to competitor tools, ServiceNow Security Operations is more affordable"
"It is an expensive product."
"The product is more expensive than other solutions."
"The solution is very inexpensive so there is great cost savings to using it."
"Purchase Professional Services up front as part of the implementation package, then renew hours annually to ensure you have adequate support for upgrades and enhancements. Overbuy by at least 10% to account for infrastructure growth."
"We had no issues purchasing through our preferred reseller and were able to get a fair price even when not purchasing direct. Carbon Black Enterprise Response didn’t break the bank, though adding on the matching antivirus and anti-malware components of the Protect product was more than we could afford, even with some discounting. Cb Response is really designed to complement Carbon Black’s Defense product. While Response can be used on its own, coupling with Defense seems like the best strategy if you can afford the price tag."
"You need to pay for the licensing of the product. The pricing is costly."
"Pricing for this solution could be made lower."
"VMware Carbon Black Cloud is an expensive solution."
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Incident Response solutions are best for your needs.
See recommendations
881,757 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
32%
Comms Service Provider
8%
Computer Software Company
7%
Government
7%
Financial Services Firm
17%
Manufacturing Company
13%
Computer Software Company
6%
Government
5%
Financial Services Firm
11%
Computer Software Company
8%
Real Estate/Law Firm
8%
University
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise2
Large Enterprise7
By reviewers
Company SizeCount
Small Business6
Midsize Enterprise2
Large Enterprise15
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise4
Large Enterprise8
 

Questions from the Community

What do you like most about IBM Resilient?
It is a stable solution...It is a scalable solution.
See all answers
What is your experience regarding pricing and costs for IBM Resilient?
I am not the one in charge of pricing, so I am not sure about the costs.
See all answers
What needs improvement with IBM Resilient?
Integration with some devices, including Cisco PowerPower and certain antivirus products, has limitations.
See all answers
What is your experience regarding pricing and costs for ServiceNow Security Operations?
It is relatively expensive but manageable.
See all answers
What needs improvement with ServiceNow Security Operations?
ServiceNow Security Operations is not specifically a vulnerability management or incident tool, but rather a data agg...
See all answers
What advice do you have for others considering ServiceNow Security Operations?
Initially, acquire basic knowledge about the system and understand how ServiceNow Security Operations operates with o...
See all answers
What to choose: an endpoint antivirus, an EDR solution or both?
I can recommend Carbon Black, an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR) s...
See all answers
What's the difference between Carbon Black CB Response and Carbon Black CB Defense?
Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoin...
See all answers
What needs improvement with Carbon Black CB Response?
I see room for improvement as I remember some problems on compatibility with some operating systems; I recall we coul...
See all answers
 

Comparisons

Palo Alto Networks Cortex XSOAR vs IBM Resilient Logo
Palo Alto Networks Cortex XSOAR vs IBM Resilient
Compared 19% of the time
Splunk SOAR vs IBM Resilient Logo
Splunk SOAR vs IBM Resilient
Compared 18% of the time
IBM Security QRadar vs IBM Resilient Logo
IBM Security QRadar vs IBM Resilient
Compared 8% of the time
SECDO Platform vs IBM Resilient Logo
SECDO Platform vs IBM Resilient
Compared 7% of the time
Swimlane vs IBM Resilient Logo
Swimlane vs IBM Resilient
Compared 5% of the time
More IBM Resilient Competitors
Splunk SOAR vs ServiceNow Security Operations Logo
Splunk SOAR vs ServiceNow Security Operations
Compared 15% of the time
Palo Alto Networks Cortex XSOAR vs ServiceNow Security Operations Logo
Palo Alto Networks Cortex XSOAR vs ServiceNow Security Operations
Compared 14% of the time
Tines vs ServiceNow Security Operations Logo
Tines vs ServiceNow Security Operations
Compared 6% of the time
Microsoft Sentinel vs ServiceNow Security Operations Logo
Microsoft Sentinel vs ServiceNow Security Operations
Compared 5% of the time
More ServiceNow Security Operations Competitors
Splunk SOAR vs VMware Carbon Black Cloud Logo
Splunk SOAR vs VMware Carbon Black Cloud
Compared 19% of the time
Palo Alto Networks Cortex XSOAR vs VMware Carbon Black Cloud Logo
Palo Alto Networks Cortex XSOAR vs VMware Carbon Black Cloud
Compared 16% of the time
VMware Carbon Black Endpoint vs VMware Carbon Black Cloud Logo
VMware Carbon Black Endpoint vs VMware Carbon Black Cloud
Compared 9% of the time
Rapid7 InsightIDR vs VMware Carbon Black Cloud Logo
Rapid7 InsightIDR vs VMware Carbon Black Cloud
Compared 8% of the time
HP Wolf Security vs VMware Carbon Black Cloud Logo
HP Wolf Security vs VMware Carbon Black Cloud
Compared 4% of the time
More VMware Carbon Black Cloud Competitors
 

Product Reports

Buyer's Guide
IBM Resilient
January 2026
IBM Resilient reportDownload IBM Resilient product report
Buyer's Guide
ServiceNow Security Operations
January 2026
ServiceNow Security Operations reportDownload ServiceNow Security Operations product report
Buyer's Guide
VMware Carbon Black Cloud
January 2026
VMware Carbon Black Cloud reportDownload VMware Carbon Black Cloud product report
 

Also Known As

No data available
No data available
Carbon Black CB Response
 

Overview

The Resilient Incident Response Platform (IRP) is the leading platform for orchestrating and automating incident response processes.

The Resilient IRP quickly and easily integrates with your organization’s existing security and IT investments. It makes security alerts instantly actionable, provides valuable intelligence and incident context, and enables adaptive response to complex cyber threats.

IBM

ServiceNow Security Operations is a cutting-edge security solution designed to elevate organizations' security incident response (SIR) processes through automation and orchestration. Going beyond traditional SOAR, this comprehensive Security Operations Suite integrates seamlessly with other ServiceNow products and offers a wide array of features. Its components include Security Incident Response (SIR), which automates incident workflows and offers pre-built playbooks; Security Configuration Compliance (SCC), continuously scanning and automating compliance tasks; Vulnerability Response (VR), prioritizing and remediating vulnerabilities; Threat Intelligence (TI), aggregating threat data for proactive threat hunting; and additional features like IT Service Management integration, Machine Learning and AI, reporting, and a mobile app. The benefits span improved incident response speed, reduced mean time to resolution, increased security posture, enhanced compliance, collaborative synergy between security and IT teams, and operational cost reductions. 

ServiceNow

Fortify Endpoint and Workload Protection

Legacy approaches fall short as cybercriminals update tactics and obscure their actions. Get advanced cybersecurity fueled by behavioral analytics to spot minor fluctuations and adapt in response.

Recognize New Threats

Analyze attackers’ behavior patterns to detect and stop never-before-seen attacks with continuous endpoint activity data monitoring. Don’t get stuck analyzing only what’s worked in the past.

Simplify Your Security Stack

Streamline the response to potential incidents with a unified endpoint agent and console. Minimize downtime responding to incidents and return critical CPU cycles back to the business.

Broadcom
 

Sample Customers

Golden Living, Health Equity, USA Funds
DXC Technology, Freedom Security Alliance, Prime Therapeutics, Seton Hall University, York Risk Services
ALLETE belk
Buyer's Guide
Security Incident Response
January 2026
Download Free Report
Find out what your peers are saying about ServiceNow, Proofpoint, Trellix and others in Security Incident Response. Updated: January 2026.
DOWNLOAD NOW
881,757 professionals have used our research since 2012.