We performed a comparison between IBM Watson for Cyber Security and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Log aggregation and data connectors are the most valuable features."
"It has basic out-of-the-box integrations with multiple log sources."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"IBM Watson for Cyber Security is very stable."
"The customer support is very good."
"The most valuable features of IBM Watson for Cyber Security are ease of use and out-of-the-box reports and compliance policies. Additionally, if there are aspects that are missing IBM add them in the next release."
"The most valuable feature of this product is innovation, where the research and upgrading of technology never ends."
"Splunk UBA is useful for fraud detection and for detection of APTs, advanced persistent threats."
"The security part is useful as it helps secure the entire environment."
"You can check up on security from the dashboards."
"It allows for transparency into IT metrics for insightful business analytics."
"With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM"
"There are a lot of third-party applications that can be installed."
"I like the search feature and the indexing. It's very fast and comprehensive."
"On the cloud, we are pushing through less than half a petabyte of data. So far, it has been fairly stable because it runs on all the underlying AWS infrastructures."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"There is room for improvement in entity behavior and the integration site."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"Sentinel's reporting is complex and can be more user-friendly."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"The dashboard could improve in IBM Watson for Cyber Security."
"They need to continue to build the AI capabilities."
"In the future, I would like to see threat intelligence included."
"This is an expensive product, so making it more cost-effective would be an improvement."
"We will receive alerts only for the administrators and deployment servers, but not for all servers."
"The only thing which can be improved is that they are too subjective on whom their Splunk4Good initiative can be applied. They market it as you only need to be a nonprofit, but there is more to it."
"Make it easier to include roles and user controls, as it is horrible now."
"It is a hugely complicated product."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
"The training was mostly sales-focused, like how to monitor your sales. It was hard to then come back from doing the training and try to switch it to a cybersecurity focus because all the training we did was sales oriented. The basic training didn't really touch on any kind of cybersecurity use cases or anything like that. That would have been great to see in the training."
"Splunk ES could have more pre-built integrations and rules. The detection is fairly accurate, but it depends on the rules you create. Splunk's out-of-the-box configuration isn't that useful."
"DMC should be a little more intuitive with better dashboarding. Seeing the cause of data flow can be tough to track down."
More IBM Watson for Cyber Security Pricing and Cost Advice →
IBM Watson for Cyber Security is ranked 45th in Security Information and Event Management (SIEM) with 4 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. IBM Watson for Cyber Security is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of IBM Watson for Cyber Security writes "An innovative and stable product that is well maintained and always up-to-date". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". IBM Watson for Cyber Security is most compared with IBM Security QRadar and i-SIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our IBM Watson for Cyber Security vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.