We are using Swimlane for automation purposes and security orchestration.

We are using Swimlane's Playbook Automation. One of the major playbooks that we use in Swimlane is for phishing email automation, so whenever there is a phishing email delivered to a user inbox, Swimlane will automatically sandbox that.

We integrate Swimlane with third-party tools such as CrowdStrike, VirusTotal, URL Proofpoint, and all other different tools we have, so that we get various enrichment of any alerts to make sure that the analyst doesn't spend much time doing manual tasks and gets all the information from the tools in the Swimlane console itself.

We use the case management feature in Swimlane as well. This case management feature is helpful because, in security, we don't want our security incidents to be visible to end users. For example, if I am using ServiceNow, I have to impose many restrictions on the backend table to ensure that whatever incidents are created and written into that table are not available to any end users or other IT team members. We use case management for that purpose so that our security alerts are isolated and only the security team has visibility on them. Whenever we need any remediation, we integrate it with ServiceNow, so if I need to raise a remediation ticket for re-imaging the system, we can create a ticket in ServiceNow from the Swimlane console or from the case management itself with all the proper information.

We do utilize the analytics aspect in Swimlane, and we use their Hero AI module as well.

We also use customizable dashboards in Swimlane because many clients, including CISOs, whom we manage need an executive-level view of what is happening over Swimlane. We create dashboards for them that provide proper information, such as how many alerts were created, what was the mean time to triage, and mean time to respond; we cover all these as KPI metrics in the executive dashboard.

The biggest advantage of Swimlane for us is that it saves time, which in turn helps us in cost-saving.

One of the disadvantages of Swimlane is that to manage the platform, we need hardcore developers. We have recently seen new products such as Tines and Blink Ops coming into the market, where a person with a good knowledge of APIs and JSON format can manage the platform and create playbooks. Even a security analyst can create some playbooks on those platforms. However, on Swimlane, it's difficult for security analysts since they must mandatorily know Python to create the playbooks.

In terms of pricing, Swimlane is on the slightly expensive side.

Swimlane is scalable in general, but there are some limitations. It involves maintenance overhead because you need a complete engineer who knows the product in and out to scale it for the on-prem environment, while in a SaaS model, it works without many problems.

Installation can be quite complex, especially when we have to use Kubernetes, and if we need to create load balancing. In those situations, it requires a good engineer to deploy the platform.

In relation to bugs, sometimes the enrichment playbook we have does not enrich the alert, resulting in missing details, so in those scenarios, the automation team has to manually run the playbook again.

Improvements could be made in terms of quality, particularly.

I have been working with Swimlane for almost seven years.

Swimlane is scalable in general, but there are some limitations. It involves maintenance overhead because you need a complete engineer who knows the product in and out to scale it for the on-prem environment, while in a SaaS model, it works without many problems.

I would rate technical support from Swimlane a seven on a scale where ten is the best.

Installation can be quite complex, especially when we have to use Kubernetes, and if we need to create load balancing. In those situations, it requires a good engineer to deploy the platform.

We see these savings approximately close to 30-35%.

In terms of pricing, Swimlane is on the slightly expensive side.

We have recently seen new products such as Tines and Blink Ops coming into the market, where a person with a good knowledge of APIs and JSON format can manage the platform and create playbooks. Even a security analyst can create some playbooks on those platforms. However, on Swimlane, it's difficult for security analysts since they must mandatorily know Python to create the playbooks.

I would rate Swimlane a seven out of ten as a product.

We have been using Swimlane for security automation within our company. All the ingestions, automations, and everything within our department goes through Swimlane.

Swimlane is easy to start with, as it requires minimal prior knowledge to get started. It is flexible, providing room for users to set up specific incident response flows. Additionally, its integration capabilities allow connections to various platforms, enhancing its usability. Swimlane has helped reduce analyst time, contributing to operational efficiency.

There is a need for enhanced version control in Swimlane. Currently, our version does not support it, making it tough to move changes between environments during significant updates. Furthermore, despite being advertised as a no-code tool, it remains code-reliant, demanding users to build solutions through coding.

We have been using Swimlane for the past three years.

I would rate the stability of Swimlane as a seven. We encountered issues requiring multiple restarts, which suggests that stability could be optimized further.

Swimlane is very scalable, and I would rate it a nine. We did not encounter issues even when managing thousands of alerts, as scalability is only limited by our instance's server capacity.

Swimlane's technical support is very good. They are attentive, responsive, and work to resolve issues efficiently.

We previously used Splunk SOAR, but switched to Swimlane due to cost considerations. Swimlane was more cost-effective.

The initial setup of Swimlane is easy to learn but requires customers to design their solutions. Deployment of Swimlane took us three to four months, which involved migrating existing playbooks.

Around ten people from Swimlane and five from our team were involved in the implementation.

I wasn't part of the initial evaluation process. Still, we had some evaluations of other SOAR solutions within our company after migrating to Swimlane.

I would recommend Swimlane for those proficient with code and prepared for the maintenance efforts required. On a scale of one to ten, I rate Swimlane a seven.

I use the solution for receiving alerts and case creation. It is used as a ticketing system.

It provides us with a single portal for our logs from different solutions.

We faced a lot of issues with the product’s stability. Sometimes we find bugs in the plug-ins. We experience some latency when we have a huge amount of data.

I have been using the solution for six to eight months.

I rate the tool’s stability a five or six out of ten.

I rate the tool’s scalability a seven out of ten. When we add some users, the platform becomes unstable. In my organization, 20 people use the solution.

The response time depends on the support person. The resolution of our issues depends upon the problem and the support person.

The product is deployed on the cloud.

Overall, I rate the product a seven out of ten.