We performed a comparison between IBM Resilient, ServiceNow Security Operations, and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about VMware, ServiceNow, IBM and others in Security Incident Response."What I like most about IBM Resilient is that it has a complete stack, which means you don't need to use different OEM products because you have all you need under the IBM Resilient umbrella. You don't need to worry much about integrations and components because you're working with tested and proven architecture."
"As a whole, the product is stable...Technical support is very good."
"The UBA, User Behavior Analytics, is very good."
"Stability-wise, I rate the solution a ten out of ten...Scalability-wise, I rate the solution a ten out of ten."
"The solution is reliable in our usage."
"The solution is simple to use and to integrate with IBM QRadar."
"Its flexibility is the most valuable."
"The solution is easy to use."
"The solution is available over the cloud and is easy to manage."
"What I found most valuable in ServiceNow Security Operations is that it's very useful for any incoming vulnerability. For example, if my team finds any vulnerability on servers such as the CA and CMDB integrated with ServiceNow Security Operations, my team can make some changes. My team can map the vulnerabilities found on the CA server, make the changes required, and resolve the vulnerabilities before the system is attacked. You can avoid vulnerability attacks through ServiceNow Security Operations, so this is the best feature of the solution. ServiceNow Security Operations is beneficial mainly for vulnerability response and engagement purposes."
"Reduces time to closure and closure metrics for vulnerabilities."
"My favorite feature is the application vulnerability scanner."
"Integration to other security tools allows for a consolidated view of all vulnerabilities, incidents, etc. for all sorts of leverage in a single platform to assess governance risk and compliance as well as an enhanced, enriched intelligence."
"The "follow" feature is really good. If the user is not responding, there's an option to "follow". Just click on the button, and it will automatically trigger an email to the end user."
"The solution is stable."
"The ease of use is great."
"We also took full advantage of its incident response reporting capabilities to act as a “black box” for our infrastructure around strings of suspicious activity. The reporting and incident response capabilities were incredibly helpful during active security concerns."
"They're highly stable in comparison with other solutions I have."
"Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread."
"The most valuable feature is its ability to seek out abnormal activity and to create alerts."
"The detection response and quarantining are very good features."
"The ability to isolate an endpoint with only the host name and a click of a button is a major time saver."
"The enhanced logging and data analysis of the incident response and investigation components allowed us to quickly identify and resolve security issues before they could spread."
"It is nice when you're in a situation where you think someone's device is compromised and that there's some malware getting into your fleet."
"Its price needs improvement."
"The implementation could be a bit simpler."
"The integration could be improved so that it is easy to integrate with other solutions."
"The product needs a bit more development."
"The tool needs to improve its documentation on license scripts."
"The response time of the support is an area of concern where improvements are required."
"IBM Resilient could integrate better with my tools."
"This product could be improved with better customization. This product isn't the best on the market like QRadar, but it's actually a good solution. However, some competitors' solutions contain more integration, support, automation, or flexibility."
"The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better."
"There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution."
"We'd like customization to be easier in terms of the UI and using the dashboards."
"The initial setup is difficult."
"An area for improvement I observed in ServiceNow Security Operations is the need to maintain correct CMDB data because if you're unable to do this, you can't perfectly maintain the vulnerability data. CMDB data in ServiceNow Security Operations needs to be accurate. As I've been working on ServiceNow Security Operations for only seven months, I still need more time to try all its modules before I can give recommendations regarding additional features I'd like to see in the solution."
"The product is called SecOps, but it is not security operations in terms of SIEM solutions."
"The threat intelligence module needs a better dashboard."
"They should stick to the roadmap and continue to build plugins and integrations with other third parties, enhance the UI, and enhance the reporting. It's all good. They should just continue enhancing the releases."
"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."
"The solution can only handle about 500 bans or blocks."
"The biggest issue I encountered was one where old logs were not being overwritten as expected so the system drive kept filling up from time to time. However, support was usually quite responsive and happy to jump on a remote session to take a look at it for us. That log bug has probably been resolved with an update by now."
"The threat intelligence feed could use some fine tweaking."
"One area for improvement is the maturity of its vulnerability features."
"They need to improve the batch console. It needs more capabilities. We are limited by the ones it provides..."
"Setup is incredibly complex and poorly documented. Every time an upgrade was needed we would need to engage Professional Services for troubleshooting help. Certificates and web services proved to be the most significant sticking points. Since the product runs on a Linux platform, perhaps having staff with more Linux experience could have alleviated some difficulty."
"It's not simple."
More ServiceNow Security Operations Pricing and Cost Advice →