No more typing reviews! Try our Samantha, our new voice AI agent.

Proofpoint Threat Response vs ServiceNow Security Operations comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 2, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Proofpoint Threat Response
Ranking in Security Incident Response
3rd
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
6
Ranking in other categories
No ranking in other categories
ServiceNow Security Operations
Ranking in Security Incident Response
1st
Average Rating
8.0
Reviews Sentiment
6.5
Number of Reviews
24
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (9th), Risk-Based Vulnerability Management (12th)
 

Mindshare comparison

As of July 2026, in the Security Incident Response category, the mindshare of Proofpoint Threat Response is 6.3%, down from 18.0% compared to the previous year. The mindshare of ServiceNow Security Operations is 9.0%, down from 15.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Incident Response Mindshare Distribution
ProductMindshare (%)
ServiceNow Security Operations9.0%
Proofpoint Threat Response6.3%
Other84.7%
Security Incident Response
 

Featured Reviews

reviewer2839371 - PeerSpot reviewer
Assistant Consultant at a tech services company with 11-50 employees
Automated email removal has reduced spam impact and gives the security team more time for analysis
Proofpoint Threat Response offers the best features through creating a workflow that deals with different types of emails, including identifying spam. If any user identifies an email as malicious, it triggers a workflow to the information security team, who will analyze it and determine whether to inform the user that it is not malicious or trigger a flow. A flow can be created for different types, where high spam emails are auto-pulled, low spam emails are quarantined for analysis, and integration with Proofpoint TRAP and Proofpoint TAP allows auto-pull for emails declared malicious. Additionally, I can revert changes if an email initially declared as spam is later found not to be spam, restoring it to the user's mailbox without user intervention. This complete feature encompasses threat response, prediction, activations, deletions, and sometimes restorations. I find myself using the integration with TAP and the integration with the Abuse Mailbox the most because those are utilized daily. Users often confuse whether an email is malicious or not, prompting them to use Proofpoint Abuse Mailbox via the report phishing button. As spammers grow more intelligent, Proofpoint TAP is also useful by flagging those emails. No action is required on our side because it is the collaboration between Proofpoint Threat Response and Targeted Attack Protection, making the SOC team's work easier, with reduced false positives, allowing them time for more productive tasks. Proofpoint Threat Response has positively impacted the organization by improving security posture, providing breathing space for the SOC team with fewer false positives, and offering a tool for users to report any malicious email using the Abuse Mailbox, which the SOC team can analyze. Proofpoint intelligence can then declare emails malicious or not and pull them from the user's mailbox. The solution has impacted us positively, safeguarding against spam while giving the SOC team the capacity to analyze needs without being overwhelmed by false positives. In previous days without Proofpoint Threat Response Auto-Pull, the SOC team spent more than two or three hours analyzing emails, checking hash values, verifying the nature of emails, and conducting eDiscovery for malicious emails. During mass spam attacks, the entire day was consumed in firefighting mode. Now, with Proofpoint Threat Response Auto-Pull, integration with TAP, Abuse Mailbox, CSV integration, and other data sources, the team can perform tasks that once required hours in just a minute.
Suhel Khan - PeerSpot reviewer
Senior Consultant (Siem Admin) at IBM
Precise incident handling has improved reporting and searching across complex security cases
I would like to see new features added, particularly regarding the incident upgrading part. For instance, if you have an instance and need to transfer it to a particular team, being able to show that the status is still in progress, which is currently in a beta version, would definitely help people to understand that the status has changed for the incident.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It has reduced our manual efforts to remove emails from each user's inbox, and in this case we do not have to ask our IT department or users to do so."
"If something's pulled and then it's later declared a false positive, it will automatically restore. They also take automatic feeds from their advanced threat detection modules."
"The platform's most valuable include the ability to check emails and block potential spam."
"The best part of Proofpoint Threat Response is the Auto-Pull feature. Being able to pull an email back from a user's mailbox is very useful, yet I have noticed that not a lot of organizations use this kind of feature."
"This is truly a top-notch feature, and I have not seen such good functionality from the same kind of feature in any other tool so far."
"In previous days without Proofpoint Threat Response Auto-Pull, the SOC team spent more than two or three hours analyzing emails, checking hash values, verifying the nature of emails, and conducting eDiscovery for malicious emails, but now with Proofpoint Threat Response Auto-Pull, integration with TAP, Abuse Mailbox, CSV integration, and other data sources, the team can perform tasks that once required hours in just a minute."
"Support is very responsive."
"Proofpoint has reduced the number of major attacks on our systems."
"This product is a good value for the money."
"The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product."
"My favorite feature is the application vulnerability scanner."
"Reduces time to closure and closure metrics for vulnerabilities."
"The most valuable features are service management and case management, and ServiceNow Security Operations also takes care of problem management as well as GRC, governance, risk, and compliance, enabling it to provide risk assessment."
"What I found most valuable in ServiceNow Security Operations is that it's very useful for any incoming vulnerability. For example, if my team finds any vulnerability on servers such as the CA and CMDB integrated with ServiceNow Security Operations, my team can make some changes. My team can map the vulnerabilities found on the CA server, make the changes required, and resolve the vulnerabilities before the system is attacked. You can avoid vulnerability attacks through ServiceNow Security Operations, so this is the best feature of the solution. ServiceNow Security Operations is beneficial mainly for vulnerability response and engagement purposes."
"The SOAR module of ServiceNow Security Operations is the most valuable feature"
"It has helped optimize security costs by consolidating multiple tools into one platform."
 

