We performed a comparison between ServiceNow Security Operations and Siemplify based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The pricing of the product is excellent."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"It has a lot of great features."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"It gives you the ability to bring data into the system. The workflows are out of the box, and it gives you the ability to auto-assign the incidents based on criteria and vulnerabilities."
"The ease of use is great."
"What I found most valuable in ServiceNow Security Operations is that it's very useful for any incoming vulnerability. For example, if my team finds any vulnerability on servers such as the CA and CMDB integrated with ServiceNow Security Operations, my team can make some changes. My team can map the vulnerabilities found on the CA server, make the changes required, and resolve the vulnerabilities before the system is attacked. You can avoid vulnerability attacks through ServiceNow Security Operations, so this is the best feature of the solution. ServiceNow Security Operations is beneficial mainly for vulnerability response and engagement purposes."
"Reduces time to closure and closure metrics for vulnerabilities."
"The solution is available over the cloud and is easy to manage."
"The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product."
"It's stable."
"My favorite feature is the application vulnerability scanner."
"Without hyperbole, I have never, in my entire career, encountered a vendor or a vendor community as awesome as Siemplify. Siemplify and the Siemplify Community quite literally made it possible for our SOC to increase almost five-fold in our number of clients and number of analysts and to go from a Monday to Friday 9-5 shop to a 24/7 shop all in the span of under a year and a half and all while continually adding capabilities and improving the services we offer to our clients."
"The playbooks feature in Siemplify is crucial for automation. We've utilized both standard and custom integrations with other security operation solutions, enhancing our flexibility. The user interface is generally straightforward, although recent changes may require some adjustment and Siemplify's integrations and capabilities offer potential support for various compliance requirements."
"The most valuable feature of Siemplify is the playbooks that can be created."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"We'd like also a better ticketing system, which is older."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better."
"It's very slow. When you click a button or update a field, it takes forever to actually react."
"The product is called SecOps, but it is not security operations in terms of SIEM solutions."
"It doesn't interact with things very well."
"An area for improvement I observed in ServiceNow Security Operations is the need to maintain correct CMDB data because if you're unable to do this, you can't perfectly maintain the vulnerability data. CMDB data in ServiceNow Security Operations needs to be accurate. As I've been working on ServiceNow Security Operations for only seven months, I still need more time to try all its modules before I can give recommendations regarding additional features I'd like to see in the solution."
"It is challenging for the customers to understand the processes for SecOps. It needs to be simplified."
"The initial setup is difficult."
"There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution."
"Building the playbooks could be easier and the integration could improve. It is a difficult process, such as what API connections need to be made."
"We often encounter minor issues that could be improved, but we maintain communication with the developers and submit feature requests. Recently, I requested enhancements such as improved search functionality within playbooks and expanded options for exporting case data."
"I'm inclined to say that I'd love to see some Machine Learning capabilities integrated into the platform, however, I just attended a demo this morning where Siemplify gave a sneak peek into some Machine Learning capabilities that they are currently developing and have roadmapped for release soon."
More ServiceNow Security Operations Pricing and Cost Advice →
ServiceNow Security Operations is ranked 7th in Security Orchestration Automation and Response (SOAR) with 15 reviews while Siemplify is ranked 16th in Security Orchestration Automation and Response (SOAR) with 3 reviews. ServiceNow Security Operations is rated 8.0, while Siemplify is rated 8.6. The top reviewer of ServiceNow Security Operations writes "Mature with nice UI and customizable workflows". On the other hand, the top reviewer of Siemplify writes "Great for reporting and ticketing for SOC MxDR client environments and has a great, supportive community". ServiceNow Security Operations is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, IBM Resilient, Swimlane and Tines, whereas Siemplify is most compared with Splunk SOAR, Palo Alto Networks Cortex XSOAR and Fortinet FortiSOAR. See our ServiceNow Security Operations vs. Siemplify report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
