Splunk Enterprise Security Reviews

We use Splunk for analyzing data.

The solution allows easy gathering and ingestion of the data.

The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed.

I have been using Splunk within the past 12 months.

The solution has been stable.

Our customers are mostly enterprise-sized companies using this solution. 

Splunk has many partners that provide customer support that can be used.

The initial setup is not easy. Customers have to learn the Splunk language and it is hard to operate it by themselves. They will need Splunk engineers to assist in their projects.

You will need a Splunk implementation specialist for the deployment.

My customers have found the price of the solution to be high.

I rate Splunk a five out of ten.

• Collects data from any source
• Powerful search, analysis, and visualization
• Easy to build system on any platform
• API and easily integrated search
• Action script

We have over 7000 devices in our network infrastructure for monitoring, maintenance, and performance assessment.

We achieve this by collecting data and applying the analysis.

I have used this solution for one year.

We did not encounter any issues with scalability. Everything is normal with no bugs.

It’s easy to obtain support from Splunk for technical issues. We also have enough knowledge ourselves to apply fixes.

We used to deploy Elastic Stack. The search language of Splunk is easier and friendlier than Elastic Stack. It has helped me to search quickly and easily. Based on the results, it’s easy to visualize and add results to a previously built, personal dashboard.

Licensing is free. Pricing is based on usage.

We evaluated Elastic Stack and Sumo Logic.

If you are an enterprise and you need the best service for critical business analysis, Splunk would be one of the best choices.

What Splunk calls operational intelligence: fast availability of operational data spread across several servers to prevent or react faster to outages or performance decreases.

MES is a complex and very critical distributed system here. Production WIP is directly connected to it and ICT is required to provide a continuous availability and very stable performance (line production has a costant speed, software cannot slowdown). Collect operational data from hardware, middleware and application software can potentially improve ICT proactive and reactive tasks.

I've ever used it, just studied it.

We also use a traditional monitor, and Microsoft SCOM.

Every stop or slowdown of the production line means lost of money, e.g. 30% reduction when compared to the current baseline.

Every stop or slowdown of the production line means lost of money, e.g. 30% of reduction compare to the current baseline.

IBM QRadar

We were using Splunk for our networking to know exactly what kind of the traffic was going from one network to another network because we had a lot of the connections on other sites.

it can explain to management about what kind of traffic is visiting the network. It can also explain other traffic coming in and out, along with protecting against malware.

All the features are valuable. It helps us uncover bottlenecks in the network.

Splunk should be able to integrate with other product using the free version.

The product was difficult to back up the first time.

The stability is fine.

We have two people maintaining it.

Splunk needs local technical support.

We did not use another solution previously.

The deployment was great and took three to four days.

The pricing and licensing of the product are quite high.

Splunk is great product, especially for my organization.

• SIEM
• Security information 
• Event management

The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication.

What they need to do more than anything else is, they need to take a serious look at purpose-built modules like the SIEM and put a lot more effort into making them more robust. If they did that I think they would have a better chance on the market. The base tool was great, and if the organization that they're looking to sell into requires a good, solid logging solution then they would have a very good sales statement to make because you could get the logging solution you need that could give you the SIEM at the same time.

It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solution would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make.

• AlienVault
• LogRhthym
• ArcSight
• QRadar

I've used a whole bunch of different solutions. For a SIEM based solution, they are more purpose-built for that function. Where Splunk is purpose-built for a general logging and data capture solution so you'd be able to capture a lot of different information.

Anything that's not out of the box requires codding. Even up until recently when they finally released their SIEM or their security add-on. Before then there was not security stuff at all. I would actually have to go in and code that within the system to able to do the necessary searches to pull that information. Where a lot of the other tools, they already have those preconfigured which means I don't have to go and recreate the wheel. Now, we finally figured that out to a certain degree, and started putting the new tool in a place that gives you some SIEM functionality.

As a logging solution, I would say it's probably an eight or nine. If you're talking about the SIEM I'd say it's probably about a five. For logging, I think they would have to change the costing model. The costing model is way out of line. It's built for very large organizations.

Splunk is our central locale for cybersecurity and protection.

Once we onboarded all of the required needs, it created a lot of visibility for us.

It is quite extensible. It is a platform that we can build our use of each case instead of each case being limited or restricted to each capability. This is probably the best feature.

I would like to see future development in terms of ML (Machine Learning). 

It is a stable product.

It can be scaled quite easily in comparison to other products on the market.

The tech support response time could be a bit better. Sometimes I need to wait more than 24 hours for a response to my tickets.

I was not involved with the initial setup.

The price could be improved.

We use Splunk for infrastructure monitoring, application monitoring and in the security space for our organization as well as for our customers.

Since Splunk is a platform for data, we can ingest and correlate data from virtually any type of system.

It has a fast turnaround time for setting up monitoring/alerting and forecasting of trends as per our customers' requirements.

The following are top three features that I find quite valuable:

1. Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning.
2. Quick turnaround time for setting up monitoring and alerting with built-in capabilities, plenty of enterprise grade apps available on Splunkbase, and custom coding based on Splunk development skill level.
3. Free Splunk license for PoCs on personal machines and the ability to scale the PoC to an enterprise level app.

• Scheduled PDF generation does not work well for all visualizations, and it does not work for custom visualizations.
• While scheduled reports can be embedded, Splunk dashboard can not be embedded directly without enabling cross origin.
• Missing capability for audio/video and image processing.

It was used for security event management on landscape hosted over AWS.

It helped the organisation to proactively monitor threats and reduce its threat footprint.

Deployment server for deploying changes in one go.

It is quite stable.

No.

Professional support is great, but too expensive. Otherwise content published over website is good.

Not applicable.

Do proper estimation on log ingestion per day as that will impact pricing and licensing.

It was the customer's choice.

It provides a great range of plugins and one can really take great advantage of utilising inbuilt dashboards to derive the desired monitoring.

Our company consults for different customers and are in a good position to recommend the best solution to our clients.