Splunk Enterprise Security Reviews

We gather all the security logs from all the endpoints, network appliances, and the security filter. We have set up automatic alerts that are sent to system administrators, so we have pretty much real-time alerts about anything that happens. 

Splunk Enterprise Security has definitely improved my organization. First of all, it helps with compliance. Our organization has something called scorecard requirements. It is an annual self-check checklist. Having alerts set up is one of the requirements, and secondly, we have a local administrator who gets the alerts. That makes our job a lot easier. So, we pretty much know what is going on in a real-time setting.

We are the judicial branch of the government, so we are pretty much into our private cloud. We do have a setup to monitor our private cloud but not outside our organization. If we can monitor one cloud, multiple clouds will not be hard at all. It is easy.

Splunk has absolutely reduced our mean time to resolve. Knowing on time and having firsthand information is very helpful for any organization. We are able to capture what is going on, and the visibility of it is absolutely tremendous. I cannot provide the metrics, but it has saved a lot of time.

Splunk has absolutely improved our organization’s business resilience. We have been using Splunk for the last six or seven years, and I cannot imagine a life without Splunk. 

In terms of Splunk’s ability to predict, identify, and solve problems in real-time, this is something that we will look into. We have not yet looked into machine learning, AI, and all of Splunk. Currently, we are more in the reaction mode, but we are trying to get more in the protection mode or have more proactive measures. We have not got to that point yet, but we will definitely be there.

I am not into the administrator type of setup. I am more like an advanced user. The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. That is helpful for a power user like me.

Splunk conferences are very helpful for networking and talking to folks who have a similar situation. It would be helpful for customers if they could create some real-world cases, and we can find a case study to align with. I know that Splunk has tremendous potential. We only include a tiny piece of it. There is a lot of stuff that we need to learn. If Splunk can provide more real-time examples, that will be helpful for customers.

It has been six or seven years. 

Splunk has a reputation for being scalable. You can start small, and if your demand increases, you can scale your platform. Splunk does a good job. It allows customers to have scalability so that they can expand their capacity. I would rate it a ten out of ten in terms of scalability.

In our company, we have a Splunk consultant who is very good at providing a solution. So far, I have not had any problem that is unresolved. I would rate their support a ten out of ten. In this industry, there is good support, and there is bad support. Splunk's support is more like Cisco's support. It is pretty good.

Positive

We used something else, but I do not remember the name. Splunk is what we have been using for a long time. It is more advanced in terms of IT security. There is more scalability and the capability to do a lot of different things on multiple platforms. This is where it is more advanced than other products.

I was not in the deployment team, but I was involved in the early stage of evaluating all different kinds of products.

There are a lot of things for which you can measure a return on investment, but security is something on which it is hard to put a dollar value and measure how much return you have got. However, in terms of helping the administrator or helping the company to put security in place, Splunk does a great job. I cannot imagine a life without Splunk.

The pricing is a little bit on the higher side, but looking at what Splunk provides us, it is reasonable.

We evaluated what was on the market, and fortunately, we picked Splunk. Looking back, it was the right decision.

Splunk is moving in the right direction and providing better and more mature products. This is my fifth conference, and I see the progress. I see Splunk bringing in all new products. They are pretty much in line with the security trends. They have improved a whole lot to meet customers' needs.

I would rate Splunk Enterprise Security a ten out of ten.

The use cases are mainly around monitoring for our clients' security operation centers and correlation of events and analytics for incidents that have been identified.

It has really improved things for our clients by reducing false positives. Most of the time, analysts end up wasting their time with false incidents, and that has been drastically reduced by Splunk.

It also definitely helps speed up your security investigations.

The dashboard and reporting are very good. Our clients monitor multiple cloud environments and Splunk helps because, in general, monitoring multiple cloud environments is definitely difficult and very complex. It provides very good visibility in a hybrid cloud environment, and you can build custom utilization APIs using Splunk.

The solution is also very good in its threat-hunting capabilities and anomaly detection. It uses an AI-based detection system to identify real-time anomalies and provides complete visibility into the network.

