Jun 15, 2018
I would recommend CyberSponse. There is a reason why CyberSponse have been awarded Government and Military contracts over all the competition! Commerical customers need the same power and capability, why settle for anything less!
Palo Alto Networks Cortex XSOAR and Splunk SOAR compete in security automation. Cortex XSOAR seems to have the upper hand due to its vast library of integrations and AI automation capabilities.
Features: Palo Alto Networks Cortex XSOAR excels with superior integration capabilities, customizable playbooks, and a robust command and control center that enhances incident management and automation efficiency. Data enrichment and AI automation further cement its leadership. Splunk SOAR is notable for seamless integration with multiple security tools, user-friendly playbooks, and versatile automation capabilities that improve workflow efficiencies and productivity.
Room for Improvement: Palo Alto Networks Cortex XSOAR users seek improved user-friendliness in playbook creation for less experienced analysts, alongside cost reductions and simplified setup processes. Splunk SOAR could improve integration with other tools, debugging capabilities, and offer more competitive pricing. Enhancements in customization and advanced features are suggested to increase user effectiveness.
Ease of Deployment and Customer Service: Both solutions provide flexible deployment options like Public Cloud, Private Cloud, and On-premises. Users have mixed feedback on Palo Alto's technical support, valuing responsiveness but noting areas for improvement. Splunk's support is generally well-regarded for knowledgeability and consistent accessibility, though some areas could still benefit from advancements.
Pricing and ROI: Palo Alto Networks Cortex XSOAR is perceived as expensive, discouraging smaller organizations despite its efficient capability potentially offering high ROI. Splunk SOAR's pricing model is more flexible and user-based, potentially cost-effective as its capabilities are fully utilized. Both products offer significant ROI through enhanced automation and operational efficiency, especially in mature SOC environments.
Since we started working with Torq, I am handling much fewer alerts. It is becoming really easy for me to handle an alert.
By the time we officially bought Torq, we already had two workflows that were very helpful to us.
It pretty much took until we got to our first renewal where we said that this is the value we see, this is the things we want more, but that is the first place where we said we are happy enough that we want to renew.
We are positioning Palo Alto Networks Cortex XSOAR, which can be used in the SOC and do a lot of automation for the customer.
Since deploying Splunk SOAR, there has been a notable reduction in time spent on monotonous security tasks, which I estimate to be around 95%, enabling my team to focus on more strategic initiatives.
We've seen a decrease in false positives and a significant increase in our containment.
Monthly, around 300 hours of effort, it is saving with Splunk SOAR.
My impression of their technical support during the initial setup was that they were helpful, responded within a reasonable timeframe, and provided exactly what we needed.
The speed and quality of their answers have been pretty good, as I usually get a response within 24 hours, and they follow up well.
We can always get an answer, and the support team are experts in their own system.
Eight out of ten times, they provide valuable help.
Their support has been better than Anomali's and they are more responsive.
The technical support provided by Palo Alto Networks Cortex XSOAR is good.
Discovering different troubleshooting methods is harder to do with Splunk SOAR than with Enterprise Security or other Splunk services.
We always have a customer support representative who will come in the picture and help us to direct any ticket or any issue that we are facing to the right team.
I have worked with Splunk SOAR's technical support or customer service, which I find to be as perfect as Splunk SIEM
Our case management is super scalable.
In terms of scalability, you can do as long as you can build it, and they can support it.
Regarding the ability of the solution to grow in your work environment, if it is scalable, if it fits your business requirements, and if there is room to scale up, the answer is yes, for sure.
The scalability of Palo Alto Networks Cortex XSOAR supports our growth and security needs because we can integrate various tools and continuously add more capability.
Palo Alto Networks Cortex XSOAR has very good application capabilities and is highly scalable.
The issues with scalability arise from the speed of some integrations, as not all are perfectly tuned by Palo.
This solution is very much scalable, so I would rate it a ten.
It can be extended and adapted as necessary.
Regarding scalability, I find it to be a nine, as we have had no issues with scaling Splunk SOAR.
We have been using Torq for one and a half years, but we have experienced no downtime.
Most of the time, the system is stable as long as the components that they integrate with are stable.
I have never faced any downtime or issues.
The system works smoothly even when I navigate deep into the playbook section.
I would rate the stability and reliability of Palo Alto Networks Cortex XSOAR as a nine.
We have not experienced any downtime, crashes, or performance issues.
We have not seen any impact in the work that we do with Splunk SOAR or the SIEM platform.
I have not encountered any outages or glitches within my experience with Splunk SOAR.
Torq should offer default templates that can directly scan firewall data and automate actions.
The AI value depends on maturity. Real value depends heavily on telemetry, integration depth, and workflow design, all of which rely on how mature customers are in their SOC department.
It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet.
The deployment requires integration and the development of integration modules.
One of the significant issues we encounter is system slowdown when we receive an influx of alerts, which inhibits how quickly we can access the information needed for investigation.
To improve the solution, it needs to have complete features that are low-code, no-code, and should be plug-and-play.
If we start ingesting those data to Splunk SOAR or SIEM with some sort of integration with threat intelligence feed, that will also improve our detection and prediction method or help us with the investigation.
