We performed a comparison between Splunk Enterprise Security and vRealize Network Insight based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. That is helpful for a power user like me."
"This is a straightforward solution, easy to configure."
"We did not encounter any issues with scalability. It is almost seamless to add new index (storage) or search (used to analyze the data) nodes to the cluster."
"The best part of Splunk Enterprise Security is its customizable settings."
"The search lookups are useful."
"The most valuable feature is the log aggregation, being able to scan through all of the logs."
"It's very flexible. If you look from the cloud implementation it is there. Reports are made quickly. Unlike other tools, it caters to all kinds of technical information on the front very easily. There's no need to put in any technical information. You can pull on the reports very easily, take action, and notify stakeholders."
"Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort"
"As a troubleshooting tool, it's a level-3 troubleshooting-skills tool and it's very easy to use and very easy to find the information that you need."
"It has enabled us to set up and do application discovery, as far as network traffic is concerned, and set up the appropriate rules that we need to make sure we're compliant with our security frameworks."
"It allows us to go from virtual through NSX, up to the core, and see all of that in one pane of glass, it's pretty easy."
"It gives the visibility that was either broken or there in pieces only. This solution provides a unified view of the whole system, back and forth. It has helped to reduce time to value, increase performance, more easily manage networks, and provide deep visibility."
"It is user-friendly. It's pretty simple to deploy and to run. It gives you pretty easy-to-understand reports, very graphically intense, so you can visualize what's going on in your network."
"It allows us to see how the network devices function as well as to see network glitches or fluctuations or dropping of packets."
"The most valuable feature for me is the different views that you can get when selecting an application or a VLAN. It shows you the traffic flows. It gives you a visual representation of something that, in text, just may not make as much sense."
"The most valuable feature for us is that insight into what our network is really doing - it's a fairly complex network. Not having to go through thousands of lines of network configuration to find firewall ports that were open or closed, for various ports, was very valuable. It went out and found everything we need very quickly."
"There is a definite learning curve to starting out."
"One issue is that we are getting a lot of false positives. We are trying to reduce them by customizing the default rules, changing thresholds, and using white-listing and black-listing. It's getting better and better as a result. But they need to build components that would reduce the false positives."
"The configuration had a bit of a learning curve."
"Given the ever-increasing number of threats, I would like Splunk to update its threat signatures more frequently."
"It is a hugely complicated product."
"My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it."
"If it could be made available as a service, this would be much better than as a product."
"Endpoint access is the only issue I can think to mention, even though the endpoint access we have with Cisco is fine."
"The only reason I would not give it a nine or a 10 is for cost reasons. It seems to be one of those things that really belongs as part of the product inherently and not as an add-on. That would be my only concern."
"The solution is very much viewer centric and it would be nice if it would transcend just the virtual infrastructure."
"I would like to see application identification. That would be cool."
"I would like to see more reporting features, more dashboards."
"I want to be able to monitor a network flow that is approximately two weeks back, but I haven't found an easy way to do this."
"The virtual appliance has rebooted."
"The only real improvement they can make is to add more third-party vendors into the environment, mostly switch manufacturers, because it's really limited to Cisco equipment and there are a lot of companies out there other than Cisco."
"vRNI needs more remediation where it hooks into NSX."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while vRealize Network Insight is ranked 24th in IT Infrastructure Monitoring with 44 reviews. Splunk Enterprise Security is rated 8.4, while vRealize Network Insight is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of vRealize Network Insight writes "Provides deep analytical insights and makes migrations efficient with dependency mapping". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Microsoft Sentinel, whereas vRealize Network Insight is most compared with ThousandEyes, NETSCOUT vSTREAM, AppNeta by Broadcom, Zabbix and Cisco Secure Network Analytics.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.