Try our new research platform with insights from 80,000+ expert users

BigPanda vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

BigPanda
Average Rating
7.2
Number of Reviews
12
Ranking in other categories
IT Infrastructure Monitoring (54th), IT Alerting and Incident Management (12th), AIOps (18th)
Splunk Enterprise Security
Average Rating
8.4
Number of Reviews
301
Ranking in other categories
Log Management (1st), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Mindshare comparison

While both are Systems Management solutions, they serve different purposes. BigPanda is designed for IT Infrastructure Monitoring and holds a mindshare of 1.1%, up 1.0% compared to last year.
Splunk Enterprise Security, on the other hand, focuses on Security Information and Event Management (SIEM), holds 10.9% mindshare, down 14.3% since last year.
IT Infrastructure Monitoring
Security Information and Event Management (SIEM)
 

Featured Reviews

Ankit-Mathur - PeerSpot reviewer
Mar 23, 2024
Offers comprehensive alert monitoring and a user-friendly interface but requires manual validation to provide accurate alerts
For new users, I would advise using BigPanda for its comprehensive alert monitoring and integration with ServiceNow. Its mapping capabilities and user-friendly interface make it valuable for incident analysis and prioritization. As users become more familiar with the tool, its full potential will become apparent, enhancing efficiency and effectiveness over time. It is easy for someone to learn to use BigPanda for the first time. We start with basic examples that everyone can understand, then provide verbal introductions followed by hands-on training over two weeks. We encourage making mistakes and asking questions to ensure understanding. It depends on the trainer's approach, but with proper guidance, anyone can learn effectively. Overall, I would rate BigPanda as a five out of ten. For it to be a perfect ten, it would need to consistently provide accurate alerts without requiring manual validation. This means it should effectively suppress similar incidents, eliminating the need for constant monitoring. Once it reaches this level of reliability, BigPanda would be exceptional.
Sameep Agarwal. - PeerSpot reviewer
Oct 23, 2023
It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query
The ingestion happens quickly, so you can run up the data costs if you use the default settings. It isn't a problem for government agencies in the Saudi market, but many of the corporations in India are small or medium-sized enterprises that cannot afford that kind of ingestion system. Splunk needs to be tweaked in JSON so you can limit what is coming from the endpoints, especially the events. One needs to filter that out so that only certain events are ingested, like login failures, Active Directory changes, password reset requests, privilege modifications, etc. Each Windows machine generates about 310 KB of information per event, but we can tweak that down to about 50 KB.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"One of the most valuable features of BigPanda is its user-friendly interface."
"The best of a bad lot was the error message deduping."
"A user-friendly solution."
"Alert deduplication and correlation - In an environment like the NOC where you're ingesting hundreds and thousands of alerts from various monitoring sources, it's time consuming and difficult to go through individual alerts and also difficult to spot critical issues. It's been great to have BigPanda not only deduplicate alerts but also correlate alerts that are seemingly unrelated, to create a clearer picture."
"Easy integration - We've had challenges in the past integrating all of our various monitoring sources and tools into one central system. BigPanda, with the integrations that it already has, as well as offering webhook/REST API, has made it very easy for us to plug everything in."
"The solution is user-friendly and has good performance and certification."
"The event correlation is really good and it is able to reduce the noise. It is a good tool for anomaly detection."
"The program is very stable."
"We can do things in minutes instead of days."
"The initial setup isn't overly complex."
"We can ingest and correlate data from virtually any type of system."
"The completeness of the solution is what we like the most."
"The most valuable feature is the log aggregation, being able to scan through all of the logs."
"Splunk incorporates a lot of elements that help to reduce security risks. For it to reach certain compliance, we need to have some security insight. Splunk is a very good SIEM, it’s a top solution, but the best feature is its cost of visibility. We have all the most important features to detect vulnerabilities or risks."
"The scalability is good."
"We can extract the metrics we want on the dashboards. We are able to react to the incidents."
 

Cons

"Lacks sufficient dashboard features."
"BigPanda can improve the correlations. We didn't see any big value. It is still good at the same event deduplication, event processing, and ticket creation, but I was more looking at event analysis and event correlation. In that area, it is still no big difference between the other solutions on the market. All of them, are in the same immature stage."
"Analytics is an area for improvement, being able to break down the actions that are being taken by users of BigPanda, as well as the auto-magical work that is being done by BigPanda."
"BigPanda attempts a little of everything and fails at most."
"Our infrastructure is quite large - tens of thousands of servers, often with 30-plus checks running on each host with one minute intervals. This generates a lot of data often in bursts (when we have a large scale failure). This has caused some delay in the ingestion pipeline."
"The observability can be enriched with regards to infrastructure and the application-integrated environment. The dashboard and reports could be improved."
"The cost of this product is too high compared to New Relic."
"The solution could improve by having better integration."
"Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run."
"The upgrading process could be smoother."
"The solution's case management system could be further improved to make it easier for analysts to manage cases."
"The solution could improve by making it more business analysis oriented. The way it is now is designed more for developers."
"AngularJS/ReactJS inclusion could be made easier in GUI."
"In terms of the interface, it could include some improvements for the look and feel."
"At Splunk .conf24, I saw a demo for Splunk Enterprise Security 8. All the things that they have done in Splunk Enterprise Security 8 are what it can be better at."
"While there aren't any major areas where the solution has to be improved, there are certain integrations that are still not available. I would specifically like to see legacy applications integrated."
 

Pricing and Cost Advice

"They were great to work with on pricing/licensing. Given we are a high-growth company, we needed a flexible site license."
"We pay $200,000 USD per year."
"BigPanda is cheaper than the competitors."
"The price of BigPanda is in the middle compared to other solutions."
"It is possible to use a developer's license, which is up to 10GB per day of volume traffic, which is usually enough for most use cases."
"The price of Splunk Enterprise Security is high."
"The pricing seems good relative to the other vendors that we have had here. However, they need to find ways to be more flexible with the licensing and be able to deal with situations where we start generating more logs. Maybe having some controls in the Splunk interface to turn it off, so we don't have to change anything in our application."
"We have seen ROI and improvements as we have continued to use the product, but they are more reactive."
"I think that most of the monitoring solutions are expensive."
"Splunk Enterprise Security is not at all cost-friendly to be deployed in very small enterprises like start-ups."
"Free Splunk license for PoCs on personal machines and the ability to scale the PoC to an enterprise level app."
"Splunk licensing model might seem expensive but with all the gain in functionalities you will have compared to traditional SIEM solutions I think it’s worth the price."
report
Use our free recommendation engine to learn which IT Infrastructure Monitoring solutions are best for your needs.
814,763 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
23%
Computer Software Company
18%
Manufacturing Company
9%
Insurance Company
6%
Financial Services Firm
16%
Computer Software Company
14%
Government
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Any advice about APM solutions?
There are many factors and we know little about your requirements (size of org, technology stack, management systems, the scope of implementation). Our goal was to consolidate APM and infra monitor...
What do you like most about BigPanda?
One of the most valuable features of BigPanda is its user-friendly interface.
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Learn More

 

Overview

 

Sample Customers

Nagios, ServiceNow, ITSM, NOC, CMDB Evolved, RemedyIncident Management Process
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Zabbix, Datadog, Auvik and others in IT Infrastructure Monitoring. Updated: October 2024.
814,763 professionals have used our research since 2012.