We performed a comparison between D3 Security and ServiceNow Security Operations based on real PeerSpot user reviews.
Find out in this report how the two Security Incident Response solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Free ingestion for Azure logs (with E5 licence)"
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"It has basic out-of-the-box integrations with multiple log sources."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The solution's valuable feature is its GUI. It has more than 450 connectors, which are excellent for connecting devices and automating integration. The solution has all the features we need. We deployed it in our environment, and it's fully integrated. Thanks to their open APIs, the seamless integration makes everything work well together."
"It is an out-of-the-box automated integration with our 20 departments. We perform L1 LiveOps automatically through the portal."
"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."
"The solution is available over the cloud and is easy to manage."
"The SOAR module of ServiceNow Security Operations is the most valuable feature"
"ServiceNow Security Operations also takes care of GRC, governance, risk and compliance, enabling it to provide risk assessment."
"My favorite feature is the application vulnerability scanner."
"Integration to other security tools allows for a consolidated view of all vulnerabilities, incidents, etc. for all sorts of leverage in a single platform to assess governance risk and compliance as well as an enhanced, enriched intelligence."
"Reduces time to closure and closure metrics for vulnerabilities."
"The product has a very simple UI."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"I would like to see more AI used in processes."
"Reporting needs improvement. MTTR and MTTD metrics aren't directly available in playbooks and require manual effort to achieve."
"The reporting, especially custom reporting, needs to be improved. Additionally, it would be better if it could be hosted on Linux."
"Customer awareness and understanding of ServiceNow's SecOps capabilities could be improved."
"Process framework and best practices for ease of integration between IT and security teams via incident, problem, and change."
"There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution."
"The initial setup is difficult."
"They should stick to the roadmap and continue to build plugins and integrations with other third parties, enhance the UI, and enhance the reporting. It's all good. They should just continue enhancing the releases."
"The product is called SecOps, but it is not security operations in terms of SIEM solutions."
"It doesn't interact with things very well."
"The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better."
More ServiceNow Security Operations Pricing and Cost Advice →
D3 Security is ranked 7th in Security Incident Response with 2 reviews while ServiceNow Security Operations is ranked 2nd in Security Incident Response with 16 reviews. D3 Security is rated 9.0, while ServiceNow Security Operations is rated 7.8. The top reviewer of D3 Security writes "Offers open API for integrating any available tools without any recurring costs". On the other hand, the top reviewer of ServiceNow Security Operations writes "Mature with nice UI and customizable workflows". D3 Security is most compared with Palo Alto Networks Cortex XSOAR, Fortinet FortiSOAR and Splunk SOAR, whereas ServiceNow Security Operations is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, IBM Resilient, Swimlane and Fortinet FortiSOAR. See our D3 Security vs. ServiceNow Security Operations report.
See our list of best Security Incident Response vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
