Splunk User Behavior Analytics Review

Enables searching through a lot of data, but pricing is problematic - you can't budget for it


What is our primary use case?

Threat hunting is our primary use case.

How has it helped my organization?

It hasn't really improved the way our organization functions. It has been neutral.

We have, however, seen a decrease in the mean time to detect threats, by about 15 to 20 percent. We can do more hunting so we can find stuff quicker, but we had other tools that could also do that. It's not bad. It's fine.

What is most valuable?

The most valuable feature is the ability to search through a large amount of data.

What needs improvement?

The feature set isn't too bad as is. My biggest complaint is the way they do pricing.

What do I think about the stability of the solution?

It is fairly stable.

What do I think about the scalability of the solution?

It's scalable.

How are customer service and technical support?

I don't like their support.

If you previously used a different solution, which one did you use and why did you switch?

Our previous solution was a really limited version of what Splunk is. Splunk is the number-one leader in this area, so we went with it. It works. But it's the pricing model which is the problem. And you really don't understand upfront how bad the pricing model is until you get stuck with it.

How was the initial setup?

The initial setup was complex. There were a lot of moving pieces. It took a lot to get it going.

What about the implementation team?

We did not use an integrator or consultant.

What was our ROI?

There's a reason everyone is using other tools to reduce the cost of using Splunk. The ROI is not great, that's why. But once you already have all your data in it, if you have so much already invested in the infrastructure, it's hard to leave it, so you do other stuff to reduce the cost.

What's my experience with pricing, setup cost, and licensing?

Pricing is the problem with Splunk. You can never know the pricing for next year. Every single time you adjust to something new, the price goes up. It's impossible to truly budget for it. It goes up constantly. You can plan for 2x and it will be 3x. You only find out in the long run.

What other advice do I have?

I wouldn't buy Splunk because of the cost, because you can't budget for it. You think you can and then you find out later you can't.

The company is still using it, but they're adding other pieces in to reduce the cost of Splunk. They're spending money to buy another product to pre-process so then they can save money on it.

We've been improving and the maturity's pretty great. This is just one small piece in the overall platform. And the overall platform, from a cybersecurity maturity perspective, is doing well. If you look at it from that perspective, it's had a positive impact, it has not been a drag.

The product itself is a seven out of ten. It's somewhat efficient, if you have the right staff and if everything's working properly. You have to have at least one person do care and feeding at the backend to make sure the infrastructure's working.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest

Sign Up with Email