We compared Securonix Next-Gen SIEM and Splunk Enterprise Security across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Features: Securonix Next-Gen SIEM offers extensive customization options and multiple advanced features, such as Spotter, which enables in-depth search and analysis. Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality.
Room for Improvement: Securonix users highlighted the need for greater flexibility in modifying reports and templates and improved analytics and visualization. Users say Splunk needs improvements in AI capabilities, user-friendliness, and analytics.
Service and Support: Securonix has been praised for its effective support and timely problem resolution. While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise.
Ease of Deployment: Some users found the Securonix Next-Gen SIEM setup to be straightforward, but others found it complex. Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators.
Pricing: Securonix Next-Gen SIEM is competitively priced and more affordable than many SIEM solutions. Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data.
ROI: Users say Securonix Next-Gen SIEM offers a significant return on investment by streamlining infrastructure management and enhancing overall efficiency. Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations.
Comparison Results: Users appreciate Securonix's smooth onboarding process, flexibility in features and patches, and ability to manage infrastructure. However, Securonix should improve its visualization and reporting flexibility. Splunk is praised for its interoperability and powerful search features, but users say that Splunk should work on its performance issues and offer more advanced AI capabilities.
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"It has a lot of great features."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"I was looking for software as a service rather than having issues with managing hardware, upgrades, updates. I was trying to step away from that. Those were the key factors when looking at Securonix as a full-feature SIEM with next-generation capabilities available."
"The user interface is easy to learn and navigate."
"The scalability is one of the remarkable qualities of this product, which makes it very effective, especially when we are dealing with substantial data volumes in the cloud."
"The most valuable feature is that it works on user behavior and event rarities."
"The solution has proven to be stable so far...The solution is easy to scale up."
"The most valuable feature is being able to look at users' behavioral profiles to see what they typically access. One of the key events that we monitor is people's downloading of objects... It's very easy to see people's patterns, what they typically do."
"The solution is stable and scalable."
"When we were looking for products for our security monitoring needs, our biggest requirement was that we wanted something based on machine-learning and analytics. If you go with rules, it can raise a lot of noise. Securonix, with its UEBA capability, had the best analytics use-cases."
"The solution is very fast and succinct."
"It's better than IBM, in my opinion, because it's an independent entity."
"Splunk has a wide range of features that customers use to find and analyze all kinds of logs."
"The additional vendors we've brought on board, particularly the elastic, have been quite beneficial."
"The most valuable feature is the incident dashboard, and the extensive use of correlation searches, which isn't available with a standard Splunk search package. This feature is important to me because it enables SOC analysts to do their job more efficiently and be able to investigate or mediate incidents at a faster pace."
"The data analysis part is good in Splunk, which is something that I like the most. It is also quite easy to use. Its dashboards, visualizations, and analytics are good."
"The graph visualization is the most valuable feature."
"The solution allows easy gathering and ingestion of the data."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"The AI capabilities must be improved."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Sometimes, the injectors lag and are not loading. It would be nice if that could be improved."
"Other than issues with the training, there have been issues with the encryption. There have also been issues with some of the reporting, minor glitches that they have fixed as they've gone along."
"Regarding the analysis of security events on the SOC side, Securonix Next-Gen SIEM needs to improve its automation capabilities."
"We would like a little more face-to-face training. Securonix has several tutorials on its website, but we want there to be a person in Colombia who does training or workshops to give us a better understanding of the platform."
"There is room for improvement in the product's integration with ServiceNow and in the reporting features."
"The technical support of the solution is an area with shortcomings and needs improvement."
"Sometimes, there is instability in the data in terms of the customization of the time. I have sometimes observed discrepancies in the data, which is something they should work on. They should bring more stability to time customization. If we are seeing a particular data, when we change the time zone, there should be the same data. There should not be any discrepancy."
"One of the things they can improve on a little bit is the usability side, to make some things simpler... The tool does have a lot of knobs, you can turn a lot of things on and off and you can change things. Sometimes, it can become a little overwhelming. They should remove some confirmation options and make it simpler for the less mature customers and people who are still trying to grasp it."
"The solution should also have more advanced capabilities in comparison with QRadar, which offers Watson."
"The glass table feature does not perform as expected."
"Splunk ES could have more pre-built integrations and rules. The detection is fairly accurate, but it depends on the rules you create. Splunk's out-of-the-box configuration isn't that useful."
"Splunk is more expensive than other solutions."
"It can be tough to get a hold of somebody in technical support depending on the complexity of the issue."
"I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications."
"The GUI could be improved to include some of the capabilities that other BI solutions have. The layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code."
"The cluster environment should be improved. We have a cluster. In the Splunk cluster environment, in the case of heavy searches and heavy load, the Splunk cluster goes down, and we have to put it in the maintenance mode to get it back. We are not able to find the actual culprit for this issue. I know that cluster has RF and SF, but it has been down so many times. There should be something in Splunk to help users to find the reason and the solution for such issues."
Securonix Next-Gen SIEM is ranked 7th in Security Information and Event Management (SIEM) with 27 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 228 reviews. Securonix Next-Gen SIEM is rated 8.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Securonix Next-Gen SIEM writes "Spotter tool has helped us eliminate many hours required to manually create link analysis diagrams". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Securonix Next-Gen SIEM is most compared with IBM Security QRadar, LogRhythm SIEM, Exabeam Fusion SIEM, Seceon Open Threat Management Platform and USM Anywhere, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Securonix Next-Gen SIEM vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.