What is our primary use case?
Splunk is a SIEM, a Security Information and Event Management solution. It is used, for example, for monitoring security logs and security information in companies and organizations. It is also used for correlation, meaning making policies, for detecting/monitoring attacks, and the like; for monitoring security logs, security events, preventing hackers from attacking. It's really for business continuity.
How has it helped my organization?
For a long period of time we analyzed logs, traffic, something like tcpdump. Splunk UBA is useful for fraud detection and for detection of APTs, advanced persistent threats. It's really important for our business because I work a PSP, a payment service provider, e-payments.
What is most valuable?
UBA, User Behavior Analytics.
What needs improvement?
In the next release of Splunk, I think the machine learning should be emphasized. Now, it's really important to analyze Big Data, data mining. A SIEM solution, like Splunk, needs an improved data mining solution, artificial intelligence. Splunk would be the best if it improved these features.
What do I think about the stability of the solution?
It's stable and very safe.
What do I think about the scalability of the solution?
Splunk's scalability is good for an enterprise situation. It's scalable in all situations.
How is customer service and technical support?
For us, technical support has been good. Splunk has good documentation and it is really easy to work with Splunk and the Splunk community.
Which solutions did we use previously?
I used ELK. It was good. It is an open-source solution, but there is some complexity in configuring it, working with it.
In choosing a vendor I use industry reviews to find feedback from the community that works with the solution.
How was the initial setup?
The initial setup was straightforward.
Which other solutions did I evaluate?
There are a lot of solutions: IBM QRadar, Splunk, LogRhythm. Splunk was good for us because of the support, the documentation, the scalability, the stability. It gives us everything that we need in our business, everything necessary for helping us do our job.
What other advice do I have?
There are three top SIEM solutions in the world: Splunk, LogRhythm, IBM QRadar. I think Splunk is the best.
I would rate Splunk at eight out of 10. The vendor needs to work on this solution to make it better and better. I would recommend this solution but it depends on the situation, the country, the support from the vendor.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jun 05 2018