We performed a comparison between Netsurion and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The connectivity and analytics are great."
"What I like most about Netsurion is the level of visibility and reporting."
"I really appreciate the fact that the dashboard breaks everything down into a pretty easy view for me... It shows what changes are happening to privileged user accounts, access and identity, what's cropping up. It shows application activity and whether we've got system resources that aren't online and being found anymore. It's a pretty simple, easy, quick hit and there are the supporting logs behind it. If I need to drill down further, I can do that quickly. It's very effective."
"The most important feature is keeping track of when accounts are created and deleted, when permission groups are changed, and memberships are changed in groups; and overall, how many errors are occurring on the various systems that we're monitoring."
"Netsurion was easy to deploy. I have worked with other systems that were a little less complex, but they weren't quite as easy to deploy."
"I think Netsurion scales well. We've gone from a small number of agents up to thousands. So I would imagine that it would continue to scale. I don't see any issue with that."
"The most valuable feature is that we get the events: the alerts about disk space and the security reports that we get once a day, including user lockouts and the like."
"They have what they call Elasticsearch which is very quick, although that's only available for the last seven days' worth of data. It used to be that, if I wanted to do a search from three days ago, it might take me 10 to 15 minutes because it had to actually unzip some archive files. So I really like that feature. It's almost instantaneous for anything within the last seven days."
"We don't have the eyeballs available to stare and watch for things, or even have the capability of building internal alert systems. So, the managed SOC has been huge for freeing up staff to work on other responsibilities. We are saving on at least one full-time employee."
"The most valuable feature of Splunk is the management and built-in workflows."
"I like Splunk's data aggregation and search capabilities."
"I have also been able to take advantage of some of the more complex statistical capabilities when analyzing logs."
"It has reduced the time to resolution, time to investigate, and time to troubleshoot for debugging issues."
"We are much faster finding and addressing issues with Splunk."
"The solution has made us more secure."
"The dashboard and reporting are very good... It provides very good visibility in a hybrid cloud environment, and you can build custom utilization APIs using Splunk."
"Support is quick and competent."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"We are invoiced according to the amount of data generated within each log."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"The solution should allow for a streamlined CI/CD procedure."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"The threat detection and response is passive. We have asked if there were options for taking action, and we have not gotten any feedback on that, which would be useful to know. Depending on the situation and threat, some actions may not be possible, but we haven't gotten any feedback on what options could be directed and actionable with the understanding that it may have an extra cost. It would be nice to know or find out if it is actually possible to take actions by a SIEM service or a SIEM agent."
"They have their programs and tools that you have to put into your own environment. We basically ingest all the log data and then push it out to them. I wish it was a little bit different than that where we just push directly towards them. I do not know if that is a function that they thought would be better in terms of security, but I wish that instead of doing that, it should go from the device to them and not from the device to another system and then out to them. There seem to be some drawbacks to doing that."
"The system requirements are very, very high. So I need a pretty powerful server to run. If they could lighten that load so that the on-premise part of their product didn't impact my systems as much that would be ideal."
"Probably the biggest thing is just: Can I search for this and what's the best way to do it? If I'm looking for two events versus a singular event, I just throw it back at them. They're the experts on it."
"Netsurion's threat detection and response aren't quite mature. I would expect a little more."
"Netsurion's SOC can be a bit too aggressive at times."
"The weekly reporting could use some improvement. For example, when we handed them our landscape document, it took longer than I would have liked for those details to become noticeable within the reports."
"The solution's dashboard is okay. The one thing that we ran into are issues when we upgraded to the newer version. It uses Elasticsearch for the different dashboard entries. So, we were running on spinning disks, and Elasticsearch didn't work that well. A number of the different dashboards, like my dashboard or different things like that, pull from Elasticsearch. Since Elasticsearch really wasn't working, we were having some issues with that, but we just migrated."
"Configuring a few apps is complex, not straightforward."
"I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."
"Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling."
"They can incorporate the SOAR solution within the actual product so that we do not require two different products, two different installations, and two different pricing methods. In regards to UBA, I am familiar with the UBA that existed two years ago. I am not updated about it today, but two years ago, UBA required such an amount of data that from a cost perspective, it was not worth it. When you compare it to what you get out of the box with Microsoft Sentinel without additional costs, there is no match."
"If you have to do your own stuff, such as customized charts, it is a little bit more work, but once you're familiar with the Splunk query language, you can pretty much do whatever you want. In terms of features, it should probably have the features that other competitors provide."
"The product must improve insider threat detection."
"Splunk needs to be able to hold more days of data. At the moment it only holds three months of data."
"If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well."
Netsurion is ranked 16th in Security Information and Event Management (SIEM) with 24 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Netsurion is rated 8.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of Netsurion writes "The SOC center monitors, hunts, and notifies us of threats around the clock". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Netsurion is most compared with Arctic Wolf Managed Detection and Response and CyberHat CYREBRO, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Netsurion vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.