Imperva Attack Analytics, (formerly ThreatRadar), is a threat intelligence service relying on research from Imperva's Application Defense Center (ADC), integratable into Imperva's WAF solutions and able to be fed into enterprise security data.
N/A
Splunk SOAR
Score 8.3 out of 10
N/A
Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.
I have found the solution to be flexible, adaptable and responsive which enables the implementation of risk management principles and security best practices. It provides visibility into cloud application usage, including what data has been accessed, when and by whom that help detect behavioral anomalies with app usage and alert on suspicious events
Our company has very complex and dynamic security operations because of the large number of security tools and systems that we need to manage and coordinate. Moreover, it helps us to meet many regulatory and compliance requirements because it helps us to automate and document our security operations. We also use it to streamline our security operations and improve our response to potential threats.
A lack of instruction It can be difficult to contact the support staff. Limited experience from current users.
It takes some effort to set up and learn new technology at first. More assistance is required from the support staff. The product's price needs to go down.
As we already have a lot of clients being catered with Splunk SOAR and because Splunk SOAR is robust and efficient, we are already using it, and we have understood the product to a certain extent, I feel we are personally more enticed to use and scale it to a lot of business.
Building playbooks through the visual editor is fine for basic tasks, but once you start chaining complex logic or integrating 3rd party APIs you hit a wall that requires deep scripting knowledge.
We are able to automate almost every one of our use cases, even our threat-hunting, and threat intel procedures. We have 20+ playbooks and cover almost everything, even searching logs into Splunk, looking into TIP and external systems, enrichment, and collecting evidence for analysts; it can perform concurrent playbooks running.
We chose Imperva Attack Analytics for its ability to monitor and audit database activities and its ability to scale and meet demands of the distributed environment. The solution is simple, straightforward and transparent for colleagues, and provides real-time event monitoring, audit analysis and customisable reports.
Splunk Phantom integrates well with Splunk ES and has many integrations. One thing that I liked about XSOAR as compared to Phantom is that it has an "app-store" where you can download not only app integrations (similar to Phantom) but Playbooks and dashboards as well.
The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable
Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task