The configuration area to deal with during the very beginning or initial stages of the product can be the hardest part for users. Dealing with the configuration part in the beginning stages can be difficult since it is very important for users to have the capability to identify what is required within the tool and what you want to automate. The product's configuration during the beginning stages can be an area that needs to be considered for improvement. The response time of the support is an area of concern where improvements are required.
I have found IBM Resilient lacking in integration capabilities, which can be frustrating. It is not very straightforward to set up custom integrations, especially with services like Azure. You need an additional server for integration. Also, the custom security features need improvement. Currently, it doesn't work well with many vendors, and there are compatibility issues, like not working with group IP. Also, keeping the platform up-to-date with patches, firewalls, security, and upgrades is crucial to avoid problems with deployments and conversions.
Senior Information Technology Security Officer at a financial services firm with 5,001-10,000 employees
Real User
Top 5
2023-09-27T11:29:49Z
Sep 27, 2023
One of the drawbacks of the solution stems from the fact that it is an expensive product. The solution's price is an area where improvement is required. There are shortcomings with IBM Resilient's technical support team that can be considered for improvement in the future.
IBM Resilient is great in many aspects like its wide range of integrations and customizable playbooks. However, one thing to improve is how it handles data formats, which currently might require scripting for conversion to CSV before uploading. Despite this, it stands out for incident response, case management, task organization, and team collaboration, making it a strong choice for organizations compared to competitors like Demisto Palo Alto. When it comes to additional features, I think IBM Resilient is on the right track with its AI capabilities, like linking related incidents and providing recommended actions. It would be nice to see more enhancements in this area, but overall, it looks good.
The ability to analyze incidents needs to be improved in the solution. It also needs to work on how to integrate installation, VMs, and other platforms. IBM Resilient needs to work on what basis one needs to anticipate an email. Though it is good and fixable, the solution also needs to consider working on how to make it possible to move to another solution for its users. In the future, I would like to see the integration of machine learning and AI in the solution.
Senior ArcSight and IBM resileint (SOAR) administrator at a comms service provider with 1,001-5,000 employees
Real User
Top 5
2023-05-18T15:19:00Z
May 18, 2023
Actually, we faced some internal issues while using IBM Resilient. There are other tools simpler than IBM Resilient. So, you have to develop a new infrastructure that involves a lot of scripting, programming, and some extra work to create a very good one. FortiSOAR is simpler than IBM Resilient. It may take me three months or four months to compare between them. IBM Resilient is quite complex, including its configuration. Also, the dashboard in IBM Resilient is not good. Firstly, the IT support is not good. Secondly, the community of IBM Resilient and the steps for integration mentioned in its audiobooks were not good.
Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution. It's worth noting that many third-party add-on applications needed to be purchased separately to integrate with IBM Resilient. While there were built-in applications available for incident remediation, the selection was limited. Additionally, integrating third-party applications was often a difficult and time-consuming process due to the technical complexity involved.
SOC Manager at a comms service provider with 5,001-10,000 employees
Real User
Top 10
2023-01-26T16:56:00Z
Jan 26, 2023
What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products. In a way, IBM Resilient is an orchestration platform, so it should allow you to orchestrate other OEMs or products from non-IBM vendors. If there were a pre-built function that lets you integrate third-party solutions with IBM Resilient, the initial setup for the solution would become easier and more flexible. Implementing or integrating other platforms with IBM Resilient would also take less time. After the solution is implemented, that's the time my company can give more recommendations on which features to add to improve IBM Resilient.
This product could be improved with better customization. This product isn't the best on the market like QRadar, but it's actually a good solution. However, some competitors' solutions contain more integration, support, automation, or flexibility.
Head - Global SOC at a tech services company with 201-500 employees
Real User
2021-06-29T09:18:51Z
Jun 29, 2021
In terms of the whole analysis aspect, if we can get any additional information and ensure it's contextual information, that would be quite helpful to us. The initial setup is complex.
The product needs a bit more development. We've had some compatibility issues that need to be resolved. There needs to be a bit more research done into that to figure out why it won't work. For example, my customer had some specific requirements, however, due to a lot of compatibility issues, some devices were not available to upgrade or add to the system. They say they are working on adding it to the solution, however, the compatibility still isn't available, and may not be for a while. They are unclear on the timelines. We've had issues surrounding the deployment of the product. The solution needs to try and develop more custom playbooks or documentation to help the customer with the initial setup. Technical support is not pro-active enough and they take too long to provide solutions to problems. The solution needs to have a physical deployment as well. It would be ideal if it wasn't just on the cloud.
Administrator at a university with 1,001-5,000 employees
Real User
2020-12-28T16:39:08Z
Dec 28, 2020
The integration could be improved so that it is easy to integrate with other solutions. We need better pricing. It is very expensive to facilitate the students for research purposes for one month.
Cyber Security Consultant at a tech services company with 51-200 employees
Real User
2019-12-16T08:13:00Z
Dec 16, 2019
IBM Resilient helps the company to automate responses against cyber-attacks using dynamic playbooks by sending actions to other IT solutions like firewalls, antivirus, Microsoft Teams, etc. The concept is to develop functions that you can find in IBM X-Force Exchange, and there are making lot of hard work to develop these functions, but for now, they need to add more functions to respond with other security solutions (Cisco ASA, ForcePoint, WAF...), so for now, all we can do is to wait for these functions, and I see that every month they add more functions.
