Splunk User Behavior Analytics Reviews

Filter by:Reset all filters
industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
rating
Loading...
Filter Unavailable
Genrlmgr67
Real User
Senior Security Engineer at a government with 1,001-5,000 employees
Aug 25 2019

What is most valuable?

It's a component that is easy to configure and easy to use. They have familiar and friendly dashboards for the users. You can make a lot of the dashboards if you want to… more»

How has it helped my organization?

It is a great product because it is intelligent and does everything for us. We have a LAN (Local Area Network) and sensitive, classified data and we have to be sure it is… more»

What needs improvement?

Actually, the most valuable aspect of Splunk is the data. You do not need to use your databases to perform all things from on all the servers we have. Splunk has three big… more»

What's my experience with pricing, setup cost, and licensing?

There are a few things about the price. There are several packages but if you want to use it as an enterprise, you have to pay enterprise price. That is the initial price… more»

If you previously used a different solution, which one did you use and why did you switch?

For SIEM (Security Information and Event Management), we used to use McAfee, and it was not good for us. And also we used ArcSight. But we also realized it could not do… more»

What other advice do I have?

From my experience and from the security perspective, I recommend this product for all the people that need good security for investigation. The Splunk team and products… more»

Which other solutions did I evaluate?

We worked with McAfee and ArcSight, but Splunk turned out to be better.
Securityps67
Real User
Security PS Supervisor at a tech services company with 1,001-5,000 employees
Aug 15 2019

What is most valuable?

Splunk is a very powerful platform. It's a machine data platform, and it can provide several models that use the same appliance and on the same platform, including some business platforms. I do believe when it comes to functionality and… more»

What needs improvement?

The solution is much more expensive than relative competitors like ArcSight or LogRhythm. It makes it hard to sell to customers sometimes. I would like to see a better tracking intelligence module with lower costs fully integrated with a… more»

What's my experience with pricing, setup cost, and licensing?

The solution is relatively expensive. There are costs above the standard licensing as well. Pricing varies according to the customer's needs and set up. Pricing depends on the licensing model and if the normal log management licensing model… more»

If you previously used a different solution, which one did you use and why did you switch?

I used to deal with several solutions, like HP or Micro Focus ArcSight, IBM Curator, and LogRhythm.

What other advice do I have?

I'm a system integrator, which provides the solution to end-users and customers. We handle the on-premises deployment model. I would recommend the solution because of the ease of use, the simple administration, the good level of support… more»
Find out what your peers are saying about Splunk, Darktrace, Cisco and others in Intrusion Detection and Prevention Software. Updated: October 2019.
371,639 professionals have used our research since 2012.
Real User
Information Security Manager at a financial services firm with 201-500 employees
Mar 20 2019

What is most valuable?

The most valuable feature is the ability to search through a large amount of data.

How has it helped my organization?

It hasn't really improved the way our organization functions. It has been neutral. We have, however, seen a decrease in the mean time to detect threats, by about 15 to 20 percent. We can do more… more»

What needs improvement?

The feature set isn't too bad as is. My biggest complaint is the way they do pricing.

What's my experience with pricing, setup cost, and licensing?

Pricing is the problem with Splunk. You can never know the pricing for next year. Every single time you adjust to something new, the price goes up. It's impossible to truly budget for it. It goes up… more»

If you previously used a different solution, which one did you use and why did you switch?

Our previous solution was a really limited version of what Splunk is. Splunk is the number-one leader in this area, so we went with it. It works. But it's the pricing model which is the problem. And… more»

What other advice do I have?

I wouldn't buy Splunk because of the cost, because you can't budget for it. You think you can and then you find out later you can't. The company is still using it, but they're adding other pieces in… more»
Ali Tamimi
Real User
General Manager at Hayyan Horizons
Aug 19 2019

What is most valuable?

The solution offers good searching and allows for easy creation of dashboards and reports. It's intuitive and not very difficult. You just need to learn the SPL, Search Processing Language, in Splunk. This also helps you to clear more advanced use cases. Integration is very easy as well. It's quite… more»

What needs improvement?

They can improve the licensing scheme. They are moving from perpetual to term licensing, which is not good. That is an area they need to improve. On the network monitoring side, if they can have additional features, similar to other solutions like QRadar. They need to add a feature similar to… more»

What's my experience with pricing, setup cost, and licensing?

Right now, they have two licensing models, a perpetual license and a term license with an annual subscription. Splunk decided that they would stop the perpetual licensing model, which means that customers will need to buy a subscription going forward.

What other advice do I have?

We use the on-premises deployment model of the solution. The more types of clusters you have feeding into Splunk, the better the results you have. If you have a customer environment in which you have diverse solutions and technologies, which cater to a large network of applications you are able to… more»
Real User
Director of Technology at a insurance company with 10,001+ employees
May 09 2019

What is most valuable?

