ServiceNow Security Operations vs Splunk SOAR vs VMware Carbon Black Cloud comparison

The compared ServiceNow and Splunk solutions aren't in the same category. ServiceNow is ranked #1 in IRP , with an average rating of 8.1, and holds a 7.5% mindshare in the category. Splunk is ranked #2 in SOAR , with an average rating of 8.2, and holds a 8.0% mindshare. Additionally, 95% of ServiceNow users are willing to recommend the solution, compared to 88% of Splunk users who would recommend it.

ServiceNow Security Operations

Read 22 ServiceNow Security Operations reviews

2,477 Views
396 Comparison Views

95% willing to recommend

Splunk SOAR

Read 53 Splunk SOAR reviews

4,942 Views
3,904 Comparison Views

88% willing to recommend

VMware Carbon Black Cloud

Read 19 VMware Carbon Black Cloud reviews

1,166 Views
303 Comparison Views

93% willing to recommend

ServiceNow Security Operations

Splunk SOAR

VMware Carbon Black Cloud

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between ServiceNow Security Operations, Splunk SOAR, and VMware Carbon Black Cloud based on real PeerSpot user reviews.

Find out what your peers are saying about ServiceNow, Proofpoint, Trellix and others in Security Incident Response.

To learn more, read our detailed Security Incident Response Report (Updated: January 2026).

Buyer's Guide

Security Incident Response

January 2026

Download the complete report

Helped 881,757 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Mindshare comparison

Security Incident Response Market Share Distribution
Product	Market Share (%)
ServiceNow Security Operations	7.5%
Proofpoint Threat Response	8.7%
VMware Carbon Black Cloud	7.5%
Other	76.3%

Security Incident Response

Security Orchestration Automation and Response (SOAR) Market Share Distribution
Product	Market Share (%)
Splunk SOAR	8.0%
Microsoft Sentinel	12.4%
Palo Alto Networks Cortex XSOAR	9.0%
Other	70.6%

Security Orchestration Automation and Response (SOAR)

Security Incident Response Market Share Distribution
Product	Market Share (%)
VMware Carbon Black Cloud	7.5%
Proofpoint Threat Response	8.7%
ServiceNow Security Operations	7.5%
Other	76.3%

Security Incident Response

Featured Reviews

Kalyan Kothali

Associate Vice President at Wissen infotech

Effectively manages vulnerabilities and reduces false positives

ServiceNow Security Operations provides significant control over vulnerabilities, allowing users to mark false alarms as false positives and ignore them, which is important because many vulnerabilities are not real but appear as such. There are many aspects that we could handle. For certain vulnerabilities, remediation requires spending extra on hardware or OS upgrades, or purchasing new versions, which implies a cost. For that reason, we can take an exception for a couple of months or days, and once that exception expires, that vulnerability automatically reappears. These features help us ensure that everything is under control, and when we discuss vulnerabilities, we can consolidate them into one central category, which means working on one vulnerability automatically resolves the rest, making it efficient with the features provided.

Read full review

Shiboo Suren

Manager cybersecurity at Hexion Inc.

Automates threat response and reduces investigation time but needs better threat intelligence integration

One thing that we would like to see with Splunk SOAR is the expandability to the threat intelligence feed. Currently, we have limited ingestion to the threat intelligence feed for the correlation purpose. We would like to see it being integrated, with license cost or without license cost, to leading threat intelligence sources such as Recorded Future, Feedly, or Flare. That is something we would appreciate having integrated. The second thing on the improvement side is about exposed credential-related information. If we start ingesting those data to Splunk SOAR or SIEM with some sort of integration with threat intelligence feed, that will also improve our detection and prediction method or help us with the investigation.

