We performed a comparison between D3 Security and IBM Resilient based on real PeerSpot user reviews.
Find out in this report how the two Security Incident Response solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"Log aggregation and data connectors are the most valuable features."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"It is an out-of-the-box automated integration with our 20 departments. We perform L1 LiveOps automatically through the portal."
"The solution's valuable feature is its GUI. It has more than 450 connectors, which are excellent for connecting devices and automating integration. The solution has all the features we need. We deployed it in our environment, and it's fully integrated. Thanks to their open APIs, the seamless integration makes everything work well together."
"IBM Resilient is scalable."
"The solution is very easy to use."
"It's really simple and has a flexible interface."
"This is a good solution that we recommend for customers."
"The product is very good at incident response."
"As a whole, the product is stable...Technical support is very good."
"Its flexibility is the most valuable."
"The solution is simple to use and to integrate with IBM QRadar."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"The on-prem log sources still require a lot of development."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"The playbook is a bit difficult and could be improved."
"Reporting needs improvement. MTTR and MTTD metrics aren't directly available in playbooks and require manual effort to achieve."
"The reporting, especially custom reporting, needs to be improved. Additionally, it would be better if it could be hosted on Linux."
"The product needs a bit more development."
"The implementation could be a bit simpler."
"The tool needs to improve its documentation on license scripts."
"This product could be improved with better customization. This product isn't the best on the market like QRadar, but it's actually a good solution. However, some competitors' solutions contain more integration, support, automation, or flexibility."
"IBM Resilient could integrate better with my tools."
"The integration could be improved so that it is easy to integrate with other solutions."
"It is not very straightforward to set up custom integrations, especially with services like Azure. You need an additional server for integration."
"The ability to analyze incidents needs to be improved in the solution."
D3 Security is ranked 7th in Security Incident Response with 2 reviews while IBM Resilient is ranked 4th in Security Incident Response with 17 reviews. D3 Security is rated 9.0, while IBM Resilient is rated 7.6. The top reviewer of D3 Security writes "Offers open API for integrating any available tools without any recurring costs". On the other hand, the top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". D3 Security is most compared with Palo Alto Networks Cortex XSOAR, Fortinet FortiSOAR and Splunk SOAR, whereas IBM Resilient is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, ServiceNow Security Operations, IBM Security QRadar and IBM Cloud Pak for Security. See our D3 Security vs. IBM Resilient report.
See our list of best Security Incident Response vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
