Splunk Enterprise Security Reviews

Name: Splunk Enterprise Security
Brand: Splunk
Rating: 4 (301 reviews)

Vendor: Splunk

4.2 out of 5

301 reviews
93% willing to recommend

9,770 followers

Post review

What is Splunk Enterprise Security?

Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.

Get the Splunk Enterprise Security Buyer's Guide and find out what your peers are saying about Splunk Enterprise Security, CrowdStrike Falcon, Wazuh and more!

Splunk Enterprise Security is the #1 ranked solution in Log Management Software, top Security Information and Event Management (SIEM) solutions, and top IT Operations Analytics solutions. PeerSpot users give Splunk Enterprise Security an average rating of 8.4 out of 10. Splunk Enterprise Security is most commonly compared to CrowdStrike Falcon: Splunk Enterprise Security vs CrowdStrike Falcon. Splunk Enterprise Security is popular among the large enterprise segment, accounting for 67% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.

Buyer's Guide

Splunk Enterprise Security

October 2024

Get the report

Helped 814,572 peers since 2012

Featured reviews

Sameep Agarwal.

Group manager at HCM Technologies

Splunk has an excellent threat intel feed, so we can get the latest IOCs. The threat intel service enhances the threat detection capabilities because the solution is purely based on threat intel. They gather each threat intel from the dark web and the other areas of the internet. Once the integration is done, it's much more helpful than the traditional Splunk features, which may yield limited visibility. Splunk isn't purely a threat intelligence solution, but it may not have feeds at that frequency. The threat detection capabilities are excellent, but it depends a lot on the configuration. If we can't configure the indicators of compromise correctly, then it becomes difficult for Splunk to evaluate a threat. For example, let's say a user is accelerating some data through the email gateway, and the gateway isn't being monitored. Splunk can't do anything about that because it requires a gateway monitoring system to be installed. Splunk is only aggregating the events coming in, and it cannot find the exact DLP agent. The DLP logs need to be forwarded to this Splunk connector.

Read full review

Avinash Gopu.

Associate VP & Cyber Security Specialist at US Bank

One of the features I appreciate most is privileged account threat detection. It identifies suspicious activity associated with fraudulent accounts detected on the endpoints of target systems. Furthermore, the platform offers threat analysis and reporting that leverages Splunk data. This allows for the detection of irregular user access from machines directly. This functionality is crucial in large PAM environments with thousands of users, as it identifies inactive accounts. For scenarios where users might not access the PAM portal to change passwords, different policies are implemented. Splunk plays a key role in detecting irregular user activity. By establishing a three-month threshold, we can identify cases where users haven't used their accounts despite not being on leave or vacation. Such instances warrant investigation to determine the continued need for privileged access. We can automatically suspend or terminate suspicious sessions. We have also customized reporting within Splunk.

Read full review

Viney Bhardwaj

Sr Manager at Ernst & Young

The fast search is valuable. As compared to other SIEMs, Splunk is very fast in terms of the search and providing data. The customization of the use cases is another valuable feature. It is query-based, and now, there is a feature to have machine learning as well. We can write advanced-level use cases, which is a limitation of other SIEMs. The third point is the device integration. It is very smooth. If I need to integrate devices for logs, it is easier with Splunk. We can integrate different applications, network devices, and databases. It is also very rich in documents. It is the best.

Read full review

Splunk Enterprise Security mindshare

Product category:

As of November 2024, the mindshare of Splunk Enterprise Security in the Security Information and Event Management (SIEM) category stands at 10.9%, down from 14.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

Key learnings from peers

Last updated Sep 4, 2024

Valuable Features

Splunk Enterprise Security's most valuable features include its user-friendly dashboards, robust log aggregation, comprehensive reporting, real-time analytics, seamless third-party integrations, customizable alerts, SQL-based queries, machine learning capabilities, extensive data extraction, scalability, intuitive interface, and strong technical support. It excels in collecting and managing structured and unstructured data, reducing false positives, and providing actionable insights. Users appreciate its adaptability for security tasks, including threat detection, data visualization, and automated responses. Splunk Enterprise Security supports both cloud and on-premise environments effectively.

"The search engine and indexes are fast and optimized, and the report generation dashboard is user-friendly."
"Splunk Enterprise Security allows us to create custom dashboards by changing fonts and modifying widgets."
"The two features I appreciate most in Splunk Enterprise Security are the content management system and the inter-incident review dashboard."

Room for Improvement

Splunk Enterprise Security users report initial setup difficulties, complex licensing, and high costs. Issues include limited integration, insufficient built-in use cases, and a steep learning curve. Users desire improved analytics, performance, user experience, and automation capabilities. Enhanced dashboards, compatibility with various systems, and better technical support are also needed. Additionally, more predefined rules, comprehensive documentation, and user-friendly interfaces are frequently requested.

