IBM Resilient Reviews

IBM Resilient could integrate better with my tools. 

I have used IBM Resilient for about six months.

IBM Resilient is scalable. 

The company previously used Palo Alto Cortex XSOAR, but I didn't use it.  

I rate IBM Resilient eight out of 10. 

IBM Resilient is used primarily for security, particularly cybersecurity in operation centers. My company uses it to monitor the data security-related aspects of the IT infrastructure.

IBM Resilient is beneficial to my company because it gives endpoint visibility through the system's audited security and data logs. At the same time, you can monitor the communication between the systems at the network and endpoint level through IBM Resilient. Using the data from the solution, you can coordinate security data and activities, and you can audit activities from all angles, from different perspectives.

What I like most about IBM Resilient is that it has a complete stack, which means you don't need to use different OEM products because you have all you need under the IBM Resilient umbrella.

You don't need to worry much about integrations and components because you're working with tested and proven architecture.

I also like that IBM Resilient is feature-rich and has undergone a lot of iterations in different types of environments, which means that the solution is one of the most mature SIEMs in the market today.

What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products. 

In a way, IBM Resilient is an orchestration platform, so it should allow you to orchestrate other OEMs or products from non-IBM vendors. If there were a pre-built function that lets you integrate third-party solutions with IBM Resilient, the initial setup for the solution would become easier and more flexible. Implementing or integrating other platforms with IBM Resilient would also take less time.

After the solution is implemented, that's the time my company can give more recommendations on which features to add to improve IBM Resilient.

My experience with IBM Resilient is four years.

Scalability depends on the infrastructure, not IBM Resilient as a product, but my company set up the platform so that it can scale for future requirements.

Scalability-wise, my company has some challenges because of the unavailability of experts or lack of the required expertise, so if scalability is part of the initial implementation challenges, that's a five. Still, if it's more of a product capability, then I'm giving IBM Resilient an eight in terms of how scalable it is.

My company raised some tickets with IBM Resilient technical support, and the team gave good responses. The technical support side is okay, but the support from the business side could be better.

Technical support-wise, my rating for IBM Resilient is eight out of ten.

Positive

A SIEM solution has two sides, security information and event management, and in SIEM, implementing the system isn't an issue. However, to get visibility, you must onboard your platforms, so the complexity level for that varies.

Depending on the vendor, a SIEM solution usually has pre-built normalization or passes, but many small customizations will be needed. Onboarding, particularly getting the visibilities, is not a big deal, but you'll face some challenges with the implementation because of the lack of deployment experts. In my part of the world, it's tough to find top-level experts because the experts typically leave and go to other parts of the world. It's a real challenge to retain people in this space. If you're careful and able to manage that challenge, it would be easy to onboard the platforms and implement a SIEM product.

For the SOAR side, the same problem exists, but with a higher level of intensity because SOAR is new to security operations. It's the latest development, so implementing it is a massive challenge because it requires a lot of expertise and experience in different areas of IT operations. SIEM implementation is easier to manage than SOAR implementation.

Implementation would be more straightforward if you have initial awareness or get good training from an experienced team. However, training newbies in the field will be challenging because the newcomers only have product knowledge. Newbies won't know the exact requirements of the IT world or have enough IT experience, so the deployment task should be entrusted to experienced people.

It isn't easy to give a generic or worldwide applicable rating for IBM Resilient because it has a lot of customizations and integrations. Still, based on my experience, I found the initial setup challenging, so it's a five out of ten.

Six months passed, and the implementation for IBM Resilient is still incomplete. It's ongoing, but if you include the time it took to source hardware and other steps, it's more than six months. It's been challenging to gather resources and source hardware because my country is facing a terrible financial crisis. The environment is difficult right now, affecting my rating of IBM Resilient setup-wise, but it's a good product.

My company hired a service partner to implement IBM Resilient, and that service partner works back-to-back with some experts from outside the country. Still, the implementation had some challenges, and it's still ongoing.

It's too early to talk about ROI from IBM Resilient, and it's challenging to compute the ROI without first ensuring that my company has the expertise needed for the product to work.

The licensing cost for IBM Resilient is not too expensive, but it's not affordable, so it's moderately expensive. Regarding price, I'm rating the solution seven out of ten.

The company pays for the license yearly, based on the number of users.

