We performed a comparison between Splunk Enterprise Security and vRealize Network Insight based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."Splunk's advantage is its search capability. Its search is notably faster. With Splunk, I can search easily on keywords. That is great."
"The most valuable feature is the incident dashboard, and the extensive use of correlation searches, which isn't available with a standard Splunk search package. This feature is important to me because it enables SOC analysts to do their job more efficiently and be able to investigate or mediate incidents at a faster pace."
"I have not seen any outages in the product in the past two years that it has been running in our company, so I think it is good when it comes to the stability part."
"Visualizations are the best way to understand deviation techniques from the norm."
"We can automatically suspend or terminate suspicious sessions."
"The correlation search functions that generate all the notables are valuable. That can get pretty complicated, and it handles that pretty well."
"The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. That is helpful for a power user like me."
"The most valuable aspect of the solution is the dashboard. It's very intuitive."
"As a troubleshooting tool, it's a level-3 troubleshooting-skills tool and it's very easy to use and very easy to find the information that you need."
"The graphical interface of this environment is so good with all the views, the graphics, and everything in them. It's really easy for me. It doesn't need an engineer to work on it. It's easy enough that anyone can get into the environment and look for issues or look at how communication is going on across the VMs. It's pretty much straightforward."
"Whenever we say "valuable" with respect to the network, it's more towards the security. The firewall rule issues it shows us and the recommendations that we get from vRNI are the most valuable features because they are actually making our network more secure."
"The ability to use the natural language query and see the visualization is quickly intuitive, and it works very well."
"compare-to-competition; I would recommend the product. I don't think there is any other product like this on the market right now."
"It's user-friendly. It's similar to the GUI that most VMware products are moving to, and the consistency across those makes it easy to switch from one product to another. Also, the search bar at the top is plain text and it helps you, it guides you along with your search query, so that helps. The first day you're in there you can start building actual queries."
"The most valuable feture is NetFlow to help us understand how VMs communicate with each other over ports that are known and ports that are also unknown to us. Our company is a security company, so it's very important for us to know exactly which VMs are doing what at all times."
"The most valuable feature is the visualization. It's really handy to be able to classify network objects as with applications and see the interaction between them."
"The UI can be improved. Dashboards and reports can be better in terms of graphics."
"When you get into large amounts of data, Splunk can get pretty slow. This is the same on-premise or AWS, it doesn't matter. The way that they handle large data sets could be improved."
"It would be good if the solution had some kind of copilot to automate or help write correlation searches."
"One issue is that we are getting a lot of false positives. We are trying to reduce them by customizing the default rules, changing thresholds, and using white-listing and black-listing. It's getting better and better as a result. But they need to build components that would reduce the false positives."
"On the technical side, it would be nice to see aspects of the recent acquisition of Phantom make it into the core Splunk Enterprise, not just become a part of the premium Enterprise Security."
"The integration could be a bit better. They charge for certain integrations."
"It needs a better way to export dynamic views without requiring a ton of code and user/pw."
"The configuration had a bit of a learning curve."
"There could be some deeper analytics into packet inspection and trace flows. It could use some kind of machine learning to look at Layer 7 traffic for potential malware or corrupt packets."
"I would like to see application identification. That would be cool."
"When we talk about those micro-segmentation rules, there's an Export function. It is very macro-segmentation oriented instead. So if you choose an application, it will find the tiers within that application and say that it's communicating on, say, port 80 to a separate VLAN. There might be 200 machines in that other VLAN. You don't want to open port 80 at all of them. So we need a lot more granularity in those suggested firewall rules."
"The UI, even though once you get to know it, it's easier, still it's hard to figure out by yourself. You have to go read, watch videos. It has a lot of data on it. So that is an issue."
"There is room for improvement when it comes to pricing because we pay here in Brazil, and all the costs are based on the dollar."
"I want to be able to monitor a network flow that is approximately two weeks back, but I haven't found an easy way to do this."
"It just needs to be more reliable and more accurate. At some point, there are some things where it does not match properly."
"The IT infrastructure industry is expected to evolve towards a hybrid cloud model in the next five to ten years. In this model, most of the customer's resources reside on-premise within a private cloud setup, such as VMware. Another segment operates within public cloud environments like Azure and AWS, and a portion remains in traditional data centers. There should be seamless interoperability between public and private clouds. AWS and VMware need to work together to make it possible. Whether users interact with on-premise infrastructure or configure resources in the public cloud, the user experience must be seamless."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 246 reviews while vRealize Network Insight is ranked 24th in IT Infrastructure Monitoring with 44 reviews. Splunk Enterprise Security is rated 8.4, while vRealize Network Insight is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of vRealize Network Insight writes "Provides deep analytical insights and makes migrations efficient with dependency mapping". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Microsoft Sentinel, whereas vRealize Network Insight is most compared with ThousandEyes, NETSCOUT vSTREAM, AppNeta by Broadcom, Zabbix and Cisco Secure Network Analytics.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
