No more typing reviews! Try our Samantha, our new voice AI agent.

Proofpoint Threat Response vs ServiceNow Security Operations comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 2, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Proofpoint Threat Response
Ranking in Security Incident Response
3rd
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
6
Ranking in other categories
No ranking in other categories
ServiceNow Security Operations
Ranking in Security Incident Response
1st
Average Rating
8.0
Reviews Sentiment
6.5
Number of Reviews
24
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (9th), Risk-Based Vulnerability Management (12th)
 

Mindshare comparison

As of July 2026, in the Security Incident Response category, the mindshare of Proofpoint Threat Response is 6.3%, down from 18.0% compared to the previous year. The mindshare of ServiceNow Security Operations is 9.0%, down from 15.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Incident Response Mindshare Distribution
ProductMindshare (%)
ServiceNow Security Operations9.0%
Proofpoint Threat Response6.3%
Other84.7%
Security Incident Response
 

Featured Reviews

reviewer2839371 - PeerSpot reviewer
Assistant Consultant at a tech services company with 11-50 employees
Automated email removal has reduced spam impact and gives the security team more time for analysis
Proofpoint Threat Response offers the best features through creating a workflow that deals with different types of emails, including identifying spam. If any user identifies an email as malicious, it triggers a workflow to the information security team, who will analyze it and determine whether to inform the user that it is not malicious or trigger a flow. A flow can be created for different types, where high spam emails are auto-pulled, low spam emails are quarantined for analysis, and integration with Proofpoint TRAP and Proofpoint TAP allows auto-pull for emails declared malicious. Additionally, I can revert changes if an email initially declared as spam is later found not to be spam, restoring it to the user's mailbox without user intervention. This complete feature encompasses threat response, prediction, activations, deletions, and sometimes restorations. I find myself using the integration with TAP and the integration with the Abuse Mailbox the most because those are utilized daily. Users often confuse whether an email is malicious or not, prompting them to use Proofpoint Abuse Mailbox via the report phishing button. As spammers grow more intelligent, Proofpoint TAP is also useful by flagging those emails. No action is required on our side because it is the collaboration between Proofpoint Threat Response and Targeted Attack Protection, making the SOC team's work easier, with reduced false positives, allowing them time for more productive tasks. Proofpoint Threat Response has positively impacted the organization by improving security posture, providing breathing space for the SOC team with fewer false positives, and offering a tool for users to report any malicious email using the Abuse Mailbox, which the SOC team can analyze. Proofpoint intelligence can then declare emails malicious or not and pull them from the user's mailbox. The solution has impacted us positively, safeguarding against spam while giving the SOC team the capacity to analyze needs without being overwhelmed by false positives. In previous days without Proofpoint Threat Response Auto-Pull, the SOC team spent more than two or three hours analyzing emails, checking hash values, verifying the nature of emails, and conducting eDiscovery for malicious emails. During mass spam attacks, the entire day was consumed in firefighting mode. Now, with Proofpoint Threat Response Auto-Pull, integration with TAP, Abuse Mailbox, CSV integration, and other data sources, the team can perform tasks that once required hours in just a minute.
Suhel Khan - PeerSpot reviewer
Senior Consultant (Siem Admin) at IBM
Precise incident handling has improved reporting and searching across complex security cases
I would like to see new features added, particularly regarding the incident upgrading part. For instance, if you have an instance and need to transfer it to a particular team, being able to show that the status is still in progress, which is currently in a beta version, would definitely help people to understand that the status has changed for the incident.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"If something's pulled and then it's later declared a false positive, it will automatically restore. They also take automatic feeds from their advanced threat detection modules."
"The best part of Proofpoint Threat Response is the Auto-Pull feature. Being able to pull an email back from a user's mailbox is very useful, yet I have noticed that not a lot of organizations use this kind of feature."
"Proofpoint has reduced the number of major attacks on our systems."
"Support is very responsive."
"The platform's most valuable include the ability to check emails and block potential spam."
"Our ROI is100%. Our entire management and decision makers are very impressed and happy with this product."
"This is truly a top-notch feature, and I have not seen such good functionality from the same kind of feature in any other tool so far."
"In previous days without Proofpoint Threat Response Auto-Pull, the SOC team spent more than two or three hours analyzing emails, checking hash values, verifying the nature of emails, and conducting eDiscovery for malicious emails, but now with Proofpoint Threat Response Auto-Pull, integration with TAP, Abuse Mailbox, CSV integration, and other data sources, the team can perform tasks that once required hours in just a minute."
"The SOAR module of ServiceNow Security Operations is the most valuable feature"
"The "follow" feature is really good. If the user is not responding, there's an option to "follow". Just click on the button, and it will automatically trigger an email to the end user."
"ServiceNow Security Operations has helped me in getting more precise results."
"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."
"These features are very seamless, and the workspace along with the unified view of the entire application is something that is very impressive."
"The product has a very simple UI."
"It has helped optimize security costs by consolidating multiple tools into one platform."
"Reduces time to closure and closure metrics for vulnerabilities."
 

