Splunk Enterprise Security Reviews

Name: Splunk Enterprise Security
Brand: Splunk
Rating: 4.2 (301 reviews)

Vendor: Splunk

4.2 out of 5

301 reviews
93% willing to recommend

9,773 followers

Post review

What is Splunk Enterprise Security?

Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.

Get the Splunk Enterprise Security Buyer's Guide and find out what your peers are saying about Splunk Enterprise Security, CrowdStrike Falcon, Wazuh and more!

Splunk Enterprise Security is the #1 ranked solution in Log Management Software, top Security Information and Event Management (SIEM) solutions, and top IT Operations Analytics solutions. PeerSpot users give Splunk Enterprise Security an average rating of 8.4 out of 10. Based on the analysis of the 301 most recent Splunk Enterprise Security reviews, the overall sentiment is positive, with a sentiment score of 7.1. Splunk Enterprise Security is most commonly compared to CrowdStrike Falcon: Splunk Enterprise Security vs CrowdStrike Falcon. Splunk Enterprise Security is popular among the large enterprise segment, accounting for 67% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.

Buyer's Guide

Splunk Enterprise Security

October 2024

Get the report

Helped 816,562 peers since 2012

Featured reviews

Avinash Gopu.

Associate VP & Cyber Security Specialist at US Bank

One of the features I appreciate most is privileged account threat detection. It identifies suspicious activity associated with fraudulent accounts detected on the endpoints of target systems. Furthermore, the platform offers threat analysis and reporting that leverages Splunk data. This allows for the detection of irregular user access from machines directly. This functionality is crucial in large PAM environments with thousands of users, as it identifies inactive accounts. For scenarios where users might not access the PAM portal to change passwords, different policies are implemented. Splunk plays a key role in detecting irregular user activity. By establishing a three-month threshold, we can identify cases where users haven't used their accounts despite not being on leave or vacation. Such instances warrant investigation to determine the continued need for privileged access. We can automatically suspend or terminate suspicious sessions. We have also customized reporting within Splunk.

Read full review

Eko Kurniawan

IT Operations & Security at Veris

Splunk can deliver more information by going deeper. By creating a dashboard, we can identify the root cause of the threat. Let's say I have a firewall from Check Point. Splunk will find the dashboard for Check Point, implement it in our environment, and connect it to the Check Point firewall logs, which are shown on the dashboard. If we request a custom dashboard, the engineer will take longer to complete the task. I can create a custom dashboard for the firewall, antivirus, or endpoint protection. This will take time to complete because they need to understand the log type and mitigation of the process from the system or API. Splunk helps us manage our hybrid environment, including our email system. The main email system is Microsoft Exchange, which is deployed on-premise, and the second is Office 365. There isn't much security for the hybrid environment. We get logs from the web application firewall, the firewall, and the anti-spam solution.

Read full review

Vikram Cherala

Senior advisor at TekWissen India

Splunk lets us integrate multiple third-party threat intelligence feeds. We can also customize the data models for correlation more than we could with competing SIEM solutions. We can filter out the noise and see our alerts. I created some security reports or dashboards. We also have dashboards for user requests related to our firewalls, like Palo Alto and traffic or activity alerts. We can also see where we're getting a lot of authentication failures, etc. We've also created some other custom use cases, like using VPN logs and use cases for analyzing the national origins of repetitive malware. We have integrated some other solutions like Carbon Black EDR or MDR as well as Vectra, which is fully automated with AI. They have their own signatures. We get decent visibility with Splunk and integration with data visualization tools like Grafana. We also have various threat intelligence feeds that are updated regularly with the latest IOCs and signatures, which we can use for threat hunting.

Read full review

Splunk Enterprise Security mindshare

Product category:

As of November 2024, the mindshare of Splunk Enterprise Security in the Security Information and Event Management (SIEM) category stands at 10.9%, down from 14.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

Key learnings from peers

Last updated Nov 21, 2024

Valuable Features

Splunk Enterprise Security's most valuable features include its user-friendly dashboards, robust log aggregation, comprehensive reporting, real-time analytics, seamless third-party integrations, customizable alerts, SQL-based queries, machine learning capabilities, extensive data extraction, scalability, intuitive interface, and strong technical support. It excels in collecting and managing structured and unstructured data, reducing false positives, and providing actionable insights. Users appreciate its adaptability for security tasks, including threat detection, data visualization, and automated responses. Splunk Enterprise Security supports both cloud and on-premise environments effectively.

"The search engine and indexes are fast and optimized, and the report generation dashboard is user-friendly."
"Splunk Enterprise Security allows us to create custom dashboards by changing fonts and modifying widgets."
"The two features I appreciate most in Splunk Enterprise Security are the content management system and the inter-incident review dashboard."

Room for Improvement

Splunk Enterprise Security users report initial setup difficulties, complex licensing, and high costs. Issues include limited integration, insufficient built-in use cases, and a steep learning curve. Users desire improved analytics, performance, user experience, and automation capabilities. Enhanced dashboards, compatibility with various systems, and better technical support are also needed. Additionally, more predefined rules, comprehensive documentation, and user-friendly interfaces are frequently requested.