And you can feed multiple threat sources into Splunk and the Threat Intelligence Management feature gives you information about current or potential attacks. It provides complete security support in the threat intelligence space. It helps your administrator to correlate indicators of compromise from threat intelligence databases and feeds.

Also, the Splunk Mission Control feature, which is mainly for Splunk Enterprise Security cloud users, provides a unified and simplified security operations experience for SOC analysts.

We also use the solution's Threat Topology and MITRE ATT&CK framework feature. That's something you need for cyber breaches to contain a threat. This feature comes into play when you need to mitigate an incident in your environment.

While there aren't any major areas where the solution has to be improved, there are certain integrations that are still not available. I would specifically like to see legacy applications integrated. Splunk has integrations with AWS, Azure, and other cloud providers, but when it comes to legacy applications, it is difficult to do a Splunk integration.

We have been working with Splunk Enterprise Security for one and a half years.

It's a very stable solution. 

It is very highly scalable.

The technical support is very good.

Positive

I used IBM Security QRadar. The main reason for switching is that Splunk has the scalability to handle bigger enterprise logs. Log management is the biggest issue in any SIEM. Splunk is able to rapidly grow its capacity.

Our clients' implementations are mostly on-prem and in the cloud.

Splunk is definitely not a cheap solution. It is an expensive product.

If a customer is evaluating SIEM solutions and is considering cheaper products, it depends on the customer's budget and use cases. For a large, enterprise customer with critical infrastructure that needs to be monitored 24/7, obviously, the cheaper solutions may not have the capacity to handle the huge volume of data. Splunk has the SIEM and the scalability as well as visibility features. When you want to monitor your applications and how they are performing, that is where Splunk is very strong.

In terms of maintenance of Splunk, you need to have an IT administrator monitoring it at all times.

When it comes to a large, enterprise customer's critical infrastructure, Splunk is one of the best solutions to use in a security operations center. It has multiple advantages, such as the dashboard that provides complete visibility, and a threat detection system with very advanced features. It is very valuable for any company that wants a good protection system.

You should definitely consider Splunk as one of your options for your SOC.

We use Splunk Enterprise Security for threat detection on our network devices.

Splunk Enterprise Security excels at threat detection. We've developed multiple correlation searches leveraging security data. These searches identify threats and categorize them by urgency level, enabling our security analysts to prioritize and take swift action.

Splunk Enterprise Security has helped us improve our incident response time. We achieve this by ensuring our queries are completed in near real-time.

Access management focuses on storing and managing access controls, while identity management deals with user identities. For example, if we want to find IP addresses associated with CrowdStrike, we can use access management to look up their IP ranges. Then, we can check if any IPs match by adding them to a specific identity management lookup. Finally, by leveraging the combined identity and access management features of Splunk Enterprise Security, we can create correlations between these entities.

The security dashboard can be customized to display the information we need most quickly. It typically has seven to eight panels, each dedicated to reflecting specific data. While some initial data load time might be present, clicking on a specific panel will display its information as soon as possible. There can be delays in traditional dashboards when searching for specific data. To optimize this, we can create "base searches" within each panel. These predefined searches cover commonly used queries and fields. Alternatively, we can create a "summary index" that holds a longer span of pre-processed data. This summary index allows even large datasets to be displayed quickly when accessed through the dashboard.

Splunk enhances our team collaboration regarding security incidents. When a threat alert is received, we can click on it and choose "investigation in progress" from a dropdown menu. This selection redirects us to a dedicated investigation page for further details. For in-depth analysis, we can drill down into the logs to pinpoint the source of the issue. Additionally, the platform allows us to contact network devices to determine the root cause. Once the issue is resolved, we can close the investigation.

We monitor both AWS and GCP environments using Splunk Enterprise Security. 

