If you were talking to someone whose organization is considering Splunk User Behavior Analytics, what would you say?
How would you rate it and why? Any other tips or advice?
After more than three years of using this solution, I would recommend this solution, especially for environments that have a big volume of data. I would rate this solution a nine out of ten. It is a really great product.
We use the on-premises deployment model of the solution. The more types of clusters you have feeding into Splunk, the better the results you have. If you have a customer environment in which you have diverse solutions and technologies, which cater to a large network of applications you are able to inject more value for the customer. One of the key lessons from using Splunk is to have adequate hardware and pre-plan the implementation. It is reasonably balanced, in terms of how much it uses a CPU and the amount of memory it needs. It's important that you start with good infrastructure when you implement Splunk, or you may run into issues. Also, make sure to have trained people working on the solution. Otherwise, it will be a waste of investment. I would rate the solution nine out of ten. I would recommend the solution to others.
I will rate this product a seven out of ten, and I would definitely recommend it to others.
From my experience and from the security perspective, I recommend this product for all the people that need good security for investigation. The Splunk team and products are good for those purposes. The storage gets better priced with the amount you use. The storage is very expensive if you take some of the license options from the company. We won't be using unlimited storage for how much data will be imported from our bandwidth. I think the unlimited license is good because we will use a lot. On a scale from one to ten when one is the worst and ten is the best, I would rate Splunk User Behavior as a nine. I didn't give them ten because Splunk does not provide something for the professional investigation. There is something that prevents you from using data the way you want to use data for in an investigation. Sometimes with Splunk, we cannot bring the data out in a better form and some users cannot understand it exactly. What I am talking about is options for a more professional investigation, not for normal behaviors. If you want to just look at normal behavior the program will give all you need. But sometimes you need other use cases to see the action.
I'm a system integrator, which provides the solution to end-users and customers. We handle the on-premises deployment model. I would recommend the solution because of the ease of use, the simple administration, the good level of support, the predefined use cases, and the predefined user behavior analytics. I would rate the solution seven out of ten.
If I had to rate Splunk from one through ten, one being the worst and ten being the best, I would give it a nine. There's always room for opportunity, but I think it's been working pretty good. I rate it a nine because I think that the ease of use with the product, like the installation and the support that we receive. From what I hear everything goes well. There's nothing that stands out. We haven't had any vulnerabilities or compliance issues with the product, and we do with others, so those are the reasons why I'd rate it a nine. Anyone else looking for a product that can consolidate logs this product does what it says it will do.
I wouldn't buy Splunk because of the cost, because you can't budget for it. You think you can and then you find out later you can't. The company is still using it, but they're adding other pieces in to reduce the cost of Splunk. They're spending money to buy another product to pre-process so then they can save money on it. We've been improving and the maturity's pretty great. This is just one small piece in the overall platform. And the overall platform, from a cybersecurity maturity perspective, is doing well. If you look at it from that perspective, it's had a positive impact, it has not been a drag. The product itself is a seven out of ten. It's somewhat efficient, if you have the right staff and if everything's working properly. You have to have at least one person do care and feeding at the backend to make sure the infrastructure's working.
There is a lot of potential in the product. We have seen the product grow over time. There is potential to grow a bit more and become more proactive than it is right now. First assess the use cases. Then, assess the scale and complexity of the use cases that you are trying to solve before implementing the solution. Do not try to find a solution which fits the use case after the implementation.
It helps us make decisions faster.
It is a helpful tool, especially for customers who deal with the service industry.