Try our new research platform with insights from 80,000+ expert users

Proofpoint Threat Response vs Splunk SOAR comparison

The compared Proofpoint and Splunk solutions aren't in the same category. Proofpoint is ranked #2 in IRP , with an average rating of 7.5, and holds a 14.5% mindshare in the category. Splunk is ranked #3 in SOAR , with an average rating of 8.5, and holds a 7.7% mindshare. Additionally, 80% of Proofpoint users are willing to recommend the solution, compared to 87% of Splunk users who would recommend it.
Proofpoint Threat Response
Read 5 Proofpoint Threat Response reviews
  • 394 Views
  • 292 Comparison Views
80% willing to recommend
Splunk SOAR
Read 50 Splunk SOAR reviews
  • 4,554 Views
  • 3,416 Comparison Views
87% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Proofpoint Threat Response and Splunk SOAR based on real PeerSpot user reviews.

Find out what your peers are saying about ServiceNow, Proofpoint, IBM and others in Security Incident Response.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Security Incident Response Report (Updated: September 2025).
Buyer's Guide
Security Incident Response
September 2025
Download the complete report
Helped 872,655 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Proofpoint Threat Response
Average Rating
8.0
Reviews Sentiment
7.7
Number of Reviews
5
Ranking in other categories
Security Incident Response (2nd)
Splunk SOAR
Average Rating
8.2
Reviews Sentiment
6.6
Number of Reviews
50
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (3rd)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Proofpoint Threat Response is designed for Security Incident Response and holds a mindshare of 14.5%, up 11.5% compared to last year.
Splunk SOAR, on the other hand, focuses on Security Orchestration Automation and Response (SOAR), holds 7.7% mindshare, down 8.0% since last year.
Security Incident Response Market Share Distribution
ProductMarket Share (%)
Proofpoint Threat Response14.5%
ServiceNow Security Operations13.2%
IBM Resilient8.7%
Other63.6%
Security Incident Response
Security Orchestration Automation and Response (SOAR) Market Share Distribution
ProductMarket Share (%)
Splunk SOAR7.7%
Microsoft Sentinel15.9%
Palo Alto Networks Cortex XSOAR9.6%
Other66.8%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Giuseppe Sgroi - PeerSpot reviewer
Blocks potential spam emails efficiently and integrates well with our security framework
We use the product to verify and manage emails sent and received through our Microsoft Exchange server, focusing on blocking potential spam emails The platform's most valuable include the ability to check emails and block potential spam. The platform's technical support services and pricing need…
Read full review
Mack Scott - PeerSpot reviewer
Improves response time by consolidating tools and automating threat detection
I haven't gone too far into it to see anything that needs improvement yet. We can likely include some features related to the integration with on-premises resources, rather than focusing solely on the existing automation. These are the additional features that could be included in the future. Splunk's Unified Platform does help consolidate networking security and IT observability tools. They should integrate Splunk Enterprise Security better into Splunk Cloud.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Support is very responsive."
"The best part of Proofpoint Threat Response is the Auto-Pull feature. Being able to pull an email back from a user's mailbox is very useful, yet I have noticed that not a lot of organizations use this kind of feature."
"The platform's most valuable include the ability to check emails and block potential spam."
"It has reduced our manual efforts to remove emails from each user's inbox, and in this case we do not have to ask our IT department or users to do so."
"If something's pulled and then it's later declared a false positive, it will automatically restore. They also take automatic feeds from their advanced threat detection modules."
"The most valuable feature of Splunk SOAR is the automated playbooks, which saves analysts time."
"Surprisingly, the mobile app is valuable because it is very convenient for our on-call analysts to respond and get alerted to security alerts and events wherever they are. We are able to harness the power of Splunk SOAR and everything that we are doing, and we are also able to alert our on-call analysts 24/7. From their mobile phone, they can respond to those alerts."
"It helps increase efficiency and productivity."
"The product’s integration with other Splunk products is valuable."
"When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved."
"The most valuable feature of the solution is the playbook automation just because it allows us to reduce the manual actions that SOC has to handle."
"I'm just a beginner on the solution and it's pretty easy for me to use."
"Splunk SOAR saves time in threat response, and the time to solve an incident is currently the best in the market."
More Splunk SOAR pros
 

Cons

"The on-premise version doesn't scale well for large companies."
"Has some quirks."
"The interface within Threat Response could be made simpler."
"If the reporting gets improved then it would be better, but the product is running amazing as it is."
"The platform's technical support services and pricing need improvement."
"To make Splunk SOAR a better solution, there could be better built-in debugging tools, smarter playbook suggestions, and enhanced lifecycle management."
"The algorithm and machine learning have room for improvement and can be more user-friendly."
"The creation of playbooks is complex in Splunk SOAR, and the number of integrations needs enhancement. Although it enhances alert handling, it still has a journey to compete with Palo Alto SOAR and FortiSOAR."
"The solution must provide more AIOps to improve predictability."
"The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginners to learn. It's hard for a new user to figure out how to visualize old threat data. It took two to three months to learn with hands-on experience how to use the dashboard, visualize events, and analyze threats."
"The number of playbooks on offer should be increased."
"It would be ideal if we could automate processes even more."
"Various aspects of the playbook development process itself can be optimized."
More Splunk SOAR cons
 

