Security Onion vs Splunk Enterprise Security comparison

Security Onion

Read 3 Security Onion reviews

3,694 Views
3,173 Comparison Views

66% willing to recommend

Splunk Enterprise Security

Read 255 Splunk Enterprise Security reviews

25,670 Views
21,085 Comparison Views

93% willing to recommend

Security Onion

Splunk Enterprise Security

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Security Onion and Splunk Enterprise Security based on real PeerSpot user reviews.

Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Security Onion vs. Splunk Enterprise Security Report (Updated: June 2024).

Buyer's Guide

Security Onion vs. Splunk Enterprise Security

June 2024

Download the complete report

Helped 787,061 peers since 2012

Categories and Ranking

Security Onion

Ranking in Log Management

30th

Average Rating

7.6

Number of Reviews

Ranking in other categories

AWS Marketplace (1st)

Splunk Enterprise Security

Ranking in Log Management

1st

Average Rating

8.4

Number of Reviews

255

Ranking in other categories

Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)

Market share comparison

As of June 2024, in the Log Management category, the market share of Security Onion is 19.2% and it increased by Infinity% compared to the previous year. The market share of Splunk Enterprise Security is 17.6% and it decreased by 4.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Log Management

Unique Categories:

AWS Marketplace

7.6%

Security Information and Event Management (SIEM)

13.7%

IT Operations Analytics

28.2%

Featured Reviews

Anish Bajracharya

Postgraduate Student at Fanshawe

Mar 18, 2024

Provides good threat hunting by finding infected ports, but its initial setup is difficult

The most valuable feature of Security Onion for security monitoring is its ability to find infected ports. I have used the Squert tool within Security Onion the most for threat hunting The initial setup of the solution is a little bit difficult. I have been using Security Onion for one year.…

Read full review

reviewer2400237

Cloud Customer Experience Lead at a media company with 10,001+ employees

May 12, 2024

Flexible licensing, good support, and helpful for responding quickly to an event

Splunk Enterprise Security helps with application events. It provides end-to-end visibility into our environment which is most important for us. It reduces the time to react to an event. Splunk Enterprise Security has helped improve our organization’s ability to ingest and normalize data. It can help identify and solve problems in real-time, but we have mainly utilized it for post-identification correction. It provides us with the relevant context to help guide our investigations. It is easier for developers to take action once an anomaly is detected. We have been leveraging Splunk dashboards for that. Splunk Enterprise Security has helped speed up our security investigations, but I do not have the metrics. They are a good partner for Google Cloud. It provides great visibility, threat detection, and proactive mitigation of risks for our mutual consumers.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"We use Security Onion for internal vulnerability assessment."

"Security Onion is the most mature solution in the market."

"The most valuable feature of Security Onion for security monitoring is its ability to find infected ports."

"Splunk has significantly reduced the time in performing the task of aggregating logs, reviewing as well as time spent during investigations."

"Splunk Enterprise Security offers valuable features like seamless integration and a SQL-standard Structured Query Language for easy searching."

"The varied prebuilt feature is the most valuable because it ensures that we have complete coverage over all of the key questions."

"It provides a risk score for each object, device, or user. We can then take action if they are at a higher risk."

"The integration is seamless with many devices and operating systems."

"The ability to quickly search logs, performance data, and other inputs has helped tremendously with troubleshooting."

"The metrics and trends that Splunk Enterprise Security generates using all the data points we send allow customers to understand better what their users are doing."

"The feature that we use the most is the correlation search engine within ES."

More Splunk Enterprise Security pros

Cons

"The product is not easy to learn."

"Security Onion's user interface could be improved."

"The initial setup of the solution is a little bit difficult."

"Sometimes, there is latency in the logs."

"It's difficult to set up initially, and their billing model is also a bit complicated."

"The documentation is in definite need of improvement."

"I think the tech support response time could be a bit better. Sometimes I need to wait more than 24 hours for a response to my tickets."

"While Splunk offers SOAR as a separate product, integrating it into the next version of Splunk Enterprise Security as a unified solution would be beneficial."

"Splunk Enterprise Security offers a vast amount of information to learn and comprehend, resulting in a challenging initial learning curve."

"The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more."

"Previously, they developed custom connectors or add-ons for a lot of applications. But that number can be upgraded still. There are a lot of applications in the world that are not supported."

More Splunk Enterprise Security cons

Pricing and Cost Advice

"Security Onion is an open-source solution."

"Security Onion is a free solution."

"It is an open-source solution."

"It is a pretty high cost solution, but if your organization has the funds, it can bring many benefits."

