Palo Alto Networks Cortex XSOAR and Swimlane compete in the security orchestration, automation, and response (SOAR) space. Cortex XSOAR is favored for its integration capabilities, while Swimlane stands out with flexible automation features.
Features: Cortex XSOAR offers comprehensive ecosystem integration, seamless security orchestration, and ease of automation across multiple security products. Swimlane is noted for customizable workflows, robust automation capabilities, and tailoring responses to specific security incidents.
Ease of Deployment and Customer Service: Cortex XSOAR is recognized for straightforward deployment and integration assistance. Swimlane provides a user-friendly deployment experience and personalized support, ensuring a tailored setup for enterprise needs.
Pricing and ROI: Cortex XSOAR's pricing aligns with its extensive integration and support services, promising a good return on investment through enhanced security efficiency. Swimlane may have higher initial setup costs but offers significant ROI by streamlining and scaling security operations.
Since we started working with Torq, I am handling much fewer alerts. It is becoming really easy for me to handle an alert.
We have seen a return on investment, targeting a $600,000 ROI for the year.
By the time we officially bought Torq, we already had two workflows that were very helpful to us.
We are positioning Palo Alto Networks Cortex XSOAR, which can be used in the SOC and do a lot of automation for the customer.
Swimlane saves us 80 to 90 percent of our time by quickly helping us design the journey and efficiently passing information to various components.
We have seen a return on investment; with the same number of engineers, we now handle double the number of customers, even with the new, larger customers requiring dedicated teams.
My impression of their technical support during the initial setup was that they were helpful, responded within a reasonable timeframe, and provided exactly what we needed.
The speed and quality of their answers have been pretty good, as I usually get a response within 24 hours, and they follow up well.
We can always get an answer, and the support team are experts in their own system.
Eight out of ten times, they provide valuable help.
Their support has been better than Anomali's and they are more responsive.
The technical support provided by Palo Alto Networks Cortex XSOAR is good.
When I raise a ticket, they reply within half an hour with an initial response, signifying that an agent has been assigned and is working on the issue.
They are attentive, responsive, and work to resolve issues efficiently.
They provided assistance within the same hour.
Our case management is super scalable.
In terms of scalability, you can do as long as you can build it, and they can support it.
Regarding the ability of the solution to grow in your work environment, if it is scalable, if it fits your business requirements, and if there is room to scale up, the answer is yes, for sure.
The scalability of Palo Alto Networks Cortex XSOAR supports our growth and security needs because we can integrate various tools and continuously add more capability.
Palo Alto Networks Cortex XSOAR has very good application capabilities and is highly scalable.
The issues with scalability arise from the speed of some integrations, as not all are perfectly tuned by Palo.
Swimlane should have the capability to be moved out of Appian and integrated with other platforms.
We did not encounter issues even when managing thousands of alerts, as scalability is only limited by our instance's server capacity.
Its scalability automatically adjusts based on usage.
We have been using Torq for one and a half years, but we have experienced no downtime.
Most of the time, the system is stable as long as the components that they integrate with are stable.
I have never faced any downtime or issues.
The system works smoothly even when I navigate deep into the playbook section.
I would rate the stability and reliability of Palo Alto Networks Cortex XSOAR as a nine.
I haven't seen any production issue or anything coming up because of Swimlane.
We encountered issues requiring restarts and losing alerts.
The version we had was kind of buggy, but support indicated we just needed to do updates to resolve the issues.
Torq should offer default templates that can directly scan firewall data and automate actions.
The AI value depends on maturity. Real value depends heavily on telemetry, integration depth, and workflow design, all of which rely on how mature customers are in their SOC department.
It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet.
The deployment requires integration and the development of integration modules.
One of the significant issues we encounter is system slowdown when we receive an influx of alerts, which inhibits how quickly we can access the information needed for investigation.
To improve the solution, it needs to have complete features that are low-code, no-code, and should be plug-and-play.
Despite being advertised as a no-code tool, it remains code-reliant, demanding users to build solutions through coding.
In the orchestration tab, it would be helpful to have a list of playbooks where a particular asset or connector is used.
Colors can be used for the prioritization of risks and the significance of information.
When they bring more and more value into the platform, it makes more sense to pay that price, but still, it is expensive.
Before deciding to implement Torq, I considered that compared to our old case management platform, Torq was a much better price and had a lot better value for what you get out of the platform, which was a key consideration for the company.