Apart from the cost of the license you need to pay for each user, you also need to spend an initial investment for the base platform. You also have to pay for IBM Resilient support.

My company has not provided IBM Resilient to customers, but it proposed the solution to some. Right now, IBM Resilient is being implemented internally for the company.

My company uses the latest product version.

Based on its features and capabilities, my rating for IBM Resilient is a nine out of ten. Overall, as a solution, it's a nine.

IBM Resilient requires enrollment from different teams in operations, implementation, etc., because the process involves more integrations and customizations. In the current environment, forty to fifty engineers enrolled part-time, with ten people full-time, and then another forty contribute from the operations side. I work in Telco, so the IBM Resilient project is enormous and requires a lot of infrastructure. It's been challenging resource-wise and time-wise.

IBM Resilient, or any SOAR product, can be operated as a standalone product. Right now, my company hasn't observed any capacity limitations because it only has a limited number of users. Eventually, the company will add more users to IBM Resilient when it integrates the solution to the ticketing system that handles many people.

My advice to anyone looking into using IBM Resilient is to find good resources to implement the solution, particularly one with experience in general IT, a product of the same type as IBM Resilient, and he should have some scripting and programming experience, mainly because IBM Resilient runs on Python programming. The implementer should have Python programming experience or at least general programming and scripting experience.

My company is an end user of IBM.

Each customer will have different use cases for this solution. We develop use cases based on customer requirements and our technical team builds a playbook for the customer. Resilient is deployed on-premises.

This is a good solution that we recommend for customers. 

This product could be improved with better customization. This product isn't the best on the market like QRadar, but it's actually a good solution. However, some competitors' solutions contain more integration, support, automation, or flexibility. 

I have been working with Resilient for over a year. 

This solution is stable. 

The technical support is good. 

The installation is straightforward, but customization requires an understanding of programming as well as CTI integration. For implementation, I had a team of two engineers.

I implemented through an in-house team. 

There is a license you need to pay for in order to use this product. 

I rate IBM Resilient a seven out of ten because the customization and integration could be improved. It needs more support metrics for integration and more flexibility in customizing the playbook. I recommend this product to others who are considering implementation. 

We basically use all of the basic functionality, including the entire MITRE ATT&CK tactics, et cetera.

The interlinking of the offenses is the most valuable aspect of the solution for us.

The UBA, User Behavior Analytics, is very good.

The solution has been stable so far. The performance is good.

The product can scale if you need it to. It's an easy process. 

In terms of the whole analysis aspect, if we can get any additional information and ensure it's contextual information, that would be quite helpful to us.

The initial setup is complex. 

I've been using the solution for four years or so. It's been a while. I have a few years of experience with the product at this point. 

The solution has been quite stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable and the performance is quite good.

We have about 100 users on the solution right now. The solution is quite easy to scale. If a company needs to expand it, it can do so with relative ease. 

The initial setup is not straightforward or simple. It's quite complex. It can be difficult. The whole deployment, as well as the configuration, takes some work.

The deployment itself took about two months in total. 

We handled everything in-house. We didn't enlist the help of any consultants or integrators. Our team handled every aspect themselves.

We have a business partnership with IBM.

I'm working with the latest version of the solution. I'm not sure which version number it is.

I'd recommend the product to other users and companies. 

I'd rate the solution at a nine out of ten.

We have delivered a couple of Resilient solutions to our customers.

The product is primarily used for incident response automation and orchestration.

The solution is very easy to use.

It's a very stable product. The performance has been very good.

The product needs a bit more development.

We've had some compatibility issues that need to be resolved. There needs to be a bit more research done into that to figure out why it won't work. For example, my customer had some specific requirements, however, due to a lot of compatibility issues, some devices were not available to upgrade or add to the system. They say they are working on adding it to the solution, however, the compatibility still isn't available, and may not be for a while. They are unclear on the timelines.

We've had issues surrounding the deployment of the product.

The solution needs to try and develop more custom playbooks or documentation to help the customer with the initial setup.

Technical support is not pro-active enough and they take too long to provide solutions to problems.

The solution needs to have a physical deployment as well. It would be ideal if it wasn't just on the cloud.

We have been selling the solution for the past three years at this point.

There are some aspects of the solution that we can scale. There are certain things we can customize if we need to. We can also scale, for example, the number of actions per month. You can expand it if you need to.

