How has it helped my organization?
Some of my clients had rudimentary home-grown security solutions that Splunk ES has completely replaced.
In these cases, the improvement was dramatic; they had visibility into systems and activities that they never had before.
In the case of clients who already had a SIEM solution, the change was more incremental. However, in my opinion, the Splunk ES solution is superior because it is so flexible. It can consolidate data from almost anything.
What is most valuable?
Splunk Enterprise Security is most valuable, my clients use it as a SIEM solution. Splunk gives them the ability to bring multiple, disparate types of data together, then correlate and report on them.
What needs improvement?
The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating.
What do I think about the stability of the solution?
There were no stability issues. It is one of the most stable systems that I have worked with.
What do I think about the scalability of the solution?
As of now, no scalability issues were experienced. Splunk is highly scalable, so don’t anticipate that. However, scaling can get very expensive with their pricing model.
How is customer service and technical support?
Technical support is excellent! It is of top notch level. The customer support folks really know their stuff, the turnaround is fast.
Which solutions did we use previously?
Previously, we were using HPE ArcSight.
How was the initial setup?
That’s a hard one. The initial setup is easy but making it actually work is complex. However, the complexity is something that just comes with all top SIEM tools. Very few companies have exactly the same data and issues, so a great deal of data onboarding and normalization are always required.
Which other solutions did I evaluate?
We evaluated HPE ArcSight.
What other advice do I have?
Plan your implementation carefully. Be sure you have someone to implement it, someone who knows what he is doing. Splunk’s inherent flexibility is a great thing, but it also provides an opportunity to really mess things up.
Disclosure: My company has a business relationship with this vendor other than being a customer: We are an alliance partner.
Jun 26 2017