Try our new research platform with insights from 80,000+ expert users

Cortex XSIAM vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 29, 2024
 

Categories and Ranking

Cortex XSIAM
Ranking in Security Information and Event Management (SIEM)
29th
Average Rating
9.2
Reviews Sentiment
7.3
Number of Reviews
7
Ranking in other categories
Identity Threat Detection and Response (ITDR) (10th)
Splunk Enterprise Security
Ranking in Security Information and Event Management (SIEM)
1st
Average Rating
8.4
Number of Reviews
301
Ranking in other categories
Log Management (1st), IT Operations Analytics (1st)
 

Mindshare comparison

As of November 2024, in the Security Information and Event Management (SIEM) category, the mindshare of Cortex XSIAM is 1.7%, up from 0.1% compared to the previous year. The mindshare of Splunk Enterprise Security is 10.9%, down from 14.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Forrest Stevens - PeerSpot reviewer
Sep 28, 2023
A robust security operation that ensures achieving automation, stability, and scalability
There is room for improvement in some areas, and I would highlight three key aspects. Firstly, the Attack Surface Management (ASM) module could benefit from more contextual depth. Currently, it tends to provide a broad overview without enriched context, and there's room for enhancement in this regard. Secondly, further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous. This would enhance its versatility and interoperability within a broader ecosystem. Regarding performance, there's potential for optimization. When multiple tabs are open in Cortex XSIAM, it can experience slowdowns, leading to longer load times for web pages. It's worth noting that this isn't a severe issue, and it doesn't entail waiting for extended periods, but there is room for improvement in terms of performance optimization.
Sameep Agarwal. - PeerSpot reviewer
Oct 23, 2023
It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query
The ingestion happens quickly, so you can run up the data costs if you use the default settings. It isn't a problem for government agencies in the Saudi market, but many of the corporations in India are small or medium-sized enterprises that cannot afford that kind of ingestion system. Splunk needs to be tweaked in JSON so you can limit what is coming from the endpoints, especially the events. One needs to filter that out so that only certain events are ingested, like login failures, Active Directory changes, password reset requests, privilege modifications, etc. Each Windows machine generates about 310 KB of information per event, but we can tweak that down to about 50 KB.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable features of Cortex XSIAM are the machine learning used to identify threats, the complexity of the environment of products, and efficiency."
"The automation capabilities significantly improve response times by allowing us to respond to incidents from a single dashboard rather than navigating multiple dashboards."
"It operates on a single, extensive database which enables it to excel in detecting threats and anomalies across the network and endpoints, delivering a highly effective and comprehensive security solution."
"It does a better job of identifying anomalies that are more likely to be incidents of compromise without as many false positives or false negatives."
"The most valuable feature is the integration capability."
"It is an effective solution in terms of performance and functionalities."
"Its ability to deliver a substantial amount of security intelligence greatly enhances and optimizes our security operations program."
"This solution helps us increase our productivity."
"It has reduced the time to resolution, time to investigate, and time to troubleshoot for debugging issues."
"It is quite extensible. It is a platform that we can build our use instead of each case instead of each case being limited or restricted to each capability. This is probably the best feature."
"The integration is seamless with many devices and operating systems."
"The ability to analyze huge amounts of sales data and accurate prediction of sales forecasting is the most valuable feature."
"The flexibility of the search capability is most valuable. You can use it for more than just a basic log aggregator. It is powerful in that regard."
"Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value."
"Splunk has facilitated the correlation of information security logs to look for incidents which could cause damage to the company's infrastructure, as well as financial losses from leaks."
 

Cons

"The solution’s pricing and technical support could be improved."
"There is room for improvement in expanding integrations to include more cybersecurity solutions."
"Further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous."
"The support could be a bit faster."
"The platform isn't very developer-friendly and it should provide more flexibility and ease."
"It could provide more integration with a large variety of products."
"I am not sure if any improvements are needed right now."
"I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk."
"The biggest problem is data compression. Splunk is an outstanding product, but it is a resource hog. There should be better data compression for being able to maintain our data repositories. We end up having to buy lots of additional storage just to house our Splunk data. This is my only complaint about it."
"I've noticed that onboarding data from various multi-cloud sources and diverse products, such as security network devices, can be challenging."
"Free-floating panels in the dashboards are like a glass table."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
"Configuring a few apps is complex, not straightforward."
"It'd be really nice if Splunk Enterprise Security had a better and solid configuration guide."
"Although the technical support is adequate, there is still room for improvement."
 

Pricing and Cost Advice

"The product cost could be considered value for money compared to other solutions in the market, though it is quite high."
"The solution comes at a significant cost."
"In terms of pricing, we found Cortex XSIAM to offer a very reasonable and competitive rate."
"Since Palo Alto is trying to get as many new customers as possible, they're offering very competitive pricing."
"The solution is expensive compared to its competitors."
"It's a yearly subscription."
"I think the price could be improved."
"I think that most of the log analytics solutions are expensive and I'm not sure if it's worth it."
"It is expensive. That is why many customers have moved to IBM QRadar. The price is definitely a challenge for customers."
"Some of the insights that we have obtained as a part of using Splunk have greatly helped us in increasing our revenue in terms of selling our products."
"Splunk Enterprise Security is not at all cost-friendly to be deployed in very small enterprises like start-ups."
"Be upfront about your needs and expectations. Splunk is great to work with."
"It is expensive. I used to buy it early on, but then they combined it into a higher-up organization. They buy it for multiple systems now. Last time, I paid around 60K for it. There is just the licensing fee. That's all."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
814,763 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Manufacturing Company
11%
Financial Services Firm
9%
Government
7%
Financial Services Firm
16%
Computer Software Company
14%
Government
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Cortex XSIAM?
It is an effective solution in terms of performance and functionalities.
What is your experience regarding pricing and costs for Cortex XSIAM?
We do not deal with licensing. Only the accounts team handles that information.
What needs improvement with Cortex XSIAM?
I am not sure if any improvements are needed right now. The current features are satisfactory, and new features are implemented following customer feature requests.
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Overview

 

Sample Customers

Information Not Available
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Cortex XSIAM vs. Splunk Enterprise Security and other solutions. Updated: October 2024.
814,763 professionals have used our research since 2012.