# Best Incident Response Software

*By [Brandon Summers-Miller](https://research.g2.com/insights/author/brandon-summers-miller)*


Incident response software enables security teams to investigate, contain, remediate, and document cybersecurity incidents across their lifecycle within supported environments or threat domains. These solutions operationalize the response process by helping teams identify and organize security events into incidents and providing workflows for triage, investigation, containment, eradication, and post-incident review.

Incident response tools may focus on specific domains, such as endpoint, cloud, identity, SaaS, or email, or provide broader cross-environment capabilities. They often integrate with detection technologies such as EDR, XDR, or other security analytics platforms, but are distinguished by their ability to coordinate and run response actions, manage incident cases, and maintain documented records for operational reporting and audit purposes. Many incident response solutions function similarly to security information and event management (SIEM) software, but SIEM products provide a larger scope of security and IT management features. Incident response platforms focus on investigating and resolving security incidents, while SOAR platforms automate and orchestrate response workflows across security tools.

To qualify for inclusion in the Incident Response category, a product must:

- Identify and organize cybersecurity events into incidents within supported domains
- Provide structured investigation capabilities for suspected or confirmed incidents
- Enable containment and remediation through guided or automated response actions
- Maintain documented cybersecurity incident records for reporting and post-incident review




## Top Incident Response Software at a Glance
| # | Product | Rating | Best For | What Users Say |
|---|---------|--------|----------|----------------|
| 1 | [CrowdStrike Falcon Endpoint Protection Platform](https://www.g2.com/products/crowdstrike-falcon-endpoint-protection-platform/reviews) | 4.6/5.0 (417 reviews) | — | "[Crowdstrike Falcon: Proactive Security, Steep Learning Curve](https://www.g2.com/survey_responses/crowdstrike-falcon-endpoint-protection-platform-review-12958852)" |
| 2 | [KnowBe4 PhishER/PhishER Plus](https://www.g2.com/products/knowbe4-phisher-phisher-plus/reviews) | 4.5/5.0 (567 reviews) | Phishing email triage and automated response | "[PhishER Simplifies Phishing Review and Stops Threats Organization-Wide](https://www.g2.com/survey_responses/knowbe4-phisher-phisher-plus-review-13078008)" |
| 3 | [Tines](https://www.g2.com/products/tines/reviews) | 4.7/5.0 (396 reviews) | No-code SOAR automation for security teams | "[AI orchestration with Drag-and-Drop development tool](https://www.g2.com/survey_responses/tines-review-12620879)" |
| 4 | [Torq AI SOC Platform](https://www.g2.com/products/torq-ai-soc-platform/reviews) | 4.8/5.0 (149 reviews) | AI-driven SOAR with native integrations | "[Efficient Automation with Robust Integrations](https://www.g2.com/survey_responses/torq-ai-soc-platform-review-12301239)" |
| 5 | [Cynet](https://www.g2.com/products/cynet/reviews) | 4.7/5.0 (215 reviews) | Unified XDR with built-in MDR for lean teams | "[Great MDR/XDR Platform](https://www.g2.com/survey_responses/cynet-review-9481539)" |
| 6 | [SentinelOne Singularity Endpoint](https://www.g2.com/products/sentinelone-singularity-endpoint/reviews) | 4.7/5.0 (195 reviews) | — | "[The Endpoint Security Platform That Actually Responds, Not Just Alerts.](https://www.g2.com/survey_responses/sentinelone-singularity-endpoint-review-13094863)" |
| 7 | [Microsoft Sentinel](https://www.g2.com/products/microsoft-sentinel/reviews) | 4.4/5.0 (273 reviews) | — | "[Easy Log Ingestion Across Formats with Seamless Sentinel Integrations](https://www.g2.com/survey_responses/microsoft-sentinel-review-13073395)" |
| 8 | [IBM QRadar SIEM](https://www.g2.com/products/ibm-ibm-qradar-siem/reviews) | 4.4/5.0 (282 reviews) | Enterprise SIEM tied to broader IBM security tooling | "[QRADAR Integrates Easily and Makes Logs &amp; Alerts Report-Ready](https://www.g2.com/survey_responses/ibm-qradar-siem-review-13061810)" |
| 9 | [ServiceNow Security Operations](https://www.g2.com/products/servicenow-security-operations/reviews) | 4.4/5.0 (70 reviews) | — | "[Strong platform for centralized security operations and incident response](https://www.g2.com/survey_responses/servicenow-security-operations-review-12737410)" |
| 10 | [Tanium](https://www.g2.com/products/tanium/reviews) | 4.5/5.0 (67 reviews) | — | "[Real-Time Visibility and Fast Global Remediation with Tanium](https://www.g2.com/survey_responses/tanium-review-12961686)" |

---
## What Are the Most Common Questions About Incident Response Software?
*AI-generated · Last updated: May 26, 2026*
### What is the best tool for coordinating cybersecurity incident response?
Based on G2 reviews, buyers evaluating incident response software often look for centralized workflows, alert triage, and cross-team coordination in one place. According to verified users, ServiceNow Security Operations stands out for bringing incidents, vulnerability workflows, and remediation tasks into a single platform, while reducing scattered tools and manual handoffs. G2 reviewers mention that teams value structured case management, integrations with broader IT workflows, and better visibility across remediation ownership. Reviews also note that setup can take planning, but once configured, the platform helps security and IT teams work from the same system and move incidents forward with clearer accountability and less back-and-forth.

**Here are some of the top-rated products on G2:**

- [ServiceNow Security Operations](https://www.g2.com/products/servicenow-security-operations/reviews/servicenow-security-operations-review-12823627) – centralizes incidents, case management, and remediation workflows for coordinated response
- [Tines](https://www.g2.com/products/tines/reviews/tines-review-12651671) – automates repetitive response steps and connects security workflows across teams and tools
- [Torq AI SOC Platform](https://www.g2.com/products/torq-ai-soc-platform/reviews/torq-ai-soc-platform-review-11924062) – helps automate cybersecurity processes and repetitive operational tasks for faster coordination


### Which vendor provides real-time threat intelligence integration?
Based on G2 reviews, Tines is a strong fit for teams that want real-time integrations across security tools and APIs. According to verified users, Tines connects with platforms such as CrowdStrike, Splunk, Jira, AWS, GCP, Microsoft Graph, and other security systems to automate data movement, alert handling, and response steps. G2 reviewers mention that its flexibility and API-driven approach make it useful for building workflows that enrich alerts and coordinate actions across multiple sources in near real time. Reviews also highlight that the platform is easy to start with, though more advanced workflows can require deeper knowledge when teams want to scale complex automation.


### What platform provides detailed incident investigation reports?
Based on G2 reviews, several incident response software buyers prioritize clear reporting and investigation context, especially when analysts need to move quickly from alert to root cause. According to verified users, CrowdStrike Falcon Endpoint Protection Platform is frequently praised for detailed endpoint visibility, process information, investigation support, and centralized telemetry that helps teams understand what happened. G2 reviewers mention process trees, host information, quarantine actions, and investigation workflows that reduce manual effort and support faster incident analysis. Reviews also note that reporting and customization can require tuning, but the platform is consistently valued for making investigations easier and giving security teams stronger visibility across endpoints.


### Which incident response platform offers the fastest containment capabilities?
Based on G2 reviews, incident response teams looking for fast containment often focus on automated isolation, host control, and rapid response from a single console. According to verified users, SentinelOne Singularity Endpoint is frequently recognized for autonomous response, ransomware rollback, and quick isolation of infected devices with limited manual intervention. G2 reviewers mention storyline-based investigation context, real-time protection, and the ability to contain harmful processes early, which helps reduce impact during active incidents. Reviews also point to a learning curve and some console usability concerns, but they consistently describe the platform as effective for speeding containment and reducing the amount of analyst effort required during urgent response scenarios.


### Which vendor offers AI-powered incident detection and triage?
Based on G2 reviews, Tines is often highlighted for AI-assisted workflow creation and automated handling of security and IT tasks, but for direct incident detection and triage support, Exaforce is repeatedly described in reviews as reducing alert noise and surfacing the findings that matter most. According to verified users, Exaforce correlates signals from multiple sources, applies prior context, and helps small teams focus on true incidents instead of manually sorting through logs. G2 reviewers mention agentic workflows, AI-assisted investigations, and MDR support that shorten response time and reduce analyst overload. Reviews also note some onboarding and interface complexity, but users consistently value the platform for faster triage and clearer prioritization.


### Which vendor provides real-time threat intelligence integration?
Based on G2 reviews, Tines is a strong fit for teams that want real-time integrations across security tools and APIs. According to verified users, Tines connects with platforms such as CrowdStrike, Splunk, Jira, AWS, GCP, Microsoft Graph, and other security systems to automate data movement, alert handling, and response steps. G2 reviewers mention that its flexibility and API-driven approach make it useful for building workflows that enrich alerts and coordinate actions across multiple sources in near real time. Reviews also highlight that the platform is easy to start with, though more advanced workflows can require deeper knowledge when teams want to scale complex automation.


### What is the most affordable incident response software for SMBs?
Based on G2 reviews, affordability for SMBs in incident response software is usually tied to simpler deployment, lower operational overhead, and good value from a smaller team’s perspective. According to verified users, Blumira Automated Detection &amp; Response stands out for ease of setup, a unified dashboard, and SOC support that helps small IT teams reduce research time and respond faster without a large internal staff. G2 reviewers also mention Cynet as a good-priced all-in-one option and Pondurance as an affordable managed monitoring choice that helps organizations extend coverage. Reviews suggest these products appeal to SMBs because they balance detection, response, and day-to-day manageability.

**Here are some of the top-rated products on G2:**

- [Blumira Automated Detection &amp; Response](https://www.g2.com/products/blumira-automated-detection-response/reviews/blumira-automated-detection-response-review-12373548) – helps small IT teams with quick detection, SOC support, and easy setup
- [Cynet](https://www.g2.com/products/cynet/reviews/cynet-review-12594700) – offers an all-in-one security platform reviewers describe as a good-price XDR option
- [Pondurance](https://www.g2.com/products/pondurance/reviews/pondurance-review-11283457) – gives smaller teams log monitoring and incident support with cost-effective managed coverage


### What is the top-rated incident response platform for large enterprises?
Based on G2 reviews, large enterprise buyers often value broad endpoint coverage, centralized visibility, and the ability to scale response without adding major operational overhead. According to verified users, CrowdStrike Falcon Endpoint Protection Platform is frequently described as effective in large environments because it supports fast deployment at scale, strong real-time detection, centralized telemetry, and investigation workflows that help reduce incident-response workload. G2 reviewers mention lean teams managing larger estates, cloud-based administration, and strong endpoint visibility across distributed environments. Reviews also note that training, tuning, and licensing can require planning, but the platform is consistently viewed as a strong fit for enterprise-scale incident response operations.

**Here are some of the top-rated products on G2:**

- [CrowdStrike Falcon Endpoint Protection Platform](https://www.g2.com/products/crowdstrike-falcon-endpoint-protection-platform/reviews/crowdstrike-falcon-endpoint-protection-platform-review-12788064) – supports large-scale endpoint protection and helps lean teams manage bigger environments
- [ServiceNow Security Operations](https://www.g2.com/products/servicenow-security-operations/reviews/servicenow-security-operations-review-12737410) – centralizes security incidents and workflows for enterprises managing multiple teams and processes
- [Tanium](https://www.g2.com/products/tanium/reviews/tanium-review-12612683) – gives large environments real-time visibility and action across thousands of endpoints


### What platform integrates incident response with SIEM tools?
Based on G2 reviews, buyers looking to integrate incident response with SIEM tools often want one system that connects alerts, case management, and operational workflows. According to verified users, ServiceNow Security Operations is regularly used to pull together SIEM inputs and turn them into structured response processes, helping teams centralize incidents rather than work across email, spreadsheets, and separate tools. G2 reviewers mention integrations with security tools, centralized remediation tracking, and smoother collaboration between IT and security teams. Reviews also say that implementation quality matters, but once in place, the platform helps organizations move from fragmented alert handling to a more auditable and workflow-driven response model.


### Which tool supports incident response across hybrid cloud environments?
Based on G2 reviews, Microsoft Sentinel is a strong option for organizations managing incident response across cloud, on-premises, and hybrid environments. According to verified users, it centralizes logs, alerts, and investigations across multiple systems while improving SOC efficiency through correlation, analytics, and automation. G2 reviewers mention strong visibility across hybrid infrastructure, native integrations with Microsoft services, and easier scaling than traditional on-premises approaches. Reviews also note that teams may need time to tune rules and manage ingestion strategy, but they consistently describe the platform as useful for unifying detection and response across complex environments where cloud and on-prem systems need to be investigated together.




## G2 Grid® for Incident Response Software
![G2 Grid® for Incident Response Software plotting products by satisfaction and market presence](https://www.g2.com/categories/incident-response/grids.png?focus%5B%5D=68606&focus%5B%5D=139264&focus%5B%5D=164907&focus%5B%5D=98376&focus%5B%5D=70840&focus%5B%5D=16881&focus%5B%5D=122123&focus%5B%5D=27399)
Highlighted products: CrowdStrike Falcon Endpoint Protection Platform, KnowBe4 PhishER/PhishER Plus, Torq AI SOC Platform, Tines, Cynet, SentinelOne Singularity Endpoint, Microsoft Sentinel, and IBM QRadar SIEM.
Underlying data: [Grid® JSON](https://www.g2.com/categories/incident-response/grids.json?focus%5B%5D=crowdstrike-falcon-endpoint-protection-platform&amp;focus%5B%5D=knowbe4-phisher-phisher-plus&amp;focus%5B%5D=torq-ai-soc-platform&amp;focus%5B%5D=tines&amp;focus%5B%5D=cynet&amp;focus%5B%5D=sentinelone-singularity-endpoint&amp;focus%5B%5D=microsoft-sentinel&amp;focus%5B%5D=ibm-ibm-qradar-siem)


## How Many Incident Response Software Products Does G2 Track?
**Total Products under this Category:** 103

### Category Stats (Jul 2026)
- **Average Rating**: 4.48/5 (↑0.01 vs Jun 2026) The average rating of products in this category, based on all submitted ratings
- **Top Trending Product**: CybaOps (+8.33%) - Among all products in this category, CybaOps recorded the largest rating increase compared to last month
*Last updated: July 17, 2026*


## How Does G2 Rank Incident Response Software Products?

**Why You Can Trust G2's Software Rankings:**

- 30 Analysts and Data Experts
- 5,200+ Authentic Reviews
- 103+ Products
- Unbiased Rankings

G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category.


## Which Incident Response Software Is Best for Your Use Case?

- **Leader:** [CrowdStrike Falcon Endpoint Protection Platform](https://www.g2.com/products/crowdstrike-falcon-endpoint-protection-platform/reviews)
- **Highest Performer:** [Barracuda Incident Response](https://www.g2.com/products/barracuda-incident-response/reviews)
- **Easiest to Use:** [Tines](https://www.g2.com/products/tines/reviews)
- **Top Trending:** [CrowdStrike Falcon Endpoint Protection Platform](https://www.g2.com/products/crowdstrike-falcon-endpoint-protection-platform/reviews)
- **Best Free Software:** [CrowdStrike Falcon Endpoint Protection Platform](https://www.g2.com/products/crowdstrike-falcon-endpoint-protection-platform/reviews)


---

**Sponsored**

### Barracuda Managed XDR

Barracuda Managed XDR is the comprehensive next-generation cybersecurity solution that protects organizations of all sizes against today’s ever-evolving threat landscape. Barracuda Managed XDR is a fully managed service instantly augmenting an organization’s IT staff, identifying signals amidst noise, and reducing TTR from days to seconds. The solution features advanced AI-driven threat protection, SIEM, SOAR, and enterprise-grade threat intelligence from 11+ billion IOCs and hundreds of ML-enriched detection rules aligned to the MITRE ATT&amp;CK framework. Ingesting trillions of events across endpoints, servers, identity, cloud, email, and firewalls, the cloud-native solution detects, responds to, and eliminates cyberthreats in real time across the attack lifecycle. An ‘open’ XDR solution, Barracuda Managed XDR integrates with an organization’s existing technology, ensuring a smooth deployment while enhancing security resilience and operational efficiency. Barracuda Managed XDR is powered by Barracuda’s 24/7/365 global SOC, featuring five specialized expert-level teams delivering best-in-class SLAs and proactive real-time threat detection and response.



[Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&amp;secure%5Bad_slot%5D=category_product_list&amp;secure%5Bcategory_id%5D=1082&amp;secure%5Bchosen_at%5D=2026-07-17T09%3A53%3A16Z&amp;secure%5Bdisplayable_resource_id%5D=2448&amp;secure%5Bdisplayable_resource_type%5D=Category&amp;secure%5Bmedium%5D=sponsored&amp;secure%5Bplacement_reason%5D=neighbor_category&amp;secure%5Bplacement_resource_ids%5D%5B%5D=2448&amp;secure%5Bprioritized%5D=false&amp;secure%5Bproduct_id%5D=1327205&amp;secure%5Bresource_id%5D=1082&amp;secure%5Bresource_type%5D=Category&amp;secure%5Bsource_type%5D=category_page&amp;secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fincident-response%3Fopen_modal_url%3D%252Fproducts%252Fresolver%252Fwishlists%253Fhost_path%253D%25252Fcategories%25252Fincident-response%2526source%253Dcategory&amp;secure%5Btoken%5D=183213a85c71ba3d1308aae2efc6452dcfd7227405c1d6f0ce8fea8a73eae569&amp;secure%5Burl%5D=https%3A%2F%2Fwww.barracuda.com%2Fproducts%2Fmanaged-xdr%3Futm_source%3Dg2%26utm_medium%3Dcpc%26utm_campaign%3DB%3ADG%7CTH%3A%7CR%3A%7CPS%3AXDR%7CP%3A%7CPL%3AG2%7CC%3ASP%7CTY%3AP%7CICP%3A%7CL%3AEN%7CA%3A%7CN%3A%7C%26utm_adgroup%3DB%3ADG%7CTH%3A%7CR%3A%7CPS%3AXDR%7CP%3A%7CPL%3AG2%7CC%3ASP%7CTY%3AP%7CICP%3A%7CL%3AEN%7CA%3A%7CN%3A%7CT%3A%7C&amp;secure%5Burl_type%5D=custom_url)

---

## What Are the Top-Rated Incident Response Software Products in 2026?
### 1. [CrowdStrike Falcon Endpoint Protection Platform](https://www.g2.com/products/crowdstrike-falcon-endpoint-protection-platform/reviews)
Organizations today face a serious challenge: managing numerous security vendors and tools while confronting an ever-evolving threat landscape. Sophisticated adversaries are becoming smarter, faster, and more evasive, launching complex attacks that can strike in minutes or even seconds. Traditional security approaches struggle to keep pace, leaving businesses vulnerable. The CrowdStrike Falcon Platform addresses this by offering a unified, cloud-native solution. It consolidates previously siloed security solutions and incorporates third-party data into a single platform with one efficient and resource-conscious agent, leveraging advanced AI and real-time threat intelligence. This approach simplifies security operations, speeds analyst decision making, and enhances protection to stop the breach, allowing organizations to reduce risk with less complexity and lower costs. CrowdStrike&#39;s Falcon Platform includes: - Endpoint Security: Secure the endpoint, stop the breach - Identify Protection: Identity is the front line, defend it - Next-Gen SIEM: The future of SIEM, today - Data Protection: Real-time data protection from endpoint to cloud - Exposure Management: Understand risk to stop breaches - Charlotte AI: Powering the next evolution of the SOC


**Average Rating:** 4.6/5.0
**Total Reviews:** 417
**How Do G2 Users Rate CrowdStrike Falcon Endpoint Protection Platform?**

- **Threat Intelligence:** 9.6/10 (Category avg: 8.9/10)
- **Quality of Support:** 8.9/10 (Category avg: 8.8/10)
- **Incident Case Management:** 7.9/10 (Category avg: 8.4/10)
- **Incident Logs:** 8.9/10 (Category avg: 8.8/10)

**Who Is the Company Behind CrowdStrike Falcon Endpoint Protection Platform?**

- **Seller:** [CrowdStrike](https://www.g2.com/sellers/crowdstrike)
- **Company Website:** https://www.crowdstrike.com
- **Year Founded:** 2011
- **HQ Location:** Sunnyvale, CA
- **Twitter:** @CrowdStrike (110,809 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2497653/ (11,343 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Security Analyst, Cyber Security Analyst
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 43% Enterprise, 43% Mid-Market


#### What Are CrowdStrike Falcon Endpoint Protection Platform's Pros and Cons?

**Pros:**

- Features (113 reviews)
- Threat Detection (103 reviews)
- Ease of Use (98 reviews)
- Security (97 reviews)
- Detection (90 reviews)

**Cons:**

- Expensive (54 reviews)
- Complexity (39 reviews)
- Learning Curve (35 reviews)
- Limited Features (31 reviews)
- Pricing Issues (29 reviews)


### What Do G2 Reviewers Say About CrowdStrike Falcon Endpoint Protection Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **lightweight performance and powerful threat detection** of CrowdStrike Falcon, enhancing operational efficiency and security.
- Users value the **effective threat detection** of CrowdStrike Falcon, ensuring robust security without compromising system performance.
- Users appreciate the **ease of use** of CrowdStrike Falcon, benefiting from a lightweight and efficient security solution.
- Users appreciate the **advanced real-time threat protection** of CrowdStrike Falcon, enhancing security with minimal system impact.
- Users appreciate the **strong threat detection** of CrowdStrike Falcon, effectively catching both known and unknown threats seamlessly.

**Cons:**

- Users find the **cost of CrowdStrike Falcon** to be high, especially for smaller teams needing advanced features.
- Users face **initial complexity and a steep learning curve** with CrowdStrike Falcon, making it challenging for non-technical personnel.
- Users find the **initial learning curve** of CrowdStrike challenging, especially transitioning from other systems like Splunk.
- Users find the **high cost and limited features** frustrating, particularly for smaller teams needing advanced capabilities.
- Users express concern over **pricing issues** , especially for smaller organizations needing advanced features with additional licensing costs.

#### What Are Recent G2 Reviews of CrowdStrike Falcon Endpoint Protection Platform?

**"[Crowdstrike Falcon: Proactive Security, Steep Learning Curve](https://www.g2.com/survey_responses/crowdstrike-falcon-endpoint-protection-platform-review-12958852)"**

**Rating:** 5.0/5.0 stars
*— Ansh B.*

[Read full review](https://www.g2.com/survey_responses/crowdstrike-falcon-endpoint-protection-platform-review-12958852)

---

**"[Lightweight Deployment, Powerful Incident Response Visibility](https://www.g2.com/survey_responses/crowdstrike-falcon-endpoint-protection-platform-review-12952621)"**

**Rating:** 5.0/5.0 stars
*— Anup A.*

[Read full review](https://www.g2.com/survey_responses/crowdstrike-falcon-endpoint-protection-platform-review-12952621)

---


#### What Are G2 Users Discussing About CrowdStrike Falcon Endpoint Protection Platform?

- [How does Falcon prevent work?](https://www.g2.com/discussions/how-does-falcon-prevent-work) - 1 comment
- [Does CrowdStrike offer MFA?](https://www.g2.com/discussions/does-crowdstrike-offer-mfa) - 1 comment
- [What is OverWatch in CrowdStrike?](https://www.g2.com/discussions/what-is-overwatch-in-crowdstrike) - 1 comment
- [How much does CrowdStrike Falcon X cost?](https://www.g2.com/discussions/how-much-does-crowdstrike-falcon-x-cost)
- [What is MDR detection?](https://www.g2.com/discussions/what-is-mdr-detection)

### 2. [KnowBe4 PhishER/PhishER Plus](https://www.g2.com/products/knowbe4-phisher-phisher-plus/reviews)
KnowBe4 PhishER Plus delivers automated incident response to eliminate SOC noise and remediate malicious emails across your organization simultaneously. It leverages AI to categorize reported messages across email and Microsoft Teams, automatically responding to reporters, flagging high-risk messages, and removing threats across all mailboxes. SOC teams can even flip malicious messages into training simulations to see who would have fallen victim. Customers report saving upwards of 99% of triage time, highly praising the platform&#39;s intuitive, user-friendly interface that transforms overwhelming manual workflows into fast, consistent actions. This layer of defense reviews threats slipping past other security layers, offering a single pane of glass view with leading third-party integrations like CrowdStrike, Webroot, and VirusTotal. PhishER Plus turns manual email triaging into a proactive, automated security posture.


**Average Rating:** 4.5/5.0
**Total Reviews:** 567
**How Do G2 Users Rate KnowBe4 PhishER/PhishER Plus?**

- **Threat Intelligence:** 8.5/10 (Category avg: 8.9/10)
- **Quality of Support:** 9.2/10 (Category avg: 8.8/10)
- **Incident Case Management:** 7.9/10 (Category avg: 8.4/10)
- **Incident Logs:** 8.4/10 (Category avg: 8.8/10)

**Who Is the Company Behind KnowBe4 PhishER/PhishER Plus?**

- **Seller:** [KnowBe4, Inc.](https://www.g2.com/sellers/knowbe4-inc)
- **Company Website:** https://www.knowbe4.com
- **Year Founded:** 2010
- **HQ Location:** Clearwater, FL
- **Twitter:** @KnowBe4 (16,161 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2225282/ (2,606 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** IT Manager, Director of IT
- **Top Industries:** Financial Services, Primary/Secondary Education
- **Company Size:** 75% Mid-Market, 13% Enterprise


#### What Are KnowBe4 PhishER/PhishER Plus's Pros and Cons?

**Pros:**

- Phishing Prevention (42 reviews)
- Email Security (25 reviews)
- Automation (19 reviews)
- Ease of Use (18 reviews)
- Security (15 reviews)

**Cons:**

- Email Management (8 reviews)
- False Positives (8 reviews)
- Ineffective Email Security (8 reviews)
- Inefficient Automation (6 reviews)
- Setup Difficulty (6 reviews)


### What Do G2 Reviewers Say About KnowBe4 PhishER/PhishER Plus?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **customizable phishing tests** and user-friendly features of KnowBe4 PhishER/PhishER Plus for efficient threat management.
- Users value the **ability to quickly respond to email threats** , enhancing overall email security and protection.
- Users appreciate the **automation features** of PhishER, enabling timely responses and efficient email management.
- Users appreciate the **ease of use** of KnowBe4 PhishER/PhishER Plus, making it simple and effective for all.
- Users value the **enhanced security features** of KnowBe4 PhishER, ensuring rapid identification and response to threats.

**Cons:**

- Users find the **email management lacks clarity** , often missing critical threats and requiring manual intervention for consistency.
- Users experience frequent **false positives** , leading to wasted time on manual reviews and complicating automation efforts.
- Users find the **ineffective email security** of PhishER frustrating, as it lacks timely filtering and quarantine automation.
- Users find the **inefficient automation** of PhishER frustrating, as it often misses clear phishing campaigns and requires manual adjustments.
- Users found the **setup process challenging** , requiring additional support and time for configuration and adjustments.

#### What Are Recent G2 Reviews of KnowBe4 PhishER/PhishER Plus?

**"[PhishER Simplifies Phishing Review and Stops Threats Organization-Wide](https://www.g2.com/survey_responses/knowbe4-phisher-phisher-plus-review-13078008)"**

**Rating:** 5.0/5.0 stars
*— Weston G.*

[Read full review](https://www.g2.com/survey_responses/knowbe4-phisher-phisher-plus-review-13078008)

---

**"[User friendly and great support!](https://www.g2.com/survey_responses/knowbe4-phisher-phisher-plus-review-7661687)"**

**Rating:** 4.0/5.0 stars
*— Scott W.*

[Read full review](https://www.g2.com/survey_responses/knowbe4-phisher-phisher-plus-review-7661687)

---


#### What Are G2 Users Discussing About KnowBe4 PhishER/PhishER Plus?

- [What is phishing explain with example?](https://www.g2.com/discussions/what-is-phishing-explain-with-example)
- [Is KnowBe4 com legit?](https://www.g2.com/discussions/is-knowbe4-com-legit) - 2 comments
- [What is KnowBe4 Phish?](https://www.g2.com/discussions/what-is-knowbe4-phish) - 1 comment
- [What is a PhishER&#39;s tool?](https://www.g2.com/discussions/what-is-a-phisher-s-tool) - 4 comments

### 3. [Tines](https://www.g2.com/products/tines/reviews)
Tines is the intelligent workflow platform trusted by the world&#39;s most advanced organizations. Companies like Coinbase, Databricks, Mars, Reddit, and SAP use Tines to power their most important workflows. With Tines, they’ve built a secure, flexible foundation to operationalize AI agents and intelligent workflows, unlocking productivity, moving faster, and future-proofing how work gets done. You can start building right away, by signing up for our always-free Community Edition and importing one of our pre-built workflows from the library.


**Average Rating:** 4.7/5.0
**Total Reviews:** 396
**How Do G2 Users Rate Tines?**

- **Threat Intelligence:** 8.7/10 (Category avg: 8.9/10)
- **Quality of Support:** 9.6/10 (Category avg: 8.8/10)
- **Incident Case Management:** 8.6/10 (Category avg: 8.4/10)
- **Incident Logs:** 9.4/10 (Category avg: 8.8/10)

**Who Is the Company Behind Tines?**

- **Seller:** [Tines](https://www.g2.com/sellers/tines)
- **Company Website:** https://www.tines.com/
- **Year Founded:** 2018
- **HQ Location:** Dublin, IE
- **LinkedIn® Page:** https://www.linkedin.com/company/tines-io/ (568 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Security Engineer, Software Engineer
- **Top Industries:** Computer &amp; Network Security, Information Technology and Services
- **Company Size:** 39% Mid-Market, 36% Enterprise


#### What Are Tines's Pros and Cons?

**Pros:**

- Ease of Use (49 reviews)
- Automation (38 reviews)
- Customer Support (31 reviews)
- Easy Integrations (22 reviews)
- Integrations (22 reviews)

**Cons:**

- Missing Features (10 reviews)
- Learning Curve (9 reviews)
- Lack of Features (8 reviews)
- Expensive (7 reviews)
- Complexity (6 reviews)


### What Do G2 Reviewers Say About Tines?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find Tines&#39; **ease of use** exceptional, enabling automation without needing extensive technical skills.
- Users find Tines makes **automation effortless** , streamlining tasks and enabling integration without the need for coding skills.
- Users praise Tines for its **exceptional customer support** , highlighting quick responses and personalized assistance that enhance their experience.
- Users highlight the **easy integrations** of Tines, simplifying automation and enhancing team collaboration effortlessly.
- Users value Tines for its **seamless integrations** and exceptional support, enabling quick and efficient workflow automation.

**Cons:**

- Users note the **missing features** in Tines, particularly in script editing and code review capabilities.
- Users face a **steep learning curve** with Tines, particularly in mastering APIs and automation interactions.
- Users feel the **lack of advanced features** in Tines hampers development and impacts workflow complexity negatively.
- Users find Tines to be **expensive** , making it challenging for smaller teams to fully benefit from its features.
- Users find the **complexity** of Tines daunting at first, as mastering its powerful features requires significant effort.

#### What Are Recent G2 Reviews of Tines?

**"[AI orchestration with Drag-and-Drop development tool](https://www.g2.com/survey_responses/tines-review-12620879)"**

**Rating:** 4.5/5.0 stars
*— Dinesh  K.*

[Read full review](https://www.g2.com/survey_responses/tines-review-12620879)

---

**"[Streamlined Automation, Minimal Coding Required](https://www.g2.com/survey_responses/tines-review-12640960)"**

**Rating:** 5.0/5.0 stars
*— Shubham B.*

[Read full review](https://www.g2.com/survey_responses/tines-review-12640960)

---


#### What Are G2 Users Discussing About Tines?

- [How do you use Tines?](https://www.g2.com/discussions/how-do-you-use-tines)
- [Is tines a soar?](https://www.g2.com/discussions/is-tines-a-soar) - 1 comment
- [What does Tines do?](https://www.g2.com/discussions/what-does-tines-do) - 1 comment
- [What is Tines automation?](https://www.g2.com/discussions/what-is-tines-automation) - 2 comments

### 4. [Torq AI SOC Platform](https://www.g2.com/products/torq-ai-soc-platform/reviews)
Torq is transforming cybersecurity with the Torq AI SOC Platform. Torq empowers enterprises to instantly and precisely detect and respond to security events at scale. Torq’s customer base includes major multinational enterprise customers, including Abnormal Security, Armis, Check Point Security, Chipotle Mexican Grill, Inditex (Zara, Bershka, and Pull &amp; Bear), Informatica, Kyocera, PepsiCo, Procter &amp; Gamble, Siemens, Telefónica, Valvoline, Virgin Atlantic, and Wiz.


**Average Rating:** 4.8/5.0
**Total Reviews:** 149
**How Do G2 Users Rate Torq AI SOC Platform?**

- **Threat Intelligence:** 8.9/10 (Category avg: 8.9/10)
- **Quality of Support:** 9.6/10 (Category avg: 8.8/10)
- **Incident Case Management:** 7.9/10 (Category avg: 8.4/10)
- **Incident Logs:** 8.0/10 (Category avg: 8.8/10)

**Who Is the Company Behind Torq AI SOC Platform?**

- **Seller:** [torq](https://www.g2.com/sellers/torq)
- **Company Website:** https://torq.io/
- **Year Founded:** 2020
- **HQ Location:** New York, US
- **Twitter:** @torq_io (1,944 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/torqio/mycompany (441 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 50% Mid-Market, 29% Small-Business


#### What Are Torq AI SOC Platform's Pros and Cons?

**Pros:**

- Ease of Use (67 reviews)
- Security (61 reviews)
- Automation (59 reviews)
- Features (55 reviews)
- Threat Detection (41 reviews)

**Cons:**

- Difficult Learning (18 reviews)
- Learning Curve (17 reviews)
- Missing Features (10 reviews)
- Improvement Needed (8 reviews)
- Poor Interface Design (8 reviews)


### What Do G2 Reviewers Say About Torq AI SOC Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **ease of use** of Torq AI SOC Platform, making it accessible to all skill levels with minimal training.
- Users value the **efficient network vulnerability checks** that enhance security through automation and quick remediation actions.
- Users value the **automation capabilities** of Torq AI SOC Platform, enhancing efficiency and securing networks effectively.
- Users highlight the **no-code automation capabilities** of Torq, simplifying security workflows and enhancing operational efficiency.
- Users value Torq&#39;s **effective threat detection** , seamlessly transitioning and enhancing their vulnerability management and network security processes.

**Cons:**

- Users face a **difficult learning curve** with Torq AI SOC Platform, requiring time and support for effective use.
- Users face a significant **learning curve** with Torq AI SOC Platform, requiring extensive training and support for effective use.
- Users find the **missing features** like built-in playbooks and widgets hinder the full potential of Torq AI SOC.
- Users suggest that **improvements in findings grouping** and integration could greatly enhance the Torq AI SOC Platform experience.
- Users face challenges with **poor interface design** , including buggy interactions and a steep learning curve for troubleshooting.