Read full review

reviewer2771742

Sec consultant at a tech services company with 5,001-10,000 employees

Has supported consistent deployment across departments but needs better OS compatibility and detection performance

I am not really looking for a new solution, actually, I was preparing for an interview and wanted to have a comparison between both tools. I have not worked with any of these products before, but we had a training demonstration yesterday with Dynatrace, and I have investigated the Wiz solution better. In terms of experience, it will be my first time with CDR. I am working with something for EDR, specifically, we have an EDR, it's VMware Carbon Black Cloud. They have a hybrid environment, both on-prem and cloud. I would usually recommend this product for big companies, because it's not cheap, so only big companies would I expect to pay for that. The review rating for VMware Carbon Black Cloud is 6 out of 10.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It's stable."

"The product has a very simple UI."

"The solution is available over the cloud and is easy to manage."

"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."

"ServiceNow is a convenient platform to raise tickets, and the respective support team will contact us to resolve any issues."

"The ease of use is great."

"Reduces time to closure and closure metrics for vulnerabilities."

"I will recommend it to others as it is an enterprise application used by large companies for ticketing purposes."

More ServiceNow Security Operations pros

"We are not a 24/7 SOC, so the most valuable feature of Splunk SOAR is the auto-response to threats when we are not in the office and the notifications that it sends to the on-call engineer."

"I like the integration capabilities of Phantom. It has a lot of integrations with other products. Its searching methodologies are also good. It is also easy to understand and easy to create playbooks."

"The solution’s dashboard is really good and customizable. It also has a good UI."

"The most valuable feature is the risk-based access control."

"SOAR allows custom code to be written and integrates with various technologies through pre-built apps like Windows Remote Management or custom apps we can build ourselves like a secret retrieval app from our vault."

"Scalability is the best feature of the solution."

"Splunk SOAR's extensive library of pre-built integrations allows it to connect with a vast array of popular security and IT applications, streamlining workflows across our existing security stack."

"It's pretty easy when it comes to setting up assets. If you want to fetch emails or call a REST API, you can set up an asset and grab that information."

More Splunk SOAR pros

"The ability to isolate an endpoint with only the host name and a click of a button is a major time saver."

"Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread."

"We also took full advantage of its incident response reporting capabilities to act as a “black box” for our infrastructure around strings of suspicious activity. The reporting and incident response capabilities were incredibly helpful during active security concerns."

"The most valuable features are its lightweight design, ensuring minimal impact on end-users, and its real-time protection."

"The enhanced logging and data analysis of the incident response and investigation components allowed us to quickly identify and resolve security issues before they could spread."

"Carbon Black insures the probability that any ransomware will be stopped before spreading."

"I would usually recommend this product for big companies, because it's not cheap, so only big companies would I expect to pay for that."

"Setting up and managing the setup for this solution is okay. It is stable, scalable, and it runs just fine. No issues with technical support."

More VMware Carbon Black Cloud pros

Cons

"They should stick to the roadmap and continue to build plugins and integrations with other third parties, enhance the UI, and enhance the reporting. It's all good. They should just continue enhancing the releases."

"It is challenging for the customers to understand the processes for SecOps. It needs to be simplified."

"Report generation within ServiceNow can take some time."

"Visibility and transitions between teams present significant challenges in the SecOps space, indicating that substantial training and hand-holding are required to improve usability, which is one observation I have had."

"The product is called SecOps, but it is not security operations in terms of SIEM solutions."

"An area for improvement I observed in ServiceNow Security Operations is the need to maintain correct CMDB data because if you're unable to do this, you can't perfectly maintain the vulnerability data. CMDB data in ServiceNow Security Operations needs to be accurate. As I've been working on ServiceNow Security Operations for only seven months, I still need more time to try all its modules before I can give recommendations regarding additional features I'd like to see in the solution."

"There is room for improvement in terms of developer support and documentation."

"It's very slow. When you click a button or update a field, it takes forever to actually react."

More ServiceNow Security Operations cons

"What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed."

"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."

"Splunk SOAR can improve IoT/OT security-related case studies or your use cases. Their integration with identity and access management (IAM) solutions is a bit shaky. They don't have good integration with a lot of IAM solutions. They do have good capability in terms of user access management internally, but even with privileged user access, they have a good module. However, if they have to integrate with solutions, such as CyberArk or IBM IAM solutions they are lacking, the visibility of user access is not that much."

