We performed a comparison between Splunk Enterprise Security and vRealize Network Insight based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time."
"Speeds up root cause analysis and can help identify issues that your organization never realized were occurring."
"It is the best tool if you have a complex environment or if data ingestion is too huge."
"The technical support has been very good. They are very responsive and have been helpful."
"The most valuable feature is that it's very good for log aggregation."
"It helps us uncover bottlenecks in the network."
"The initial setup is really straightforward. It's one of the easiest installations."
"Deployment server for deploying changes in one go."
"It especially helps with deploying NSX, that you're not having to manually chase down and figure out what you need to do to microsegment VMs. This gives a nice option where you can say, "Hey, this VM, show me what flows are there." I can export it out and then import it as an NSX rule and job done."
"We can see everything going on in NSX and get a good picture of our environment."
"vRNI can trace the flow of each and every packet and it is easy for us to troubleshoot all the issues that we do have with the networking. We can trace down the packet to a point where it has been dropped."
"A lot of time is saved when you use this type of software solution for the network. We have moved systems into the new data center and the servers and systems are much faster because of the very low latency between virtual machines."
"The solution has helped improve our organization by directing the network traffic using SDN."
"The graphical interface of this environment is so good with all the views, the graphics, and everything in them. It's really easy for me. It doesn't need an engineer to work on it. It's easy enough that anyone can get into the environment and look for issues or look at how communication is going on across the VMs. It's pretty much straightforward."
"I like being able to see the flows coming in and out of the product. In terms of monitoring network flows, we use it to verify whether or not different servers/applications should be communicating with each other."
"I find it user-friendly and intuitive. With the GUI interface that we do use on a regular basis, it's easy to navigate, it's easy to see, easy to query. We get reports. It's easy to use."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The solution could improve the playbooks."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"You do need a lot of training and certification with this product."
"The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do."
"The analytics of Splunk could be improved."
"Integrating tools and creating use cases could be easier. It's hard for a junior security engineer with only a couple of years of experience to write use cases. They can do it, but it's much easier in a solution like IBM QRadar. Setting conditions is like a multiple-choice type of thing. It's a more user-friendly process."
"Some of the queries are difficult to run and have room for improvement."
"Splunk needs to be able to hold more days of data. At the moment it only holds three months of data."
"I'd say I am happy with the technical support, not elated. They provide great support, but sometimes they don't have the answers that I need."
"Better directions on search head clusters."
"I want to see more in terms of microsegmentation. As of now, I can see the rules, but they are not in a readable format that I can convert to microsegmentation and can fit into NSX Manager."
"I would like to see more interoperability on the firewall and low balancer sides."
"If it had some kind of plugins with vSphere, more effective plugins with Horizon View or other VMWare products, if it had interconnectivity, I think it would be more effective than it is today."
"The IT infrastructure industry is expected to evolve towards a hybrid cloud model in the next five to ten years. In this model, most of the customer's resources reside on-premise within a private cloud setup, such as VMware. Another segment operates within public cloud environments like Azure and AWS, and a portion remains in traditional data centers. There should be seamless interoperability between public and private clouds. AWS and VMware need to work together to make it possible. Whether users interact with on-premise infrastructure or configure resources in the public cloud, the user experience must be seamless."
"While it's not exactly a feature, what normally happens when we are trying to look at the VM flow portion is - although Network Insight does have options to integrate a few physical switches into it - we can't really get an end-to-end flow of the network. We might be using a few switches that are not supported by Network Insight. That is where they can improve, in the support for more physical switches and network devices."
"I would like to see more reporting features, more dashboards."
"I would like to see application identification. That would be cool."
"The only issue we have is that the solution does not always capture the host names."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 221 reviews while vRealize Network Insight is ranked 25th in IT Infrastructure Monitoring with 44 reviews. Splunk Enterprise Security is rated 8.4, while vRealize Network Insight is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of vRealize Network Insight writes "Provides deep analytical insights and makes migrations efficient with dependency mapping". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas vRealize Network Insight is most compared with ThousandEyes, NETSCOUT vSTREAM, Zabbix, VMware Aria Operations for Applications and Nutanix Prism.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.