• Home
  • Splunk Enterprise Security vs. Vectra AI

Splunk Enterprise Security vs Vectra AI comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo

Microsoft Sentinel

Read 85 Microsoft Sentinel reviews
32,763 views|18,195 comparisons
92% willing to recommend
Splunk Logo

Splunk Enterprise Security

Read 228 Splunk Enterprise Security reviews
25,711 views|20,955 comparisons
92% willing to recommend
Vectra AI Logo

Vectra AI

Read 40 Vectra AI reviews
7,438 views|3,458 comparisons
100% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Security Information and Event Management (SIEM)
April 2024
Executive Summary

We performed a comparison between Splunk Enterprise Security and Vectra AI based on real PeerSpot user reviews.

Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM).
To learn more, read our detailed Security Information and Event Management (SIEM) Report (Updated: April 2024).
Download the complete report
768,857 professionals have used our research since 2012.
Featured Review
Nagendra Nekkala
Researched Splunk Enterprise Security but chose Microsoft Sentinel: Provides a unified set of tools to detect, investigate, and respond to incidents and enables proactive threat hunting
We use the tool because we want a solution that can quickly analyze large volumes of data across the enterprise. Microsoft Sentinel is a one-stop... Read more →
Sathish Suluguri
User-friendly, feature-rich, and best support
Splunk Enterprise Security helps with real-time detection. When we integrate any data source, if any external IPs or external devices are accessing... Read more →
Anonymous User
Is well-designed around the quadrant and is easy to deploy
We discovered a lot of things in our network and are correcting several misconfigurations. We are learning how some apps work together and how some... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything.""Sentinel pricing is good""The connectivity and analytics are great.""It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks.""The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc.""The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native.""Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases.""It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."

More Microsoft Sentinel Pros →

"We were able to create a catalog of dashboards and have a holistic view at all levels. We could understand our business much better. Real-time errors, which were buried in emails before now, surfaced up on dashboards.""The solution allows easy gathering and ingestion of the data.""Search language is easy to understand and teach to new users.""We are using Microsoft 365 and we're using the Exchange Mail Service. It's good for monitoring that in particular.""Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses.""The most valuable features include agility and Splunk Enterprise Security's ability to quickly search for alerted items, as well as the capacity to create custom alerts using the SQL language employed by Splunk.""The most valuable feature of Splunk Enterprise Security is website activity monitoring.""Splunk Enterprise Security comes with 300 pre-deployed use cases that can be easily customized to meet the specific needs of our organization, without the need to purchase additional tools."

More Splunk Enterprise Security Pros →

"What I like best about Vectra AI is that it alerts you about suspicious activities.""The key feature for me for Detect for Office 365 is that it can also concentrate all the information and detection at one point, the same as the network solution does. This is the key feature for me because, while accessing data from Office 365 is possible using Microsoft interfaces, they are not really user-friendly and are quite confusing to use. But Detect for Office 365 is aggregating all the info, and it's only the interesting stuff.""The administrative privilege detection feature is the most valuable feature. The admin accounts are often highly accessible to the high-risk component of the environment. If those accounts are compromised or are being used in a suspicious manner, that's high-fidelity events for us to look into.""It has reduced the time it takes to respond to attacks. That comes back to the proactive point. It makes us able to lower down in the kill chain, we can react now, rather than reacting to incidents that happened, we can see an instant, in some cases, as it's being implemented, or as it's being launched.""The biggest feature for us, because we are heavy Microsoft users, is its integration with Office 365. On top of Vectra AI, we use all of the Microsoft security platforms, such as Defender ATP and Sentinel. Having full integration and a central platform to look at all of the threats that are coming through from the different platforms is a huge benefit for us.""The core product provides excellent visibility, but my favorite feature is Vectra Recall.""Vectra AI is the best. It is a major product in our cybersecurity.""It keeps up with the network traffic, which is a good thing. It provides more context to plain alerts compared to using an older system. So, it helps an analyst reduce the information overload."

