Splunk Enterprise Security is a SIEM, log management, and IT operations analytics tool. The solution provides users with the ability to secure their information and manage their data in the cloud, data centers, or other applications. Splunk Enterprise Security also offers visibility from different areas, levels, and devices, rather than from a single system, thus, providing its users with flexibility. Splunk Enterprise Security can monitor data and analyze, detect, and prevent intrusions. This benefits users as it provides alerts to possible intrusions, helps users to be proactive, and reduces risk factors.
Users highly value Splunk Enterprise Security for its comprehensive dashboard and reporting capabilities, which provide excellent visibility, threat-hunting features, and anomaly detection using AI. Splunk's ability to aggregate and search through large amounts of data, coupled with its user behavior analytics and threat intelligence management, enables users to detect and mitigate zero-day attacks effectively.
Splunk's flexibility in handling multi-cloud environments, scalability, and stability make it a reliable choice for security operations. Splunk's extensive integration capabilities, robust SIEM functionality, machine learning, and automation features further enhance its value.
While Splunk Enterprise Security is a powerful platform, users have identified several areas for improvement. These include better integration with legacy applications, also more pre-built integrations and rules, the addition of a web interface for managing archiving and storage, and enhancements to default machine-learning models and native threat intelligence.
Users also desire improved alignment of log feeds, better algorithms and alerts, improved cluster environment stability, and simplified search filtering would also be beneficial.
ROI from Splunk Enterprise Security can vary depending on the context and perspective. Some users have seen a positive ROI through automation and strengthening their security stance. Others mention the inability to quantify the ROI but emphasize the satisfaction of customers and the ability to solve previously unknown problems.
Splunk Enterprise Security is an expensive solution. The cost may vary depending on the customer's budget and requirements. Some customers believe that the price is worth it due to the unique features and long-term security compliance it provides. However, others express concerns about the high cost and suggest that Splunk could lower their prices or offer better discounts.
The pricing model is yearly, with different licensing options available. The pricing structure is described as complicated, and some customers find it difficult to calculate additional costs based on data usage.
Splunk Enterprise Security is used for:
The customer service and support for Splunk Enterprise Security have received mixed reviews. Some customers have rated the support as very good. These customers appreciate the expertise and assistance provided by Splunk's support team.
However, there are also customers who have experienced delays in receiving support due to the availability of qualified engineers and the process of opening tickets.
Some customers have found online resources, such as tutorials and forums, to be sufficient for finding answers to their questions.
Some users found the initial setup of Splunk straightforward and easy, especially with the help of documentation and support. They mentioned that deploying Splunk is simple and can be done in a short period of time, particularly on the cloud.
However, a few users mentioned that the initial setup can be complex, especially for those who are new to Splunk or have a more intricate environment. They emphasized the need for expertise and assistance from experienced professionals or Splunk engineers.
Some users also mentioned the importance of maintenance and monitoring after deployment, indicating that the solution requires ongoing attention.
Splunk Enterprise Security is highly scalable and can be scaled horizontally or vertically. It scales up well and is widely used in organizations. It can handle a large amount of data and is used extensively for security purposes.
The solution can be scaled up to any size of enterprise or agency, and customers can easily add additional licenses if needed. It is cloud-ready and has performance-tuning options.
However, there are some concerns about the cost and storage requirements for scalability.
The stability of Splunk Enterprise Security is highly praised. Users consistently mention that the solution is stable, and reliable, and does not experience crashes, freezes, bugs, or glitches.
Some reviewers highlight that the product has gone through multiple versions, indicating its maturity and stability. The performance is also mentioned as good, and the solution is described as low maintenance.
Break down data silos and gain actionable intelligence by ingesting data from multicloud and on-premises deployments. Get full visibility to quickly detect malicious threats in your environment.
Defend against threats with advanced security analytics, machine learning and threat intelligence that focus detection and provide high-fidelity alerts to shorten triage times and raise true positive rates.
Gather all the context you need and initiate flexible investigations with security analytics at your fingertips. The built-in open and extensible data platform boosts productivity and drives down fatigue.
Built on an open and scalable data platform, you can stay agile in the face of evolving threats and business needs. Splunk meets you where you are on your cloud journey, and integrates across your data, tools and content.
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.