"Regarding the product's pricing, I think it has always been difficult to have a conversation with Splunk."

"It is a bit costly."

"The pricing and licensing of the product are quite high."

"Further reductions would be fantastic, and I believe that more and more people would flock to it."

"You will eat up whatever you purchase quickly. The level of insights that Splunk empowers is addictive."

"The variables and the flexibility that Splunk provides are helpful, especially in a hybrid and multi-cloud environment."

"I would highly recommend anyone evaluating this option to download the free trial which allows for the ingestion of 500MB of data per day in order to get a feel for what Splunk does at its core. It will get pricey once your ingestion rates start to sky rocket, but I would consider it expensive given the amount of information that it allows you to analyze and react on straight out-of-the-box."

More Splunk Enterprise Security pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Log Management solutions are best for your needs.

See recommendations

787,061 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Computer Software Company

12%

Government

11%

University

10%

Comms Service Provider

10%

Financial Services Firm

15%

Computer Software Company

14%

Government

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What do you like most about Security Onion?

The most valuable feature of Security Onion for security monitoring is its ability to find infected ports.

See all answers

What is your experience regarding pricing and costs for Security Onion?

Security Onion is an open-source solution. On a scale from one to ten, where ten is expensive and one is cheap, I rate the solution's pricing a six out of ten.

See all answers

What needs improvement with Security Onion?

The initial setup of the solution is a little bit difficult.

See all answers

What SOC product do you recommend?

For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...

See all answers

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...

See all answers

How does Splunk compare with Azure Monitor?

Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...

See all answers

Comparisons

Wazuh vs Security Onion

Compared 66% of the time

Elastic Stack vs Security Onion

Compared 13% of the time

TheHive vs Security Onion

Compared 5% of the time

Graylog vs Security Onion

Compared 3% of the time

Kali Linux vs Security Onion

Compared 3% of the time

More Security Onion Competitors

Wazuh vs Splunk Enterprise Security

Compared 14% of the time

IBM Security QRadar vs Splunk Enterprise Security

Compared 8% of the time

Dynatrace vs Splunk Enterprise Security

Compared 8% of the time

Elastic Security vs Splunk Enterprise Security

Compared 4% of the time

Microsoft Sentinel vs Splunk Enterprise Security

Compared 4% of the time

More Splunk Enterprise Security Competitors

Product Reports

Buyer's Guide

Log Management

May 2024

Download Security Onion product report

Buyer's Guide

Splunk Enterprise Security

May 2024

Download Splunk Enterprise Security product report

Learn More

Security Onion Solutions, LLC

Splunk

Overview

Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
Security Onion includes a native web interface with built-in tools analysts use to respond to alerts, hunt for evil, catalog evidence into cases, monitor grid performance, and much more. Additionally, third-party tools, such as Elasticsearch, Logstash, Kibana, Suricata, Zeek (formerly known as Bro), Wazuh, Stenographer, CyberChef, NetworkMiner, and many more are included.

Splunk Enterprise Security is a SIEM, log management, and IT operations analytics tool. The solution provides users with the ability to secure their information and manage their data in the cloud, data centers, or other applications. Splunk Enterprise Security also offers visibility from different areas, levels, and devices, rather than from a single system, thus, providing its users with flexibility. Splunk Enterprise Security can monitor data and analyze, detect, and prevent intrusions. This benefits users as it provides alerts to possible intrusions, helps users to be proactive, and reduces risk factors.

Full visibility across your environment

Break down data silos and gain actionable intelligence by ingesting data from multicloud and on-premises deployments. Get full visibility to quickly detect malicious threats in your environment.

Fast threat detection

Defend against threats with advanced security analytics, machine learning and threat intelligence that focus detection and provide high-fidelity alerts to shorten triage times and raise true positive rates.

Efficient investigations

Gather all the context you need and initiate flexible investigations with security analytics at your fingertips. The built-in open and extensible data platform boosts productivity and drives down fatigue.

Open and scalable

Built on an open and scalable data platform, you can stay agile in the face of evolving threats and business needs. Splunk meets you where you are on your cloud journey, and integrates across your data, tools and content.

Sample Customers

Information Not Available

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.

Buyer's Guide

Security Onion vs. Splunk Enterprise Security

June 2024

Free Report: Security Onion vs. Splunk Enterprise Security

Find out what your peers are saying about Security Onion vs. Splunk Enterprise Security and other solutions. Updated: June 2024.

DOWNLOAD NOW

787,061 professionals have used our research since 2012.

See our Security Onion vs. Splunk Enterprise Security report.

See our list of best Log Management vendors.

We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.