More Vectra AI Pros →

Cons
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook.""In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest.""The reporting could be more structured.""Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter.""The AI capabilities must be improved.""Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field.""I would like to see more AI used in processes.""We'd like to see more connectors."

More Microsoft Sentinel Cons →

"Their technical support sucks.""It would be great if I could have a certain dialogue box in Splunk that uses innovative AI tools like ChatGPT, which are available now in the tech department.""I would like Splunk to add more integration. QRadar has many indications with more products than Splunk.""The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc.""The historical data extraction needs improvement. I would like the capability of taking data and having it trend longer.""The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication.""If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well.""While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged."

More Splunk Enterprise Security Cons →

"One thing which I have found where there could be improvement is with regard to the architecture, a little bit: how the brains and sensors function. It needs more flexibility with regard to the brain. If there were some flexibility in that regard, that would be helpful, because changing the mode of the brain is complex. In some cases, the change is permanent. You cannot revert it.""We would like to see more information with the syslogs. The syslogs that they send to our SIEM are a bit short compared to what you can see. It would be helpful if they send us more data that we can incorporate into our SIEM, then can correlate with other events.""The false positives and the tuning side of it is something that could use improvement. But that could be from our side.""The solution needs to become more proactive. When Vectra AI is the primary solution in an environment - like it is in our case - you must work on response time. We have a small team so response time at endpoint level is vital.""For S&D account scans, it would be easier if Vectra AI could triage with users. If a client uses a lot of accounts, then it could indicate that these accounts are benign, for example. That would help a lot.""ExtraHop has better features that seem more advantageous when compared to Vectra.""Vectra Recall could be utilized much more, and I'm seeing some indications of that today with the investigative components. I use the Visualize feature to visualize components and dashboards a lot. I'm interested in new ways to build automated searches or having them leveraged already from Vectra.""I would like more integrations with IOCs and threats currently on the Internet. I would also like to know which threats are based on zero-day attacks, current botnets, etc. Therefore, I would like more information on external threats."

More Vectra AI Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

  • "Pricing and licensing is quite expensive. But for the value the product provides, it seems at par in the market."
  • "Although Splunk is an expensive product, it is designed to be utilized across your organization in order to maximize your ROI and lower your TCO."
  • "It is not cheap."
  • "Splunk Enterprise becomes extremely expensive after the 20GB/month license."
  • "You will eat up whatever you purchase quickly. The level of insights that Splunk empowers is addictive."
  • "Splunk licensing model might seem expensive but with all the gain in functionalities you will have compared to traditional SIEM solutions I think it’s worth the price."
  • "Pricing is pretty fair."
  • "While licensing can be a concern, there are ways to reduce the licensing costs including filtering some events."

    • More Splunk Enterprise Security Pricing and Cost Advice →

  • "We are running at about 90,000 pounds per year. The solution is a licensed cost. The hardware that they gave us was pretty much next to nothing. It is the license that we're paying for."
  • "The license is based on the concurrent IP addresses that it's investigating. We have 9,800 to 10,000 IP addresses."
  • "There are additional features that can be purchased in addition to the standard licensing fee, such as Cognito Recall and Stream."
  • "We have a desire to increase our use. However, it all comes down to budget. It's a very expensive tool that is very difficult to prove business support for. We would like to have two separate networks. We have our corporate network and PCI network, which is segregated due to payment processing. We don't have it for deployed in the PCI network. It would be good to have it fully deployed there to provide us with additional monitoring and control, but the cost associated with their licensing model makes it prohibitively expensive to deploy."
  • "At the time of purchase, we found the pricing acceptable. We had an urgency to get something in place because we had a minor breach that occurred at the tail end of 2016 to the beginning of 2017. This indicated we had a lack of ability to detect things on the network. Hence, why we moved quickly to get into the tool in place. We found things like Bitcoin mining and botnets which we closed quickly. In that regard, it was worth the money."
  • "The pricing is very good. It's less expensive than many of the tools out there."
  • "The pricing is high."
  • "Their licensing model is antiquated. I'm not a fan of their licensing model. We have to pay for licensing based on four different things. You have to pay based on the number of unique IPs, the number of logs that we send through Recall and Stream, and the size of our environment. They need to simplify their licensing down to just one thing. It should be based on the amount of data, the number of devices, or something else, but there should be just one thing for everything. That's what they need to base their licensing on. Cost-wise, they're not cheap. They were definitely the most expensive option, but you get what you pay for. They're not the cheapest option."