Splunk provides threat intelligence capabilities that can be valuable. This, combined with the comprehensive set of dashboards available, allows us to effectively monitor for threats. We can also create custom apps within Splunk for threat detection. These apps can include custom dashboards or reports that display specific information. For example, we could create a dashboard that shows the number of users accessing unknown URLs or another that monitors a particular device for suspicious activity. An example of suspicious activity might be a device where the print command is being executed repeatedly but failing each time. This could indicate a malfunction or, potentially, a malicious attempt to exploit the system. Similarly, a sudden spike in activity, such as millions of clicks on a specific device within a short timeframe, could also be a sign of a threat. By monitoring these parameters within Splunk's threat detection features, we can identify and investigate potential security incidents.

Splunk provides valuable visibility across multiple environments. Whether we have an on-premises or cloud architecture, Splunk offers self-monitoring capabilities. Additionally, depending on our environment, we can leverage existing monitoring tools. For on-premises deployments, we can utilize the Martin Console alongside Splunk for comprehensive monitoring. Cloud environments often come with built-in monitoring handled by the cloud provider's support team. In such cases, Splunk can focus on applications and custom log data for deeper insights.

The threat topology provided by Splunk gives us a comprehensive overview of potential threats. By analyzing queries or notable events, we can identify and neutralize these threats.

Splunk does a good job of analyzing malicious activities.

Splunk has improved our organization's decision-making by centralizing all the information in our environment and allowing us to access multiple dashboards and reports in one place.

Splunk has helped us reduce our alert volume. By using Splunk, we can identify the root causes of failures, which in turn leads to a decrease in alerts.

Splunk accelerates our security investigations by enabling us to resolve issues and document them in Standard Operating Procedures or knowledge-base articles. This facilitates a swifter response to similar incidents in the future.

Splunk Enterprise Security's dashboards are a key asset. They offer comprehensive visibility across our entire environment, allowing us to diagnose and address security issues directly from the interface.

I would like Splunk to offer a quicker and easier way to run queries.

Splunk could improve its cost-efficiency for our organization by offering pre-built architectures tailored to specific environments. This would provide a clearer picture of required licenses and their implementation, ultimately reducing licensing costs.

The presence of multiple layers creates a significant challenge for monitoring across cloud environments.

I am currently using Splunk Enterprise Security.

Splunk Enterprise Security is a very stable product, but there are occasional bugs that can appear.

We can scale Splunk Enterprise Security up or down depending on our demands.

The Splunk support team is helpful. For complex issues or on-demand requests, we raise cases with them. On-demand requests requiring impactful solutions are paid. However, for UK-based users, standard support is free and usually resolves issues efficiently. In some cases, the support team rushes to provide a solution without even looking at the issue.

Positive

The initial deployment can be complex. It involves creating multi-site clusters for each location and configuring a cluster master for each. This is because the cluster master will replicate data across multiple sites, making the environment more complex.

Four people were required for the deployment.

I would rate Splunk Enterprise Security 6 out of 10 because of the complexities that occur at times.

I highly recommend Splunk Enterprise Security for organizations seeking comprehensive security monitoring. Splunk offers a centralized platform to collect and analyze vast amounts of security data. This empowers us to gain full visibility across our entire IT environment, including applications, user activity, and potential security threats. Splunk provides insightful dashboards, reports, and real-time alerts to help proactively identify and address security issues.

While cost is a consideration, prioritizing features over functionalities for SIEM solutions can be risky. It's best to identify your business needs first and then choose an SIEM that offers the most relevant benefits to address those needs.

Splunk Enterprise Security is deployed across multiple locations and departments within our organization.

Splunk Enterprise Security required maintenance.

We use Splunk Enterprise Security to enhance our overall security posture by proactively managing our threat profile across the enterprise. This enables us to see valuable insights and effectively monitor all OEM devices.

It is easy to monitor multiple cloud environments using Splunk Enterprise Security. This helps with DLP and security across our SAM solutions.

Although I favor the cloud's convenience for credential management, Splunk Enterprise Security's visibility remains consistent across multiple environments.

Splunk's insider threat detection reveals daily threat events and highlights anomalous behavior on the dashboard.

