We compared Securonix Next-Gen SIEM and Splunk Enterprise Security across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Features: Securonix Next-Gen SIEM offers extensive customization options and multiple advanced features, such as Spotter, which enables in-depth search and analysis. Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality.
Room for Improvement: Securonix users highlighted the need for greater flexibility in modifying reports and templates and improved analytics and visualization. Users say Splunk needs improvements in AI capabilities, user-friendliness, and analytics.
Service and Support: Securonix has been praised for its effective support and timely problem resolution. While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise.
Ease of Deployment: Some users found the Securonix Next-Gen SIEM setup to be straightforward, but others found it complex. Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators.
Pricing: Securonix Next-Gen SIEM is competitively priced and more affordable than many SIEM solutions. Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data.
ROI: Users say Securonix Next-Gen SIEM offers a significant return on investment by streamlining infrastructure management and enhancing overall efficiency. Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations.
Comparison Results: Users appreciate Securonix's smooth onboarding process, flexibility in features and patches, and ability to manage infrastructure. However, Securonix should improve its visualization and reporting flexibility. Splunk is praised for its interoperability and powerful search features, but users say that Splunk should work on its performance issues and offer more advanced AI capabilities.
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The pricing of the product is excellent."
"The UI of Sentinel is very good and easy to use, even for beginners."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The feature that is most valuable is the fact that it's an open platform, so it allows us to modify policies and tune policies as needed. There's also a feature called Data Insights which allows us to create different dashboards on specific things of interest for us."
"The second feature is that within the SNYPR product there is a functionality called Spotter. We use that for link analysis diagrams and to run the stats command. That's extremely useful because it replaces a tedious, manual process we used to use, using Microsoft Excel and a couple of other methods, to bring data together."
"The user interface is easy to learn and navigate."
"The UEBA functionality indicates a lot about behaviors that are not found through a traditional SIEM. We have exploited that more than anything since we started using it."
"Its console is very easy to use and configure. It is very intuitive for our use cases. App integrations are also pretty nice."
"The solution is stable and scalable."
"There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features."
"The big data security analytics platform, structured and unstructured data analytics, and user and entity behavior analytics provided by the product are probably the best in the industry."
"The scalability is good."
"We can do things in minutes instead of days."
"It has reduced the time to resolution, time to investigate, and time to troubleshoot for debugging issues."
"Splunk's advantage is its search capability. Its search is notably faster. With Splunk, I can search easily on keywords. That is great."
"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."
"It allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar."
"It allows for transparency into IT metrics for insightful business analytics."
"On the cloud, we are pushing through less than half a petabyte of data. So far, it has been fairly stable because it runs on all the underlying AWS infrastructures."
"The on-prem log sources still require a lot of development."
"I would like to see more AI used in processes."
"We are invoiced according to the amount of data generated within each log."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The pricing. I'm not sure how they are proceeding with the identity based pricing compared with DB pricing which most of the vendors are using today."
"It seems to me that within Securonix there is no option for completely visualizing the types of sources or if there is any loss of logs. I've heard that they have an additional module to validate those types of cases, but in terms of the platform itself only, I can only see how often it sends data but not any specific detail."
"The incident response area should be improved."
"One aspect that could be improved is the pricing of the product in Brazil."
"A helpful feature would be an event export. A way to create more substantial summary reports would be nice."
"Regarding the analysis of security events on the SOC side, Securonix Next-Gen SIEM needs to improve its automation capabilities."
"Securonix implements risk scores based on different policies that are triggered. We've seen some challenges with the risk scores and how they trigger. These are things that Securonix has recognized and they've been working with us to help improve things."
"We would like to see better integration with other products."
"The administration of the cluster and app deployment to indexers or search heads can be done only using ssh access and command line, there is no GUI tools for that."
"The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do."
"We do have to educate developers on how to not blow it up. It is a little to easy to write an expensive query and overly stress the system. This could be improved."
"The security can be improved."
"It would be nice if Splunk reduced the cost of training. Their training sessions are way too costly."
"Certain sections of the developer documentation could use some updating and clarification."
"The solution could use a different licensing model."
"Integrating tools and creating use cases could be easier. It's hard for a junior security engineer with only a couple of years of experience to write use cases. They can do it, but it's much easier in a solution like IBM QRadar. Setting conditions is like a multiple-choice type of thing. It's a more user-friendly process."
Securonix Next-Gen SIEM is ranked 7th in Security Information and Event Management (SIEM) with 27 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Securonix Next-Gen SIEM is rated 8.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Securonix Next-Gen SIEM writes "Spotter tool has helped us eliminate many hours required to manually create link analysis diagrams". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Securonix Next-Gen SIEM is most compared with IBM Security QRadar, LogRhythm SIEM, Exabeam Fusion SIEM, Gurucul UEBA and Seceon Open Threat Management Platform, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Securonix Next-Gen SIEM vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.