It is an expensive solution, not an inexpensive solution, but we get through the flexibility.
For customers, it is zero versus $20 million, which is why they have to make a decision.
Swimlane is cheaper than other SOAR platforms.
In terms of pricing, Swimlane is on the slightly expensive side.
the pricing was very nice with a great discount.
Torq's unified platform approach to AI SOC automation and case management has significantly benefited us by integrating the case management platform with the automation, which saves time compared to managing multiple point solutions across our security stack.
The fact that I can build whatever I want within my own imagination and skills without relying on code is the best thing about Torq.
You can copy and paste a cURL command. If you have documentation or APIs, you usually have an example on the side. You basically have all the information on how the API call should be. You can just copy that and paste it into a step, and it will just build the step for you.
Execution of automatic tasks for collecting, enriching, and correlating security events from hundreds of different technologies.
If I already have an established process, I do not have to change my process to fit into the tool. I can modify the tool to fit into my process, which makes things considerably easier.
We have implemented automation features, such as automated responses to email threats and automatic configuration of target devices for blocking specific IPs.
Its integration capabilities allow connections to various platforms, enhancing its usability.
It helps in clearly identifying the roles, timeline, and actions involved in the workflow, offering a comprehensive depiction of the entire process.
As a solution architect, I use various software, and the most important thing is that Swimlane is an easily designed and learnable software.
| Product | Mindshare (%) |
|---|---|
| Palo Alto Networks Cortex XSOAR | 8.6% |
| Torq | 3.8% |
| Swimlane | 2.7% |
| Other | 84.9% |

| Company Size | Count |
|---|---|
| Small Business | 4 |
| Midsize Enterprise | 5 |
| Large Enterprise | 6 |
| Company Size | Count |
|---|---|
| Small Business | 21 |
| Midsize Enterprise | 9 |
| Large Enterprise | 26 |
| Company Size | Count |
|---|---|
| Small Business | 3 |
| Midsize Enterprise | 1 |
| Large Enterprise | 8 |
Torq is the enterprise AI SOC solution that effectively combines adaptive insights and automation to handle critical threats efficiently. It manages threat lifecycles, swiftly moving from triage to response, ensuring effective risk management.
Torq is designed to streamline security operations by aggregating telemetry across your security stack. It investigates significant risks and manages threats from triage to containment and remediation. This AI-driven tool enhances the capabilities of your SecOps team, allowing them to achieve more impactful results without introducing complicated processes.
What are the key features of Torq?In industries like finance and healthcare, Torq shows effectiveness by adapting to specific risk scenarios often encountered in these fields. Its integration with existing infrastructures makes it a valuable asset for maintaining stringent security standards, essential for protecting critical data and operations in diverse high-stakes environments.
Palo Alto Networks Cortex XSOAR enhances security operations automation and integration. Users rely on its incident management capabilities and machine learning to improve response times and efficiency.
Cortex XSOAR stands out for its capability to automate and orchestrate security tasks through customizable playbooks and robust third-party integrations. Its analytics offer insights into incidents, while machine learning prioritizes alerts and reduces false positives. Despite its powerful features, users note room for improvement in documentation, interface design, and integration capabilities. Cost and complexity in setup and deployment are also concerns. Users in security operations centers benefit significantly from automated data enrichment, streamlined incident response, and efficient handling of threats like phishing and endpoint management.
What are the key features of Cortex XSOAR?Cortex XSOAR is implemented across industries for automating and streamlining security operations. Organizations use it to create playbooks, integrate with security tools, and automate repetitive tasks, thereby improving the efficiency of their security operations centers and incident management processes.
Swimlane provides a centralized platform for security orchestration, automation, and response. It enhances operational efficiency and reduces workloads through drag-and-drop task automation and integration capabilities.
Swimlane empowers IT teams by streamlining tasks with minimal coding, offering extensive customization, and enabling efficient incident response. Its features include centralized logging, visual workflow representation, and integration with third-party tools. Swimlane's task persistence and case management improve operational control but face issues with stability and latency. While marketed as a no-code platform, setup complexity requires skilled developers. Enhancing search, AI, and scalability is vital for improved usage in multinational environments.
What are Swimlane's essential features?In industries like IT and security, Swimlane serves as a SOAR platform for incident management and enriched alert integration. It's used for designing customer journey architectures and task assignments in multinational environments, despite requiring improvements in its initial setup and orchestration.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.