Cons

"Scalability is currently limited, as it only integrates with Proofpoint Email Protection, Proofpoint TAP, and the Abuse Mailbox, although there is potential for further scalability with additional integrations."
"Has some quirks."
"The platform's technical support services and pricing need improvement."
"The interface within Threat Response could be made simpler."
"The product has some quirks that could be improved."
"If the reporting gets improved then it would be better, but the product is running amazing as it is."
"The on-premise version doesn't scale well for large companies."
"There is room for improvement in terms of developer support and documentation."
"We'd like customization to be easier in terms of the UI and using the dashboards."
"One area for improvement for the product is the need to tailor and alter some codes for customization, which can cause issues during upgrades. It does not support customized operations."
"The threat intelligence module needs a better dashboard."
"A one-year delay from their go-live date is a bit too long."
"I would rate technical support for ServiceNow Security Operations as a six out of ten in terms of faster resolution."
"The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better."
"It's very slow. When you click a button or update a field, it takes forever to actually react."
 

Pricing and Cost Advice

"It's quite affordable to have it with this much functionality and ease to administrate."
"The way most big companies work with Proofpoint is that they try to tie everything into an enterprise license. I can't comment on the actual costs, however I do know that alternative solutions such as Abnormal Security can be much more expensive than Proofpoint Threat Response."
"Compared to competitor tools, ServiceNow Security Operations is more affordable"
"It is an expensive product."
"The product is more expensive than other solutions."
"This product is a good value for the money."
"The solution is more expensive than BMC Remedy, the other ITSM tool available in the market."
"If you're going to implement it on your own, there would be internal costs. If you're going to implement it through a contractor or consultant, you have to pay for that."
report
Use our free recommendation engine to learn which Security Incident Response solutions are best for your needs.
903,118 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
14%
Comms Service Provider
11%
University
9%
Outsourcing Company
9%
Financial Services Firm
17%
Manufacturing Company
13%
Government
5%
Comms Service Provider
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business6
Midsize Enterprise2
Large Enterprise17
 

Questions from the Community

What is your experience regarding pricing and costs for Proofpoint Threat Response?
For pricing, setup cost, and licensing, it is necessary to purchase Proofpoint professional services if assistance is desired during setup, which is quite easy. A license is purchased, and a techni...
What needs improvement with Proofpoint Threat Response?
To improve Proofpoint Threat Response, I suggest adding support for other email protection services such as Cisco IronPort, IronMail, and Abnormal, which would enhance its capabilities. This would ...
What is your primary use case for Proofpoint Threat Response?
Proofpoint Threat Response was initially implemented on-premises as Proofpoint Threat Response Auto-Pull, integrated with Proofpoint Email Protection service and TAP, Proofpoint Targeted Attack Pro...
What is your experience regarding pricing and costs for ServiceNow Security Operations?
In my opinion, the pricing is quite affordable considering the features, and I do not find it expensive. I would not call it cheap; rather, I am looking at it as a product owner.
What needs improvement with ServiceNow Security Operations?
I would like to see new features added, particularly regarding the incident upgrading part. For instance, if you have an instance and need to transfer it to a particular team, being able to show th...
What advice do you have for others considering ServiceNow Security Operations?
For someone looking to use ServiceNow Security Operations, I recommend that they read about the documentation and spend one or two hours familiarizing themselves with FortiGating, and that will be ...
 

Overview

 

Sample Customers

University of Waterloo, Akorn, Fenwick and West LLP
DXC Technology, Freedom Security Alliance, Prime Therapeutics, Seton Hall University, York Risk Services
Find out what your peers are saying about Proofpoint Threat Response vs. ServiceNow Security Operations and other solutions. Updated: June 2026.
903,118 professionals have used our research since 2012.