"I want Splunk Enterprise Security to release more AI and machine learning features in the future."
"I've noticed that onboarding data from various multi-cloud sources and diverse products, such as security network devices, can be challenging."
"They could offer pre-built search queries for everyday use cases like brute force attacks, DDoS attacks, and other security threats."

ROI

Organizations have seen significant ROI with Splunk Enterprise Security by reducing the number of security analysts needed, automating tasks, and improving response times. Automation has led to cost savings and increased efficiency. The flexibility to address previously unsolvable issues and the ability to provide global observability have also been highlighted. Users also report enhanced security measures and cost efficiencies, translating to time and resource savings. The platform's unified interface and customizable features have helped manage large data volumes efficiently.

Pricing

Splunk Enterprise Security pricing is often considered high and complicated, especially for smaller organizations. Users report it as more expensive than many competitors, with costs primarily based on data ingestion volume. Annual licensing and add-ons are additional expenses. While some find value in its features and capabilities, others note budget constraints and seek more cost-effective solutions. Subscription models and potential true-up costs add to the concern. The pricing model could benefit from flexibility and improvements.

"The price of Splunk Enterprise Security is reasonable, falling somewhere in the middle range."
"Splunk Enterprise Security's pricing is based on data volume, which generally suits large enterprises."
"Splunk Enterprise Security's pricing is competitive."

Popular Use Cases

Users primarily utilize Splunk Enterprise Security for cybersecurity operations, including monitoring, threat detection, log analysis, and incident response. Use cases span from maintaining security operation centers and complying with regulations to monitoring network traffic, endpoints, and user behaviors. It's deployed for log management and analytics, fraud detection, handling internal and external threats, providing security dashboards, and ensuring real-time alerts to administer infrastructure and operational integrity.

Service and Support

Splunk Enterprise Security offers responsive and knowledgeable support with some inconsistencies. Many users report quick, effective assistance, rating it highly. However, others note slow response times and occasional lack of expertise, particularly with lower-severity issues. Some appreciate extensive documentation and community resources, while a few find certain materials outdated or unclear. Third-party partners often provide more hands-on help. Users emphasizing Spanish support and streamlined communication see room for improvement. Support quality varies, but many find it satisfactory.

Deployment

Experiences with Splunk Enterprise Security's initial setup vary. Some found it relatively straightforward and fast, especially for smaller deployments or with enough experience, while others encountered complexities, particularly in large or distributed environments. Many highlighted the importance of technical expertise or third-party assistance for smoother deployment. Configuration challenges, maintaining stability, and integration with existing systems were common themes. Successful setups often involved good planning, understanding of infrastructure requirements, and sometimes extending over weeks or even months for more extensive implementations.

Scalability

Many users find Splunk Enterprise Security scalable and adaptable, but costs can increase with scaling. Users highlight its cloud scalability, data handling capabilities, and ease of integration with other tools, although some find it resource-intensive and expensive. On-premises deployments may require more effort and resources. Scalability ratings often score high, with users noting its flexibility and suitability for various organizational sizes and needs.

Stability

Splunk Enterprise Security is consistently reliable, exhibiting minimal downtime and strong performance. Some users report minor configuration challenges, but most find it stable, with no crashes or bugs. Many appreciate its low maintenance and high efficiency. It effortlessly handles large volumes of data and diverse tasks, proving adaptable to various environments. While resource-intensive at times, users generally regard its stability as excellent, with high uptime and consistent functioning.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Splunk Enterprise Security Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

16%

Computer Software Company

14%

Government

Manufacturing Company

University

Healthcare Company

Educational Organization

Insurance Company

Retailer

Energy/Utilities Company

Comms Service Provider

Real Estate/Law Firm

Media Company

Non Profit

Construction Company

Legal Firm

Transportation Company

Outsourcing Company

Wholesaler/Distributor

Hospitality Company

Logistics Company

Recreational Facilities/Services Company

Pharma/Biotech Company

Performing Arts

Aerospace/Defense Firm

Consumer Goods Company

Compare Splunk Enterprise Security with alternative products

Learn more about Splunk Enterprise Security

Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.

What are the key features?

Comprehensive Dashboards: Provide a holistic view of security operations.
Flexible Data Ingestion: Supports various data sources for better analysis.
Robust Log Aggregation: Centralizes log management for easier monitoring.
Machine Learning Toolkit: Enhances threat detection and prediction capabilities.
SIEM Capabilities: Integrates security information and event management.
Threat Intelligence: Utilizes external information to improve security measures.
Risk-Based Alerting: Prioritizes alerts based on the risk they pose.
Correlation Searches: Identifies and correlates security events effectively.

What benefits or ROI should users look for?

Enhanced Visibility: Improves monitoring across endpoints, networks, and users.
Faster Incident Response: Speeds up identification and resolution of security issues.
Reduced Alert Volumes: Lowers false positives and enhances signal-to-noise ratio.
Scalability: Adapts to growing and changing security needs.
Improved Security Operations: Integrates multiple security facets into one platform.

Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.

Product Video

Splunk Enterprise Security customers

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.