We performed a comparison between Splunk Enterprise Security and vRealize Network Insight based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."Free ingestion for Azure logs (with E5 licence)"
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The product can integrate with any device."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The stock analysts and security people use one single dashboard (one single location) to check our logs."
"On the cloud, we are pushing through less than half a petabyte of data. So far, it has been fairly stable because it runs on all the underlying AWS infrastructures."
"Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined."
"The ability to manage large amounts of generated data and to protect all devices from unauthorized use are the most valuable features."
"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."
"Splunk works based on parsing log files."
"We have found all the features useful. However, the dashboarding and logging have been very helpful. Additionally, the log analysis does a great job."
"I haven't had the chance to properly sink my teeth into Enterprise Security but so far I like that they added the MITRE ATT&CK features."
"The solution helps reduce time to value, increase performance, provide deep visibility, and easily manage networks."
"The most valuable feature is the profiling of the applications for micro-segmentation... It has made the migration to NSX much easier. Most of the sys admins within the smaller silos, they have no idea what ports are needed to run their stuff at all. I am pretty sure the micro-segmentation would never, ever have occurred without it."
"It's very user-friendly in the sense that the querying is just regular language like you and I speak or write. You don't need to know any SQL-query type of language to be able to get what you want out of it."
"The solution is extremely intuitive and user-friendly. When you log in to the application you are presented with a dashboard that is very reasonable for an initial user, and you can then customize it to your specific needs. But for all the data that we've found, we've only had to go through two or three drill-downs to get into that information."
"Whenever we say "valuable" with respect to the network, it's more towards the security. The firewall rule issues it shows us and the recommendations that we get from vRNI are the most valuable features because they are actually making our network more secure."
"I find it user-friendly and intuitive. With the GUI interface that we do use on a regular basis, it's easy to navigate, it's easy to see, easy to query. We get reports. It's easy to use."
"It especially helps with deploying NSX, that you're not having to manually chase down and figure out what you need to do to microsegment VMs. This gives a nice option where you can say, "Hey, this VM, show me what flows are there." I can export it out and then import it as an NSX rule and job done."
"The most valuable features are the monitoring and tracking. It's also intuitive and user-friendly. The screen looks exactly the same as the other appliances for VMware, so it's easy to navigate."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"There is room for improvement in entity behavior and the integration site."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"The playbook is a bit difficult and could be improved."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"Licensing costs can be a barrier for those with limited budgets."
"Splunk is more expensive than other solutions."
"The only improvement I am expecting is the cost of the licensing. Clients are going to other solutions just because of the cost."
"An improved user interface along with multi-tenancy support would be beneficial."
"Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment."
". Having a trial version or more training on Splunk would be helpful."
"It's difficult to set up initially, and their billing model is also a bit complicated."
"The price has room for improvement."
"In a very general way, I would like to see an improvement in interoperability with third-party product, from other vendors."
"If it were more application-aware, more descriptive; if it were able to determine the application that is actually doing the communication, that would be easier. More application information: which user or account it's accessing, is it accessing this application, doing these calls, if it is accessing a script, what script is it accessing. Things like that would provide deeper analytics so I can track what's going on. It would not just be, "These people shouldn't be talking," but who is actually doing these calls."
"The product is slightly complex use, while still being user-friendly. It could use more training modules, as it is not a straightforward product."
"I want to be able to monitor a network flow that is approximately two weeks back, but I haven't found an easy way to do this."
"The only real improvement they can make is to add more third-party vendors into the environment, mostly switch manufacturers, because it's really limited to Cisco equipment and there are a lot of companies out there other than Cisco."
"The only reason I would not give it a nine or a 10 is for cost reasons. It seems to be one of those things that really belongs as part of the product inherently and not as an add-on. That would be my only concern."
"The virtual appliance has rebooted."
"While it's not exactly a feature, what normally happens when we are trying to look at the VM flow portion is - although Network Insight does have options to integrate a few physical switches into it - we can't really get an end-to-end flow of the network. We might be using a few switches that are not supported by Network Insight. That is where they can improve, in the support for more physical switches and network devices."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews while vRealize Network Insight is ranked 24th in IT Infrastructure Monitoring with 44 reviews. Splunk Enterprise Security is rated 8.4, while vRealize Network Insight is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of vRealize Network Insight writes "Provides deep analytical insights and makes migrations efficient with dependency mapping". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas vRealize Network Insight is most compared with ThousandEyes, NETSCOUT vSTREAM, VMware Aria Operations for Applications, AppNeta by Broadcom and Cisco Secure Network Analytics.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.