Proofpoint Threat Response vs ServiceNow Security Operations comparison

Proofpoint Threat Response vs. ServiceNow Security Operations

Download the complete report

Helped 885,667 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Proofpoint Threat Response

Ranking in Security Incident Response

2nd

Average Rating

8.0

Reviews Sentiment

7.7

Number of Reviews

Ranking in other categories

No ranking in other categories

ServiceNow Security Operations

Ranking in Security Incident Response

1st

Average Rating

8.0

Reviews Sentiment

6.5

Number of Reviews

Ranking in other categories

Security Orchestration Automation and Response (SOAR) (9th), Risk-Based Vulnerability Management (11th)

Mindshare comparison

As of April 2026, in the Security Incident Response category, the mindshare of Proofpoint Threat Response is 8.7%, down from 16.5% compared to the previous year. The mindshare of ServiceNow Security Operations is 8.0%, down from 19.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Incident Response Mindshare Distribution
Product	Mindshare (%)
ServiceNow Security Operations	8.0%
Proofpoint Threat Response	8.7%
Other	83.3%

Security Incident Response

Featured Reviews

reviewer2460363

Chief Engineer at a healthcare company with 10,001+ employees

Automatically remove threats from mailboxes once identified, reducing manual intervention but on-premise version doesn't scale well for large companies

Auto pull and auto restore are valuable features. Auto restore isn't quite what it should be, but it's a lot better than someone having to manually release mail back to everyone. If something's pulled and then it's later declared a false positive, it will automatically restore. They also take automatic feeds from their advanced threat detection modules. Anytime Advanced Threat Protection finds something that was allowed to go through, either a URL or attachment, it will send out a signal, and Threat Response will automatically pull all of that out of the mail files. The automation is the big thing for us. Integration capabilities: There's an API, but most of it is around how you handle incidents. We're also not using the whole Threat Response suite, just the subset. So, we've never had to or could integrate anything else. We're limited to the Exchange portion only. The whole Threat Response should be labeled as a SOAR tool. The portion we have, I would call it "SOAR-lite." I know there are a couple of others that offer a SOAR-lite, but we're just starting to look at them.

Read full review

Shadab Hussain

Freelancer at a media company with 1,001-5,000 employees

Gaining unified control over vulnerabilities has improved governance but pricing and support need work

The market price is slightly high. The pricing should be a little lower because this is a SaaS-based product. Everyone using ServiceNow might be getting many modules, but the overall module cost becomes high with license consumption one by one. I personally see that if ServiceNow is to grow over the next decade, they need to work on the pricing part. Cheap providers are emerging, and in the age of AI, it is evident that the chatbot and the virtual agent features, which are prominent features of ServiceNow, could be completely compromised and replaced by people choosing other tools. If ServiceNow develops a strategy to lower the price and increase the customer base, it could help ServiceNow to grow for another decade. I encountered one issue in ServiceNow Security Operations. The different tools, for example, Tenable and TVM, discovered vulnerabilities that had very limited information when imported. However, the same vulnerabilities from different sources, the TVM and Tenable, had shorter descriptions than what was present in the common vulnerabilities or CVE. If this depends on the implementer, such as Tenable or how other security operations implement them, the text was very limited. Customers were asking questions about why this was happening and if ServiceNow was working properly. The vulnerability information should be updated and the common text should be displayed every time, regardless of how many different tools are used for integration. The vulnerability database should be consistent when it comes to the description to avoid confusion for customers implementing it for the first time. This is an improvement that ServiceNow can make.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The platform's most valuable include the ability to check emails and block potential spam."

"This is truly a top-notch feature, and I have not seen such good functionality from the same kind of feature in any other tool so far."

"If something's pulled and then it's later declared a false positive, it will automatically restore. They also take automatic feeds from their advanced threat detection modules."

"The best part of Proofpoint Threat Response is the Auto-Pull feature. Being able to pull an email back from a user's mailbox is very useful, yet I have noticed that not a lot of organizations use this kind of feature."

"Support is very responsive."

"It has reduced our manual efforts to remove emails from each user's inbox, and in this case we do not have to ask our IT department or users to do so."

"Proofpoint has reduced the number of major attacks on our systems."

"Our ROI is100%. Our entire management and decision makers are very impressed and happy with this product."

"The "follow" feature is really good. If the user is not responding, there's an option to "follow". Just click on the button, and it will automatically trigger an email to the end user."

"The most valuable features are service management and case management, and ServiceNow Security Operations also takes care of problem management as well as GRC, governance, risk, and compliance, enabling it to provide risk assessment."

"The solution is available over the cloud and is easy to manage."

"These features are very seamless, and the workspace along with the unified view of the entire application is something that is very impressive."

"My favorite feature is the application vulnerability scanner."

"Basically, everything is consolidated into ServiceNow, so most organizations have configuration items in ServiceNow, ServiceNow has a vulnerability module as well, so it brings in data from third-party tools and it can utilize that data itself in Security Operations."

"I will recommend it to others as it is an enterprise application used by large companies for ticketing purposes."

"The SOAR module of ServiceNow Security Operations is the most valuable feature"

More ServiceNow Security Operations pros

Cons

"If the reporting gets improved then it would be better, but the product is running amazing as it is."

"Has some quirks."

"The product has some quirks that could be improved."

"If the reporting gets improved then it would be better, but the product is running amazing as it is."