The threat intelligence management feature continuously monitors activities across cloud, on-premises, and hybrid environments, and informs stakeholders of any suspicious activity.

Splunk Enterprise Security has endpoint security protection to analyze malicious activities and detect breaches through the analysis of new log content.

Splunk Enterprise Security helps us detect threats two to three hours faster.

Splunk Enterprise Security has helped improve our incident review times, security posture, network protection, and endpoint protection. We saw the benefits within the first month of use.

A decrease in false positives has enhanced our risk analysis, security posture, and the speed of our alert investigations, resulting in daily time savings of four hours. 

Splunk Enterprise Security has saved us two hours per day of investigation time.

The ability to manage large amounts of generated data and to protect all devices from unauthorized use are the most valuable features.

The threat detection library needs to increase the frequency at which the playbooks are updated. 

I have been using Splunk Enterprise Security for two years.

Splunk Enterprise Security is stable.

Splunk Enterprise Security is scalable.

The technical support is good.

Positive

The initial deployment was straightforward. We wanted to cover all of our endpoints. Two people were required for the deployment.

The implementation was completed in-house.

I would rate Splunk Enterprise Security an eight out of ten.

Splunk Enterprise Security is a leader in the market and provides great visibility into an organization's security posture.

We have 100 people that are using Splunk Enterprise Security.

The continuous visibility and SOC requirements of the resilience Splunk offers are a benefit to any SIEM. Resilience is important for organizations that run a hybrid environment.

We use the solution for tracking successful and unsuccessful logins. We track privileged account activities and also a variety of other things, like developing use cases for data exfiltration or integration with ETRs and other security tools for data analysis. 

We wanted to solve the issue of unauthorized access, brute force attacks, and exfiltration. It's helped with MITRE ATT&CK frameworks. 

The organization has been able to quickly triage issues and investigate if something is a true threat or not. Most times, it helps our security posture. The level of confidence we have is high. With Splunk, you can query accounts when you see some strange activity. 

It gives me notifications of notable events. 

The default dashboard is very good. We can see our security posture from there.

On-prem and cloud data analysis are good. You can aggregate it if you need to in order to get good data.

Splunk has proven to be great when tracking down anomalous behavior. The logs are excellent. It is the platform in the industry.  You can integrate anything. The amount of information and usability you get out of Splunk is very good.

We do use the Threat Intelligence Manager. It can be integrated with third parties. The actionable intelligence we get is useful. There is sequencing where you can gauge some actionable steps. 

I use the MITRE ATT&CK framework when I am developing a new use case. It helps us discover the overall scope of an incident. Using Splunk is essential in developing that. 

It's good for analyzing malicious activities and detecting breaches. I'd rate it highly in its capabilities. However, if you don't have the knowledge, it may be difficult. You might get a lot of false positives.

It's helped us detect threats very fast, in almost real time. 

We have reduced our alert volume. I'm not sure of the exact number, however, instead of having 100 to 200 false positives, we might get 20 to 30. 

It has helped us speed up our security investigation, although I don't handle it directly. I simply do triage, and it definitely helps there. 

There are a lot of false positives which can cause a lot of fatigue. 

Sometimes, there is latency in the logs. 

When you deploy Splunk, you need a high level of knowledge. You really need to know what you are doing. It requires a lot of things.

They need to come up with straight steps to get things done, to have a step-by-step process to achieve this or that. 

I've been using the solution since 2020.

The stability is okay.

Splunk would tell you, especially on the different licenses they have, your storage, and your level of ingesting, it can vary. 

Splunk needs to be more clear between storage and performance. 

We worked with a client where almost immediately their storage was already in red. They didn't understand their storage needs as that wasn't clear. 

The solution cuts across countries. I'm not sure how many end-users we have.

The scalability is okay. It scales well even though you have to consider your licensing and storage.

Technical support is good. 

Positive

I have used ELK previously. 

I have been involved in the deployment of Splunk in the past.

