We performed a comparison between Splunk Enterprise Security and vRealize Network Insight based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The machine learning and artificial intelligence on offer are great."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The reporting aspect is good and it does what I need it to do."
"The initial setup isn't overly complex."
"It has virtual visualization, and other products do not."
"The data representation options in the dashboards are excellent."
"It has a big user base, so the community is useful."
"Splunk has improved our operations by giving us access to more information and allowing us to deploy more use cases."
"The solution is very fast and succinct."
"We can ingest and correlate data from virtually any type of system."
"The most valuable features are the packet trace flow and that the view of the whole environment is deep."
"The most valuable feature is being able to easily see the path that the VM traffic is taking, what ports are in use."
"It's a very powerful, very manageable product."
"By doing dependency mapping, it makes migrations more efficient. There are less outages that require engineers to spend additional hours troubleshooting the migration failures."
"The ability to use the natural language query and see the visualization is quickly intuitive, and it works very well."
"With this product, we can precisely identify communication patterns between virtual machines within our data center, whether it's east-east or east-west communication."
"The gradual way the Network Insight shows you all the relevant information about your networks. It's pretty good. You can really dig deep deep inside and see where the problem is, where it comes from, what you have inside, how did you configure it. Also, it has alerts so you can have pretty much quite a big overview about your network. This is really something good."
"I find it user-friendly and intuitive. With the GUI interface that we do use on a regular basis, it's easy to navigate, it's easy to see, easy to query. We get reports. It's easy to use."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"The reporting could be more structured."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"The product can be improved by reducing the cost to use AI machine learning."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"Endpoint access is the only issue I can think to mention, even though the endpoint access we have with Cisco is fine."
"There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good."
"I would like some additional AI capabilities to provide additional information about things going wrong and things going well."
"The initial setup is complex, but this is necessary. We needed to take into consideration how to direct log files from thousands of machines to Splunk, and how to ingest those files."
"Its setup is a little bit complex for a distributed environment. Their support can also be better. If we miss the response for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply."
"It needs more formatting control without having to be an admin."
"Custom visualizations are real hard. While the default visualizations are good, creating enhanced visualizations are complex."
"Splunk ES could have more pre-built integrations and rules. The detection is fairly accurate, but it depends on the rules you create. Splunk's out-of-the-box configuration isn't that useful."
"Support could be much better."
"I would like to see them expand the capabilities to infrastructure types other than just VMware."
"I want to be able to monitor a network flow that is approximately two weeks back, but I haven't found an easy way to do this."
"While it's not exactly a feature, what normally happens when we are trying to look at the VM flow portion is - although Network Insight does have options to integrate a few physical switches into it - we can't really get an end-to-end flow of the network. We might be using a few switches that are not supported by Network Insight. That is where they can improve, in the support for more physical switches and network devices."
"I would like to see application identification. That would be cool."
"The only reason I would not give it a nine or a 10 is for cost reasons. It seems to be one of those things that really belongs as part of the product inherently and not as an add-on. That would be my only concern."
"vRNI needs more remediation where it hooks into NSX."
"It needs to be a little easier to use and to understand the information it's putting out. That would make it more helpful. If you're not a network person you need to understand things like network policies and concepts. If you gave it to a regular admin, it would be nice if it were easier for them to pick up what is going on, understand the flows and whether or not stuff should be talking to each other, as opposed to just port groups and IP addresses."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews while vRealize Network Insight is ranked 24th in IT Infrastructure Monitoring with 44 reviews. Splunk Enterprise Security is rated 8.4, while vRealize Network Insight is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of vRealize Network Insight writes "Provides deep analytical insights and makes migrations efficient with dependency mapping". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas vRealize Network Insight is most compared with ThousandEyes, NETSCOUT vSTREAM, VMware Aria Operations for Applications, Zabbix and Cisco Secure Network Analytics.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.