We performed a comparison between IBM Resilient and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The UI-based analytics are excellent."
"The pricing of the product is excellent."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The initial setup is very simple and straightforward."
"The UBA, User Behavior Analytics, is very good."
"IBM Resilient is scalable."
"As a whole, the product is stable...Technical support is very good."
"The most valuable features of IBM Resilient are its flexibility and customization options for incident response."
"What I like most about IBM Resilient is that it has a complete stack, which means you don't need to use different OEM products because you have all you need under the IBM Resilient umbrella. You don't need to worry much about integrations and components because you're working with tested and proven architecture."
"Stability-wise, I rate the solution a ten out of ten...Scalability-wise, I rate the solution a ten out of ten."
"It's really simple and has a flexible interface."
"The solution is simple to use and to integrate with IBM QRadar."
"It is a scalable solution."
"The solution is very reliable."
"The most valuable feature is automation."
"It is a scalable solution."
"It has an extensive list of integrations that are available out of the box which makes it easy to start."
"It was useful as a ticketing tool."
"From the security team's standpoint, the solution has improved our organization's overall cybersecurity."
"It is quite scalable. I would rate it a ten out of ten."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"I would like to see more AI used in processes."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"The initial setup is complex."
"The implementation could be a bit simpler."
"Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution."
"This product could be improved with better customization. This product isn't the best on the market like QRadar, but it's actually a good solution. However, some competitors' solutions contain more integration, support, automation, or flexibility."
"One thing to improve is how it handles data formats, which currently might require scripting for conversion to CSV before uploading."
"The product must provide more integration with other tools."
"The ability to analyze incidents needs to be improved in the solution."
"There are shortcomings with IBM Resilient's technical support team that can be considered for improvement in the future."
"XSOAR could have more integration options."
"It is been decommissioned by Palo Alto."
"The solution should be made a bit cheaper."
"Palo Alto needs to develop more AI-centric products."
"The formats are not compatible, are readily not available, and are not readable."
"I think they should increase their collaboration base."
"The solution is complicated to learn."
"The integration could be better. Cortex, for example, does not work with iPhone."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
IBM Resilient is ranked 7th in Security Orchestration Automation and Response (SOAR) with 17 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews. IBM Resilient is rated 7.6, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". IBM Resilient is most compared with Splunk SOAR, ServiceNow Security Operations, IBM Security QRadar, Fortinet FortiSOAR and IBM Cloud Pak for Security, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and Tines. See our IBM Resilient vs. Palo Alto Networks Cortex XSOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.