We performed a comparison between Netsurion and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The machine learning and artificial intelligence on offer are great."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"Free ingestion for Azure logs (with E5 licence)"
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The product can integrate with any device."
"It has a lot of great features."
"We don't have the eyeballs available to stare and watch for things, or even have the capability of building internal alert systems. So, the managed SOC has been huge for freeing up staff to work on other responsibilities. We are saving on at least one full-time employee."
"I like the UI, overall. I like the main page and there are aspects of the search page that I like. When you bring it up on the left-hand side of the page, as you look at the events, the ability to simply hit and click the plus/minus to pull events in and out of the overall view is well done and is very effective from a threat-hunting and an analysis perspective. I like the detail it shows."
"The product satisfies our compliance, and thus, all of our auditors. All of the data that we use and store for all security events is required by our auditors to be kept in a central storage location."
"I like EventTracker's dashboard. I see it every time I log in because it's the first thing you get to. We have our own widgets that we use. For the sake of transparency, there are a few widgets that we look at there and then we move out from there... Among the particularly helpful widgets, the not-reporting widget is a big one. The number-of-logs-processed is also a good one."
"We have also integrated our endpoint security into the Netsurion SIEM. That's important because we have all the events in one place; we don't have to manage them in multiple places. In addition, the embedded MITRE ATT&CK Framework was paramount in our decision to choose Managed Threat Protection because the MITRE Framework is the industry standard for threats."
"Expediting incident response is really great."
"I really appreciate the fact that the dashboard breaks everything down into a pretty easy view for me... It shows what changes are happening to privileged user accounts, access and identity, what's cropping up. It shows application activity and whether we've got system resources that aren't online and being found anymore. It's a pretty simple, easy, quick hit and there are the supporting logs behind it. If I need to drill down further, I can do that quickly. It's very effective."
"When it comes to threat detection and response, it does a very good job detecting and blocking on its own. And the SOC is a nice added value because they're doing analysis on things that aren't as obvious, on things that you can't just detect with a signature or behavior. Also, any SIEM will come with a lot of noise, so having them do a lot of the initial analysis to find out what's critical and what issues are false alarms is very good."
"Our clients use the solution to find any threats or vulnerabilities inside their environment."
"The reporting aspect is good and it does what I need it to do."
"Splunk helps us be more proactive. We can take predictive action to identify and block threats so that nothing harmful gets into the system."
"The most valuable aspect of the solution is the dashboard. It's very intuitive."
"The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
"We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health."
"Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations."
"Splunk has give us the capability to easily track problems and their status."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"I would like to see more AI used in processes."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"There is room for improvement in entity behavior and the integration site."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"Everything that I've wanted has been added in. EDR was added, and MITRE was added. Those were two big ones that we didn't even have to push for."
"The threat detection and response is passive. We have asked if there were options for taking action, and we have not gotten any feedback on that, which would be useful to know. Depending on the situation and threat, some actions may not be possible, but we haven't gotten any feedback on what options could be directed and actionable with the understanding that it may have an extra cost. It would be nice to know or find out if it is actually possible to take actions by a SIEM service or a SIEM agent."
"Where there is an opportunity for improvement is in the interface used for performing the searches. You have to understand Elasticsearch search too well for the security team to be able to take really full advantage of that part of the product. It's not as intuitive as I would like it to be for new staff coming in. The general query capability is a little bit challenging."
"Netsurion's threat detection and response aren't quite mature. I would expect a little more."
"The biggest problem is that we have too many domain controllers. So, we have to keep all the clients and main system updated with the latest versions along with making sure all the firewalls are open."
"I would also like to have a dashboard that I can access anytime to review the real-time data from their website."
"The solution's dashboard is okay. The one thing that we ran into are issues when we upgraded to the newer version. It uses Elasticsearch for the different dashboard entries. So, we were running on spinning disks, and Elasticsearch didn't work that well. A number of the different dashboards, like my dashboard or different things like that, pull from Elasticsearch. Since Elasticsearch really wasn't working, we were having some issues with that, but we just migrated."
"Communication is always something that can be improved, but I feel that any time we've had a communication issue, it's quickly addressed when we bring those up at the monthly meetings. Usually, it's an individual that wasn't clear in the communication, it's not the process per se. You always have to be able to segregate if the process didn't work or an individual either didn't say the right thing or my people didn't understand what they were being told."
"If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well."
"We were inundated with the amount of alerts and alarms that we could get out of it. It is also a resource hog and we didn't have the resources to support it on-prem so we're taking it offline now."
"Splunk is not very user-friendly. It has a complex architecture in comparison to other solutions on the market."
"We would like more integrations with other cloud products, not just AWS, e.g., Azure."
"The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement."
"Configuring a few apps is complex, not straightforward."
"On the technical side, it would be nice to see aspects of the recent acquisition of Phantom make it into the core Splunk Enterprise, not just become a part of the premium Enterprise Security."
"Over time I will have more requirements and I can foresee the solution could improve the search algorithm to run and output the data faster."
Netsurion is ranked 16th in Security Information and Event Management (SIEM) with 24 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 235 reviews. Netsurion is rated 8.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of Netsurion writes "The SOC center monitors, hunts, and notifies us of threats around the clock". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Netsurion is most compared with Arctic Wolf Managed Detection and Response and CyberHat CYREBRO, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Netsurion vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.