The initial setup is not so straightforward for those new to it. I'm accredited and have four years of implementation. You really need that level of knowledge. It's straightforward to make a feed, make it compliant, and do field mapping, however, there are many things you need to do before deployment. 

We had six to eight people deploying Splunk. They were all mostly Splunk professionals, who understood the product and devised a plan and timeline for implementation. We integrated the relevant stakeholders into the process. We were connecting to the Splunk Cloud. 

There is a little bit of maintenance required to maintain the infrastructure. 

We used all in-house resources to implement Splunk.

I have witnessed an ROI while using Splunk. There were some incidents previously in which the company lost millions of dollars. Bringing in Splunk has curbed that. 

The pricing is on the high side. It's not a solution for SMEs.

I'm not sure if any other options were evaluated by the company. 

Currently, we are just Splunk customers. 

We do not monitor various clouds; we only monitor one. However, they have a good solution in that we don't need to worry about maintenance if we do. 

We've never used the Mission Control feature.

If someone is looking for the cheapest SIEM solution, there are a lot of open-source options out there. However, Splunk definitely is an option. If a company is bigger, it would benefit from Splunk. They will be paying some money for it, however, it's worth it.

Resilience is important. To some extent, Splunk addresses this as we haven't had any issues. It's important to have resiliency. If your solution is not resilient, you risk security issues. 

I'd rate the solution eight out of ten. 

I would advise others to spell out what you really need and make it measurable so that you will understand if Splunk is right for you. If you are going to use Splunk, it's important to do your due diligence. 

Our SOC uses the solution to monitor our corporate and franchise environments.

Risk-based alerting is the most valuable feature. It really allows me to drive down the alert count and the alert fatigue for my analysts to make the alerts they see more valuable and actionable. The way that alerts are handled is better in Splunk. SPL is easier in Splunk. The UI of Splunk makes it easier for our analysts to move around and see what they need to see.

There are a lot of areas that are currently being improved that I want to be improved. Features related to content management must be improved. The product is adding more drill-downs.

When the tool was originally set up, things were not configured properly due to the rapid deadlines for installing everything. Now, we have to go back and recover a lot of things that aren't properly configured.

I have been using the solution for approximately four years.

I haven't seen any issues with stability. Most of the stability issues I've seen have actually been on the on-prem hardware.

We have no issues at all with scalability. The tool has high scalability and usability. The size of our environment is relatively large since it is an enterprise solution. We have around 5000 users and a franchise base.

I have never had an issue with Splunk’s support team. Every time I ask a question, I usually receive really quick responses. We are in the middle of a migration, and the engineers helping us migrate to Splunk Cloud have been fantastic every step of the way. They provide really rapid and complete answers when we ask questions.

Positive

I use LogRhythm a lot. I worked for an MSSP, so I have seen several products. So far, Splunk has been my favorite.

We have definitely seen an ROI on the solution. Any security tool has a fantastic ROI. A lot of companies don't like to budget for security until there's an incident or something goes terribly, terribly wrong. Just having that SIEM and having eyes on potential security issues is an ROI.

We are behind a few versions. So I hope that as we upgrade, I get more ideas for what I'd like to improve. We're still in the process of moving to the cloud.

The product has improved our organization's business resilience. The right tools are available to our analysts within the product, and we use them daily. It has drastically driven down our time to remediate, which is huge for us. It's huge for any company. We don't want four hours to find out that something has gone terribly, terribly wrong. Finding such issues before they turn into full-blown security incidents has been our biggest impact.

Splunk Enterprise Security empowers our staff. It is so user-friendly. It allows our analysts at every level to learn the tool and learn more about security through the tool. I progressed from level one. Now, I'm a content developer for enterprise security. The usability of Splunk is the best on the market. The solution has helped reduce our mean time to resolve.

As we add new features and applications into Splunk, time to value is pretty quick on most things. As long as we have someone that's willing to go through the effort to configure, the time to value is rapid. Adding applications to Splunk is a seamless experience. The UI of Splunk makes life so much easier. Some of my experience is based on technical debt in the organizations I worked with. I would probably rate the tool a ten if we didn't have so much technical debt.