"I haven't had any issues with the solution so far."

"To make Splunk SOAR a better solution, there could be better built-in debugging tools, smarter playbook suggestions, and enhanced lifecycle management."

"The cost of Splunk SOAR has room for improvement."

"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."

"There are areas where Splunk SOAR can continue to improve, particularly regarding the synchronization of information, as sometimes it takes longer than other tools."

More Splunk SOAR cons

"The solution needs to simplify the process of adding custom watchlists, as well as embrace YARA for rule creation."

"The solution can only handle about 500 bans or blocks."

"The solution's support could be improved."

"The threat intelligence feed could use some fine tweaking."

"One area for improvement is the maturity of its vulnerability features."

"Training and education for both partner and customer, including product marketing need to be improved."

"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."

"It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another."

More VMware Carbon Black Cloud cons

Pricing and Cost Advice

"This product is a good value for the money."

"Compared to competitor tools, ServiceNow Security Operations is more affordable"

"The product is more expensive than other solutions."

"The solution is more expensive than BMC Remedy, the other ITSM tool available in the market."

"If you're going to implement it on your own, there would be internal costs. If you're going to implement it through a contractor or consultant, you have to pay for that."

"It is an expensive product."

"The tool is not cheap."

"Splunk SOAR is an expensive solution for an organization of our size."

"Splunk SOAR is more expensive compared to other options for SOAR."

"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."

"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."

"The licensing cost is reasonable."

"The cost is high and the licensing is on an annual basis."

"I found the price of Splunk SOAR to be good."

More Splunk SOAR pricing and cost advice

"VMware Carbon Black Cloud is an expensive solution."

"Purchase Professional Services up front as part of the implementation package, then renew hours annually to ensure you have adequate support for upgrades and enhancements. Overbuy by at least 10% to account for infrastructure growth."

"Pricing for this solution could be made lower."

"We had no issues purchasing through our preferred reseller and were able to get a fair price even when not purchasing direct. Carbon Black Enterprise Response didn’t break the bank, though adding on the matching antivirus and anti-malware components of the Protect product was more than we could afford, even with some discounting. Cb Response is really designed to complement Carbon Black’s Defense product. While Response can be used on its own, coupling with Defense seems like the best strategy if you can afford the price tag."

"The solution is very inexpensive so there is great cost savings to using it."

"You need to pay for the licensing of the product. The pricing is costly."

See which vendors are best for you

Use our free recommendation engine to learn which Security Incident Response solutions are best for your needs.

See recommendations

881,757 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

17%

Manufacturing Company

13%

Computer Software Company

Government

Manufacturing Company

11%

Financial Services Firm

11%

Computer Software Company

University

Financial Services Firm

11%

Computer Software Company

Real Estate/Law Firm

University

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	6
Midsize Enterprise	2
Large Enterprise	15

By reviewers
Company Size	Count
Small Business	12
Midsize Enterprise	7
Large Enterprise	33

By reviewers
Company Size	Count
Small Business	5
Midsize Enterprise	4
Large Enterprise	8

Questions from the Community

What is your experience regarding pricing and costs for ServiceNow Security Operations?

It is relatively expensive but manageable.

See all answers

What needs improvement with ServiceNow Security Operations?

ServiceNow Security Operations is not specifically a vulnerability management or incident tool, but rather a data agg...

See all answers

What advice do you have for others considering ServiceNow Security Operations?

Initially, acquire basic knowledge about the system and understand how ServiceNow Security Operations operates with o...

See all answers

What do you like most about Splunk Phantom?

Splunk SOAR's quick response to incidents is the most valuable part.

See all answers

What is your experience regarding pricing and costs for Splunk Phantom?

I am familiar with the pricing aspect, setup cost, and licensing cost of Splunk SOAR, and it is pretty much similar t...

See all answers

What needs improvement with Splunk Phantom?

There are areas for improvement in Splunk SOAR, such as the need for more code-level customizations despite providing...