    • More Vectra AI Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    See Recommendations
    768,857 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
    We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are based on Gartner Magic Q which is what Organizations typically use to select SIEM vendors. The Vendors mentioned here in the deck are : 1. HP ArcSight 2. McAfee Nitro 3. IBM QRadar 4. Splunk SIEM 5. RSA Security Analytic 6. LogRhythm. SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)Only products with technology maturity and a strong road map have featured in leaders quadrant.HP ArcSight & IBM Q1 Labs have maintained leadership in SIEM industry with continued technology upgradeMcAfee Nitro has strong product features & road map to challenge HP & IBM for leadershipHPArcSight The ArcSight Enterprise Threat and Risk Management (ETRM) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information ArcSight Enterprise Security Manager (ESM): Correlation and analysis engine used to identify security threat in real-time& virtual environments ArcSight Logger: Log storage and Search solution ArcSight IdentityView: User Identity tracking/User activity monitoring ArcSight Connectors: For data collection from a variety of data… Read more →
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Read all 2 answers   →
    What SOC product do you recommend?
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is… more »
    Read all 12 answers   →
    How does Splunk compare with Azure Monitor?
    Top Answer:Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring… more »
    Read all 2 answers   →
    What do you like most about Splunk?
    Top Answer:Splunk helps us be more proactive. We can take predictive action to identify and block threats so that nothing harmful… more »
    Read all 130 answers   →
    What is the biggest difference between Corelight and Vectra AI?
    Top Answer:The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the… more »
    Read all 5 answers   →
    What do you like most about Vectra AI?
    Top Answer:Vectra AI generates relevant information.
    Read all 36 answers   →
    What is your experience regarding pricing and costs for Vectra AI?
    Top Answer:It's relatively on the pricier side, but when compared to other solutions. It's not the most budget-friendly option, but… more »
    Read all 25 answers   →
    Comparisons
    Also Known As
    Azure Sentinel
    Vectra Networks, Vectra AI NDR
    Learn More
    Microsoft
    Splunk
    Vectra AI
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Splunk Enterprise Security is a SIEM, log management, and IT operations analytics tool. The solution provides users with the ability to secure their information and manage their data in the cloud, data centers, or other applications. Splunk Enterprise Security also offers visibility from different areas, levels, and devices, rather than from a single system, thus, providing its users with flexibility. Splunk Enterprise Security can monitor data and analyze, detect, and prevent intrusions. This benefits users as it provides alerts to possible intrusions, helps users to be proactive, and reduces risk factors. 

    Full visibility across your environment

    Break down data silos and gain actionable intelligence by ingesting data from multicloud and on-premises deployments. Get full visibility to quickly detect malicious threats in your environment.

    Fast threat detection

    Defend against threats with advanced security analytics, machine learning and threat intelligence that focus detection and provide high-fidelity alerts to shorten triage times and raise true positive rates.

    Efficient investigations

    Gather all the context you need and initiate flexible investigations with security analytics at your fingertips. The built-in open and extensible data platform boosts productivity and drives down fatigue.

    Open and scalable

    Built on an open and scalable data platform, you can stay agile in the face of evolving threats and business needs. Splunk meets you where you are on your cloud journey, and integrates across your data, tools and content.

    Vectra threat detection and response is a complete cybersecurity platform that collects, detects, and prioritizes security alerts. The Cognito platform for Network Detection and Response (NDR) detects and responds to attacks inside cloud, data center, Internet of Things, and enterprise networks. The platform also provides automated response capabilities for low-level threats and escalates more severe anomalies to security personnel.