"The interface within Threat Response could be made simpler."

"The platform's technical support services and pricing need improvement."

"The on-premise version doesn't scale well for large companies."

"Process framework and best practices for ease of integration between IT and security teams via incident, problem, and change."

"I would rate technical support for ServiceNow Security Operations as a six out of ten in terms of faster resolution."

"The threat intelligence module needs a better dashboard."

"You can't connect to anything. It doesn't interact with things very well."

"They should stick to the roadmap and continue to build plugins and integrations with other third parties, enhance the UI, and enhance the reporting."

"We'd like customization to be easier in terms of the UI and using the dashboards."

"An area for improvement I observed in ServiceNow Security Operations is the need to maintain correct CMDB data because if you're unable to do this, you can't perfectly maintain the vulnerability data. CMDB data in ServiceNow Security Operations needs to be accurate. As I've been working on ServiceNow Security Operations for only seven months, I still need more time to try all its modules before I can give recommendations regarding additional features I'd like to see in the solution."

More ServiceNow Security Operations cons

Pricing and Cost Advice

"The way most big companies work with Proofpoint is that they try to tie everything into an enterprise license. I can't comment on the actual costs, however I do know that alternative solutions such as Abnormal Security can be much more expensive than Proofpoint Threat Response."

"It's quite affordable to have it with this much functionality and ease to administrate."

"If you're going to implement it on your own, there would be internal costs. If you're going to implement it through a contractor or consultant, you have to pay for that."

"It is an expensive product."

"The solution is more expensive than BMC Remedy, the other ITSM tool available in the market."

"The product is more expensive than other solutions."

"This product is a good value for the money."

"Compared to competitor tools, ServiceNow Security Operations is more affordable"

See which vendors are best for you

Use our free recommendation engine to learn which Security Incident Response solutions are best for your needs.

See recommendations

885,667 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

13%

Healthcare Company

11%

Construction Company

Energy/Utilities Company

Financial Services Firm

15%

Manufacturing Company

13%

Government

Computer Software Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

By reviewers
Company Size	Count
Small Business	6
Midsize Enterprise	2
Large Enterprise	16

Questions from the Community

What is your experience regarding pricing and costs for Proofpoint Threat Response?

The pricing it's a bit expensive, setup and licensing are simpples

What needs improvement with Proofpoint Threat Response?

The platform's technical support services and pricing need improvement.

What is your primary use case for Proofpoint Threat Response?

We use the product to verify and manage emails sent and received through our Microsoft Exchange server, focusing on blocking potential spam emails.

What is your experience regarding pricing and costs for ServiceNow Security Operations?

It is relatively expensive but manageable.

What needs improvement with ServiceNow Security Operations?

What advice do you have for others considering ServiceNow Security Operations?

ServiceNow Security Operations integrates very easily with third-party security tools. I am involved mostly with ServiceNow and not with other vendors.

Cofense Platform vs Proofpoint Threat Response

Comparisons

Compared 25% of the time

IBM Resilient vs Proofpoint Threat Response

Compared 20% of the time

Gutsy vs Proofpoint Threat Response

Compared 16% of the time

Netwrix Threat Manager vs Proofpoint Threat Response

Compared 14% of the time

Splunk Attack Analyzer vs Proofpoint Threat Response

Compared 12% of the time

More Proofpoint Threat Response Competitors

Splunk SOAR vs ServiceNow Security Operations

Compared 12% of the time

Palo Alto Networks Cortex XSOAR vs ServiceNow Security Operations

Compared 11% of the time

NetWitness NDR vs ServiceNow Security Operations

Compared 6% of the time

CRITICALSTART vs ServiceNow Security Operations

Compared 5% of the time

Tines vs ServiceNow Security Operations

Compared 5% of the time

More ServiceNow Security Operations Competitors

Product Reports

Proofpoint Threat Response

Download Proofpoint Threat Response product report

ServiceNow Security Operations

Download ServiceNow Security Operations product report

Overview

No defense can stop every attack. When something does get through, Proofpoint Threat Response takes the manual labor and guesswork out of incident response to help you resolve threats faster and more efficiently. Get an actionable view of threats, enrich alerts, and automate forensic collection and comparison. For verified threats, quarantine and contain users, hosts, and malicious email attachments - automatically or at the push of a button.

Proofpoint

ServiceNow Security Operations is a cutting-edge security solution designed to elevate organizations' security incident response (SIR) processes through automation and orchestration. Going beyond traditional SOAR, this comprehensive Security Operations Suite integrates seamlessly with other ServiceNow products and offers a wide array of features. Its components include Security Incident Response (SIR), which automates incident workflows and offers pre-built playbooks; Security Configuration Compliance (SCC), continuously scanning and automating compliance tasks; Vulnerability Response (VR), prioritizing and remediating vulnerabilities; Threat Intelligence (TI), aggregating threat data for proactive threat hunting; and additional features like IT Service Management integration, Machine Learning and AI, reporting, and a mobile app. The benefits span improved incident response speed, reduced mean time to resolution, increased security posture, enhanced compliance, collaborative synergy between security and IT teams, and operational cost reductions.

ServiceNow

Sample Customers

University of Waterloo, Akorn, Fenwick and West LLP

DXC Technology, Freedom Security Alliance, Prime Therapeutics, Seton Hall University, York Risk Services

Proofpoint Threat Response vs. ServiceNow Security Operations