See all answers

What to choose: an endpoint antivirus, an EDR solution or both?

I can recommend Carbon Black, an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR) s...

See all answers

What's the difference between Carbon Black CB Response and Carbon Black CB Defense?

Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoin...

See all answers

What needs improvement with Carbon Black CB Response?

I see room for improvement as I remember some problems on compatibility with some operating systems; I recall we coul...

See all answers

Comparisons

Palo Alto Networks Cortex XSOAR vs ServiceNow Security Operations

Compared 14% of the time

Tines vs ServiceNow Security Operations

Compared 6% of the time

Microsoft Sentinel vs ServiceNow Security Operations

Compared 5% of the time

NetWitness NDR vs ServiceNow Security Operations

Compared 5% of the time

CRITICALSTART vs ServiceNow Security Operations

Compared 4% of the time

More ServiceNow Security Operations Competitors

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Compared 15% of the time

Fortinet FortiSOAR vs Splunk SOAR

Compared 12% of the time

Tines vs Splunk SOAR

Compared 9% of the time

Torq vs Splunk SOAR

Compared 7% of the time

Cortex XSIAM vs Splunk SOAR

Compared 4% of the time

More Splunk SOAR Competitors

Palo Alto Networks Cortex XSOAR vs VMware Carbon Black Cloud

Compared 16% of the time

VMware Carbon Black Endpoint vs VMware Carbon Black Cloud

Compared 9% of the time

Rapid7 InsightIDR vs VMware Carbon Black Cloud

Compared 8% of the time

Fidelis Elevate vs VMware Carbon Black Cloud

Compared 7% of the time

HP Wolf Security vs VMware Carbon Black Cloud

Compared 4% of the time

More VMware Carbon Black Cloud Competitors

Product Reports

Buyer's Guide

ServiceNow Security Operations

January 2026

Download ServiceNow Security Operations product report

Buyer's Guide

Splunk SOAR

January 2026

Download Splunk SOAR product report

Buyer's Guide

VMware Carbon Black Cloud

January 2026

Download VMware Carbon Black Cloud product report

Also Known As

No data available

Phantom

Carbon Black CB Response

Overview

ServiceNow Security Operations is a cutting-edge security solution designed to elevate organizations' security incident response (SIR) processes through automation and orchestration. Going beyond traditional SOAR, this comprehensive Security Operations Suite integrates seamlessly with other ServiceNow products and offers a wide array of features. Its components include Security Incident Response (SIR), which automates incident workflows and offers pre-built playbooks; Security Configuration Compliance (SCC), continuously scanning and automating compliance tasks; Vulnerability Response (VR), prioritizing and remediating vulnerabilities; Threat Intelligence (TI), aggregating threat data for proactive threat hunting; and additional features like IT Service Management integration, Machine Learning and AI, reporting, and a mobile app. The benefits span improved incident response speed, reduced mean time to resolution, increased security posture, enhanced compliance, collaborative synergy between security and IT teams, and operational cost reductions.

ServiceNow

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Splunk

Fortify Endpoint and Workload Protection

Legacy approaches fall short as cybercriminals update tactics and obscure their actions. Get advanced cybersecurity fueled by behavioral analytics to spot minor fluctuations and adapt in response.

Recognize New Threats

Analyze attackers’ behavior patterns to detect and stop never-before-seen attacks with continuous endpoint activity data monitoring. Don’t get stuck analyzing only what’s worked in the past.

Simplify Your Security Stack

Streamline the response to potential incidents with a unified endpoint agent and console. Minimize downtime responding to incidents and return critical CPU cycles back to the business.

Broadcom

Sample Customers

DXC Technology, Freedom Security Alliance, Prime Therapeutics, Seton Hall University, York Risk Services

Recorded Future, Blackstone

ALLETE belk

Buyer's Guide

Security Incident Response

January 2026

Download Free Report

Find out what your peers are saying about ServiceNow, Proofpoint, Trellix and others in Security Incident Response. Updated: January 2026.

DOWNLOAD NOW

881,757 professionals have used our research since 2012.