#### What Are Recent G2 Reviews of Torq AI SOC Platform?

**"[Efficient Automation with Robust Integrations](https://www.g2.com/survey_responses/torq-ai-soc-platform-review-12301239)"**

**Rating:** 5.0/5.0 stars
*— Orlando  M.*

[Read full review](https://www.g2.com/survey_responses/torq-ai-soc-platform-review-12301239)

---

**"[Centralized Incident Management That Exceeds Expectations](https://www.g2.com/survey_responses/torq-ai-soc-platform-review-12121506)"**

**Rating:** 5.0/5.0 stars
*— Octave P.*

[Read full review](https://www.g2.com/survey_responses/torq-ai-soc-platform-review-12121506)

---



### 5. [Cynet](https://www.g2.com/products/cynet/reviews)
Cynet is the unified, AI-powered cybersecurity platform that delivers robust and comprehensive protection for security teams while maximizing operational efficiency for managed service providers (MSPs). This platform consolidates a wide array of security capabilities into a single, user-friendly interface, ensuring that organizations can effectively safeguard their digital assets without the complexity often associated with multi-solution environments. Cynet’s platform simplifies security management by integrating various functionalities, such as endpoint protection, threat detection, and incident response, into one cohesive system. This integration not only streamlines operations but also allows organizations to allocate their resources more effectively, ultimately enhancing their overall security posture. One of the standout features of Cynet’s platform is its remarkable performance in the MITRE ATT&amp;CK Evaluations. Cynet delivered 100% visibility and 100% analytic coverage without requiring any configuration changes three years in a row. This capability ensures that organizations can monitor their environments comprehensively and respond to threats with precision. The platform’s built-in analytics and reporting tools provide actionable insights, enabling users to make informed decisions about their cybersecurity strategies. Additionally, Cynet offers 24/7 expert support, which is crucial for organizations that may not have in-house cybersecurity expertise. This round-the-clock assistance ensures that users can quickly address any security incidents or concerns, minimizing potential downtime and damage. The combination of advanced technology and dedicated support positions Cynet as a valuable partner for SMEs and service providers looking to enhance their cybersecurity measures. In summary, Cynet’s unified, AI-powered cybersecurity platform stands out in the crowded cybersecurity market by offering a unified solution tailored to the needs of MSPs. Its comprehensive features, exceptional performance in industry evaluations, and continuous expert support make it a compelling choice for organizations seeking to bolster their cybersecurity defenses while maintaining operational efficiency.


**Average Rating:** 4.7/5.0
**Total Reviews:** 215
**How Do G2 Users Rate Cynet?**

- **Threat Intelligence:** 9.2/10 (Category avg: 8.9/10)
- **Quality of Support:** 9.3/10 (Category avg: 8.8/10)
- **Incident Case Management:** 9.0/10 (Category avg: 8.4/10)
- **Incident Logs:** 9.2/10 (Category avg: 8.8/10)

**Who Is the Company Behind Cynet?**

- **Seller:** [Cynet](https://www.g2.com/sellers/cynet)
- **Company Website:** https://www.cynet.com/
- **Year Founded:** 2014
- **HQ Location:** Boston, MA
- **LinkedIn® Page:** https://www.linkedin.com/company/cynet-security/ (332 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** SOC Analyst, Technical Engineer
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 58% Mid-Market, 30% Small-Business


#### What Are Cynet's Pros and Cons?

**Pros:**

- Ease of Use (48 reviews)
- Features (36 reviews)
- Threat Detection (34 reviews)
- Customer Support (32 reviews)
- Security (31 reviews)

**Cons:**

- Limited Customization (11 reviews)
- Feature Limitations (10 reviews)
- Lack of Customization (10 reviews)
- Limited Features (10 reviews)
- Missing Features (10 reviews)


### What Do G2 Reviewers Say About Cynet?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **ease of use** of Cynet, enjoying its simplicity and comprehensive features in one dashboard.
- Users value the **unified platform** of Cynet for its ease of use and comprehensive security features.
- Users value Cynet for its **effective threat detection** and seamless integration, ensuring robust cybersecurity for their business.
- Users appreciate the **exceptional customer support** of Cynet, facilitating smooth deployment and effective threat management.
- Users commend Cynet for its **flawless threat monitoring and response** , enhancing overall security with effective detection capabilities.

**Cons:**

- Users express concern over **limited customization** options in reports and third-party integrations, impacting their experience.
- Users note the **feature limitations** of Cynet, especially in report customization and external tool integrations.
- Users express concern over the **lack of customization** , particularly in reporting and dashboard options for better usability.
- Users find Cynet has **limited features** like integrations and customization, which may restrict advanced functionality.
- Users note the **missing features** in Cynet, particularly the lack of web filtering and a firewall option.

#### What Are Recent G2 Reviews of Cynet?

**"[Great MDR/XDR Platform](https://www.g2.com/survey_responses/cynet-review-9481539)"**

**Rating:** 4.5/5.0 stars
*— JEROME J.*

[Read full review](https://www.g2.com/survey_responses/cynet-review-9481539)

---

**"[Cynet delivers a standout XDR at a reasonable price.](https://www.g2.com/survey_responses/cynet-review-13072458)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Computer &amp; Network Security*

[Read full review](https://www.g2.com/survey_responses/cynet-review-13072458)

---


#### What Are G2 Users Discussing About Cynet?

- [What is Cynet 360 AutoXDR™ used for?](https://www.g2.com/discussions/what-is-cynet-360-autoxdr-used-for)
- [What is cynet XDR?](https://www.g2.com/discussions/what-is-cynet-xdr) - 1 comment
- [What is cynet used for?](https://www.g2.com/discussions/what-is-cynet-used-for) - 1 comment
- [Is cynet 360 good?](https://www.g2.com/discussions/is-cynet-360-good) - 3 comments
- [How much does cynet cost?](https://www.g2.com/discussions/how-much-does-cynet-cost) - 1 comment

### 6. [SentinelOne Singularity Endpoint](https://www.g2.com/products/sentinelone-singularity-endpoint/reviews)
SentinelOne Singularity Endpoint is a software designed to protect endpoints by autonomously detecting, preventing, and responding to threats across devices within an organization. The software leverages machine learning and behavioral AI to identify and mitigate a wide range of cyber threats, including malware, ransomware, and fileless attacks. It provides continuous monitoring and automated remediation capabilities to help reduce manual intervention and response time during security incidents. SentinelOne Singularity Endpoint integrates with existing IT security and management workflows, offering visibility into endpoint activities and assisting organizations in maintaining compliance by ensuring devices meet security standards. The software is engineered to address business challenges related to endpoint protection, threat management, and operational efficiency in cybersecurity environments.


**Average Rating:** 4.7/5.0
**Total Reviews:** 195
**How Do G2 Users Rate SentinelOne Singularity Endpoint?**

- **Quality of Support:** 8.9/10 (Category avg: 8.8/10)

**Who Is the Company Behind SentinelOne Singularity Endpoint?**

- **Seller:** [SentinelOne](https://www.g2.com/sellers/sentinelone)
- **Company Website:** https://www.sentinelone.com
- **Year Founded:** 2013
- **HQ Location:** Mountain View, CA
- **Twitter:** @SentinelOne (57,863 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2886771/ (3,174 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 46% Mid-Market, 36% Enterprise


#### What Are SentinelOne Singularity Endpoint's Pros and Cons?

**Pros:**

- Ease of Use (61 reviews)
- Tool Efficiency (18 reviews)
- Setup Ease (17 reviews)
- Malware Protection (13 reviews)
- Useful (13 reviews)

**Cons:**

- Update Issues (13 reviews)
- Difficult Learning (8 reviews)
- Frequent Updates (7 reviews)
- Agent Removal Issues (6 reviews)
- Ineffective Alerts (6 reviews)


### What Do G2 Reviewers Say About SentinelOne Singularity Endpoint?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find SentinelOne Singularity Endpoint to be **easy to deploy and manage** , enhancing overall security efficiency.
- Users value the **tool efficiency** of SentinelOne, noting its user-friendly interface and effective threat detection capabilities.
- Users value the **setup ease** of SentinelOne Singularity, appreciating its simple deployment and swift implementation process.
- Users commend SentinelOne for its **exceptional malware protection** , effectively defending against various threats and attacks.
- Users find the **incident notification system** of SentinelOne very effective, enhancing their ability to respond quickly.

**Cons:**

- Users face **update issues** with SentinelOne, including frequent login problems and difficulties with self-updating agents.
- Users find the **difficult learning curve** challenging, especially for beginners navigating the complex interface.
- Users face challenges with **frequent updates** that complicate login processes and require constant adjustments to policies.
- Users experience frequent **agent removal issues** that disrupt functionality and complicate application performance.
- Users report **ineffective alerts** that complicate troubleshooting and hinder application compatibility during migration between EDR providers.

#### What Are Recent G2 Reviews of SentinelOne Singularity Endpoint?

**"[The Endpoint Security Platform That Actually Responds, Not Just Alerts.](https://www.g2.com/survey_responses/sentinelone-singularity-endpoint-review-13094863)"**

**Rating:** 5.0/5.0 stars
*— Ansh B.*

[Read full review](https://www.g2.com/survey_responses/sentinelone-singularity-endpoint-review-13094863)

---

**"[Autonomous Protection, Robust Security for Energy-Critical Systems](https://www.g2.com/survey_responses/sentinelone-singularity-endpoint-review-12707750)"**

**Rating:** 5.0/5.0 stars
*— Viral S.*

[Read full review](https://www.g2.com/survey_responses/sentinelone-singularity-endpoint-review-12707750)

---


#### What Are G2 Users Discussing About SentinelOne Singularity Endpoint?

- [How does Sentinel one work?](https://www.g2.com/discussions/sentinelone-singularity-how-does-sentinel-one-work)
- [How does Sentinel one work?](https://www.g2.com/discussions/how-does-sentinel-one-work)
- [Is SentinelOne an antivirus?](https://www.g2.com/discussions/sentinelone-singularity-is-sentinelone-an-antivirus)
- [Is SentinelOne an antivirus?](https://www.g2.com/discussions/is-sentinelone-an-antivirus) - 2 comments
- [What is SentinelOne used for?](https://www.g2.com/discussions/sentinelone-singularity-what-is-sentinelone-used-for)

### 7. [Microsoft Sentinel](https://www.g2.com/products/microsoft-sentinel/reviews)
Microsoft Sentinel lets you see and stop threats before they cause harm, with SIEM reinvented for a modern world. Microsoft Sentinel is your birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make your threat detection and response smarter and faster with artificial intelligence (AI). Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can: - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft -Respond to incidents rapidly with built-in orchestration and automation of common tasks


**Average Rating:** 4.4/5.0
**Total Reviews:** 273
**How Do G2 Users Rate Microsoft Sentinel?**

- **Quality of Support:** 8.5/10 (Category avg: 8.8/10)

**Who Is the Company Behind Microsoft Sentinel?**

- **Seller:** [Microsoft](https://www.g2.com/sellers/microsoft)
- **Year Founded:** 1975
- **HQ Location:** Redmond, Washington
- **Twitter:** @microsoft (13,091,739 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/microsoft/ (231,632 employees on LinkedIn®)
- **Ownership:** MSFT

**Who Uses This Product?**
- **Who Uses This:** Security Analyst, Senior Software Engineer
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 42% Enterprise, 31% Mid-Market


#### What Are Microsoft Sentinel's Pros and Cons?

**Pros:**

- Real-time Monitoring (27 reviews)
- Alerting (23 reviews)
- Dashboard Usability (21 reviews)
- Response Time (16 reviews)
- Data Management (15 reviews)

**Cons:**

- Cloud Dependency (12 reviews)
- Complex Configuration (12 reviews)
- Configuration Issues (11 reviews)
- Difficult Setup (10 reviews)
- Poor Interface Design (9 reviews)


### What Do G2 Reviewers Say About Microsoft Sentinel?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **real-time monitoring** feature of Microsoft Sentinel, enabling swift detection and response to security threats.
- Users value the **automated alert response** feature in Microsoft Sentinel, enhancing security and streamlining monitoring processes.
- Users appreciate the **intuitive dashboard usability** of Microsoft Sentinel, enabling efficient tracking and management of security analytics.
- Users value the **fast threat response** of Microsoft Sentinel, enhancing security and minimizing risks effectively.
- Users value the **seamless data management** features of Microsoft Sentinel, enhancing security and streamlining workflows efficiently.

**Cons:**

- Users express concerns about **cloud dependency** , noting connectivity issues and a reliance on Microsoft software.
- Users find the **complex configuration** of Microsoft Sentinel challenging without dedicated technical expertise, leading to a steep learning curve.
- Users face **configuration issues** with Microsoft Sentinel, requiring technical expertise and time for effective setup and integration.
- Users find the **difficult setup** of Microsoft Sentinel challenging, often requiring dedicated experts and training for effective use.
- Users face challenges with the **poor interface design** of Microsoft Sentinel, making navigation and understanding features difficult.

#### What Are Recent G2 Reviews of Microsoft Sentinel?

**"[Easy Log Ingestion Across Formats with Seamless Sentinel Integrations](https://www.g2.com/survey_responses/microsoft-sentinel-review-13073395)"**

**Rating:** 4.5/5.0 stars
*— Sandip K.*

[Read full review](https://www.g2.com/survey_responses/microsoft-sentinel-review-13073395)

---

**"[Strong Centralized Visibility and Scalable Detection for Faster SOC Response](https://www.g2.com/survey_responses/microsoft-sentinel-review-12823175)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Information Technology and Services*

[Read full review](https://www.g2.com/survey_responses/microsoft-sentinel-review-12823175)

---


#### What Are G2 Users Discussing About Microsoft Sentinel?

- [What is Microsoft Sentinel used for?](https://www.g2.com/discussions/what-is-microsoft-sentinel-used-for) - 3 comments, 2 upvotes
- [Why should I use Azure Sentinel?](https://www.g2.com/discussions/why-should-i-use-azure-sentinel) - 1 comment
- [Which feature provides the extended detection and response capabilities of Azure Sentinel?](https://www.g2.com/discussions/which-feature-provides-the-extended-detection-and-response-capabilities-of-azure-sentinel)
- [What is the difference between Azure security Center and Azure Sentinel?](https://www.g2.com/discussions/what-is-the-difference-between-azure-security-center-and-azure-sentinel)
- [What does Azure Sentinel provide?](https://www.g2.com/discussions/what-does-azure-sentinel-provide)

### 8. [IBM QRadar SIEM](https://www.g2.com/products/ibm-ibm-qradar-siem/reviews)
Outsmart threats with an end-to-end award-winning security suite; proven to prevent, endure and recover from both known &amp; unknown IT hazards faced by SoCs in the modern-day.


**Average Rating:** 4.4/5.0
**Total Reviews:** 282
**How Do G2 Users Rate IBM QRadar SIEM?**

- **Threat Intelligence:** 8.4/10 (Category avg: 8.9/10)
- **Quality of Support:** 8.3/10 (Category avg: 8.8/10)
- **Incident Case Management:** 8.3/10 (Category avg: 8.4/10)
- **Incident Logs:** 8.8/10 (Category avg: 8.8/10)

**Who Is the Company Behind IBM QRadar SIEM?**

- **Seller:** [IBM](https://www.g2.com/sellers/ibm)
- **Year Founded:** 1911
- **HQ Location:** Armonk, New York, United States
- **Twitter:** @IBMSecurity (74,660 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/1009/ (328,202 employees on LinkedIn®)
- **Ownership:** SWX:IBM

**Who Uses This Product?**
- **Who Uses This:** Security Engineer, SOC Analyst
- **Top Industries:** Computer &amp; Network Security, Information Technology and Services
- **Company Size:** 52% Enterprise, 29% Mid-Market


#### What Are IBM QRadar SIEM's Pros and Cons?

**Pros:**

- Ease of Use (23 reviews)
- Integrations (19 reviews)
- Features (18 reviews)
- Easy Integrations (15 reviews)
- User Interface (15 reviews)

**Cons:**

- UX Improvement (11 reviews)
- Expensive (9 reviews)
- Cost (7 reviews)
- Dashboard Issues (7 reviews)
- Time-Consuming (7 reviews)


### What Do G2 Reviewers Say About IBM QRadar SIEM?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find IBM QRadar SIEM to be **user-friendly** , facilitating seamless integration and management of security operations.
- Users value the **flexibility in integration** with multiple log sources, enhancing functionality and threat management capabilities.
- Users appreciate the **advanced threat detection and centralized log management** features of IBM QRadar SIEM, enhancing security measures.
- Users value the **easy integrations** of IBM QRadar SIEM, enhancing functionality and streamlining security operations.
- Users find the **user-friendly interface** of IBM QRadar SIEM easy for non-tech individuals to navigate effectively.

**Cons:**

- Users highlight the **poor UX in the new UI** of QRadar SIEM, which complicates offense searches and reporting.
- Users find IBM QRadar SIEM to be **expensive** , which can be a challenge for smaller organizations seeking value.
- Users find the **high cost** of IBM QRadar SIEM challenging, especially for smaller organizations needing support and services.
- Users face **dashboard issues** with QRadar, noting limitations in editing and customization that hinder usability.
- Users experience **time-consuming search processes** due to log fetching failures and complicated query handling in QRadar SIEM.

