No more typing reviews! Try our Samantha, our new voice AI agent.

Proofpoint Threat Response vs ServiceNow Security Operations comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 2, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Proofpoint Threat Response
Ranking in Security Incident Response
3rd
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
6
Ranking in other categories
No ranking in other categories
ServiceNow Security Operations
Ranking in Security Incident Response
1st
Average Rating
8.0
Reviews Sentiment
6.5
Number of Reviews
24
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (9th), Risk-Based Vulnerability Management (12th)
 

Mindshare comparison

As of July 2026, in the Security Incident Response category, the mindshare of Proofpoint Threat Response is 6.3%, down from 18.0% compared to the previous year. The mindshare of ServiceNow Security Operations is 9.0%, down from 15.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Incident Response Mindshare Distribution
ProductMindshare (%)
ServiceNow Security Operations9.0%
Proofpoint Threat Response6.3%
Other84.7%
Security Incident Response
 

Featured Reviews

reviewer2839371 - PeerSpot reviewer
Assistant Consultant at a tech services company with 11-50 employees
Automated email removal has reduced spam impact and gives the security team more time for analysis
Proofpoint Threat Response offers the best features through creating a workflow that deals with different types of emails, including identifying spam. If any user identifies an email as malicious, it triggers a workflow to the information security team, who will analyze it and determine whether to inform the user that it is not malicious or trigger a flow. A flow can be created for different types, where high spam emails are auto-pulled, low spam emails are quarantined for analysis, and integration with Proofpoint TRAP and Proofpoint TAP allows auto-pull for emails declared malicious. Additionally, I can revert changes if an email initially declared as spam is later found not to be spam, restoring it to the user's mailbox without user intervention. This complete feature encompasses threat response, prediction, activations, deletions, and sometimes restorations. I find myself using the integration with TAP and the integration with the Abuse Mailbox the most because those are utilized daily. Users often confuse whether an email is malicious or not, prompting them to use Proofpoint Abuse Mailbox via the report phishing button. As spammers grow more intelligent, Proofpoint TAP is also useful by flagging those emails. No action is required on our side because it is the collaboration between Proofpoint Threat Response and Targeted Attack Protection, making the SOC team's work easier, with reduced false positives, allowing them time for more productive tasks. Proofpoint Threat Response has positively impacted the organization by improving security posture, providing breathing space for the SOC team with fewer false positives, and offering a tool for users to report any malicious email using the Abuse Mailbox, which the SOC team can analyze. Proofpoint intelligence can then declare emails malicious or not and pull them from the user's mailbox. The solution has impacted us positively, safeguarding against spam while giving the SOC team the capacity to analyze needs without being overwhelmed by false positives. In previous days without Proofpoint Threat Response Auto-Pull, the SOC team spent more than two or three hours analyzing emails, checking hash values, verifying the nature of emails, and conducting eDiscovery for malicious emails. During mass spam attacks, the entire day was consumed in firefighting mode. Now, with Proofpoint Threat Response Auto-Pull, integration with TAP, Abuse Mailbox, CSV integration, and other data sources, the team can perform tasks that once required hours in just a minute.
Suhel Khan - PeerSpot reviewer
Senior Consultant (Siem Admin) at IBM
Precise incident handling has improved reporting and searching across complex security cases
I would like to see new features added, particularly regarding the incident upgrading part. For instance, if you have an instance and need to transfer it to a particular team, being able to show that the status is still in progress, which is currently in a beta version, would definitely help people to understand that the status has changed for the incident.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It has reduced our manual efforts to remove emails from each user's inbox, and in this case we do not have to ask our IT department or users to do so."
"Our ROI is100%. Our entire management and decision makers are very impressed and happy with this product."
"The platform's most valuable include the ability to check emails and block potential spam."
"In previous days without Proofpoint Threat Response Auto-Pull, the SOC team spent more than two or three hours analyzing emails, checking hash values, verifying the nature of emails, and conducting eDiscovery for malicious emails, but now with Proofpoint Threat Response Auto-Pull, integration with TAP, Abuse Mailbox, CSV integration, and other data sources, the team can perform tasks that once required hours in just a minute."
"Proofpoint has reduced the number of major attacks on our systems."
"The best part of Proofpoint Threat Response is the Auto-Pull feature. Being able to pull an email back from a user's mailbox is very useful, yet I have noticed that not a lot of organizations use this kind of feature."
"Support is very responsive."
"This is truly a top-notch feature, and I have not seen such good functionality from the same kind of feature in any other tool so far."
"The product has a very simple UI, I like the look and feel, and I find it very easy to navigate."
"Reduces time to closure and closure metrics for vulnerabilities."
"The product's most valuable features include the no-code capability for workflows and flow design, which makes it user-friendly, and the ability to perform advanced configurations."
"This product is a good value for the money."
"When things are set up correctly it goes really smooth, however, it's getting there that takes time."
"It gives you the ability to bring data into the system. The workflows are out of the box, and it gives you the ability to auto-assign the incidents based on criteria and vulnerabilities."
"The solution is stable."
"The SOAR module of ServiceNow Security Operations is the most valuable feature"
 

