ArcSight Intelligence and Splunk User Behavior Analytics compete in the security analytics space, with Splunk having an edge due to its extensive features that justify its higher pricing.
Features: ArcSight Intelligence processes large datasets swiftly and provides real-time threat detection and a robust rules engine. Splunk User Behavior Analytics excels with advanced integration options, machine learning for anomaly detection, and comprehensive reporting tools.
Room for Improvement: ArcSight could enhance its machine learning capabilities, integration options, and reporting flexibility. Splunk can streamline its deployment process, reduce the learning curve, and offer more cost-effective pricing tiers.
Ease of Deployment and Customer Service: ArcSight offers a simpler implementation process and standardized support designed to minimize deployment time. While challenging to set up, Splunk provides extensive customization options and personalized customer support solutions.
Pricing and ROI: ArcSight Intelligence offers competitive pricing with lower initial costs and quick ROI due to straightforward deployment. Splunk's higher cost is offset by its rich functionality, offering long-term ROI for organizations needing advanced analytics solutions.
I would rate the support at eight, meaning there's some room for improvement.
Splunk User Behavior Analytics is a one hundred percent stable solution.
Sometimes issues occur when handling long-term data.
I encountered several issues while trying to create solutions for this advanced version, which seem unrelated to query or data issues.
Advanced reporting could see enhancements as there are some issues with latency.
I also utilize it for anomaly detection and behavior analysis, particularly using Splunk's machine learning environment.
Features like alerts and auto report generation are valuable.
Empower your threat hunting team to pre-empt elusive attacks with anomaly detection powered by security AI to find insider threats, zero-day attacks, and APTs.
Splunk User Behavior Analytics is a behavior-based threat detection is based on machine learning methodologies that require no signatures or human analysis, enabling multi-entity behavior profiling and peer group analytics for users, devices, service accounts and applications. It detects insider threats and external attacks using out-of-the-box purpose-built that helps organizations find known, unknown and hidden threats, but extensible unsupervised machine learning (ML) algorithms, provides context around the threat via ML driven anomaly correlation and visual mapping of stitched anomalies over various phases of the attack lifecycle (Kill-Chain View). It uses a data science driven approach that produces actionable results with risk ratings and supporting evidence that increases SOC efficiency and supports bi-directional integration with Splunk Enterprise for data ingestion and correlation and with Splunk Enterprise Security for incident scoping, workflow management and automated response. The result is automated, accurate threat and anomaly detection.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
