Splunk Enterprise Security Reviews

Typically, we use the solution for critical infrastructure companies. 

The speed is a very valuable aspect of the solution. 

The way Splunk handles low data and low-rate costs are great.

The level of robustness on offer is very good. 

The initial setup is very straightforward. 

We have found that the solution offers good integrations with other products.

Overall, the solution works very well.

The complexity could be worked on so that it's even easier and faster. However, I understand that, if some complexity was removed, there might be slightly more limitations.

Occasionally there are data sizing and data-related issues that need to be overcome.

I've been using the solution for a couple of years.

The performance is very good. It's something that customers are always looking for. The product offers good stability. There are no bugs or glitches and it doesn't crash or freeze. It's reliable. 

We have about five to ten partners that use Splunk.

I'm a fan of QRadar. I use them as well.

The initial setup is very straightforward. It's not overly complex or difficult. A company shouldn't have any issues with the process. The deployment process doesn't take too long. You can manage it with fewer people and smaller teams. This is especially true if it isn't the critical infrastructure that you are working with. 

For deployment and maintenance, you only need two to three people. That can include one manager and two professionals. Since Splunk is easier to handle, more people can join in on the client-side.

We also use QRadar, and we make more money with QRadar than with Splunk as we can make bigger projects happen. However, we find that with Splunk, while we don't make as much money on each project, we can do more of them.

I'd rate the solution at an eight out of ten.

We are using Splunk as a SIEM tool. We're using it for monitoring.

The ease of log connection has been great. 

Its compatibility with other SIEMS is very useful. 

They have many basic use cases that we like. 

The cloud version of the solution is especially scalable.

The product has been quite stable so far.

The initial setup is very easy.

Technical support is lacking post-sale.

The modification of firmware could be improved.

We find that the maintenance process could be a lot better. 

The solution is more expensive than other options on the market.

We haven't been using the solution for too long at this point. It's been about four months or so.

The stability has been good. It offers good performance and doesn't seem to be buggy. There aren't glitches. It doesn't crash or freeze. It's reliable.

The solution is scalable. This is especially true for the cloud deployment model. There really isn't anything holding you back if you use that version.

We have around 100 people on the solution currently. 60 to 70 of those are technical users.

We do plan to keep using Splunk. 

Technical support services are lacking, especially after you buy the product. They aren't as helpful or responsive as we need them to be. However, when we do reach them, they are good and they help.

I have used McAfee Nitro in the past and IBM QRadar as well.

The initial setup is not complex. It's very straightforward. In fact, it's far easier to install than other log tools on the market. A company shouldn't have any issues with the process.

That said, I did not work on the installation myself. Other people at the company handled that aspect of the process.

The maintenance process could be better. It's a bit difficult once the deployment is done. We need about five people for maintenance tasks.

When you compare the services and features, the pricing is reasonable. That said, if you compare Splunk to other options on the market, it is more expensive.

As we recently purchased the solution, we are using the latest version right now.

I would recommend the solution to other users. 

I would rate the solution at an eight out of ten. If the solution offered a better price and better support services, I would likely rate it higher. However, for the most part, we have been satisfied with the product and its capabilities.

We use Splunk primarily to provide our security and ops groups with important insights to more efficiently make decisions and take action.

My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports.

Splunk's schema on demand is incredibly useful. I do not have to worry about what my users will need when we onboard their data. They can make connections that we could not have foreseen. They dig deeper when they are searching.

Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run.

While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged.

• Monitoring IT and other processes for a large university.
• Leveraging alerts and dashboards to detect and predict security breaches and other events.

Splunk has enabled us to detect, even predict potential security issues, before they become severe. It has enabled our operations and development teams to more efficiently monitor and troubleshoot their systems.

The search language is easy to understand and teach to new users. The SDK is comprehensive and has incredible levels of integration with the platform and data. 

• Certain sections of the developer documentation could use some updating and clarification.
• Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling. 
• Some terminology is vague and confusing (examples: deployer versus deployment server or search head versus search peer).

Support is quick and competent.

IT service analytics: 

• Server machine data
• Monitoring data
• Alerting data
• ITSI KPIs
• Real-time reporting
• Month-over-month reporting.

It allows for transparency into IT metrics for insightful business analytics.

It brings together all sorts of data. It has the ability to correlate data, analyze and review it. This makes weekly ops reviews and monthly executive management reporting much easier by saving hours of collecting data. Report automation has been a life saver.

• Free-floating panels in the dashboards are like a glass table. 
• It needs more formatting control without having to be an admin.

Previously, only the service owner could see the data and he might have gone to several places to obtain it. Now, it is all in one place and easy to access. 

Central repository for log collection and analysis in a complex environment. We have used it for a variety of use cases involving SIEM and operational support.

Speeds up root cause analysis and can help identify issues that your organization never realized were occurring. It helps streamline troubleshooting and log analysis.

It has a low barrier to entry, but it is extremely extensible, allowing it to be tailored to highly specific use cases. It makes searching through a wider variety of logs much quicker and enables you to correlate events from one log to another.

It can be tough to determine if you are getting all of the value out of your investment at times. However, our sales seems to be flexible and will work on an organization to organization basis to negotiate license terms. 

On the technical side, it would be nice to see aspects of the recent acquisition of Phantom make it into the core Splunk Enterprise, not just become a part of the premium Enterprise Security.

Pricing can be a limiting factor. You have to continuously tune what you are bringing in and make sure what you bring in is of value. 

The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly.

We had some connections issues with the solution at the beginning.

I have used Splunk within the last 12 months.

Splunk is a highly stable solution.

The scalability is good.

We have approximately 50 users using this solution in my organization.

I am satisfied with the support from Splunk.

We were previously using Excel.

We used a consultant for the implementation of the solution. The full process took approximately one week.

We had a big problem with communication sometimes during the implementation. Some files in our network were a little difficult to receive. This was our fault because of some of our firewall configurations.

We have a five-person maintenance team that works on this solution.

I rate Splunk an eight out of ten.