The Resilient Incident Response Platform (IRP) is the leading platform for orchestrating and automating incident response processes.
The Resilient IRP quickly and easily integrates with your organization’s existing security and IT investments. It makes security alerts instantly actionable, provides valuable intelligence and incident context, and enables adaptive response to complex cyber threats.
Integration with some devices, including Cisco PowerPower and certain antivirus products, has limitations.
The configuration area to deal with during the very beginning or initial stages of the product can be the hardest part for users. Dealing with the configuration part in the beginning stages can be difficult since it is very important for users to have the capability to identify what is required within the tool and what you want to automate. The product's configuration during the beginning stages can be an area that needs to be considered for improvement. The response time of the support is an area of concern where improvements are required.
I have found IBM Resilient lacking in integration capabilities, which can be frustrating. It is not very straightforward to set up custom integrations, especially with services like Azure. You need an additional server for integration. Also, the custom security features need improvement. Currently, it doesn't work well with many vendors, and there are compatibility issues, like not working with group IP. Also, keeping the platform up-to-date with patches, firewalls, security, and upgrades is crucial to avoid problems with deployments and conversions.
One of the drawbacks of the solution stems from the fact that it is an expensive product. The solution's price is an area where improvement is required. There are shortcomings with IBM Resilient's technical support team that can be considered for improvement in the future.
IBM Resilient is great in many aspects like its wide range of integrations and customizable playbooks. However, one thing to improve is how it handles data formats, which currently might require scripting for conversion to CSV before uploading. Despite this, it stands out for incident response, case management, task organization, and team collaboration, making it a strong choice for organizations compared to competitors like Demisto Palo Alto. When it comes to additional features, I think IBM Resilient is on the right track with its AI capabilities, like linking related incidents and providing recommended actions. It would be nice to see more enhancements in this area, but overall, it looks good.
The ability to analyze incidents needs to be improved in the solution. It also needs to work on how to integrate installation, VMs, and other platforms. IBM Resilient needs to work on what basis one needs to anticipate an email. Though it is good and fixable, the solution also needs to consider working on how to make it possible to move to another solution for its users. In the future, I would like to see the integration of machine learning and AI in the solution.
Actually, we faced some internal issues while using IBM Resilient. There are other tools simpler than IBM Resilient. So, you have to develop a new infrastructure that involves a lot of scripting, programming, and some extra work to create a very good one. FortiSOAR is simpler than IBM Resilient. It may take me three months or four months to compare between them. IBM Resilient is quite complex, including its configuration. Also, the dashboard in IBM Resilient is not good. Firstly, the IT support is not good. Secondly, the community of IBM Resilient and the steps for integration mentioned in its audiobooks were not good.
The tool needs to improve its documentation on license scripts.
Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution. It's worth noting that many third-party add-on applications needed to be purchased separately to integrate with IBM Resilient. While there were built-in applications available for incident remediation, the selection was limited. Additionally, integrating third-party applications was often a difficult and time-consuming process due to the technical complexity involved.
IBM Resilient could integrate better with my tools.
What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products. In a way, IBM Resilient is an orchestration platform, so it should allow you to orchestrate other OEMs or products from non-IBM vendors. If there were a pre-built function that lets you integrate third-party solutions with IBM Resilient, the initial setup for the solution would become easier and more flexible. Implementing or integrating other platforms with IBM Resilient would also take less time. After the solution is implemented, that's the time my company can give more recommendations on which features to add to improve IBM Resilient.
This product could be improved with better customization. This product isn't the best on the market like QRadar, but it's actually a good solution. However, some competitors' solutions contain more integration, support, automation, or flexibility.
In terms of the whole analysis aspect, if we can get any additional information and ensure it's contextual information, that would be quite helpful to us. The initial setup is complex.
The product needs a bit more development. We've had some compatibility issues that need to be resolved. There needs to be a bit more research done into that to figure out why it won't work. For example, my customer had some specific requirements, however, due to a lot of compatibility issues, some devices were not available to upgrade or add to the system. They say they are working on adding it to the solution, however, the compatibility still isn't available, and may not be for a while. They are unclear on the timelines. We've had issues surrounding the deployment of the product. The solution needs to try and develop more custom playbooks or documentation to help the customer with the initial setup. Technical support is not pro-active enough and they take too long to provide solutions to problems. The solution needs to have a physical deployment as well. It would be ideal if it wasn't just on the cloud.
The integration could be improved so that it is easy to integrate with other solutions. We need better pricing. It is very expensive to facilitate the students for research purposes for one month.
Its price needs improvement.
IBM Resilient helps the company to automate responses against cyber-attacks using dynamic playbooks by sending actions to other IT solutions like firewalls, antivirus, Microsoft Teams, etc. The concept is to develop functions that you can find in IBM X-Force Exchange, and there are making lot of hard work to develop these functions, but for now, they need to add more functions to respond with other security solutions (Cisco ASA, ForcePoint, WAF...), so for now, all we can do is to wait for these functions, and I see that every month they add more functions.