"I want Splunk Enterprise Security to release more AI and machine learning features in the future."
"I've noticed that onboarding data from various multi-cloud sources and diverse products, such as security network devices, can be challenging."
"They could offer pre-built search queries for everyday use cases like brute force attacks, DDoS attacks, and other security threats."

ROI

Organizations have seen significant ROI with Splunk Enterprise Security by reducing the number of security analysts needed, automating tasks, and improving response times. Automation has led to cost savings and increased efficiency. The flexibility to address previously unsolvable issues and the ability to provide global observability have also been highlighted. Users also report enhanced security measures and cost efficiencies, translating to time and resource savings. The platform's unified interface and customizable features have helped manage large data volumes efficiently.

Pricing

Splunk Enterprise Security pricing is often considered high and complicated, especially for smaller organizations. Users report it as more expensive than many competitors, with costs primarily based on data ingestion volume. Annual licensing and add-ons are additional expenses. While some find value in its features and capabilities, others note budget constraints and seek more cost-effective solutions. Subscription models and potential true-up costs add to the concern. The pricing model could benefit from flexibility and improvements.

"The price of Splunk Enterprise Security is reasonable, falling somewhere in the middle range."
"Splunk Enterprise Security's pricing is based on data volume, which generally suits large enterprises."
"Splunk Enterprise Security's pricing is competitive."

Popular Use Cases

Users primarily utilize Splunk Enterprise Security for cybersecurity operations, including monitoring, threat detection, log analysis, and incident response. Use cases span from maintaining security operation centers and complying with regulations to monitoring network traffic, endpoints, and user behaviors. It's deployed for log management and analytics, fraud detection, handling internal and external threats, providing security dashboards, and ensuring real-time alerts to administer infrastructure and operational integrity.

Service and Support

Splunk Enterprise Security offers responsive and knowledgeable support with some inconsistencies. Many users report quick, effective assistance, rating it highly. However, others note slow response times and occasional lack of expertise, particularly with lower-severity issues. Some appreciate extensive documentation and community resources, while a few find certain materials outdated or unclear. Third-party partners often provide more hands-on help. Users emphasizing Spanish support and streamlined communication see room for improvement. Support quality varies, but many find it satisfactory.

Deployment

Experiences with Splunk Enterprise Security's initial setup vary. Some found it relatively straightforward and fast, especially for smaller deployments or with enough experience, while others encountered complexities, particularly in large or distributed environments. Many highlighted the importance of technical expertise or third-party assistance for smoother deployment. Configuration challenges, maintaining stability, and integration with existing systems were common themes. Successful setups often involved good planning, understanding of infrastructure requirements, and sometimes extending over weeks or even months for more extensive implementations.

Scalability

Many users find Splunk Enterprise Security scalable and adaptable, but costs can increase with scaling. Users highlight its cloud scalability, data handling capabilities, and ease of integration with other tools, although some find it resource-intensive and expensive. On-premises deployments may require more effort and resources. Scalability ratings often score high, with users noting its flexibility and suitability for various organizational sizes and needs.

Stability

Splunk Enterprise Security is consistently reliable, exhibiting minimal downtime and strong performance. Some users report minor configuration challenges, but most find it stable, with no crashes or bugs. Many appreciate its low maintenance and high efficiency. It effortlessly handles large volumes of data and diverse tasks, proving adaptable to various environments. While resource-intensive at times, users generally regard its stability as excellent, with high uptime and consistent functioning.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Splunk Enterprise Security Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

16%

Computer Software Company

14%

Government

Manufacturing Company

University

Healthcare Company

Educational Organization

Insurance Company

Retailer

Energy/Utilities Company

Comms Service Provider

Real Estate/Law Firm

Media Company

Non Profit

Construction Company

Legal Firm

Transportation Company

Wholesaler/Distributor

Outsourcing Company

Hospitality Company

Logistics Company

Recreational Facilities/Services Company

Performing Arts

Pharma/Biotech Company

Aerospace/Defense Firm

Compare Splunk Enterprise Security with alternative products

Learn more about Splunk Enterprise Security

Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.

What are the key features?

Comprehensive Dashboards: Provide a holistic view of security operations.
Flexible Data Ingestion: Supports various data sources for better analysis.
Robust Log Aggregation: Centralizes log management for easier monitoring.
Machine Learning Toolkit: Enhances threat detection and prediction capabilities.
SIEM Capabilities: Integrates security information and event management.
Threat Intelligence: Utilizes external information to improve security measures.
Risk-Based Alerting: Prioritizes alerts based on the risk they pose.
Correlation Searches: Identifies and correlates security events effectively.

What benefits or ROI should users look for?

Enhanced Visibility: Improves monitoring across endpoints, networks, and users.
Faster Incident Response: Speeds up identification and resolution of security issues.
Reduced Alert Volumes: Lowers false positives and enhances signal-to-noise ratio.
Scalability: Adapts to growing and changing security needs.
Improved Security Operations: Integrates multiple security facets into one platform.

Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.

Product Video

Splunk Enterprise Security customers

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.