#### What Are Recent G2 Reviews of IBM QRadar SIEM?

**"[QRADAR Integrates Easily and Makes Logs &amp; Alerts Report-Ready](https://www.g2.com/survey_responses/ibm-qradar-siem-review-13061810)"**

**Rating:** 4.5/5.0 stars
*— Zahid A.*

[Read full review](https://www.g2.com/survey_responses/ibm-qradar-siem-review-13061810)

---

**"[Strong Correlation, Mature Security Monitoring, and Compliance Reporting](https://www.g2.com/survey_responses/ibm-qradar-siem-review-12986703)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Information Technology and Services*

[Read full review](https://www.g2.com/survey_responses/ibm-qradar-siem-review-12986703)

---



### 9. [ServiceNow Security Operations](https://www.g2.com/products/servicenow-security-operations/reviews)
ServiceNow Security Operations is a sophisticated software solution designed to enhance threat and vulnerability management as well as incident response for organizations. By leveraging artificial intelligence, this platform empowers security teams to operate more efficiently and effectively, allowing for streamlined collaboration across IT, security, and risk management departments. The primary goal of ServiceNow Security Operations is to simplify complex security processes while minimizing risks associated with cybersecurity threats. Targeted at security teams within organizations of various sizes, ServiceNow Security Operations addresses the need for a cohesive approach to managing security incidents and vulnerabilities. It is particularly beneficial for organizations that utilize multiple security tools, as it integrates security and vulnerability data from these existing systems. This integration enables teams to respond to threats more rapidly by automating critical workflows and processes, thus reducing the manual effort traditionally required in incident response. Key features of ServiceNow Security Operations include intelligent workflows that automate routine tasks, allowing security professionals to focus on more strategic initiatives. The platform’s AI-driven capabilities facilitate the automatic correlation of threat intelligence from diverse sources, such as the MITRE ATT&amp;CK framework. This feature enhances situational awareness and enables teams to prioritize threats effectively based on real-time data. Additionally, the ability to take action within other security or IT management tools from a centralized console streamlines operations, ensuring that teams can respond to incidents without unnecessary delays. Moreover, the use of digital security workflows and orchestration significantly accelerates tasks such as analysis, prioritization, and remediation. By automating these processes, organizations can not only improve their response times but also enhance their overall cybersecurity posture. The integration of AI-driven automation within the ServiceNow AI Platform® further strengthens the platform&#39;s capabilities, enabling organizations to drive cyber resilience and reduce their exposure to potential threats. In summary, ServiceNow Security Operations is a comprehensive solution that addresses the complexities of modern cybersecurity challenges. By automating and simplifying threat and vulnerability management, it empowers security teams to respond more effectively, thereby enhancing the overall security framework of an organization.


**Average Rating:** 4.4/5.0
**Total Reviews:** 70
**How Do G2 Users Rate ServiceNow Security Operations?**

- **Threat Intelligence:** 9.0/10 (Category avg: 8.9/10)
- **Quality of Support:** 8.5/10 (Category avg: 8.8/10)
- **Incident Case Management:** 9.1/10 (Category avg: 8.4/10)
- **Incident Logs:** 9.1/10 (Category avg: 8.8/10)

**Who Is the Company Behind ServiceNow Security Operations?**

- **Seller:** [ServiceNow](https://www.g2.com/sellers/servicenow)
- **Company Website:** https://www.servicenow.com/
- **Year Founded:** 2004
- **HQ Location:** Santa Clara, CA
- **Twitter:** @servicenow (55,548 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/29352/ (35,081 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 50% Enterprise, 22% Mid-Market


#### What Are ServiceNow Security Operations's Pros and Cons?

**Pros:**

- Integration Capabilities (11 reviews)
- Integration Support (10 reviews)
- Ease of Use (9 reviews)
- Integrations (8 reviews)
- Incident Management (7 reviews)

**Cons:**

- Difficult Setup (4 reviews)
- Integration Issues (4 reviews)
- Licensing Issues (3 reviews)
- Complexity (2 reviews)
- Difficult Customization (2 reviews)


### What Do G2 Reviewers Say About ServiceNow Security Operations?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **integration capabilities** of ServiceNow Security Operations, enabling seamless connections with essential third-party tools.
- Users value the **remarkable integration capabilities** of ServiceNow Security Operations, enhancing incident management and data processing efficiency.
- Users appreciate the **ease of use** of ServiceNow Security Operations, enhancing productivity with seamless integration and setup.
- Users value the **robust integration capabilities** of ServiceNow Security Operations, enhancing workflow and incident management efficiency.
- Users appreciate the **end-to-end incident management** capabilities in ServiceNow, making it a comprehensive security solution.

**Cons:**

- Users find the **difficult setup** of ServiceNow Security Operations a barrier, impacting overall usability and cost-effectiveness.
- Users face **integration issues** , struggling with field mapping, initial setup, and documentation, affecting overall usability.
- Users find the **restrictive licensing issues** limiting for playbooks, impacting remediation efficiency and security operations.
- Users face **complexity in building playbooks** within ServiceNow Security Operations, finding the process challenging and costly.
- Users find **difficult customization** in ServiceNow Security Operations hinders their ability to effectively build playbooks.

#### What Are Recent G2 Reviews of ServiceNow Security Operations?

**"[Strong platform for centralized security operations and incident response](https://www.g2.com/survey_responses/servicenow-security-operations-review-12737410)"**

**Rating:** 4.5/5.0 stars
*— Dharamveer p.*

[Read full review](https://www.g2.com/survey_responses/servicenow-security-operations-review-12737410)

---

**"[Unifies Security and IT with Efficient Threat Response and Automation](https://www.g2.com/survey_responses/servicenow-security-operations-review-13059971)"**

**Rating:** 5.0/5.0 stars
*— Anshul S.*

[Read full review](https://www.g2.com/survey_responses/servicenow-security-operations-review-13059971)

---


#### What Are G2 Users Discussing About ServiceNow Security Operations?

- [What is ServiceNow sir?](https://www.g2.com/discussions/what-is-servicenow-sir)
- [What is service now in cyber security?](https://www.g2.com/discussions/what-is-service-now-in-cyber-security)
- [What are the typical functions of the Security Operations Center SOC analysts?](https://www.g2.com/discussions/what-are-the-typical-functions-of-the-security-operations-center-soc-analysts)
- [What can ServiceNow security operations do?](https://www.g2.com/discussions/what-can-servicenow-security-operations-do)

### 10. [Tanium](https://www.g2.com/products/tanium/reviews)
Trusted by 40% of the Fortune 100, 8 of the top 10 U.S. Banks, and all 6 branches of the U.S. Armed Forces. Tanium is the platform the world&#39;s most security-conscious organizations trust. The Tanium Autonomous IT Platform unifies endpoint management and security on a single, unified platform. Driven by real-time intelligence and generative, agentic, and predictive AI, Tanium ensures every insight and automation is based on accurate, trustworthy data so IT operations and security teams can act faster, stay resilient, and drive better business outcomes with confidence. Built on Tanium’s patented Linear Chain Architecture, teams can deploy trusted automation progressively, then execute actions safely at speed and scale - without scans or manual workflows. Continuous visibility across IT, mobile, OT, and cloud environments helps organizations accelerate decision agility, save costs through integrated automation, and strengthen resilience with closed-loop security.


**Average Rating:** 4.5/5.0
**Total Reviews:** 67
**How Do G2 Users Rate Tanium?**

- **Threat Intelligence:** 8.3/10 (Category avg: 8.9/10)
- **Quality of Support:** 8.8/10 (Category avg: 8.8/10)
- **Incident Case Management:** 8.3/10 (Category avg: 8.4/10)
- **Incident Logs:** 7.5/10 (Category avg: 8.8/10)

**Who Is the Company Behind Tanium?**

- **Seller:** [Tanium](https://www.g2.com/sellers/tanium)
- **Company Website:** https://www.tanium.com/
- **Year Founded:** 2007
- **HQ Location:** Emeryville, CA
- **Twitter:** @Tanium (7,243 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2109024/ (2,333 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Hospital &amp; Health Care
- **Company Size:** 48% Enterprise, 33% Mid-Market


#### What Are Tanium's Pros and Cons?

**Pros:**

- Ease of Use (7 reviews)
- Features (7 reviews)
- Reliability (4 reviews)
- Security (4 reviews)
- Visibility (4 reviews)

**Cons:**

- Learning Curve (4 reviews)
- Complexity (3 reviews)
- Limited Features (3 reviews)
- Insufficient Information (2 reviews)
- Needs Improvement (2 reviews)


### What Do G2 Reviewers Say About Tanium?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **ease of use** of Tanium, simplifying tasks like patch management and network scanning.
- Users appreciate the **speed and clarity** of Tanium, enabling quick insights and efficient resource management across endpoints.
- Users value Tanium&#39;s **reliability** , providing quick, actionable insights and ensuring stable, scalable endpoint management.
- Users value Tanium for its **robust security capabilities** , enabling quick compliance checks and strengthening overall operational trust.
- Users value the **real-time visibility** of Tanium, enabling effective management of vulnerabilities and enhanced security measures.

**Cons:**

- Users find the **learning curve steep** , with complex navigation and a lack of clear onboarding resources affecting ease of use.
- Users find the **complexity** of Tanium challenging, especially for those new to cybersecurity and troubleshooting.
- Users note **limited features** in Tanium, particularly with troubleshooting and timely updates for vulnerabilities.
- Users express a need for **clearer onboarding resources** to ease the steep learning curve of Tanium.
- Users feel Tanium&#39;s **learning curve and onboarding resources** need improvement, leading to inefficiencies during initial use.

#### What Are Recent G2 Reviews of Tanium?

**"[Rapid Endpoint Visibility That Transformed Our Incident Troubleshooting](https://www.g2.com/survey_responses/tanium-review-12742786)"**

**Rating:** 4.0/5.0 stars
*— Nijat I.*

[Read full review](https://www.g2.com/survey_responses/tanium-review-12742786)

---

**"[Real-Time Visibility and Fast Global Remediation with Tanium](https://www.g2.com/survey_responses/tanium-review-12961686)"**

**Rating:** 4.5/5.0 stars
*— Aswindev P.*

[Read full review](https://www.g2.com/survey_responses/tanium-review-12961686)

---



### 11. [Sumo Logic](https://www.g2.com/products/sumo-logic/reviews)
Sumo Logic, Inc. unifies and analyzes enterprise data, translating it into actionable insights through one AI-powered cloud-native log analytics platform. This single source of truth enables Dev, Sec and Ops teams to simplify complexity, collaborate efficiently and accelerate data-driven decisions that drive business value. Customers around the world rely on the Sumo Logic SaaS Log Analytics Platform for trusted insights to ensure application reliability, secure and protect against modern security threats, and gain insights into their cloud infrastructures. For more information, visit: SUMOLOGIC.COM


**Average Rating:** 4.3/5.0
**Total Reviews:** 391
**How Do G2 Users Rate Sumo Logic?**

- **Threat Intelligence:** 7.7/10 (Category avg: 8.9/10)
- **Quality of Support:** 8.5/10 (Category avg: 8.8/10)
- **Incident Case Management:** 8.0/10 (Category avg: 8.4/10)
- **Incident Logs:** 8.8/10 (Category avg: 8.8/10)

**Who Is the Company Behind Sumo Logic?**

- **Seller:** [Sumo Logic](https://www.g2.com/sellers/sumo-logic)
- **Company Website:** https://www.sumologic.com
- **Year Founded:** 2010
- **HQ Location:** Redwood City, CA
- **Twitter:** @SumoLogic (6,542 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/1037816/ (838 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, Senior Software Engineer
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 48% Mid-Market, 37% Enterprise


#### What Are Sumo Logic's Pros and Cons?

**Pros:**

- Ease of Use (54 reviews)
- Log Management (44 reviews)
- Features (32 reviews)
- Insights (30 reviews)
- Real-time Monitoring (29 reviews)

**Cons:**

- Expensive (18 reviews)
- Difficult Learning (16 reviews)
- Learning Curve (16 reviews)
- Learning Difficulty (16 reviews)
- Slow Performance (16 reviews)


### What Do G2 Reviewers Say About Sumo Logic?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **ease of use** of Sumo Logic, finding it simple to learn and configure effectively.
- Users appreciate the **ease of searching and configuring logs** , enhancing their monitoring and tracing capabilities effortlessly.
- Users value the **Continuous Intelligence feature** of Sumo Logic for its quick and actionable insights from diverse data.
- Users commend **Sumo Logic&#39;s visual power and flexibility** , enhancing KPI display and minimizing log-related workload.
- Users value the **real-time insights** offered by Sumo Logic, enhancing monitoring and analytics for better decision-making.

**Cons:**

- Users find Sumo Logic to be **expensive** , often questioning if its value justifies the high pricing.
- Users find the **difficult learning** curve of Sumo Logic hampers quick proficiency in using its features effectively.
- Users find Sumo Logic&#39;s **steep learning curve** challenging, especially when mastering complex queries and setup processes.
- Users find the **steep learning curve** of Sumo Logic challenging, requiring significant time to gain proficiency.
- Users experience **slow performance** due to a clunky UI and delayed alerting, impacting efficiency and response times.

#### What Are Recent G2 Reviews of Sumo Logic?

**"[Centralized Logging with Intuitive Dashboards](https://www.g2.com/survey_responses/sumo-logic-review-12948839)"**

**Rating:** 4.5/5.0 stars
*— Sudarshan B.*

[Read full review](https://www.g2.com/survey_responses/sumo-logic-review-12948839)

---

**"[AI Activity Monitoring That Makes Auditing and Debugging Easy](https://www.g2.com/survey_responses/sumo-logic-review-12888562)"**

**Rating:** 4.5/5.0 stars
*— Vishal S.*

[Read full review](https://www.g2.com/survey_responses/sumo-logic-review-12888562)

---


#### What Are G2 Users Discussing About Sumo Logic?

- [What is Cloud SOAR used for?](https://www.g2.com/discussions/what-is-cloud-soar-used-for) - 1 comment, 1 upvote
- [Is Sumo Logic a SIEM?](https://www.g2.com/discussions/is-sumo-logic-a-siem)
- [What is Sumo Logic used for?](https://www.g2.com/discussions/what-is-sumo-logic-used-for)
- [Who are Sumo Logic competitors?](https://www.g2.com/discussions/who-are-sumo-logic-competitors) - 1 comment
- [How much does Sumo Logic cost?](https://www.g2.com/discussions/how-much-does-sumo-logic-cost)

### 12. [Splunk Enterprise Security](https://www.g2.com/products/splunk-enterprise-security/reviews)
Splunk Enterprise Security (ES) is a data-centric, modern security information and event management (SIEM) solution that delivers data-driven insights for full breadth visibility into your security posture so you can protect your business and mitigate risk at scale. With unparalleled search and reporting, advanced analytics, integrated intelligence, and prepackaged security content, Splunk ES accelerates threat detection and investigation, letting you determine the scope of high-priority threats to your environment so you can quickly take action. Built on an open and scalable data platform, you can stay agile in the face of evolving threats and business needs. Our extensive ecosystem of Splunk, partner, and community-built integrations as well as flexible deployment options ensure your technology investments are working in tandem with Splunk ES whilst meeting you wherever you are on your cloud, multi-cloud, or hybrid journey.


**Average Rating:** 4.3/5.0
**Total Reviews:** 223
**How Do G2 Users Rate Splunk Enterprise Security?**

- **Threat Intelligence:** 9.0/10 (Category avg: 8.9/10)
- **Quality of Support:** 8.6/10 (Category avg: 8.8/10)
- **Incident Case Management:** 7.5/10 (Category avg: 8.4/10)
- **Incident Logs:** 8.0/10 (Category avg: 8.8/10)

**Who Is the Company Behind Splunk Enterprise Security?**

- **Seller:** [Cisco](https://www.g2.com/sellers/cisco)
- **Year Founded:** 1984
- **HQ Location:** San Jose, CA
- **Twitter:** @Cisco (720,366 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cisco/ (95,545 employees on LinkedIn®)
- **Ownership:** NASDAQ:CSCO

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, Senior Software Engineer
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 59% Enterprise, 30% Mid-Market


#### What Are Splunk Enterprise Security's Pros and Cons?

**Pros:**

- Ease of Use (15 reviews)
- Easy Integrations (13 reviews)
- Threat Detection (13 reviews)
- Features (12 reviews)
- User Interface (11 reviews)

**Cons:**

- Expensive (17 reviews)
- Complex Setup (8 reviews)
- Complex Implementation (6 reviews)
- Complexity (6 reviews)
- Difficult Learning (6 reviews)


### What Do G2 Reviewers Say About Splunk Enterprise Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **user-friendly interface** of Splunk Enterprise Security, allowing efficient monitoring and log analysis.
- Users appreciate the **easy integrations** with various platforms, enhancing their log management experience significantly.
- Users highly value the **impressive threat detection** capabilities of Splunk Enterprise Security, enhancing early identification of potential issues.
- Users value the **powerful analytics and security features** of Splunk Enterprise Security, enhancing their monitoring and investigative capabilities.
- Users appreciate the **user-friendly interface** of Splunk Enterprise Security, enabling efficient monitoring and attractive dashboard creation.

**Cons:**

- Users find the **high cost** of Splunk Enterprise Security a significant barrier, limiting its adoption among smaller organizations.
- Users find the **complex setup** of Splunk Enterprise Security challenging and resource-intensive, often needing additional support for implementation.
- Users find the **complex implementation** of Splunk Enterprise Security to be time-intensive and requiring specialized expertise.
- Users find the **setup and complexity** of Splunk Enterprise Security can be time-consuming and challenging to navigate.
- Users find the **difficult learning curve** of Splunk Enterprise Security challenging, especially for those new to data analysis.