    Cognito captures data for multiple relevant sources and enriches it with context and security insights. It starts by deploying sensors across different networks in datacenters, IoT, or enterprise networks. The algorithm extracts relevant metadata from network and cloud traffic. The information can also be non-security information that can help investigation. 

    The data is enriched with security context to support critical use cases, such as threat detection, investigation, hunting and compliance. The platform is machine learning-based, which enables it to adapt to any new and current threat scenario. It detects, clusters, prioritizes, and anticipates attacks by using identity and host-level enforcement. 

    With the Vectra platform, a person can investigate 50 threats in just two hours. By prioritizing alerts and leveraging threat intelligence, it provides faster results.Vectra solves today’s security challenges for network detection and response. 

    One of Vectra’s best features is the emphasis they put in pairing research and data science for security insights. It offers behavior codification with unsupervised, supervised, and deep learning models. 

    The pricing is according to a subscription model with a free trial available.Vectra is available for Office 365, Azure AD and AWS Brain.

    Features of Vectra AI

    • AI-based threat detection and response. 
    • Detects attacks in real time with behavior-based threat detection. 
    • Consolidates and correlates thousands of events, detecting threats. 
    • Enriches threat investigation with a chain of evidence and data science security insights. 
    • Machine learning techniques, including deep learning and neural networks. 
    • Gives visibility into cyberattackers and analyzes all network traffic. 
    • Continuous updates with new threat detection algorithms. 
    • Provides encryption at rest and in transit. For the AWS version, it offers AES-256 encryption via AWS Key Management Service. 
    • Guaranteed availability according to the SLA of the service selected. 
    • Does not connect to public sector networks. 

    Benefits of Vectra AI

    • Behavioral models use AI to find unknown attackers. 
    • Context increases the accuracy of threat hunting. 
    • Allows for proactive action by prioritizing the most relevant information. 
    • Provides a clear picture and extensive context for investigations. 
    • Aids decision-making in the incident response process. 
    • Helps working with large datasets by capturing metadata at scale. 
    • Automates time-consuming analysis. 
    • Reduces the security analysts’ workloads on threat investigations. 

    Other advantages of Vectra services include that they can be deployed in the public, private, or hybrid cloud. Support is available via email or online ticketing with an average of 4 hours of response. Phone support is available 24/7. 

    Vectra provides full on-site and online training and documentation. Regarding the user interface, it supports several types of web browsers, such as Internet Explorer, Microsoft Edge, Firefox, Chrome, Safari and Opera. However, it is not available for mobile devices.

    Reviews from Real Users

    Here’s what PeerSpot users of Vectra AI have to say about it:

    "One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us." - Dave W., Operations Manager at a healthcare company

    "It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low.” - T.S., Senior Security Engineer at a manufacturing company

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
    Tribune Media Group, Barry University, Aruba Networks, Good Technology, Riverbed, Santa Clara University, Securities Exchange, Tri-State Generation and Transmission Association
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Computer Software Company19%
    Financial Services Firm15%
    Government10%
    Energy/Utilities Company7%
    VISITORS READING REVIEWS
    Financial Services Firm15%
    Computer Software Company14%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Financial Services Firm17%
    University11%
    Manufacturing Company11%
    Retailer8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm12%
    Government8%
    Manufacturing Company6%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    REVIEWERS
    Small Business31%
    Midsize Enterprise12%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise13%
    Large Enterprise68%
    REVIEWERS
    Small Business15%
    Midsize Enterprise23%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise14%
    Large Enterprise65%
    Buyer's Guide
    Security Information and Event Management (SIEM)
    April 2024
    Download Free Report
    Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM). Updated: April 2024.
    DOWNLOAD NOW
    768,857 professionals have used our research since 2012.

    Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews while Vectra AI is ranked 2nd in Intrusion Detection and Prevention Software (IDPS) with 40 reviews. Splunk Enterprise Security is rated 8.4, while Vectra AI is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas Vectra AI is most compared with Darktrace, ExtraHop Reveal(x), Cisco Secure Network Analytics, Arista NDR and Corelight.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.