What is our primary use case?
I work in the HIPAA industry. I work at a healthcare company in Puerto Rico. HIPAA requires us to go over security risks. Our use case right now is to be compliant.
In our hierarchy, we have 1000 servers and 16,000 endpoints. We also have 100 entry points and 3000 VPN connections. It's huge.
How has it helped my organization?
Manually, it used to take us a whole day to do strong monitoring. Now, it takes a maximum of two hours because of this product.
What is most valuable?
The dashboard centralizes the daily routine. We used to do this by hand. Now, we go through daily checklists, using the dashboard and setting up the alarms. It helps us to cut down the time on this routine.
I am a cybersecurity director. I manage five different business lines. Every morning, we used to have to go to different tools to get our daily routines done. With Splunk, centralized as it is, we can see everything in one place. We use it not only for monitoring events, but in case we need to do a group call. We can see what's going on, viewing all of the offenses and security events which are happening in our infrastructure.
What needs improvement?
The Web Application Firewall will send you too much information because it's more dedicated to security than a normal firewall.
For how long have I used the solution?
One to three years.
How was the initial setup?
It was pretty straightforward. I even did a couple of logs myself.
What about the implementation team?
We implement through a vendor.
Which other solutions did I evaluate?
We were using QRadar as a POC. We were using for real at our cloud but also it was a POC for us because we were watching the product. But, QRadar needs a lot of fine tuning.
Disclosure: I am a real user, and this review is based on my own experience and opinions.