By attending Splunk conferences, I get to learn about all the new tools and how to implement them. I use it for RBA and Machine Learning Toolkit. I develop content for our company. I am here to learn how to implement RBA and Machine Learning Toolkit better to reduce alert fatigue for my analysts.

Overall, I rate the product an eight out of ten.

I am the branch chief. I use Splunk Enterprise Security depending on how swamped the team is. I use it for anything from basic searches to DDoS attacks, which is a big thing right now. So, DDoS attacks and phishing emails are a lot of what I am using it for.

We had FireEye before and then we went to CrowdStrike. Splunk has definitely helped to have everything into the tool. It is a lot easier to complete the tickets. It saves, on average, a couple of hours a day. We just go to Splunk and then provide data and work with different people on the tickets, so it saves hours each day. We have been able to allocate these hours to other projects or things that are more of a priority. We are able to do different projects that were on the back burner. We can put those hours towards other things.

Splunk has improved our organization’s business resilience. We are able to give leadership updates through dashboards versus the actual metadata. It is easier for them to understand and provide leadership.

Splunk’s ability to predict, identify, and solve problems in real-time is very good. It is proven. Every couple of weeks, it catches some of the things that our SOC team did not catch and provides alerts, so its real-time capabilities are very good.

Our team has overall benefited from Splunk. We had FireEye before, which was not that good. We are able to benefit from Splunk not only in terms of instant response. We also have other teams doing vulnerability management using the Prisma systems. It is important that Splunk provides end-to-end visibility into our native environment. We use it for Prisma and instant response. Without Splunk, we would not be able to do some of the things that we need to do unless we went to individual tools, and we do not have the resources for that.

Exporting is a good feature. It helps me out when I have to do reports. I do a lot of exporting and crunching of the numbers. Dashboards are okay for showing to the leadership, but for doing statistics and updating tickets, the export feature is very beneficial for me.

They offer training. That is a big part of it. If you do not understand the tool, they are able to provide everything that you need, which helps the business. When you have learned a tool, you are able to speed up the process meantime, so you are not wasting a lot of man-hours trying to figure things out. 

I do not have any areas that can be improved. It works as intended for us, and we are getting everything that we need out of it. If anything, its initial setup can be improved a bit. 

In terms of additional features, I am still learning SOAR and everything else, so I do not have any feature requirements at this time, but as we do these SOAR operations, there might be some additional features that we will need.

I have been using Splunk Enterprise Security since 2016.

It is very good as long as you have the scope of how many servers, processors, and other things you need. There was a learning curve of making sure our servers were beefy enough to handle the data. We had four terabytes of data coming in every day. We were maxing out our systems a little bit, so we beefed that up, and we have had no issues since. 

Its scalability is easy. On-prem was very easy, and on the cloud, you have to learn and adapt a little bit, but scalability is perfect. 

I only reached out to our Splunk contacts, but my team reached out to Splunk's support team. I have not had any issues where they told me that they did not get the support they needed. They might take time to figure out what the issue is, but overall, I would rate their support a ten out of ten. 

Positive

We used FireEye, which was our primary one, and then we had CrowdStrike. Splunk has definitely been wonderful for us. The biggest reason for switching was integration. It is very easy to get all the tools fed into Splunk. They also had a cloud version, which was another reason. We are doing a hybrid setup, so cost savings was also a big factor.

I was involved in its deployment. I am the system owner of it. I am in charge of it, so I oversaw the project deployment. There is a learning curve with the hybrid setup with the cloud and on-prem, but overall, I am pretty satisfied with it.

We have an on-prem and a cloud environment depending on the platforms we are using in the system, so we have both environments. The challenging part was getting everything set up and fed into Splunk, but once it is set up, there is no difference in using it on-prem or on the cloud. We do not notice any real difference in it. 

The initial setup could be improved a little bit. It depends on your local team, firewalls, and other things like that, so there was a learning curve for the teams to learn how to set it up. That part could be improved, but once you go through it, it is not an issue. 