#### What Are Recent G2 Reviews of Splunk Enterprise Security?

**"[Powerful Visibility and Investigations with Splunk Enterprise Security](https://www.g2.com/survey_responses/splunk-enterprise-security-review-12695107)"**

**Rating:** 4.0/5.0 stars
*— Akil S.*

[Read full review](https://www.g2.com/survey_responses/splunk-enterprise-security-review-12695107)

---

**"[Powerful Threat Detection and Investigation with Splunk Enterprise Security](https://www.g2.com/survey_responses/splunk-enterprise-security-review-12982814)"**

**Rating:** 5.0/5.0 stars
*— Priyanshu S.*

[Read full review](https://www.g2.com/survey_responses/splunk-enterprise-security-review-12982814)

---


#### What Are G2 Users Discussing About Splunk Enterprise Security?

- [What is Splunk User Behavior Analytics used for?](https://www.g2.com/discussions/what-is-splunk-user-behavior-analytics-used-for)
- [What does Splunk Enterprise do?](https://www.g2.com/discussions/splunk-enterprise-security-what-does-splunk-enterprise-do)
- [What is the difference between Splunk Enterprise and Splunk Enterprise Security?](https://www.g2.com/discussions/what-is-the-difference-between-splunk-enterprise-and-splunk-enterprise-security) - 1 comment
- [Which Splunk app is used for enterprise security?](https://www.g2.com/discussions/which-splunk-app-is-used-for-enterprise-security)
- [What is Splunk Enterprise Security?](https://www.g2.com/discussions/what-is-splunk-enterprise-security)

### 13. [Rapid7 Next-Gen SIEM](https://www.g2.com/products/rapid7-next-gen-siem/reviews)
Rapid7 InsightIDR is a SaaS SIEM for modern threat detection and response. InsightIDR enables security analysts to work more efficiently and effectively, by unifying diverse data sources, providing early and reliable out of the box detections, and delivering rich visual investigations and automation to expedite response. With a lightweight cloud deployment and intuitive UI and onboarding experience, InsightIDR customers recognize an accelerated return on their investment and start seeing valuable insights from Day 1. With InsightIDR, teams can advance their threat detection and response program without adding headcount.


**Average Rating:** 4.4/5.0
**Total Reviews:** 67
**How Do G2 Users Rate Rapid7 Next-Gen SIEM?**

- **Threat Intelligence:** 9.2/10 (Category avg: 8.9/10)
- **Quality of Support:** 8.9/10 (Category avg: 8.8/10)
- **Incident Case Management:** 8.7/10 (Category avg: 8.4/10)
- **Incident Logs:** 9.1/10 (Category avg: 8.8/10)

**Who Is the Company Behind Rapid7 Next-Gen SIEM?**

- **Seller:** [Rapid7](https://www.g2.com/sellers/rapid7)
- **Year Founded:** 2000
- **HQ Location:** Boston, MA
- **Twitter:** @rapid7 (124,405 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/39624/ (3,274 employees on LinkedIn®)
- **Ownership:** NASDAQ:RPD

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 66% Mid-Market, 31% Enterprise


#### What Are Rapid7 Next-Gen SIEM's Pros and Cons?

**Pros:**

- Ease of Use (2 reviews)
- Easy Integrations (2 reviews)
- Integrations (2 reviews)
- Threat Detection (2 reviews)
- Visibility (2 reviews)

**Cons:**

- Limited Features (2 reviews)
- Alerting Issues (1 reviews)
- Alert Management (1 reviews)
- Difficult Customization (1 reviews)
- Difficult Setup (1 reviews)


### What Do G2 Reviewers Say About Rapid7 Next-Gen SIEM?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Rapid7 Next-Gen SIEM, facilitating effortless log management and integration.
- Users appreciate the **easy integrations** of Rapid7 Next-Gen SIEM, enhancing compatibility with various third-party tools effortlessly.
- Users value the **easy integrations** with third-party tools, enhancing functionality and streamlining security management.
- Users appreciate the **effective threat detection** capabilities of Rapid7 Next-Gen SIEM, enhancing investigation speed and efficiency.
- Users appreciate the **visibility** of Rapid7 Next-Gen SIEM, enabling easy search and understanding of log data.

**Cons:**

- Users find the **limited features** of Rapid7 Next-Gen SIEM restrictive compared to larger competitors, hindering alert creation.
- Users find the **alerting capabilities limited** , making it challenging to create timely and effective alerts.
- Users find the **alert management limited** , making it challenging to create effective and timely alerts.
- Users find the **difficult customization** process frustrating, especially when creating alerts and setting patterns.
- Users find the **difficult setup** of Rapid7 Next-Gen SIEM frustrating, especially for creating alerts and patterns.

#### What Are Recent G2 Reviews of Rapid7 Next-Gen SIEM?

**"[Intuitive, High-Performance SIEM with Great Support and Cost-Effective Value](https://www.g2.com/survey_responses/rapid7-next-gen-siem-review-12711350)"**

**Rating:** 4.5/5.0 stars
*— Nihal J.*

[Read full review](https://www.g2.com/survey_responses/rapid7-next-gen-siem-review-12711350)

---

**"[Easiest SIEM Implementation with Transparent Pricing](https://www.g2.com/survey_responses/rapid7-next-gen-siem-review-12182908)"**

**Rating:** 5.0/5.0 stars
*— Joevanne V.*

[Read full review](https://www.g2.com/survey_responses/rapid7-next-gen-siem-review-12182908)

---


#### What Are G2 Users Discussing About Rapid7 Next-Gen SIEM?

- [What is InsightIDR used for?](https://www.g2.com/discussions/what-is-insightidr-used-for)
- [What is rapid7 InsightVM?](https://www.g2.com/discussions/what-is-rapid7-insightvm)
- [Is rapid7 a SIEM?](https://www.g2.com/discussions/is-rapid7-a-siem)
- [What is rapid7 used for?](https://www.g2.com/discussions/insightidr-what-is-rapid7-used-for)
- [What is InsightIDR?](https://www.g2.com/discussions/what-is-insightidr)

### 14. [Proofpoint Threat Response](https://www.g2.com/products/proofpoint-threat-response/reviews)
Proofpoint Threat Response takes the manual labor and guesswork out of incident response to help you resolve threats faster and more efficiently.


**Average Rating:** 4.6/5.0
**Total Reviews:** 17
**How Do G2 Users Rate Proofpoint Threat Response?**

- **Threat Intelligence:** 8.3/10 (Category avg: 8.9/10)
- **Quality of Support:** 8.8/10 (Category avg: 8.8/10)
- **Incident Case Management:** 8.3/10 (Category avg: 8.4/10)
- **Incident Logs:** 8.5/10 (Category avg: 8.8/10)

**Who Is the Company Behind Proofpoint Threat Response?**

- **Seller:** [Proofpoint](https://www.g2.com/sellers/proofpoint)
- **Year Founded:** 2002
- **HQ Location:** Sunnyvale, CA
- **Twitter:** @proofpoint (31,157 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/proofpoint (5,146 employees on LinkedIn®)
- **Ownership:** NASDAQ: PFPT

**Who Uses This Product?**
- **Company Size:** 56% Mid-Market, 22% Enterprise


#### What Are Proofpoint Threat Response's Pros and Cons?

**Pros:**

- Email Security (2 reviews)
- Automated Response (1 reviews)
- Phishing Prevention (1 reviews)
- Security (1 reviews)
- Threat Detection (1 reviews)

**Cons:**

- Email Management (1 reviews)
- False Positives (1 reviews)
- Learning Curve (1 reviews)


### What Do G2 Reviewers Say About Proofpoint Threat Response?
*AI-generated summary from verified user reviews*

**Pros:**

- Users praise the **automatic recall of suspicious emails** by Proofpoint Threat Response, enhancing their company&#39;s email security.
- Users appreciate the **automated recall of suspicious emails** , enhancing their email security and peace of mind.
- Users appreciate the **automatic recall of suspicious emails** in Proofpoint Threat Response for enhanced phishing prevention.
- Users benefit from the **comprehensive security tools** of Proofpoint Threat Response, ensuring their company&#39;s safety.
- Users appreciate the **comprehensive tools for threat detection** that enhance their company&#39;s security effectively.

**Cons:**

- Users report frequent **false positives** causing numerous emails to be recalled and replaced, impacting email management efficiency.
- Users report encountering **numerous false positives** , leading to significant disruptions with email recalls and replacements.
- Users note that while there&#39;s a **steep learning curve** , Proofpoint offers ample training and support resources.

#### What Are Recent G2 Reviews of Proofpoint Threat Response?

**"[Quick Alerts and Clear, Detailed Summaries for Suspicious Emails](https://www.g2.com/survey_responses/proofpoint-threat-response-review-12478488)"**

**Rating:** 5.0/5.0 stars
*— Casey M.*

[Read full review](https://www.g2.com/survey_responses/proofpoint-threat-response-review-12478488)

---

**"[Takes time to learn, but Great product!](https://www.g2.com/survey_responses/proofpoint-threat-response-review-9471662)"**

**Rating:** 4.0/5.0 stars
*— Joshua B.*

[Read full review](https://www.g2.com/survey_responses/proofpoint-threat-response-review-9471662)

---



### 15. [Barracuda Incident Response](https://www.g2.com/products/barracuda-incident-response/reviews)
No email defense technology can protect against increasingly advanced email threats 100 percent of the time. Some advanced social engineering attacks like business email compromise will reach users’ mailboxes. And when they do, you need to respond quickly and accurately to minimize the scope and severity of damage. Barracuda Incident Response lets you respond to threats quickly and effectively, by automating investigative workflows and enabling direct removal of malicious emails


**Average Rating:** 4.5/5.0
**Total Reviews:** 16
**How Do G2 Users Rate Barracuda Incident Response?**

- **Threat Intelligence:** 8.8/10 (Category avg: 8.9/10)
- **Quality of Support:** 9.4/10 (Category avg: 8.8/10)
- **Incident Case Management:** 8.5/10 (Category avg: 8.4/10)
- **Incident Logs:** 8.5/10 (Category avg: 8.8/10)

**Who Is the Company Behind Barracuda Incident Response?**

- **Seller:** [Barracuda](https://www.g2.com/sellers/barracuda)
- **Year Founded:** 2002
- **HQ Location:** Campbell, CA
- **Twitter:** @Barracuda (15,239 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/barracuda-networks/ (2,248 employees on LinkedIn®)
- **Ownership:** Private

**Who Uses This Product?**
- **Company Size:** 50% Mid-Market, 25% Enterprise


#### What Are Barracuda Incident Response's Pros and Cons?

**Pros:**

- Email Security (2 reviews)
- Cybersecurity (1 reviews)
- Features (1 reviews)
- Incident Management (1 reviews)
- Security (1 reviews)

**Cons:**

- Email Management (1 reviews)


### What Do G2 Reviewers Say About Barracuda Incident Response?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **instant email threat removal** feature, allowing quick action against potential risks and threats.
- Users find Barracuda Incident Response to be an **incredible tool** for effective remediation and investigation in cybersecurity.
- Users value the **email search and removal** capability in Barracuda Incident Response for its efficiency and effectiveness.
- Users find Barracuda Incident Response to be an **invaluable tool** for effective remediation and investigation in cybersecurity.
- Users appreciate the **instant threat removal** capability of Barracuda Incident Response, preventing larger issues from arising.

**Cons:**

- Users wish the **email blocking capability** was more comprehensive across all gateway levels for better management.

#### What Are Recent G2 Reviews of Barracuda Incident Response?

**"[Instant Email Threat Removal That Makes a Big Difference](https://www.g2.com/survey_responses/barracuda-incident-response-review-12340166)"**

**Rating:** 4.5/5.0 stars
*— Jose C.*

[Read full review](https://www.g2.com/survey_responses/barracuda-incident-response-review-12340166)

---

**"[Amazing product](https://www.g2.com/survey_responses/barracuda-incident-response-review-12337161)"**

**Rating:** 5.0/5.0 stars
*— Peter E.*

[Read full review](https://www.g2.com/survey_responses/barracuda-incident-response-review-12337161)

---


#### What Are G2 Users Discussing About Barracuda Incident Response?

- [What is Barracuda Incident Response used for?](https://www.g2.com/discussions/what-is-barracuda-incident-response-used-for)

### 16. [IBM Concert platform](https://www.g2.com/products/ibm-concert-platform/reviews)
IBM Concert® is an agentic IT Ops platform that creates an adaptable, unified operational layer across your environment. It connects signals, generates shared context, and coordinates action across teams and tools, so your entire system operates as one. With cross-domain intelligence, Concert helps you reduce risk, maintain business continuity, improve performance, and optimize cost across the stack. Powered by agentic AI, it surfaces what matters, prioritizes business impact, and orchestrates action through governed workflows.&amp;nbsp;


**Average Rating:** 4.2/5.0
**Total Reviews:** 23
**How Do G2 Users Rate IBM Concert platform?**

- **Quality of Support:** 7.3/10 (Category avg: 8.8/10)

**Who Is the Company Behind IBM Concert platform?**

- **Seller:** [IBM](https://www.g2.com/sellers/ibm)
- **Company Website:** https://www.ibm.com
- **Year Founded:** 1911
- **HQ Location:** Armonk, New York, United States
- **Twitter:** @IBMSecurity (74,660 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/1009/ (328,202 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 43% Small-Business, 35% Mid-Market


#### What Are IBM Concert platform's Pros and Cons?

**Pros:**

- Ease of Use (13 reviews)
- Insights (11 reviews)
- Automation (8 reviews)
- Easy Setup (8 reviews)
- Problem Solving (5 reviews)

**Cons:**

- Learning Difficulty (6 reviews)
- Complex Setup (4 reviews)
- Learning Curve (4 reviews)
- Integration Issues (3 reviews)
- Limited Customization (3 reviews)


### What Do G2 Reviewers Say About IBM Concert platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **ease of use** of IBM Concert, appreciating its straightforward setup and intuitive interface for managing tasks.
- Users appreciate the **AI-driven insights** from IBM Concert, enhancing situational awareness and facilitating quick, informed decision-making.
- Users value the **automation capabilities** of IBM Concert, freeing them from operational concerns to focus on key tasks.
- Users commend the **easy setup** of IBM Concert, enabling efficient management and quick access to insights seamlessly.
- Users value IBM Concert for its **efficient problem-solving capabilities** , delivering actionable insights and streamlining incident resolution.

**Cons:**

- Users find the **learning difficulty** of IBM Concert challenging, suggesting improvements in onboarding and interface simplicity.
- Users find the **complex setup** of IBM Concert challenging, with a steep learning curve for integration and data normalization.
- Users find the **learning curve steep** , making it challenging to fully understand IBM Concert&#39;s features and functionalities.
- Users experience **integration issues** with IBM Concert, citing the need for smoother and deeper third-party integrations.
- Users feel the **limited customization options** hinder tailored experiences on IBM Concert, affecting usability and flexibility.

#### What Are Recent G2 Reviews of IBM Concert platform?

**"[Unified Dashboard with Streamlined Prioritization](https://www.g2.com/survey_responses/ibm-concert-platform-review-12394702)"**

**Rating:** 4.0/5.0 stars
*— Kumar R U B.*

[Read full review](https://www.g2.com/survey_responses/ibm-concert-platform-review-12394702)

---

**"[IBM Concert Speeds Up Risk Management and Issue Detection with AI](https://www.g2.com/survey_responses/ibm-concert-platform-review-12865276)"**

**Rating:** 5.0/5.0 stars
*— manjusha l.*

[Read full review](https://www.g2.com/survey_responses/ibm-concert-platform-review-12865276)

---



### 17. [SpinOne](https://www.g2.com/products/spinone/reviews)
SpinOne is an AI-powered SaaS data protection platform that combines automated backup and recovery, Data Leak and Loss Prevention (DLP), SaaS Security Posture Management (SSPM), ransomware protection, and continuous security monitoring to protect business-critical data across Google Workspace, Microsoft 365, Salesforce, and Slack. Recognized by Gartner in the Market Guide for SaaS Security Posture Management, SpinOne helps organizations secure, protect, recover, and govern SaaS data across their most critical cloud applications. Unlike traditional backup solutions or standalone security tools, SpinOne unifies SaaS backup, data recovery, Data Leak and Loss Prevention (DLP), SaaS Security Posture Management (SSPM), ransomware protection, and automated security controls in a single platform. Organizations use SpinOne to prevent data loss, reduce cyber risk, strengthen compliance, and improve business continuity. SpinOne provides automated Google Workspace backup and recovery for Gmail, Google Drive, Shared Drives, Calendar, Contacts, and Google Sites. IT teams can restore individual files, emails, folders, users, or complete accounts with point-in-time recovery to minimize downtime caused by accidental deletion, ransomware, insider threats, malicious applications, or operational errors. SpinOne also provides Microsoft 365 backup and recovery for Exchange Online, OneDrive, SharePoint, and Microsoft Teams. Across SaaS applications, SpinOne helps organizations maintain secure, recoverable, and compliant business data. Beyond backup and recovery, SpinOne protects SaaS environments with AI-powered Data Leak and Loss Prevention (DLP), helping organizations identify sensitive information, prevent unauthorized data exposure, reduce data leakage risks, and enforce security policies. SpinOne SaaS Security Posture Management (SSPM) continuously monitors SaaS environments, identifies security risks, detects misconfigurations, and helps automate remediation. Key capabilities include: Google Workspace backup and recovery Microsoft 365 backup and recovery SaaS backup and data protection Data Leak Prevention (DLP) Data Loss Prevention (DLP) SaaS Security Posture Management (SSPM) Ransomware detection and recovery Point-in-time recovery and granular restore Continuous SaaS security monitoring Sensitive data protection Compliance and audit readiness Business continuity and disaster recovery SpinOne has been recognized by Cyber Defense Magazine through multiple Global InfoSec Awards, including recognition for Secure SaaS Backup, Ransomware Protection for SaaS Data, SaaS/Cloud Security, Browser Security, and Data Security Posture Management categories. SpinOne helps organizations protect SaaS data throughout its lifecycle—from preventing data leaks and security risks to backing up critical information, detecting ransomware, and rapidly recovering after cyber incidents. Organizations choose SpinOne as a unified SaaS data protection platform to secure, back up, recover, and govern critical data across Google Workspace, Microsoft 365, Salesforce, and Slack.