The most valuable feature is being able to take data and put it into other systems so that we could see the output and see where we need to apply our focus.

How has it helped my organization?

We have 81000 desktops and we could take logs off those machines and see patterns, and from those patterns, we've been able to reduce the outages going forward proactively.

What needs improvement?

I'm not that close to the actual hands-on usage to suggest improvements. One thing I would say is that they should continue to expand it on more devices. I would say continue to broaden the horizon… more»

If you previously used a different solution, which one did you use and why did you switch?

We have logs everywhere and trying to look at those logs on an individual basis is quite cumbersome, so taking a tool like this that brings all the logs together for us to dissect and analyze is… more»

What other advice do I have?

If I had to rate Splunk from one through ten, one being the worst and ten being the best, I would give it a nine. There's always room for opportunity, but I think it's been working pretty good. I rate… more»

Which other solutions did I evaluate?

Vendors on our shortlist included IBM and DSS.
Real User
BS Systems Engineer at a tech services company with 501-1,000 employees
Jan 03 2019

How has it helped my organization?

In Egypt, we have phones that provide wide internet services to the customer and the customer wants to know what the customer satisfaction and service was. Then, they post on their Facebook or Twitter page to measure the customer satisfaction and after one or two days they start to take the comments… more»

What needs improvement?

Splunk can improve the UBA. There are occasional bugs, but they're not so much of an issue. We can definitely improve the features, but it depends on the customer's needs. We need to modify or create new dashboards that increase the customer's satisfaction and customer's needs. It depends upon the… more»

What's my experience with pricing, setup cost, and licensing?

I hope we can increase the free license to be more than five gig a day. This would help people who want to introduce a POC or a demo license for the solution.

What other advice do I have?

It is a helpful tool, especially for customers who deal with the service industry.
Real User
Information Security Specialist at a financial services firm with 201-500 employees
Aug 21 2019

What is most valuable?

The most valuable features are the indexing and powerful search features.

What needs improvement?

The correlation engine should have persistent and definable rules. Splunk should have more features and options in regards to correlating in real-time. It should have the ability to set more permanent rules. Correlation capabilities in… more»

What's my experience with pricing, setup cost, and licensing?

Our licensing costs are on a yearly basis.

What other advice do I have?

After more than three years of using this solution, I would recommend this solution, especially for environments that have a big volume of data. I would rate this solution a nine out of ten. It is a really great product.

Which other solutions did I evaluate?

We researched many solutions before choosing Splunk like LogRhythm, ELK, and FortiSIEM.
Real User
Security Operations Center Manager
Mar 27 2019

What is most valuable?

Being able to look at data rapidly to make a decision. We have seen a measurable decrease in the mean time to detect and respond to threats. We are now 40 percent or more… more»

How has it helped my organization?

Because of some of the visualizations that we utilize, we are able to understand strange, unusual traffic on our networks.

What needs improvement?

I would like a bit more flexibility on how to configure it. It is still a little locked down, as compared to some open source offerings.

What's my experience with pricing, setup cost, and licensing?

There are additional costs associated with the integrator.

If you previously used a different solution, which one did you use and why did you switch?

We invested in this solution because our previous way of doing business was not scalable.

What other advice do I have?

It helps us make decisions faster.

Which other solutions did I evaluate?

We currently have a blended environment of ELK, ELK Stack, Elasticsearch, and Splunk.
See 2 More Splunk User Behavior Analytics Reviews

Articles

User Assessments By Topic About Splunk User Behavior Analytics

Find out what your peers are saying about Splunk, Darktrace, Cisco and others in Intrusion Detection and Prevention Software. Updated: October 2019.
371,639 professionals have used our research since 2012.

Splunk User Behavior Analytics Questions

What is Splunk User Behavior Analytics?

Splunk User Behavior Analytics is a behavior-based threat detection is based on machine learning methodologies that require no signatures or human analysis, enabling multi-entity behavior profiling and peer group analytics – for users, devices, service accounts and applications. It detects insider threats and external attacks using out-of-the-box purpose-built that helps organizations find known, unknown and hidden threats, but extensible unsupervised machine learning (ML) algorithms, provides context around the threat via ML driven anomaly correlation and visual mapping of stitched anomalies over various phases of the attack lifecycle (Kill-Chain View). It uses a data science driven approach that produces actionable results with risk ratings and supporting evidence that increases SOC efficiency and supports bi-directional integration with Splunk Enterprise for data ingestion and correlation and with Splunk Enterprise Security for incident scoping, workflow management and automated response. The result is automated, accurate threat and anomaly detection.
Also known as
Caspida, Splunk UBA
Splunk User Behavior Analytics customers
8 Securities, AAA Western, AdvancedMD, Amaya, Cerner Corporation, CJ O Shopping, CloudShare, Crossroads Foundation, 7-Eleven Indonesia
Sign Up with Email