Cons

"Scalability is currently limited, as it only integrates with Proofpoint Email Protection, Proofpoint TAP, and the Abuse Mailbox, although there is potential for further scalability with additional integrations."
"Has some quirks."
"The platform's technical support services and pricing need improvement."
"The interface within Threat Response could be made simpler."
"If the reporting gets improved then it would be better, but the product is running amazing as it is."
"The product has some quirks that could be improved."
"The on-premise version doesn't scale well for large companies."
"The initial setup is difficult."
"Customer awareness and understanding of ServiceNow's SecOps capabilities could be improved."
"A one-year delay from their go-live date is a bit too long."
"The dashboard and playbook creation will need to improve"
"You can't connect to anything. It doesn't interact with things very well."
"Report generation within ServiceNow can take some time. Additionally, there are occasional issues when raising a ticket, which can also consume time."
"I would like to see new features added, particularly regarding the incident upgrading part."
"In future releases, I would like to add a follow-up and reminder feature. For the tickets in our queue, we could set reminders. This would help us prioritize older tickets before moving on to new ones."
 

Pricing and Cost Advice

"It's quite affordable to have it with this much functionality and ease to administrate."
"The way most big companies work with Proofpoint is that they try to tie everything into an enterprise license. I can't comment on the actual costs, however I do know that alternative solutions such as Abnormal Security can be much more expensive than Proofpoint Threat Response."
"Compared to competitor tools, ServiceNow Security Operations is more affordable"
"It is an expensive product."
"If you're going to implement it on your own, there would be internal costs. If you're going to implement it through a contractor or consultant, you have to pay for that."
"The solution is more expensive than BMC Remedy, the other ITSM tool available in the market."
"The product is more expensive than other solutions."
"This product is a good value for the money."
report
Use our free recommendation engine to learn which Security Incident Response solutions are best for your needs.
903,257 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
14%
Comms Service Provider
11%
University
9%
Outsourcing Company
9%
Financial Services Firm
17%
Manufacturing Company
13%
Government
5%
Comms Service Provider
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business6
Midsize Enterprise2
Large Enterprise17
 

Questions from the Community

What is your experience regarding pricing and costs for Proofpoint Threat Response?
For pricing, setup cost, and licensing, it is necessary to purchase Proofpoint professional services if assistance is desired during setup, which is quite easy. A license is purchased, and a techni...
What needs improvement with Proofpoint Threat Response?
To improve Proofpoint Threat Response, I suggest adding support for other email protection services such as Cisco IronPort, IronMail, and Abnormal, which would enhance its capabilities. This would ...
What is your primary use case for Proofpoint Threat Response?
Proofpoint Threat Response was initially implemented on-premises as Proofpoint Threat Response Auto-Pull, integrated with Proofpoint Email Protection service and TAP, Proofpoint Targeted Attack Pro...
What is your experience regarding pricing and costs for ServiceNow Security Operations?
In my opinion, the pricing is quite affordable considering the features, and I do not find it expensive. I would not call it cheap; rather, I am looking at it as a product owner.
What needs improvement with ServiceNow Security Operations?
I would like to see new features added, particularly regarding the incident upgrading part. For instance, if you have an instance and need to transfer it to a particular team, being able to show th...
What advice do you have for others considering ServiceNow Security Operations?
For someone looking to use ServiceNow Security Operations, I recommend that they read about the documentation and spend one or two hours familiarizing themselves with FortiGating, and that will be ...
 

Overview

 

Sample Customers

University of Waterloo, Akorn, Fenwick and West LLP
DXC Technology, Freedom Security Alliance, Prime Therapeutics, Seton Hall University, York Risk Services
Find out what your peers are saying about Proofpoint Threat Response vs. ServiceNow Security Operations and other solutions. Updated: June 2026.
903,257 professionals have used our research since 2012.