**Average Rating:** 4.8/5.0
**Total Reviews:** 127
**How Do G2 Users Rate SpinOne?**

- **Threat Intelligence:** 9.2/10 (Category avg: 8.9/10)
- **Quality of Support:** 9.6/10 (Category avg: 8.8/10)
- **Incident Case Management:** 9.3/10 (Category avg: 8.4/10)
- **Incident Logs:** 9.4/10 (Category avg: 8.8/10)

**Who Is the Company Behind SpinOne?**

- **Seller:** [SpinAI](https://www.g2.com/sellers/spinai)
- **Company Website:** https://spin.ai/
- **Year Founded:** 2017
- **HQ Location:** Palo Alto, California
- **Twitter:** @spintechinc (766 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/3146884 (92 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CEO, IT Director
- **Top Industries:** Non-Profit Organization Management, Marketing and Advertising
- **Company Size:** 51% Mid-Market, 40% Small-Business


#### What Are SpinOne's Pros and Cons?

**Pros:**

- Customer Support (31 reviews)
- Ease of Use (30 reviews)
- Backup Ease (24 reviews)
- Reliability (21 reviews)
- Backup Features (19 reviews)

**Cons:**

- Backup Issues (7 reviews)
- Poor Interface Design (7 reviews)
- Expensive (6 reviews)
- Pricing Issues (5 reviews)
- Unclear Guidance (4 reviews)


### What Do G2 Reviewers Say About SpinOne?
*AI-generated summary from verified user reviews*

**Pros:**

- Users highlight the **exceptional customer support** from SpinOne, consistently providing helpful solutions and tailored care.
- Users commend the **ease of use** of SpinOne, appreciating its simple integration and reliable backup solutions.
- Users value the **ease of use** in backing up Google Workspace data, ensuring security and peace of mind.
- Users trust SpinOne for its **reliable and thorough backups** , providing peace of mind for data protection and restoration.
- Users appreciate the **reliable backup features** of SpinOne, ensuring data is safeguarded against loss and corruption.

**Cons:**

- Users experience **backup issues** , struggling with management features, large backups during migrations, and a clunky interface.
- Users experience **poor interface design** , which complicates navigation and hinders efficiency during complex tasks.
- Users find the **expensive per user licenses** challenging, especially for larger organizations needing full coverage.
- Users find **pricing issues** with SpinOne, particularly regarding affordability and flexibility for archived user accounts.
- Users face **unclear guidance** , struggling with timezone settings and a limited knowledge base for effective usage of SpinOne.

#### What Are Recent G2 Reviews of SpinOne?

**"[Essential Backup Tool with Stellar Features](https://www.g2.com/survey_responses/spinone-review-12775505)"**

**Rating:** 5.0/5.0 stars
*— Michael M.*

[Read full review](https://www.g2.com/survey_responses/spinone-review-12775505)

---

**"[SpinOne’s Dashboard Makes Risk Scans, Storage, and Backups Easy to Monitor](https://www.g2.com/survey_responses/spinone-review-12626383)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Health, Wellness and Fitness*

[Read full review](https://www.g2.com/survey_responses/spinone-review-12626383)

---


#### What Are G2 Users Discussing About SpinOne?

- [What is SpinOne used for?](https://www.g2.com/discussions/what-is-spinone-used-for) - 1 comment, 1 upvote

### 18. [Darktrace / NETWORK](https://www.g2.com/products/darktrace-network/reviews)
Darktrace / NETWORK™ is the industry’s most advanced Network Detection and Response (NDR) solution. It learns what normal behavior is for your entire modern network, using Self-Learning AI to detect and autonomously contain any activity that could cause business disruption including known, novel and insider threats. - Sophisticated agentic AI to automate triage and investigation at speed and scale - Recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for NDR - Over 10,000 customers globally


**Average Rating:** 4.5/5.0
**Total Reviews:** 44
**How Do G2 Users Rate Darktrace / NETWORK?**

- **Threat Intelligence:** 8.6/10 (Category avg: 8.9/10)
- **Quality of Support:** 9.2/10 (Category avg: 8.8/10)
- **Incident Case Management:** 7.7/10 (Category avg: 8.4/10)
- **Incident Logs:** 8.3/10 (Category avg: 8.8/10)

**Who Is the Company Behind Darktrace / NETWORK?**

- **Seller:** [Darktrace](https://www.g2.com/sellers/darktrace)
- **Company Website:** https://www.darktrace.com
- **Year Founded:** 2013
- **HQ Location:** Cambridgeshire, England
- **Twitter:** @Darktrace (18,177 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/5013440/ (2,607 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Financial Services, Information Technology and Services
- **Company Size:** 60% Mid-Market, 32% Enterprise


#### What Are Darktrace / NETWORK's Pros and Cons?

**Pros:**

- Monitoring (5 reviews)
- Artificial Intelligence (4 reviews)
- Threat Detection (4 reviews)
- Customer Support (3 reviews)
- Cybersecurity (3 reviews)

**Cons:**

- Learning Curve (6 reviews)
- Expensive (4 reviews)
- Alert Issues (2 reviews)
- Complex Setup (2 reviews)
- False Positives (2 reviews)


### What Do G2 Reviewers Say About Darktrace / NETWORK?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **robust monitoring capabilities** of Darktrace, providing seamless real-time insights into network activity.
- Users praise Darktrace/Network for its **self-learning AI technology** that adapts to their network, enhancing security effectively.
- Users value the **real-time threat detection** by Darktrace, enhancing confidence in network security and response capabilities.
- Users appreciate the **responsive customer support** of Darktrace/Network, enhancing learning and adoption for effective security management.
- Users appreciate the **autonomous cyber AI** of Darktrace for its real-time detection and proactive threat response.

**Cons:**

- Users highlight the **steep learning curve** associated with Darktrace, requiring significant time and effort for effective usage.
- Users find the product to be **quite expensive** , posing challenges for smaller organizations with limited budgets.
- Users often face **alert issues** with false positives and opaque AI decisions that complicate security management processes.
- Users find the **complex setup** of Darktrace/NETWORK requires extensive skills and resources, complicating initial adoption.
- Users experience **false positives** occasionally, requiring IT assistance to restore operations and ensure smooth functionality.

#### What Are Recent G2 Reviews of Darktrace / NETWORK?

**"[Darktrace Network: Intuitive, AI-Driven Cybersecurity with Real-Time Threat Detection](https://www.g2.com/survey_responses/darktrace-network-review-12679592)"**

**Rating:** 5.0/5.0 stars
*— Daniel S.*

[Read full review](https://www.g2.com/survey_responses/darktrace-network-review-12679592)

---

**"[AI-Powered Security, Needs a Friendlier UI](https://www.g2.com/survey_responses/darktrace-network-review-12984323)"**

**Rating:** 5.0/5.0 stars
*— Verified User*

[Read full review](https://www.g2.com/survey_responses/darktrace-network-review-12984323)

---


#### What Are G2 Users Discussing About Darktrace / NETWORK?

- [How does Darktrace collect data?](https://www.g2.com/discussions/how-does-darktrace-collect-data)
- [What is Darktrace and how it works?](https://www.g2.com/discussions/what-is-darktrace-and-how-it-works)
- [What can Darktrace do?](https://www.g2.com/discussions/what-can-darktrace-do)
- [What is Darktrace Antigena network?](https://www.g2.com/discussions/what-is-darktrace-antigena-network)
- [What is Darktrace Enterprise immune system?](https://www.g2.com/discussions/what-is-darktrace-enterprise-immune-system) - 1 comment

### 19. [Pondurance](https://www.g2.com/products/pondurance/reviews)
Pondurance is the only provider of risk-based MDR services specifically engineered to eliminate breach risks. As a full-service provider of DFIR, MDR, and cybersecurity advisory and compliance services, Pondurance protects midmarket organizations from data breach risks before, during, and after its occurrence. Organizations entrusted with consumer protected health information (PHI) and personally identifiable information (PII) rely on Pondurance to provide a unified platform and trusted U.S.-based SOC service.


**Average Rating:** 4.8/5.0
**Total Reviews:** 14
**How Do G2 Users Rate Pondurance?**

- **Threat Intelligence:** 9.5/10 (Category avg: 8.9/10)
- **Quality of Support:** 9.8/10 (Category avg: 8.8/10)
- **Incident Case Management:** 9.0/10 (Category avg: 8.4/10)
- **Incident Logs:** 9.5/10 (Category avg: 8.8/10)

**Who Is the Company Behind Pondurance?**

- **Seller:** [Pondurance](https://www.g2.com/sellers/pondurance)
- **Company Website:** https://www.pondurance.com
- **Year Founded:** 2008
- **HQ Location:** Indianapolis, US
- **LinkedIn® Page:** https://www.linkedin.com/company/pondurance-llc (109 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Hospital &amp; Health Care
- **Company Size:** 71% Mid-Market, 21% Enterprise


#### What Are Pondurance's Pros and Cons?

**Pros:**

- Response Time (3 reviews)
- Cybersecurity (2 reviews)
- Continuous Monitoring (1 reviews)
- Customer Support (1 reviews)
- Real-time Monitoring (1 reviews)

**Cons:**

- Deployment Issues (1 reviews)


### What Do G2 Reviewers Say About Pondurance?
*AI-generated summary from verified user reviews*

**Pros:**

- Users commend Pondurance for their **prompt response times** , enhancing security management with effective issue resolution and support.
- Users commend Pondurance for their **proactive cybersecurity services** , highlighting the dedicated support and impressive responsiveness.
- Users appreciate the **continuous monitoring** of Pondurance, ensuring reliable support and impressive cybersecurity performance.
- Users value Pondurance&#39;s **proactive customer support** , noting its importance in enhancing security and responsiveness.
- Users value the **real-time monitoring** of Pondurance, ensuring timely follow-ups on emerging issues for effective management.

**Cons:**

- Users report **occasional deployment issues** with Pondurance, though they are infrequent and usually minor.

#### What Are Recent G2 Reviews of Pondurance?

**"[Pondurance has been an invaluable partner in enhancing our university’s cybersecurity posture](https://www.g2.com/survey_responses/pondurance-review-11300698)"**

**Rating:** 5.0/5.0 stars
*— Maria Isaura L.*

[Read full review](https://www.g2.com/survey_responses/pondurance-review-11300698)

---

**"[Top-Notch 24/7 SOC Services with Excellent Communication](https://www.g2.com/survey_responses/pondurance-review-13032951)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Hospital &amp; Health Care*

[Read full review](https://www.g2.com/survey_responses/pondurance-review-13032951)

---



### 20. [Blumira Automated Detection &amp; Response](https://www.g2.com/products/blumira-automated-detection-response/reviews)
Blumira is an integrated security operations platform built for growing teams and the partners supporting them to gain complete visibility into their environment, identify and address risk faster, and deliver advanced security and compliance. The platform includes: - Managed Detections for automated threat hunting to identify attacks early - AI Investigation with 98.5% accurate, human-in-the-loop triage validated against real cases - Rapid Response with automation and 1-click actions to contain and block threats immediately - One Year of Data Retention with unlimited log ingestion to satisfy compliance requirements - Advanced Reporting and dashboards for forensics and easy investigation - Endpoint &amp; Identity Protection (EDR/ITDR) for real-time remediation across devices and users - 24/7 Security Operations support for critical priority issues


**Average Rating:** 4.6/5.0
**Total Reviews:** 122
**How Do G2 Users Rate Blumira Automated Detection &amp; Response?**

- **Threat Intelligence:** 9.1/10 (Category avg: 8.9/10)
- **Quality of Support:** 9.5/10 (Category avg: 8.8/10)
- **Incident Case Management:** 7.9/10 (Category avg: 8.4/10)
- **Incident Logs:** 8.9/10 (Category avg: 8.8/10)

**Who Is the Company Behind Blumira Automated Detection &amp; Response?**

- **Seller:** [Blumira](https://www.g2.com/sellers/blumira)
- **Company Website:** https://www.blumira.com
- **Year Founded:** 2018
- **HQ Location:** Ann Arbor, Michigan
- **Twitter:** @blumira (1 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/blumira/ (67 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** IT Manager
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 51% Mid-Market, 36% Small-Business


#### What Are Blumira Automated Detection &amp; Response's Pros and Cons?

**Pros:**

- Ease of Use (34 reviews)
- Customer Support (21 reviews)
- Setup Ease (19 reviews)
- Alerting (17 reviews)
- Alert Management (17 reviews)

**Cons:**

- Limited Customization (11 reviews)
- Alert System (6 reviews)
- Expensive (6 reviews)
- Faulty Detection (6 reviews)
- Insufficient Information (6 reviews)


### What Do G2 Reviewers Say About Blumira Automated Detection &amp; Response?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Blumira, finding workflows intuitive for quick problem-solving and support.
- Users commend Blumira&#39;s **excellent customer support** , enhancing integration and simplifying security processes with effective alerts.
- Users appreciate the **easy setup** of Blumira, making integration with core services quick and hassle-free.
- Users find the **valuable email alerts** of Blumira essential for enhancing security awareness and user training.
- Users value the **valuable and clear email alerts** from Blumira, enhancing their security awareness and response actions.

**Cons:**

- Users find the **limited customization** in Blumira&#39;s workflows restricts flexibility for unique security needs.
- Users feel that the **customization of alerts** needs improvement to manage false positives effectively and reduce frustration.
- Users find Blumira&#39;s pricing model to be **prohibitively expensive** , limiting its accessibility for some customers.
- Users face issues with **faulty detection** , experiencing false positives that frustrate and waste time during reviews.
- Users note **insufficient information** on data parsing and deployment, impacting their ability to effectively utilize the product.

#### What Are Recent G2 Reviews of Blumira Automated Detection &amp; Response?

**"[Breeze From Sales to Onboarding With an Intuitive, Easy-to-Configure UI](https://www.g2.com/survey_responses/blumira-automated-detection-response-review-12984186)"**

**Rating:** 5.0/5.0 stars
*— Blake C.*

[Read full review](https://www.g2.com/survey_responses/blumira-automated-detection-response-review-12984186)

---

**"[A well-rounded detection system with fantastic support](https://www.g2.com/survey_responses/blumira-automated-detection-response-review-10479545)"**

**Rating:** 5.0/5.0 stars
*— Jeremy A.*

[Read full review](https://www.g2.com/survey_responses/blumira-automated-detection-response-review-10479545)

---


#### What Are G2 Users Discussing About Blumira Automated Detection &amp; Response?

- [What are the benefits and drawbacks of using Blumira for threat detection?](https://www.g2.com/discussions/what-are-the-benefits-and-drawbacks-of-using-blumira-for-threat-detection)
- [What is cloud SIEM?](https://www.g2.com/discussions/what-is-cloud-siem)
- [What does the term Siem stand for?](https://www.g2.com/discussions/what-does-the-term-siem-stand-for)
- [What does Blumira do?](https://www.g2.com/discussions/what-does-blumira-do)
- [What is Blumira automated detection &amp; response?](https://www.g2.com/discussions/what-is-blumira-automated-detection-response)

### 21. [CYREBRO](https://www.g2.com/products/cyrebro/reviews)
CYREBRO is an AI-native Managed Detection and Response solution, providing the core foundation and capabilities of a state-level Security Operations Center delivered through its cloud-based, interactive SOC Platform. CYREBRO rapidly detects, analyzes, investigates and responds to cyber threats, for businesses of all sizes.


**Average Rating:** 4.3/5.0
**Total Reviews:** 128
**How Do G2 Users Rate CYREBRO?**

- **Threat Intelligence:** 8.6/10 (Category avg: 8.9/10)
- **Quality of Support:** 8.3/10 (Category avg: 8.8/10)
- **Incident Case Management:** 8.0/10 (Category avg: 8.4/10)
- **Incident Logs:** 8.6/10 (Category avg: 8.8/10)

**Who Is the Company Behind CYREBRO?**

- **Seller:** [CYREBRO](https://www.g2.com/sellers/cyrebro)
- **Year Founded:** 2013
- **HQ Location:** Tel Aviv, IL
- **Twitter:** @CYREBRO_IO (307 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cyrebro/ (83 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer &amp; Network Security, Information Technology and Services
- **Company Size:** 64% Mid-Market, 25% Small-Business


#### What Are CYREBRO's Pros and Cons?

**Pros:**

- Ease of Use (12 reviews)
- Customer Support (9 reviews)
- Dashboard Usability (7 reviews)
- Alerting System (6 reviews)
- Alerts (6 reviews)

**Cons:**

- Update Issues (5 reviews)
- Communication Issues (4 reviews)
- Poor Customer Support (4 reviews)
- Ineffective Alerts (3 reviews)
- Inefficient Alert System (3 reviews)


### What Do G2 Reviewers Say About CYREBRO?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** in CYREBRO, highlighting its intuitive UI and efficient incident response.
- Users appreciate the **quick and responsive customer support** of CYREBRO, making it easy to resolve issues.
- Users appreciate the **intuitive dashboard usability** of CYREBRO, enabling efficient monitoring and user-friendly navigation.
- Users value the **accurate and actionable alerts** from CYREBRO, significantly enhancing their threat response efficiency.
- Users value the **real-time alert accuracy** of CYREBRO, appreciating timely notifications and actionable insights for effective security management.

