We performed a comparison between Splunk Enterprise Security and vRealize Network Insight based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"It's pretty powerful and its performance is pretty good."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"I have found the installation can be of medium difficulty to very complex depending on the use case."
"Splunk helps us be more proactive. We can take predictive action to identify and block threats so that nothing harmful gets into the system."
"Splunk Enterprise Security helped us with faster detection of threats."
"From my experience, the visual aid that it provides is most valuable. There are charts and other means to provide information."
"The search function for spam is like a google search. You just enter and it will quickly show you the results."
"The scalability of the solution is amazing because it can collect a lot of data and you can have your own structure to monitor this data."
"Splunk gives my clients the ability to bring multiple, disparate types of data together, then correlate and report on them."
"Out-of-the-box, it seems very powerful."
"It provides deep visibility into what is happening with traffic and helps us manage our network."
"It has definitely helped us to meet compliance rules by assuring that all traffic is going to where it's supposed to go. It can be used to report that you are in compliance, as well as helping you get into compliance."
"Whenever we say "valuable" with respect to the network, it's more towards the security. The firewall rule issues it shows us and the recommendations that we get from vRNI are the most valuable features because they are actually making our network more secure."
"It especially helps with deploying NSX, that you're not having to manually chase down and figure out what you need to do to microsegment VMs. This gives a nice option where you can say, "Hey, this VM, show me what flows are there." I can export it out and then import it as an NSX rule and job done."
"vRNI can trace the flow of each and every packet and it is easy for us to troubleshoot all the issues that we do have with the networking. We can trace down the packet to a point where it has been dropped."
"It helps a lot because, until now, we didn't have the tools to figure out the micro level, VM-to-VM kind of traffic; that was not in the current environment. We could not figure out VM-to-VM communication from the other tools. This is the tool which gives us end-to-end transparency."
"The initial was straightforward. You can have it up and running in one hour."
"The most valuable feature is the visualization. It's really handy to be able to classify network objects as with applications and see the interaction between them."
"The troubleshooting has room for improvement."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"The administration of the cluster and app deployment to indexers or search heads can be done only using ssh access and command line, there is no GUI tools for that."
"There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side."
"The upgrading process could be smoother."
"Some of the search functions can be better. There has been a lot of talk at the conference about the update of SPL before each iteration. That will be a lot of help."
"Splunk could be improved by reducing the cost. The cost is one of the biggest challenges for us in keeping to our production requirements."
"The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do."
"An improved user interface along with multi-tenancy support would be beneficial."
"It's difficult to set up initially, and their billing model is also a bit complicated."
"I want to be able to monitor a network flow that is approximately two weeks back, but I haven't found an easy way to do this."
"The solution can be improved by making it more compatible with other brands, allowing for better integration."
"The only reason I would not give it a nine or a 10 is for cost reasons. It seems to be one of those things that really belongs as part of the product inherently and not as an add-on. That would be my only concern."
"There are some random glitches in the Web UI, but they are usually pretty cosmetic in nature. I don't really seem to use any browser other than Chrome with it. I also get some weird errors from time to time on the hardware NetFlow Collectors, where it doesn't sync data."
"The virtual appliance has rebooted."
"After you use it for a little while you become accustomed to it but the layout doesn't feel very intuitive. You have to dig around and find the exact place where you can find the information, where you can actually see your east-west traffic, etc. I would like them to bring that information more to the forefront, instead of having to find it."
"While it's not exactly a feature, what normally happens when we are trying to look at the VM flow portion is - although Network Insight does have options to integrate a few physical switches into it - we can't really get an end-to-end flow of the network. We might be using a few switches that are not supported by Network Insight. That is where they can improve, in the support for more physical switches and network devices."
"The only issue we have is that the solution does not always capture the host names."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 228 reviews while vRealize Network Insight is ranked 24th in IT Infrastructure Monitoring with 44 reviews. Splunk Enterprise Security is rated 8.4, while vRealize Network Insight is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of vRealize Network Insight writes "Provides deep analytical insights and makes migrations efficient with dependency mapping". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas vRealize Network Insight is most compared with ThousandEyes, NETSCOUT vSTREAM, AppNeta by Broadcom, Zabbix and Cisco Secure Network Analytics.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