Cons

"Has some quirks."
"The on-premise version doesn't scale well for large companies."
"The interface within Threat Response could be made simpler."
"If the reporting gets improved then it would be better, but the product is running amazing as it is."
"The product has some quirks that could be improved."
"The platform's technical support services and pricing need improvement."
"Scalability is currently limited, as it only integrates with Proofpoint Email Protection, Proofpoint TAP, and the Abuse Mailbox, although there is potential for further scalability with additional integrations."
"Report generation within ServiceNow can take some time. Additionally, there are occasional issues when raising a ticket, which can also consume time."
"I would like to see new features added, particularly regarding the incident upgrading part."
"ServiceNow Security Operations is not specifically a vulnerability management or incident tool, but rather a data aggregator."
"In future releases, I would like to add a follow-up and reminder feature. For the tickets in our queue, we could set reminders. This would help us prioritize older tickets before moving on to new ones."
"Visibility and transitions between teams present significant challenges in the SecOps space, indicating that substantial training and hand-holding are required to improve usability, which is one observation I have had."
"You can't connect to anything. It doesn't interact with things very well."
"It's very slow. When you click a button or update a field, it takes forever to actually react."
"The threat intelligence module needs a better dashboard."
 

Pricing and Cost Advice

"The way most big companies work with Proofpoint is that they try to tie everything into an enterprise license. I can't comment on the actual costs, however I do know that alternative solutions such as Abnormal Security can be much more expensive than Proofpoint Threat Response."
"It's quite affordable to have it with this much functionality and ease to administrate."
"If you're going to implement it on your own, there would be internal costs. If you're going to implement it through a contractor or consultant, you have to pay for that."
"The solution is more expensive than BMC Remedy, the other ITSM tool available in the market."
"Compared to competitor tools, ServiceNow Security Operations is more affordable"
"The product is more expensive than other solutions."
"This product is a good value for the money."
"It is an expensive product."
report
Use our free recommendation engine to learn which Security Incident Response solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Comms Service Provider
11%
Outsourcing Company
10%
University
10%
Financial Services Firm
17%
Manufacturing Company
13%
Government
5%
Computer Software Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business6
Midsize Enterprise2
Large Enterprise17
 

Questions from the Community

What is your experience regarding pricing and costs for Proofpoint Threat Response?
For pricing, setup cost, and licensing, it is necessary to purchase Proofpoint professional services if assistance is desired during setup, which is quite easy. A license is purchased, and a techni...
What needs improvement with Proofpoint Threat Response?
To improve Proofpoint Threat Response, I suggest adding support for other email protection services such as Cisco IronPort, IronMail, and Abnormal, which would enhance its capabilities. This would ...
What is your primary use case for Proofpoint Threat Response?
Proofpoint Threat Response was initially implemented on-premises as Proofpoint Threat Response Auto-Pull, integrated with Proofpoint Email Protection service and TAP, Proofpoint Targeted Attack Pro...
What is your experience regarding pricing and costs for ServiceNow Security Operations?
In my opinion, the pricing is quite affordable considering the features, and I do not find it expensive. I would not call it cheap; rather, I am looking at it as a product owner.
What needs improvement with ServiceNow Security Operations?
I would like to see new features added, particularly regarding the incident upgrading part. For instance, if you have an instance and need to transfer it to a particular team, being able to show th...
What advice do you have for others considering ServiceNow Security Operations?
For someone looking to use ServiceNow Security Operations, I recommend that they read about the documentation and spend one or two hours familiarizing themselves with FortiGating, and that will be ...
 

Overview

 

Sample Customers

University of Waterloo, Akorn, Fenwick and West LLP
DXC Technology, Freedom Security Alliance, Prime Therapeutics, Seton Hall University, York Risk Services
Find out what your peers are saying about Proofpoint Threat Response vs. ServiceNow Security Operations and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.