**Cons:**

- Users report **update issues** with CYREBRO, including overwhelming alerts and integration challenges that hinder onboarding and customization.
- Users highlight **communication issues** due to vague details and slow technical support responses affecting their experience.
- Users highlight **poor customer support** from Cyrebro, citing slow response times and a lack of timely information.
- Users report experiencing **ineffective alerts** due to overwhelming volumes and vague details, complicating their overall experience.
- Users experience an **inefficient alert system** , often overwhelmed by excessive notifications and repetitive alerts that hinder focus.

#### What Are Recent G2 Reviews of CYREBRO?

**"[My experience with Cyrebro has been average, it hasn&#39;t been bad but not excellent either.](https://www.g2.com/survey_responses/cyrebro-review-7695729)"**

**Rating:** 4.0/5.0 stars
*— felipe f.*

[Read full review](https://www.g2.com/survey_responses/cyrebro-review-7695729)

---

**"[An honest opinion on Cyrebro](https://www.g2.com/survey_responses/cyrebro-review-11259267)"**

**Rating:** 4.0/5.0 stars
*— Jayme M.*

[Read full review](https://www.g2.com/survey_responses/cyrebro-review-11259267)

---


#### What Are G2 Users Discussing About CYREBRO?

- [What is CYREBRO used for?](https://www.g2.com/discussions/what-is-cyrebro-used-for) - 1 comment, 1 upvote

### 22. [UnderDefense MAXI](https://www.g2.com/products/underdefense-maxi/reviews)
UnderDefense is an Agentic AI SOC &amp; Compliance Automation platform trusted by 200+ enterprises in the US and EU. It works on top of the security stack you already own — no rip-and-replace, no added headcount — so your team spends its time on decisions, not triage. ◆ 10+ years of operations with zero ransomware incidents ◆ 250+ integrations across any SIEM, EDR, or cloud stack ◆ 24/7 IR team available whenever you need urgent support WHAT WE OFFER AGENTIC AI SOC UnderDefense Agentic AI SOC works on top of your existing security stack, turning every security team into a machine-speed defense unit without tool replacement or headcount expansion. It takes over the investigative routine that pulls your team away from strategic decisions: enrichment, correlation, triage. ▸ Investigation at Machine Speed: Agentic AI SOC accesses tools, enriches data, and performs deep cross-environment investigations at machine speed. It correlates, triages, and forms conclusions, offloading all repetitive work from your team. ▸ 2 Minutes Per Alert: Complete SIEM queries, threat intel checks, and cross-system correlations in 2 minutes. Every step fully observable and auditable. ▸ Human at Every Decision Point: The platform verifies suspicious activity with end-users via Slack or Teams, then routes containment decisions to your team or our 24/7 IR experts. COMPLIANCE AUTOMATION Stop chasing spreadsheets. UnderDefense MAXI Compliance AI automatically collects continuous evidence across ISO 27001, SOC 2, PCI DSS, GDPR, and HIPAA, and publishes your live posture through a shareable Trust Center link. ▸ 40% audit-ready in the first 40 minutes ▸ 2X faster time-to-compliance vs. traditional audit ▸ 24/7 continuous monitoring — posture always current, not point-in-time WHY WE ARE BETTER ✓ No rip-and-replace: Works with your current SIEM (Splunk, Sentinel, Chronicle, QRadar, Elastic), EDR, and cloud tools. Logs stay in your data lake. ✓ True Multi-Environment Coverage: Comprehensive visibility across on-premises, cloud (AWS, GCP, Azure), SaaS, network, identity, and OT/SCADA environments. ✓ The Only Agentic AI SOC with on-prem deployment: Full AI SOC inside your own infrastructure. No telemetry leaving your environment. Air-gapped available. ✓ Right-Sized for Any Enterprise: Detection engineering and support tailored to your organization, not a one-size-fits-all template. Start your free trial at underdefense.com


**Average Rating:** 4.9/5.0
**Total Reviews:** 27
**How Do G2 Users Rate UnderDefense MAXI?**

- **Threat Intelligence:** 9.7/10 (Category avg: 8.9/10)
- **Quality of Support:** 10.0/10 (Category avg: 8.8/10)
- **Incident Case Management:** 9.3/10 (Category avg: 8.4/10)
- **Incident Logs:** 10.0/10 (Category avg: 8.8/10)

**Who Is the Company Behind UnderDefense MAXI?**

- **Seller:** [UnderDefense](https://www.g2.com/sellers/underdefense)
- **Year Founded:** 2017
- **HQ Location:** New York, NY
- **Twitter:** @underdefense (153 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/underdefense-llc (142 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Marketing and Advertising
- **Company Size:** 64% Mid-Market, 25% Small-Business


#### What Are UnderDefense MAXI's Pros and Cons?

**Pros:**

- Customer Support (2 reviews)
- Cybersecurity (2 reviews)
- Information Accuracy (2 reviews)
- Issue Resolution (2 reviews)
- Reliability (2 reviews)

**Cons:**

- Lack of Automation (1 reviews)
- Limited Control (1 reviews)
- Limited Integration (1 reviews)
- Setup Difficulty (1 reviews)


### What Do G2 Reviewers Say About UnderDefense MAXI?
*AI-generated summary from verified user reviews*

**Pros:**

- Users highlight the **outstanding customer support** from UnderDefense, appreciating their responsiveness and effective problem-solving skills.
- Users commend UnderDefense MAXI for its **effective cybersecurity solutions** , enhancing clarity and control over security alerts significantly.
- Users value the **information accuracy** of UnderDefense MAXI, enabling clear understanding and effective action on security vulnerabilities.
- Users commend UnderDefense MAXI for its **responsive issue resolution** , ensuring quick and professional handling of security concerns.
- Users appreciate the **visibility** provided by UnderDefense MAXI, allowing them to focus on relevant security alerts effectively.

**Cons:**

- Users desire **more automation** in UnderDefense MAXI for enhanced control and timely updates, improving functionality.
- Users desire **more control** over the dashboard and automated updates to enhance their experience with UnderDefense MAXI.
- Users note that **limited integration** requires significant upfront time to configure tools effectively with UnderDefense MAXI.
- Users note the **setup difficulty** requiring time and effort for proper tool integration before full usage.

#### What Are Recent G2 Reviews of UnderDefense MAXI?

**"[AI-Powered Correlation with Human-Validated Verdicts](https://www.g2.com/survey_responses/underdefense-maxi-review-13083984)"**

**Rating:** 5.0/5.0 stars
*— Eugen S.*

[Read full review](https://www.g2.com/survey_responses/underdefense-maxi-review-13083984)

---

**"[An intelligent layer over our security stack that genuinely cuts down operational overhead](https://www.g2.com/survey_responses/underdefense-maxi-review-13120444)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Computer Software*

[Read full review](https://www.g2.com/survey_responses/underdefense-maxi-review-13120444)

---



### 23. [Wazuh](https://www.g2.com/products/wazuh/reviews)
Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. Wazuh, with over 30 million downloads per year, has one of the largest open-source security communities in the world. Wazuh helps organizations of all sizes protect their data assets against security threats. Learn more about the project at wazuh.com


**Average Rating:** 4.5/5.0
**Total Reviews:** 67
**How Do G2 Users Rate Wazuh?**

- **Threat Intelligence:** 8.5/10 (Category avg: 8.9/10)
- **Quality of Support:** 8.3/10 (Category avg: 8.8/10)
- **Incident Case Management:** 7.7/10 (Category avg: 8.4/10)
- **Incident Logs:** 9.1/10 (Category avg: 8.8/10)

**Who Is the Company Behind Wazuh?**

- **Seller:** [Wazuh Inc.](https://www.g2.com/sellers/wazuh-inc)
- **Year Founded:** 2015
- **HQ Location:** Campbell, US
- **Twitter:** @wazuh (8,026 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/wazuh/ (276 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** SOC Analyst
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 49% Small-Business, 39% Mid-Market


#### What Are Wazuh's Pros and Cons?

**Pros:**

- Ease of Use (3 reviews)
- Affordable (2 reviews)
- Cybersecurity (1 reviews)
- Easy Management (1 reviews)
- Easy Setup (1 reviews)

**Cons:**

- Complex Interface (2 reviews)
- Not User-Friendly (2 reviews)
- Complex Implementation (1 reviews)
- Difficult Learning (1 reviews)
- Difficult Setup (1 reviews)


### What Do G2 Reviewers Say About Wazuh?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Wazuh, finding it user-friendly and ideal for small-scale companies.
- Users value Wazuh&#39;s **affordability** , enjoying top-tier security features without the burden of high licensing fees.
- Users value the **high visibility and control** provided by Wazuh for comprehensive security event management.
- Users find Wazuh&#39;s **easy management** features enhance usability, facilitating efficient operations and cost reduction.
- Users find the **easy setup** of Wazuh greatly beneficial for rolling out and managing security effectively.

**Cons:**

- Users struggle with the **complex interface** , finding it challenging to navigate during setup and configuration.
- Users find Wazuh **not user-friendly** , struggling with steep learning curves and convoluted setup processes for new users.
- Users face **complicated implementation** challenges with the on-prem console, creating frustrations during setup and management.
- Users face a **steep learning curve** with Wazuh, finding initial setup and tuning time-consuming and challenging.
- Users find the **difficult setup** of Wazuh challenging, particularly due to its steep learning curve and time-consuming configurations.

#### What Are Recent G2 Reviews of Wazuh?

**"[Powerful Open-Source On-Prem Security Monitoring with Easy Integration](https://www.g2.com/survey_responses/wazuh-review-12267146)"**

**Rating:** 4.5/5.0 stars
*— Yogesh G.*

[Read full review](https://www.g2.com/survey_responses/wazuh-review-12267146)

---

**"[Centralized Monitoring and security Incidents Simplified](https://www.g2.com/survey_responses/wazuh-review-12848657)"**

**Rating:** 4.5/5.0 stars
*— Karsh T.*

[Read full review](https://www.g2.com/survey_responses/wazuh-review-12848657)

---


#### What Are G2 Users Discussing About Wazuh?

- [What is Wazuh - The Open Source Security Platform used for?](https://www.g2.com/discussions/what-is-wazuh-the-open-source-security-platform-used-for) - 1 comment

### 24. [Proofpoint Threat Response Auto-Pull](https://www.g2.com/products/proofpoint-threat-response-auto-pull/reviews)
Proofpoint Threat Response Auto-Pull (TRAP) enables messaging and security administrators the ability to automatically retract threats delivered to employee inboxes and emails that turn malicious after delivery to quarantine. It is also a powerful solution to retract messages sent in error as well as inappropriate, malicious, or emails containing compliance violations and also follows forwarded mail and distribution lists and creates an auditable activity trail. With Proofpoint Threat Response Auto-Pull, you can protect your people, data, and brand from today’s threats by: • Automatically pulling malicious or unwanted messages from an end-users inbox. • Enriching each message by checking every domain and IP address against premium intelligence feeds. • Including built-in reporting, showing stats like: Email quarantine success or failures, email retraction read status, targeting by active directory attribute • Reducing the remediation time needed from hours to minutes.


**Average Rating:** 4.5/5.0
**Total Reviews:** 24
**How Do G2 Users Rate Proofpoint Threat Response Auto-Pull?**

- **Threat Intelligence:** 8.3/10 (Category avg: 8.9/10)
- **Quality of Support:** 8.9/10 (Category avg: 8.8/10)
- **Incident Case Management:** 7.4/10 (Category avg: 8.4/10)
- **Incident Logs:** 8.6/10 (Category avg: 8.8/10)

**Who Is the Company Behind Proofpoint Threat Response Auto-Pull?**

- **Seller:** [Proofpoint](https://www.g2.com/sellers/proofpoint)
- **Year Founded:** 2002
- **HQ Location:** Sunnyvale, CA
- **Twitter:** @proofpoint (31,157 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/proofpoint (5,146 employees on LinkedIn®)
- **Ownership:** NASDAQ: PFPT

**Who Uses This Product?**
- **Company Size:** 63% Enterprise, 33% Mid-Market



#### What Are Recent G2 Reviews of Proofpoint Threat Response Auto-Pull?

**"[TRAP has had a huge impact in reducing our exposure to malicious email](https://www.g2.com/survey_responses/proofpoint-threat-response-auto-pull-review-7473222)"**

**Rating:** 5.0/5.0 stars
*— Michael B.*

[Read full review](https://www.g2.com/survey_responses/proofpoint-threat-response-auto-pull-review-7473222)

---

**"[TRAP USER EXPERIENCE](https://www.g2.com/survey_responses/proofpoint-threat-response-auto-pull-review-7799261)"**

**Rating:** 5.0/5.0 stars
*— louisa A.*

[Read full review](https://www.g2.com/survey_responses/proofpoint-threat-response-auto-pull-review-7799261)

---


#### What Are G2 Users Discussing About Proofpoint Threat Response Auto-Pull?

- [What is Proofpoint Threat Response Auto-Pull used for?](https://www.g2.com/discussions/what-is-proofpoint-threat-response-auto-pull-used-for)

### 25. [Palo Alto Cortex XSIAM](https://www.g2.com/products/palo-alto-cortex-xsiam/reviews)
Product Description: Palo Alto Networks&#39; Cortex XSIAM is an AI-driven security operations platform designed to transform traditional Security Operations Centers by integrating and automating key functions such as data centralization, threat detection, and incident response. By leveraging machine learning and automation, it enables organizations to detect and respond to threats more efficiently, reducing manual workloads and improving overall security posture. Key Features and Functionality: - Data Centralization: Aggregates data from various sources into a unified platform, providing comprehensive visibility across the enterprise. - AI-Powered Threat Detection: Utilizes machine learning algorithms to identify anomalies and potential threats in real-time. - Automated Incident Response: Streamlines response processes through automation, enabling rapid mitigation of security incidents. - Integrated SOC Capabilities: Combines functions such as Extended Detection and Response , Security Orchestration, Automation, and Response , Attack Surface Management , and Security Information and Event Management into a cohesive platform, eliminating the need for multiple disparate tools. - Scalability: Designed to handle large volumes of data and adapt to the evolving needs of modern enterprises. Primary Value and Problem Solved: Cortex XSIAM addresses the challenges of disjointed data, weak threat defense, and heavy reliance on manual work in traditional SOCs. By centralizing data and automating security operations, it simplifies processes, enhances threat detection accuracy, and accelerates incident response times. This transformation enables organizations to proactively outpace threats, reduce operational costs, and achieve a more robust security posture.


**Average Rating:** 4.4/5.0
**Total Reviews:** 64
**How Do G2 Users Rate Palo Alto Cortex XSIAM?**

- **Threat Intelligence:** 8.9/10 (Category avg: 8.9/10)
- **Quality of Support:** 8.1/10 (Category avg: 8.8/10)
- **Incident Case Management:** 8.4/10 (Category avg: 8.4/10)
- **Incident Logs:** 9.1/10 (Category avg: 8.8/10)

**Who Is the Company Behind Palo Alto Cortex XSIAM?**

- **Seller:** [Palo Alto Networks](https://www.g2.com/sellers/palo-alto-networks)
- **Company Website:** https://www.paloaltonetworks.com
- **Year Founded:** 2005
- **HQ Location:** Santa Clara, CA
- **Twitter:** @PaloAltoNtwks (128,951 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/30086/ (22,313 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 49% Enterprise, 29% Mid-Market


#### What Are Palo Alto Cortex XSIAM's Pros and Cons?

**Pros:**

- Log Management (13 reviews)
- Dashboard Design (11 reviews)
- Real-time Monitoring (11 reviews)
- Simple (11 reviews)
- Dashboard Customization (9 reviews)

**Cons:**

- Resource Intensive (9 reviews)
- Complex Setup (8 reviews)
- Cost (7 reviews)
- Dashboard Issues (7 reviews)
- Difficult Setup (7 reviews)


### What Do G2 Reviewers Say About Palo Alto Cortex XSIAM?
*AI-generated summary from verified user reviews*

**Pros:**

- Users highlight **best-in-class log management** and effective alerting features, enhancing the overall usability and integration.
- Users appreciate the **user-friendly dashboards** of Palo Alto Cortex XSIAM, highlighting ease of understanding alerts and metrics.
- Users value the **real-time monitoring** capabilities of Palo Alto Cortex XSIAM, enhancing threat detection and response efficiency.
- Users appreciate the **user-friendly interface** of Palo Alto Cortex XSIAM, making monitoring and deployment seamless and efficient.
- Users appreciate the **good dashboard customization** in Palo Alto Cortex XSIAM, citing ease of use and integration.

**Cons:**

- Users find the solution **resource intensive** , increasing costs and complicating implementation due to high hardware requirements.
- Users find the **complex implementation** of Palo Alto Cortex XSIAM time-consuming and resource-intensive, requiring significant technical expertise.
- Users find the **cost** of Palo Alto Cortex XSIAM to be higher than competitors, impacting affordability for smaller companies.
- Users report **dashboard issues** that hinder monitoring and create a messy interface, impacting usability and visibility.
- Users struggle with the **difficult setup** of Palo Alto Cortex XSIAM, finding it complex and time-consuming for implementation.