We had the Splunk team, and they did wherever they needed to get everything deployed. Our experience with them was good. We have worked with Splunk for years now. Their support has been very beneficial. If I have a question, they jump right on and let me know. They walk me through it and give me updates, so I am pretty happy with Splunk.

We have seen an ROI in terms of the mean time to resolution and man-hours. We are able to allocate those hours to other things. We have not got there yet in terms of the upfront costs, but we will get there over time.

When it comes to the time to value, we are getting there. We have not got there yet, but over time, we will get to the time to value.

Its price is fair. Like with anything else, if you go into the cloud, different providers cost more, and you are able to throttle back or throttle up. The cost is comparable with anything else.

We evaluated other options. We had to evaluate the pros and cons in terms of the cost and the capabilities of each tool. A lot of that went into the proof of concept. We did our due diligence and determined that Splunk was the best fit for us.

I would rate Splunk Enterprise Security a ten out of ten. It gives us everything we need, and its capabilities keep on improving, so it is getting better. 

Splunk Enterprise Security provides us with both log monitoring and alerting capabilities from a centralized interface.

Splunk Enterprise Security's detection capability is good. Real-time alerts are crucial for threat detection. When unknown traffic is identified, incidents are automatically created and alerts are sent to the monitoring team for prompt action.

Our mobile device ordering website experienced a fraud attempt. We identified a surge in traffic originating from the same IP address through Splunk Enterprise Security. This allowed us to swiftly block the suspicious activity, potentially saving millions of dollars.

Integrating Splunk Enterprise Security with other tools is easy.

It is easy for us to monitor our multiple cloud environments using Splunk.

Splunk offers good visibility across our multiple environments. We can monitor roughly 80 percent of our environment through Splunk.

Splunk is our primary tool for analyzing real-time logs to detect malicious activity. These logs are then used to create security incidents and trigger alerts for further action.

We can see the benefits of Splunk Enterprise Security quickly after deployment.

Splunk Enterprise Security reduces our alert volume because it is precise and customizable.

Splunk Enterprise Security helps us speed up our security investigations by sending alerts and providing a deep dive into the logs.

Splunk's visualizations make it easy for users to understand the data. Additionally, Splunk can ingest all our data, creating a centralized and informative platform. This combination is a powerful asset for data analysis.

Splunk Enterprise Security's pricing structure could be more accessible for smaller organizations. Licensing costs can be a barrier for those with limited budgets.

I have been using Splunk Enterprise Security for 5 years.

I would rate the stability a 9 out of 10. With a stable environment, we may encounter issues 2 percent of the time.

I would rate the scalability an 8 out of 10. 

Splunk now offers SmartStore, which automatically scales storage capacity without sacrificing performance.

The support team is supportive and quick to respond.

Splunk offers Platinum, Gold, and Silver support. With the Platinum package, they respond within two hours.

Positive

We transitioned from AppDynamics to Splunk Enterprise Security, which provides a valuable single pane of glass for managing and viewing security metrics.

The initial deployment is easy. The deployment for Splunk Enterprise Security is quick.

By automating our monitoring and alerting with Splunk Enterprise Security, we've achieved a significant return on investment. This has freed up over 190 days of manual monitoring effort by our team, resulting in overall cost savings of around 30 million dollars.

The licensing costs are high for Splunk Enterprise Security.

I would rate Splunk Enterprise Security 8 out of 10.

I highly recommend Splunk Enterprise Security to anyone looking for a comprehensive security solution. It's a single tool that can monitor and manage our entire security posture, including business metrics, IT infrastructure, and security alerts. Splunk also simplifies incident creation and log management, providing a central location for all your security data.

Splunk Enterprise Security is used by 30,000 people across multiple locations in our organization.

The widespread adoption of Splunk Enterprise Security requires regular maintenance to ensure optimal performance.

Organizations with low logging volumes can benefit from using the open-source ELK Stack.

The resilience Splunk Enterprise Security offers is good.