We performed a comparison between DFLabs IncMan SOAR and IBM Resilient based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Sentinel pricing is good"
"The vendors themselves will actually help with any customizations a client may require"
"Stability-wise, I rate the solution a ten out of ten...Scalability-wise, I rate the solution a ten out of ten."
"The product is very good at incident response."
"IBM Resilient is scalable."
"The most valuable features of IBM Resilient are its flexibility and customization options for incident response."
"Its flexibility is the most valuable."
"The solution is simple to use and to integrate with IBM QRadar."
"As a whole, the product is stable...Technical support is very good."
"It is a stable solution...It is a scalable solution."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The solution could improve the playbooks."
"Sentinel's reporting is complex and can be more user-friendly."
"The on-prem log sources still require a lot of development."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The support is not 24/7."
"IBM Resilient is quite complex, including its configuration."
"IBM Resilient could integrate better with my tools."
"There are shortcomings with IBM Resilient's technical support team that can be considered for improvement in the future."
"What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products."
"Its price needs improvement."
"The product must provide more integration with other tools."
"Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution."
"The tool needs to improve its documentation on license scripts."
Earn 20 points
DFLabs IncMan SOAR is ranked 28th in Security Orchestration Automation and Response (SOAR) while IBM Resilient is ranked 7th in Security Orchestration Automation and Response (SOAR) with 17 reviews. DFLabs IncMan SOAR is rated 0.0, while IBM Resilient is rated 7.6. The top reviewer of DFLabs IncMan SOAR writes "Protects an organization from the threat of a data breach or cyberattack". On the other hand, the top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". DFLabs IncMan SOAR is most compared with Palo Alto Networks Cortex XSOAR, whereas IBM Resilient is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, ServiceNow Security Operations, Fortinet FortiSOAR and Swimlane.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