Currently, we have six clients using the solution. These companies differ in size.

I personally have five team members in my organization who are supporting the customer in the support portal.

We use the IBM support portal. The need to be much more proactive in supporting the customer. They don't necessarily ever say "this is not possible". Instead, they say "we are developing a solution". However, the process of developing a fix takes far too long. They need to be more aggressive in dealing with issues. Right now, sometimes it can take up to two to three months to resolve an issue, which is far too long.

I wouldn't say that we are satisfied with the level of service they provide. 

We've had issues with the setup process. We have Palo Alto, and for some reason, there isn't good compatibility.

That said, for the most part, the installation is fairly straightforward. It's not too complex.

We have five team members capable of handling implementations.

We handle the implementation for our clients.

The pricing is pretty good, however, the downside is that it is not a very mature product.

When a company needs a playbook, they have to create one, and then they have to pay someone for that service. However, it might be something that IBM could develop and template for others. They may be in the process of doing this already.

I would rate the solution seven out of ten.

It's an okay product, however, it needs more maturity.

We are using this solution for research and to integrate it into security solutions on the platform.

It's really simple and has a flexible interface.

It has been helpful with incident response monitoring and has good security features.

The integration could be improved so that it is easy to integrate with other solutions.

We need better pricing. It is very expensive to facilitate the students for research purposes for one month.

I have been using IBM Resilient for a few months.

We are using the latest version.

It's a stable solution.

This product is scalable.

We have not contacted technical support.

We are using many other solutions for research purposes such as Red Connect, Rapid7, and Siemplify.

The initial setup is straightforward.

It's simple to install and doesn't take very long to deploy.

We researched the internet on how to install and use this solution. There is a lot of information available on the internet.

It is very expensive. 

I haven't purchased this solution yet, I downloaded the community version.

This is a very useful tool, and I recommend it.

I would rate IBM Resilient a six out of ten.

We use it to manage security services.

Its flexibility is the most valuable. 

Its price needs improvement.

I have been using IBM Resilient for five years.

We have contacted their technical support. I would rate them as average.

The initial setup was straightforward. It took us a month to deploy.

We have our own team.

I would rate this solution an eight out of ten. Its price and technical support need improvement.

We've integrated the solution with IBM QRadar. We collect data and analyze it. We then send the results to IBM QRadar for action through IBM Resilience. It allows us to take action against attacks. 

As of right now, IBM Resilient helps our search analysts in making action against attacks and to manage the tickets.

The solution is simple to use and to integrate with IBM QRadar.

IBM QRadar sends alerts, and Resilient takes action.

IBM Resilient helps the company to automate responses against cyber-attacks using dynamic playbooks by sending actions to other IT solutions like firewalls, antivirus, Microsoft Teams, etc. The concept is to develop functions that you can find in IBM X-Force Exchange, and there are making lot of hard work to develop these functions, but for now, they need to add more functions to respond with other security solutions (Cisco ASA, ForcePoint, WAF...), so for now, all we can do is to wait for these functions, and I see that every month they add more functions.

I've been using the solution for six months.

I can see that the solution is almost stable.

The solution is scalable, and the best part is that IBM Resilient gives you the opportunity to develop your own scripts using the python language to make an action.

We've been in contact with technical support. They're okay, but they sometimes take a lot of time to respond.

We hadn't previously used a different solution. We chose IMB Resilient because it's the best SOAR solution if you are implementing IBM QRadar.

The solution isn't hard to set up if you have a good understanding of IBM QRadar. It's also easy to integrate with it. Deployment takes about one hour. The configuration is a bit more complex; you'll need to understand how the unit works. Configuration usually takes about three days, but it can take up to one month. It depends on the network.

Typically, you just need one person to handle the deployment process, but it depends on the network. We have a team of ten people who handle the maintenance. They work on all of the solutions, not just Resilient.

We handled the implementation ourselves. 

We haven't seen any ROI by using this solution.

Talk to our pre-sales consultants.

We didn't evaluate other options. We were already using IBM QRadar and the best solution to implement with it was IBM Resilient.

We use the on-premises deployment model. We are IBM resellers.

The solution is limited, but it needs lots of development, especially when we talk about making actions with other security solutions.

I'd recommend that users implement the solution with IBM Radar; otherwise, they'll face a lot of limitations.

I'd rate the solution seven out of ten.