Pricing and Cost Advice

"It's quite affordable to have it with this much functionality and ease to administrate."
"The way most big companies work with Proofpoint is that they try to tie everything into an enterprise license. I can't comment on the actual costs, however I do know that alternative solutions such as Abnormal Security can be much more expensive than Proofpoint Threat Response."
"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."
"Splunk SOAR is moderately priced, neither cheap nor overly expensive."
"The tool is not cheap."
"Splunk SOAR is an expensive solution for an organization of our size."
"I don't know the exact price, but for my region, it is very expensive."
"It's very overpriced because it is based on the number of users. There is no bulk licensing."
"We renewed it this year. This year was the first time there was a dramatic increase in the price. It was kind of non-negotiable. It was just a high increase. We had internal communications, and it was definitely a surprise to us. In a short time frame, we renewed it this year. Prices are going up everywhere, but they are not always justifiable, at least not to our eyes. The pricing this year was definitely a big shock."
"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
More Splunk SOAR pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Incident Response solutions are best for your needs.
See recommendations
872,655 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Healthcare Company
13%
Financial Services Firm
11%
Computer Software Company
9%
Energy/Utilities Company
9%
Financial Services Firm
12%
Computer Software Company
11%
Manufacturing Company
9%
University
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business12
Midsize Enterprise7
Large Enterprise30
 

Questions from the Community

What is your experience regarding pricing and costs for Proofpoint Threat Response?
I have a vague idea because I don't know what others are charging. But we felt that putting up with the pains and having to spend more time keeping it running than we expected is still better than ...
See all answers
What needs improvement with Proofpoint Threat Response?
The platform's technical support services and pricing need improvement.
See all answers
What is your primary use case for Proofpoint Threat Response?
We use the product to verify and manage emails sent and received through our Microsoft Exchange server, focusing on blocking potential spam emails.
See all answers
What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
See all answers
What is your experience regarding pricing and costs for Splunk Phantom?
I don't have experience with costs; management handles that aspect.
See all answers
What needs improvement with Splunk Phantom?
I'm not an expert on Splunk SOAR, but I'm sure our team members know what areas could be improved. I haven't spoken to them specifically about what could be improved or what they would want Splunk ...
See all answers
 

Comparisons

Splunk Attack Analyzer vs Proofpoint Threat Response Logo
Splunk Attack Analyzer vs Proofpoint Threat Response
Compared 47% of the time
IBM Resilient vs Proofpoint Threat Response Logo
IBM Resilient vs Proofpoint Threat Response
Compared 27% of the time
Palo Alto Networks Cortex XSOAR vs Proofpoint Threat Response Logo
Palo Alto Networks Cortex XSOAR vs Proofpoint Threat Response
Compared 26% of the time
More Proofpoint Threat Response Competitors
Palo Alto Networks Cortex XSOAR vs Splunk SOAR Logo
Palo Alto Networks Cortex XSOAR vs Splunk SOAR
Compared 18% of the time
Fortinet FortiSOAR vs Splunk SOAR Logo
Fortinet FortiSOAR vs Splunk SOAR
Compared 11% of the time
Cortex XSIAM vs Splunk SOAR Logo
Cortex XSIAM vs Splunk SOAR
Compared 11% of the time
ServiceNow Security Operations vs Splunk SOAR Logo
ServiceNow Security Operations vs Splunk SOAR
Compared 9% of the time
Tines vs Splunk SOAR Logo
Tines vs Splunk SOAR
Compared 9% of the time
More Splunk SOAR Competitors
 

Product Reports

Buyer's Guide
Proofpoint Threat Response
October 2025
Proofpoint Threat Response reportDownload Proofpoint Threat Response product report
Buyer's Guide
Splunk SOAR
October 2025
Splunk SOAR reportDownload Splunk SOAR product report
 

Also Known As

No data available
Phantom
 

Overview

No defense can stop every attack. When something does get through, Proofpoint Threat Response takes the manual labor and guesswork out of incident response to help you resolve threats faster and more efficiently. Get an actionable view of threats, enrich alerts, and automate forensic collection and comparison. For verified threats, quarantine and contain users, hosts, and malicious email attachments - automatically or at the push of a button.

Proofpoint

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats. 

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Splunk
 

Sample Customers

University of Waterloo, Akorn, Fenwick and West LLP
Recorded Future, Blackstone
Buyer's Guide
Security Incident Response
September 2025
Download Free Report
Find out what your peers are saying about ServiceNow, Proofpoint, IBM and others in Security Incident Response. Updated: September 2025.
DOWNLOAD NOW
872,655 professionals have used our research since 2012.

We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.