Splunk Enterprise Security vs vRealize Network Insight comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Splunk Enterprise Security and vRealize Network Insight based on real PeerSpot user reviews.

Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM).
To learn more, read our detailed Security Information and Event Management (SIEM) Report (Updated: March 2024).
765,386 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment.""Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible.""Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases.""I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response.""The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage.""I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products.""The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going.""If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."

More Microsoft Sentinel Pros →

"The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time.""Speeds up root cause analysis and can help identify issues that your organization never realized were occurring.""It is the best tool if you have a complex environment or if data ingestion is too huge.""The technical support has been very good. They are very responsive and have been helpful.""The most valuable feature is that it's very good for log aggregation.""It helps us uncover bottlenecks in the network.""The initial setup is really straightforward. It's one of the easiest installations.""Deployment server for deploying changes in one go."

More Splunk Enterprise Security Pros →

"It especially helps with deploying NSX, that you're not having to manually chase down and figure out what you need to do to microsegment VMs. This gives a nice option where you can say, "Hey, this VM, show me what flows are there." I can export it out and then import it as an NSX rule and job done.""We can see everything going on in NSX and get a good picture of our environment.""vRNI can trace the flow of each and every packet and it is easy for us to troubleshoot all the issues that we do have with the networking. We can trace down the packet to a point where it has been dropped.""A lot of time is saved when you use this type of software solution for the network. We have moved systems into the new data center and the servers and systems are much faster because of the very low latency between virtual machines.""The solution has helped improve our organization by directing the network traffic using SDN.""The graphical interface of this environment is so good with all the views, the graphics, and everything in them. It's really easy for me. It doesn't need an engineer to work on it. It's easy enough that anyone can get into the environment and look for issues or look at how communication is going on across the VMs. It's pretty much straightforward.""I like being able to see the flows coming in and out of the product. In terms of monitoring network flows, we use it to verify whether or not different servers/applications should be communicating with each other.""I find it user-friendly and intuitive. With the GUI interface that we do use on a regular basis, it's easy to navigate, it's easy to see, easy to query. We get reports. It's easy to use."

More vRealize Network Insight Pros →

Cons
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft.""We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed.""The solution could improve the playbooks.""If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have.""Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider.""They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization.""Microsoft Sentinel is relatively expensive, and its cost should be improved.""I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."

More Microsoft Sentinel Cons →

"You do need a lot of training and certification with this product.""The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do.""The analytics of Splunk could be improved.""Integrating tools and creating use cases could be easier. It's hard for a junior security engineer with only a couple of years of experience to write use cases. They can do it, but it's much easier in a solution like IBM QRadar. Setting conditions is like a multiple-choice type of thing. It's a more user-friendly process.""Some of the queries are difficult to run and have room for improvement.""Splunk needs to be able to hold more days of data. At the moment it only holds three months of data.""I'd say I am happy with the technical support, not elated. They provide great support, but sometimes they don't have the answers that I need.""Better directions on search head clusters."

More Splunk Enterprise Security Cons →

"I want to see more in terms of microsegmentation. As of now, I can see the rules, but they are not in a readable format that I can convert to microsegmentation and can fit into NSX Manager.""I would like to see more interoperability on the firewall and low balancer sides.""If it had some kind of plugins with vSphere, more effective plugins with Horizon View or other VMWare products, if it had interconnectivity, I think it would be more effective than it is today.""The IT infrastructure industry is expected to evolve towards a hybrid cloud model in the next five to ten years. In this model, most of the customer's resources reside on-premise within a private cloud setup, such as VMware. Another segment operates within public cloud environments like Azure and AWS, and a portion remains in traditional data centers. There should be seamless interoperability between public and private clouds. AWS and VMware need to work together to make it possible. Whether users interact with on-premise infrastructure or configure resources in the public cloud, the user experience must be seamless.""While it's not exactly a feature, what normally happens when we are trying to look at the VM flow portion is - although Network Insight does have options to integrate a few physical switches into it - we can't really get an end-to-end flow of the network. We might be using a few switches that are not supported by Network Insight. That is where they can improve, in the support for more physical switches and network devices.""I would like to see more reporting features, more dashboards.""I would like to see application identification. That would be cool.""The only issue we have is that the solution does not always capture the host names."