#### What Are Recent G2 Reviews of Palo Alto Cortex XSIAM?

**"[Palo Alto Cortex XSIAM Streamlines SOC Work with Smart Noise Reduction and Automation](https://www.g2.com/survey_responses/palo-alto-cortex-xsiam-review-12626074)"**

**Rating:** 5.0/5.0 stars
*— Rohan K.*

[Read full review](https://www.g2.com/survey_responses/palo-alto-cortex-xsiam-review-12626074)

---

**"[Streamlines Security Operations with Automation](https://www.g2.com/survey_responses/palo-alto-cortex-xsiam-review-13067964)"**

**Rating:** 4.0/5.0 stars
*— Ronald D.*

[Read full review](https://www.g2.com/survey_responses/palo-alto-cortex-xsiam-review-13067964)

---


#### What Are G2 Users Discussing About Palo Alto Cortex XSIAM?

- [What is IBM Security ReaQta used for?](https://www.g2.com/discussions/what-is-ibm-security-reaqta-used-for)
- [What does QRadar stand for?](https://www.g2.com/discussions/what-does-qradar-stand-for) - 1 comment, 1 upvote
- [How do I use IBM QRadar?](https://www.g2.com/discussions/how-do-i-use-ibm-qradar) - 1 comment
- [What are the key component of IBM QRadar?](https://www.g2.com/discussions/what-are-the-key-component-of-ibm-qradar) - 1 comment
- [What is IBM QRadar Siem?](https://www.g2.com/discussions/what-is-ibm-qradar-siem) - 1 comment


## What Is Incident Response Software?

[System Security Software](https://www.g2.com/categories/system-security)

## What Software Categories Are Similar to Incident Response Software?

- [Security Information and Event Management (SIEM) Software](https://www.g2.com/categories/security-information-and-event-management-siem)
- [Security Orchestration, Automation, and Response (SOAR) Software](https://www.g2.com/categories/security-orchestration-automation-and-response-soar)
- [Extended Detection and Response (XDR) Platforms](https://www.g2.com/categories/extended-detection-and-response-xdr-platforms)


---

## How Do You Choose the Right Incident Response Software?

### What You Should Know About Incident Response Software

### What is Incident Response Software?

Incident response software, sometimes called security incident management software, is a security technology used to remediate cybersecurity issues as they arise in real time. These tools discover incidents and alert the relevant IT and security staff to resolve the security issue. Additionally, the tools allow teams to develop workflows, delegate responsibilities, and automate low-level tasks to optimize response time and minimize the impact of security incidents.

These tools also document historical incidents and help provide context to the users attempting to understand the root cause to remediate security issues. When new security issues arise, users can take advantage of forensic investigation tools to root out the cause of the incident and see if it will be an ongoing or larger overall issue. Many incident response software also integrate with other security tools to simplify alerting, string together workflows, and provide additional threat intelligence.

#### What Types of Incident Response Software Exist?

**Pure incident response solutions**

Pure incident response solutions are the last line of defense in the security ecosystem. Only once threats go unseen and vulnerabilities are exposed, do incident response systems come into play. Their main focus is facilitating the remediation of compromised accounts, system penetrations, and other security incidents. These products store information related to common and emerging threats while documenting each occurrence for retrospective analysis. Some incident response solutions are also connected to live feeds to gather global information related to emerging threats.

**Incident management and response**

Incident management products offer many similar administrative features to incident response products, but other tools combine incident management, alerting, and response capabilities. These tools are often used in DevOps environments to document, track, and source security incidents from their emergence to their remediation.

**Incident management tracking and service tools**

Other incident management tools have more of a service management focus. These tools will track security incidents, but won’t allow users to build security workflows, remediate issues, or provide forensic investigation features to determine the root cause of the incident.

### What are the Common Features of Incident Response Software?

Incident response software can provide a wide range of features, but some of the most common include:

**Workflow management:** Workflow management features let administrators organize workflows that help guide remediation staff and provide information related to specific situations and incident types.

**Workflow automation:** Workflow automation allows teams to streamline the flow of work processes by establishing triggers and alerts that notify and route information to the appropriate people when their action is required within the compensation process.

**Incident database:** Incident databases document historical incident activity. Administrators can access and organize data related to incidents to produce reports or make data more navigable.

**Incident alerting:** Alerting features inform relevant individuals when incidents happen in real time. Some responses may be automated but users will still be informed.

**Incident reporting:** Reporting features produce reports detailing trends and vulnerabilities related to their network and infrastructure.

**Incident logs:** Historical incident logs are stored in the incident database and is used for user reference and analytics while remediating security incidents.

**Threat intelligence:** Threat intelligence tools, which are often combined with forensic tools, provide an integrated information feed detailing the cybersecurity threats as they’re discovered across the world. This information is gathered either internally or by a third-party vendor and is used to provide further information on remedies.

**Security orchestration:** Orchestration refers to the integration of security solutions and automation of processes in a response workflow.

**Automated remediation:** Automation addresses security issues in real time and reduces the time spent remedying issues manually. It also helps resolve common network and system security incidents quickly.

### What are the Benefits of Incident Response Software?

The main value of incident response technology is an increased ability to discover and resolve cybersecurity incidents. These are a few valuable components of the incident response process.

**Threat modeling:** Information security and IT departments can use these tools to gain familiarity with the incident response process and develop workflows before security incident occurrences. This allows companies to stand prepared to quickly discover, resolve, and learn from security incidents and how they impact business-critical systems.

**Alerting:** Without proper alerting and communication channels, many security threats can penetrate networks and remain undetected for extended periods. During that time, hackers, internal threat actors, and other cybercriminals can steal sensitive and other business-critical data and wreak havoc on IT systems. Proper alerting and communication can greatly shorten the time necessary to discover, inform relevant staff, and eradicate incidents.

**Isolation:** Incident response platforms allow security teams to contain incidents quickly when alerted properly. Isolating infected systems, networks, and endpoints can greatly reduce an incident’s scope of impact. If isolated properly, security professionals can monitor the activity of affected systems to learn more about the threat actors, their capabilities, and their goals.

**Remediation** : Remediation is the key to incident response and refers to the actual removal of threats such as malware and escalated privileges, among others. Incident response tools will facilitate the removal and allow teams to verify recovery before reintroducing infected systems or returning to normal operations.

**Investigation** : Investigation allows teams and companies to learn more about why they were attacked, how they were attacked, and what systems, applications, and data were negatively impacted. This information can help companies respond to compliance information requests, bolster security in vulnerable areas, and resolve similar, future issues, in less time.

### Who Uses Incident Response Software?

**Information security (InfoSec)**  **professionals:** InfoSec professionals use incident response software to monitor, alert, and remediate security threats to a company. Using incident response software, InfoSec professionals can automate and quickly scale their response to security incidents, above and beyond what teams can do manually.

**IT professionals:** For companies without dedicated information security teams, IT professionals may take on security roles. Professionals with limited security backgrounds may rely on incident response software with the more robust functionality to assist them in identifying threats, their decision making when security incidents arise, and threat remediation.

**Incident response service providers:** Practitioners at incident response service providers use incident response software to actively manage their client’s security, as well as other providers of managed security services.

### What are the Alternatives to Incident Response Software?

Companies that prefer to string together open-source or other various software tools to achieve the functionality of incident response software can do so with a combination of log analysis, SIEM, intrusion detection systems, vulnerability scanners, backup, and other tools. Conversely, companies may wish to outsource the management of their security programs to managed service providers.

[Endpoint detection and response (EDR) software](https://www.g2.com/categories/endpoint-detection-response-edr): They combine both [endpoint antivirus](https://www.g2.com/categories/endpoint-antivirus) and [endpoint management](https://www.g2.com/categories/endpoint-management) solutions to detect, investigate, and remove any malicious software that penetrates a network’s devices.&amp;nbsp;

[Managed detection and response (MDR) software](https://www.g2.com/categories/managed-detection-and-response-mdr): They proactively monitor networks, endpoints, and other IT resources for security incidents.&amp;nbsp;

[Extended detection and response (XDR) software](https://www.g2.com/categories/extended-detection-and-response-xdr-platforms): They are tools used to automate the discovery and remediation of security issues across hybrid systems.&amp;nbsp;

[Incident response services providers](https://www.g2.com/categories/incident-response-services) **:** For companies that do not want to purchase and manage their incident response in-house or develop their open-source solutions, they can employ incident response services providers.

[Log analysis software](https://www.g2.com/categories/log-analysis) **:** Log analysis software helps enable the documentation of application log files for records and analytics.

[Log monitoring software](https://www.g2.com/categories/log-monitoring) **:** By detecting and alerting users to patterns in these log files, log monitoring software helps solve performance and security issues.

[Intrusion detection and prevention systems (IDPS)](https://www.g2.com/categories/intrusion-detection-and-prevention-systems-idps): IDPS is used to inform IT administrators and security staff of anomalies and attacks on IT infrastructure and applications. These tools detect malware, socially engineered attacks, and other web-based threats.&amp;nbsp;

[Security information and event management (SIEM) software](https://www.g2.com/categories/security-information-and-event-management-siem): SIEM software can offer security information alerting, along with centralizing security operations into one platform. However, SIEM software cannot automate remediation practices like some incident response software does, however. For companies that do not want to manage SIEM in-house, they can work with [managed SIEM service providers](https://www.g2.com/categories/managed-siem-services).

[Threat intelligence software](https://www.g2.com/categories/threat-intelligence): Threat intelligence software provides organizations with information related to the newest forms of cyber threats like zero-day attacks, new forms of malware, and exploits. Companies may wish to work with [threat intelligence services providers](https://www.g2.com/categories/threat-intelligence-services), as well.

[Vulnerability scanner software](https://www.g2.com/categories/vulnerability-scanner): Vulnerability scanners are tools that constantly monitor applications and networks to identify security vulnerabilities. They work by maintaining an up-to-date database of known vulnerabilities, and conduct scans to identify potential exploits. Companies may opt to work with [vulnerability assessment services providers](https://www.g2.com/categories/vulnerability-assessment-services), instead of managing this in-house.

[Patch management software](https://www.g2.com/categories/patch-management): Patch management tools are used to ensure that the components of a company’s software stack and IT infrastructure are up to date. They then alert users of necessary updates or execute updates automatically.&amp;nbsp;

[Backup software](https://www.g2.com/categories/backup): Backup software offers protection for business data by copying data from servers, databases, desktops, laptops, and other devices in case user error, corrupt files, or physical disaster render a business’ critical data inaccessible. In the event of data loss from a security incident, data can be restored to its previous state from a backup.

#### Software Related to Incident Response Software

The following technology families are either closely related to incident response software products or have significant overlap between product functionality.

[Security information and event management (SIEM) software](https://www.g2.com/categories/security-information-and-event-management-siem) **:** [SIEM](https://www.g2.com/categories/security-information-and-event-management-siem) platforms go together with incident response solutions. Incident response may be facilitated by SIEM systems but these tools are specifically designed to streamline the remediation process or add investigative capabilities during security workflow processes. Incident response solutions will not provide the same level of compliance maintenance or log storage capabilities but can be used to increase a team’s ability to tackle threats as they emerge.

[Data breach notification software](https://www.g2.com/categories/data-breach-notification) **:** [Data breach notification](https://www.g2.com/categories/data-breach-notification) software helps companies document the impacts of data breaches to inform regulatory authorities and notify impacted individuals. These solutions automate and operationalize the data breach notification process to adhere to strict data disclosure laws and privacy regulations within mandated timelines, which in some instances can be as few as 72 hours.

[Digital forensics software](https://www.g2.com/categories/digital-forensics) **:** [Digital forensics](https://www.g2.com/categories/digital-forensics) tools are used to investigate and examine security incidents and threats after they’ve occurred. They don’t facilitate the actual remediation of security incidents but they can provide additional information on the source and scope of a security incident. They also may offer more in-depth investigatory information than incident response software.

[Security orchestration, automation, and response (SOAR) software](https://www.g2.com/categories/security-orchestration-automation-and-response-soar) **:** [SOAR](https://www.g2.com/categories/security-orchestration-automation-and-response-soar) is a segment of the security market focused on automating all low-level security tasks. These tools integrate with a company’s SIEM to gather security information. They then integrate with monitoring and response tools to develop an automated workflow from discovery to resolution. Some incident response solutions will allow for workflow development and automation but don’t have a wide range of integration and automation capabilities of a SOAR platform.

[Insider threat management (ITM) software](https://www.g2.com/categories/insider-threat-management-itm): Companies use ITM software to monitor and record the actions of internal system users on their endpoints, such as current and former employees, contractors, business partners, and other permissioned individuals, to protect company assets, such as customer data or intellectual property.

### Challenges with Incident Response Software

Software solutions can come with their own set of challenges. The biggest challenge incident response teams may encounter with the software is ensuring that it meets the business’ unique process requirements.

**False positives:** Incident response software may identify a threat that turns out to be inaccurate, which is known as a false positive. Acting on false positives can waste company resources, time, and create unnecessary downtime for impacted individuals.

**Decision making:** Incident response software can automate remediation to some security threats, however, a security professional with knowledge of the company’s unique environment should weigh in on the decision-making process on how to handle automating these issues. This may require that companies consult with the software vendor and purchase additional professional services for deploying the software solution. Similarly, when designing workflows on who to alert in the event of a security incident and what actions to take and when, these must be designed with the organization’s specific security needs in mind.&amp;nbsp;&amp;nbsp;

**Changes in regulatory compliance:** It is important to stay up to date with changes in regulatory compliance laws, especially concerning data breach notification requirements for who to notify and within what time frame. Companies should also ensure the software provider is providing the necessary updates to the software itself, or work to handle this task operationally.

**Insider threats:** Many companies focus on external threats, but may not appropriately plan for threats from insiders like employees, contractors, and others with privileged access. It’s important to ensure the Incident Response solution addresses the company’s unique security risk environment, for both external and internal incidents.

### How to Buy Incident Response Software

#### Requirements Gathering (RFI/RFP) for Incident Response Software

It is important to gather the company’s requirements before starting the search for an incident response software solution. To have an effective incident response program, the company must utilize the right tools to support their staff and security practices. Things to consider when determining the requirements include:

**Enabling staff responsible for using the software:** The team that is tasked with managing this software and the company’s incident response should be heavily involved in gathering requirements and then assessing software solutions.&amp;nbsp;

**Integrations** : The software solution should integrate with the company’s existing software stack. Many vendors provide pre-built integrations with the most common third-party systems. The company must ensure the integrations they require are either offered pre-built by the vendor or can be built with ease.

**Usability** : The software should be easy to use for the incident response team. Features they may prefer in an incident response solution include, out-of-the-box workflows for common incidents, no-code automation workflow builders, decision-process visualization, communication tools, and a knowledge sharing center.

**Daily volume of threats:** It is important to select an incident response software solution that can meet the company’s level of need. If the volume of security threats received in a day is high, it may be better to select a tool with robust functionality in terms of automating remediation to reduce the burden on staff. For companies experiencing a low volume of threats, they may be able to get by with less robust tools that offer security incident tracking, without much automated remediation functionality.

**Applicable regulations:** Users should learn specific privacy, security, data breach notification, and other regulations apply to a business in advance. This may be regulation-driven, like companies operating in regulated industries like healthcare subject to HIPAA or financial services subject to the Gramm-Leach-Bliley Act (GLBA); it may be geographic like companies subject to GDPR in the European Union; or it may be industry-specific, like companies adhering to payment card industry security standards like the Payment Card Industry-Data Security Standard (PCI-DSS).&amp;nbsp;&amp;nbsp;

**Data breach notification requirements:** It is imperative to determine what security incidents may be reportable data breaches and whether the specific data breach must be reported to regulators, affected individuals, or both. The incident response software solution selected should enable the incident response team to meet these requirements.

#### Compare Incident Response Software Products

**Create a long list**

Users can research[incident response software](https://www.g2.com/categories/incident-response)providers on G2.com where they can find information such as verified software user reviews and vendor rankings based on user satisfaction and software segment sizes, such as small, medium, or enterprise businesses. It’s also possible to sort software solutions by languages supported.

Users can save any software products that meet their high-level requirements to their&amp;nbsp; “My List” on G2 by selecting the “favorite” heart symbol on the software’s product page. Saving the selections to the G2 My List will enable users to reference their selections again in the future.&amp;nbsp;

**Create a short list**

Users can visit their “My List” on G2.com to begin narrowing down their selection. G2 offers a product compare feature, where buyers can evaluate software features side by side based on real user rankings.&amp;nbsp;

They can also review [G2.com’s quarterly software reports](https://www.g2.com/reports) which have in-depth detail on the software user’s perception of their return on investment (in months), the time it took to implement their software solution, usability rankings, and other factors.

**Conduct demos**

Users can see the product they’ve narrowed down live by scheduling demonstrations. Many times, they can schedule demos directly through G2.com by clicking the “Get a quote” button on the vendor’s product profile.&amp;nbsp;

They can share their list of requirements and questions with the vendor in advance of their demo. It’s best to use a standard list of questions for each demonstration to ensure a fair comparison between each vendor on the same factors.&amp;nbsp;

#### Selection of Incident Response Software

**Choose a selection team**

Incident response software will likely be managed by InfoSec teams or IT teams. The people responsible for the day-to-day use of these tools must be a part of the selection team.

Others who may be beneficial to include on the selection team include professionals from the service desk, network operations, identity and access, application management, privacy, compliance, and legal teams.&amp;nbsp;

**Negotiation**

Most incident response software will be sold as a SaaS on a subscription or usage basis. Pricing will likely depend on the functions required by an organization. For example, log monitoring may be priced by the GB, while vulnerability assessments may be priced by the asset. Oftentimes, buyers can get discounts if they enter contracts for a longer duration.

Negotiating on implementation, support packages, and other professional services is also important. It is particularly important to set the incident response software up correctly when it is first deployed, especially when it comes to creating automated remediation actions and designing workflows.

**Final decision**

Before purchasing software, most vendors allow a free short-term trial of the product. The day-to-day users of the product must test the software’s capabilities before making a decision. If the selection team approves during the test phase and others on the selection team are satisfied with the solution, buyers can proceed with the contracting process.