Torq is better than Splunk SOAR because Torq has a no-code UI where we can accomplish anything through drag and drop.
Visibility into automated response actions and investigation workflows that help analysts to quickly identify threats and understand attack patterns.
When they bring more and more value into the platform, it makes more sense to pay that price, but still, it is expensive.
Before deciding to implement Torq, I considered that compared to our old case management platform, Torq was a much better price and had a lot better value for what you get out of the platform, which was a key consideration for the company.
It is an expensive solution, not an inexpensive solution, but we get through the flexibility.
For customers, it is zero versus $20 million, which is why they have to make a decision.
It is way below what it costs to hire some professionals to do only that type of work.
Splunk SOAR is moderately priced, neither cheap nor overly expensive.
I am familiar with the pricing aspect, setup cost, and licensing cost of Splunk SOAR, and it is pretty much similar to what industries are offering these days.
Torq's unified platform approach to AI SOC automation and case management has significantly benefited us by integrating the case management platform with the automation, which saves time compared to managing multiple point solutions across our security stack.
The fact that I can build whatever I want within my own imagination and skills without relying on code is the best thing about Torq.
You can copy and paste a cURL command. If you have documentation or APIs, you usually have an example on the side. You basically have all the information on how the API call should be. You can just copy that and paste it into a step, and it will just build the step for you.
Execution of automatic tasks for collecting, enriching, and correlating security events from hundreds of different technologies.
If I already have an established process, I do not have to change my process to fit into the tool. I can modify the tool to fit into my process, which makes things considerably easier.
We have implemented automation features, such as automated responses to email threats and automatic configuration of target devices for blocking specific IPs.
Creating playbooks using the Playbook Editor in Splunk SOAR is easy. The editor is designed to be user-friendly with visual drag and drop features, allowing for easy workflows without writing any code.
Splunk SOAR saves time in threat response, and the time to solve an incident is currently the best in the market.
Splunk SOAR has improved our MTTD and MTTR both with the consolidation with a unified platform with Splunk.
| Product | Mindshare (%) |
|---|---|
| Splunk SOAR | 7.4% |
| Palo Alto Networks Cortex XSOAR | 8.8% |
| Torq | 3.7% |
| Other | 80.1% |
| Company Size | Count |
|---|---|
| Small Business | 2 |
| Midsize Enterprise | 5 |
| Large Enterprise | 5 |
| Company Size | Count |
|---|---|
| Small Business | 21 |
| Midsize Enterprise | 9 |
| Large Enterprise | 26 |
| Company Size | Count |
|---|---|
| Small Business | 18 |
| Midsize Enterprise | 7 |
| Large Enterprise | 39 |
Torq is the enterprise AI SOC solution that effectively combines adaptive insights and automation to handle critical threats efficiently. It manages threat lifecycles, swiftly moving from triage to response, ensuring effective risk management.
Torq is designed to streamline security operations by aggregating telemetry across your security stack. It investigates significant risks and manages threats from triage to containment and remediation. This AI-driven tool enhances the capabilities of your SecOps team, allowing them to achieve more impactful results without introducing complicated processes.
What are the key features of Torq?In industries like finance and healthcare, Torq shows effectiveness by adapting to specific risk scenarios often encountered in these fields. Its integration with existing infrastructures makes it a valuable asset for maintaining stringent security standards, essential for protecting critical data and operations in diverse high-stakes environments.
Palo Alto Networks Cortex XSOAR enhances security operations automation and integration. Users rely on its incident management capabilities and machine learning to improve response times and efficiency.
Cortex XSOAR stands out for its capability to automate and orchestrate security tasks through customizable playbooks and robust third-party integrations. Its analytics offer insights into incidents, while machine learning prioritizes alerts and reduces false positives. Despite its powerful features, users note room for improvement in documentation, interface design, and integration capabilities. Cost and complexity in setup and deployment are also concerns. Users in security operations centers benefit significantly from automated data enrichment, streamlined incident response, and efficient handling of threats like phishing and endpoint management.
What are the key features of Cortex XSOAR?Cortex XSOAR is implemented across industries for automating and streamlining security operations. Organizations use it to create playbooks, integrate with security tools, and automate repetitive tasks, thereby improving the efficiency of their security operations centers and incident management processes.
Splunk SOAR focuses on automating security operations with seamless third-party integrations and customizable workflows, enhancing incident response and threat management.
Splunk SOAR offers robust playbook automation and powerful API connectivity, allowing organizations to streamline workflows and integrate extensively with tools like Salesforce and ServiceNow. With its capabilities in real-time data visualization and automated threat responses, it significantly enhances security and reduces manual efforts. Users appreciate the ease of creating playbooks, which reduces mean time to detect and resolve. However, attention to its integration challenges with Microsoft products, the need for more playbooks, and improved customization tools is necessary. Enhancements in the development process, visibility, scalability, and case management options are also beneficial. Improving documentation and training resources would add more depth and accessibility.
What are the top features of Splunk SOAR?Organizations implement Splunk SOAR in industries to automate tasks in Security Operation Centers, addressing incidents such as phishing, brute force, and ransomware. It integrates with third-party applications for threat intelligence enrichment, commonly deployed both on-premise and cloud, enhancing cybersecurity efforts.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