More vRealize Network Insight Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
  • More Microsoft Sentinel Pricing and Cost Advice →

  • "Pricing and licensing is quite expensive. But for the value the product provides, it seems at par in the market."
  • "Although Splunk is an expensive product, it is designed to be utilized across your organization in order to maximize your ROI and lower your TCO."
  • "It is not cheap."
  • "Splunk Enterprise becomes extremely expensive after the 20GB/month license."
  • "You will eat up whatever you purchase quickly. The level of insights that Splunk empowers is addictive."
  • "Splunk licensing model might seem expensive but with all the gain in functionalities you will have compared to traditional SIEM solutions I think it’s worth the price."
  • "Pricing is pretty fair."
  • "While licensing can be a concern, there are ways to reduce the licensing costs including filtering some events."
  • More Splunk Enterprise Security Pricing and Cost Advice →

  • "The solution has helped us to reduce time, increase performance, reduce costs, and even easily manage networks. We are probably seeing 10 to 20 percent labor savings because we are able to be very specific and focused on what we want to do. It ends up saving the customer money and makes us be more efficient on our cost deliveries."
  • "It reduces costs. It takes something that may be challenging and makes it more usable and visual by being able to bring in tools, seeing what their impact is, such as microsegmentation and application rationalization, and seeing it quickly."
  • "Cost always has room for improvement, you could always make it cheaper. But I think it's a good value for what you pay for it."
  • "It's an expensive product because we have a lot of nodes."
  • "They should include the product in NSX because it's important to have it for deployment."
  • "The solution has reduced the time that we spend on other products. For example, with NSX, we were able to quickly find things that we would normally spend days trying to figure out."
  • "We have spent less time investigating network flows, so it is absolutely cost-effective."
  • "It has brought more money into our company."
  • More vRealize Network Insight Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    Questions from the Community
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is… more »
    Top Answer:Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring… more »
    Top Answer:The most valuable feature of Splunk Enterprise Security is website activity monitoring.
    Top Answer:The tool's ease of configuration and use and the availability of information and artifacts through professional services… more »
    Top Answer:I rate vRealize Network Insight's pricing a seven point five out of ten.
    Top Answer:The IT infrastructure industry is expected to evolve towards a hybrid cloud model in the next five to ten years. In this… more »
    Comparisons
    Also Known As
    Azure Sentinel
    Arkin
    Learn More
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Splunk Enterprise Security is a SIEM, log management, and IT operations analytics tool. The solution provides users with the ability to secure their information and manage their data in the cloud, data centers, or other applications. Splunk Enterprise Security also offers visibility from different areas, levels, and devices, rather than from a single system, thus, providing its users with flexibility. Splunk Enterprise Security can monitor data and analyze, detect, and prevent intrusions. This benefits users as it provides alerts to possible intrusions, helps users to be proactive, and reduces risk factors. 

    Full visibility across your environment

    Break down data silos and gain actionable intelligence by ingesting data from multicloud and on-premises deployments. Get full visibility to quickly detect malicious threats in your environment.

    Fast threat detection

    Defend against threats with advanced security analytics, machine learning and threat intelligence that focus detection and provide high-fidelity alerts to shorten triage times and raise true positive rates.

    Efficient investigations

    Gather all the context you need and initiate flexible investigations with security analytics at your fingertips. The built-in open and extensible data platform boosts productivity and drives down fatigue.

    Open and scalable

    Built on an open and scalable data platform, you can stay agile in the face of evolving threats and business needs. Splunk meets you where you are on your cloud journey, and integrates across your data, tools and content.

    VMware vRealize Network Insight delivers intelligent operations for software-defined networking and security. It helps customers build an optimized, highly-available and secure network infrastructure across multi-cloud environments. It accelerates micro-segmentation planning and deployment, enables visibility across virtual and physical networks and provides operational views to manage and scale VMware NSX deployments.
    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
    NTTi3, VCIX-NV, VMware Networking and Security Business Unit, Illumio, CompuNet
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Computer Software Company18%
    Financial Services Firm15%
    Government10%
    Energy/Utilities Company8%
    VISITORS READING REVIEWS
    Financial Services Firm15%
    Computer Software Company14%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Financial Services Firm21%
    Manufacturing Company15%
    Healthcare Company15%
    Computer Software Company12%
    VISITORS READING REVIEWS
    Financial Services Firm16%
    Computer Software Company13%
    Government12%
    Retailer7%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    REVIEWERS
    Small Business31%
    Midsize Enterprise12%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise13%
    Large Enterprise68%
    REVIEWERS
    Small Business13%
    Midsize Enterprise16%
    Large Enterprise71%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise11%
    Large Enterprise70%
    Buyer's Guide
    Security Information and Event Management (SIEM)
    March 2024
    Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM). Updated: March 2024.
    765,386 professionals have used our research since 2012.

    Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 221 reviews while vRealize Network Insight is ranked 25th in IT Infrastructure Monitoring with 44 reviews. Splunk Enterprise Security is rated 8.4, while vRealize Network Insight is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of vRealize Network Insight writes "Provides deep analytical insights and makes migrations efficient with dependency mapping". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas vRealize Network Insight is most compared with ThousandEyes, NETSCOUT vSTREAM, Zabbix, VMware Aria Operations for Applications and Nutanix Prism.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.