Splunk Enterprise Security and CrowdStrike Falcon are leading contenders in the cybersecurity solutions category, each offering distinct advantages. Splunk is preferred for its robust data analytics, whereas CrowdStrike is favored for lightweight design and strong threat detection capabilities.
Features: Splunk Enterprise Security provides advanced data management, quick log management, and versatile search capabilities. Its real-time alerts allow rapid response to issues. CrowdStrike Falcon features a lightweight agent, effective threat detection, and automatic incident alerts that provide reliable security insights.
Room for Improvement: Splunk Enterprise Security users often encounter complexity with steep learning curves, and issues related to setup and pricing hinder usability. More intuitive interfaces and cost-effective licensing would enhance the user experience. CrowdStrike Falcon could benefit from improved integrations and enhanced endpoint detection features, alongside calls for more attractive pricing models.
Ease of Deployment and Customer Service: Splunk Enterprise Security supports both public and private cloud deployments, although users sometimes face challenges with deployment intricacies and support response times. CrowdStrike Falcon is commonly applauded for ease of deployment, especially within public cloud environments, and effective customer support, praised for its responsive technical support team.
Pricing and ROI: Both Splunk and CrowdStrike are seen as costly. Splunk is priced based on log volume, offering a flexible data usage model, while CrowdStrike employs a service scope-based pricing system allowing selection of components. Though both deliver commendable ROI via comprehensive feature sets, concerns over escalating costs persist, particularly impacting smaller businesses.
Splunk's cost is justified for large environments with extensive assets.
The CrowdStrike team is very efficient; I would rate them ten out of ten.
If you want to write your own correlation rules, it is very difficult to do, and you need Splunk's support to write new correlation rules for the SIEM tool.
The technical support for Splunk met my expectations.
It has adequate coverage and is easy to deploy.
When it comes to scalability, it is entirely based on premium models according to demand.
They struggle a bit with pure virtual environments, but in terms of how much they can handle, it is pretty good.
It is easy to scale.
I have never seen instability in the CrowdStrike tool.
We are following N-1 versions across our environment, which is stable.
It provides a stable environment but needs to integrate with ITSM platforms to achieve better visibility.
It is very stable.
Simplifying the querying process, such as using double quote queries or directly obtaining logs based on IP addresses or usernames, would be beneficial.
Another concern is CrowdStrike's GUI. It changes annually, making it hard to work and find options.
Threat prevention should be their first priority.
What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel.
Splunk Enterprise Security would benefit from a more robust rule engine to reduce false positives.
Splunk could enhance its offerings by incorporating modules for network detection and response and fraud management.
It is expensive compared to SentinelOne, but as the market leader, it is worth it.
I saw clients spend two million dollars a year just feeding data into the Splunk solution.
The platform requires significant financial investment and resources, making it expensive despite its comprehensive features.
Splunk is priced higher than other solutions.
I can investigate by accessing the customer's host based on the RTR environment and utilize host search to know details for the past seven days, including logins, processes, file installations, malicious processes, and network connections.
The machine learning behavior for anomaly detection is a valuable feature.
Real-time response (RTR) is a feature of EDR.
This capability is useful for performance monitoring and issue identification.
They have approximately 50,000 predefined correlation rules.
The Splunk Enterprise Security's threat-hunting capabilities have been particularly useful in later releases.
CrowdStrike Falcon provides endpoint protection and threat intelligence using a cloud-based platform for real-time detection and response. Its minimal impact on system performance and ease of deployment are key benefits along with advanced logging and reporting for compliance and forensic analysis.
CrowdStrike Falcon is known for its efficacy in identifying malware, ransomware, and sophisticated cyber threats. The platform's cloud-native architecture and advanced AI capabilities ensure comprehensive endpoint visibility and rapid response times. Users appreciate the lightweight agent and seamless deployment process, along with detailed reporting features. Integration with security tools and efficient customer support are essential features, although some users highlight high pricing, occasional detection delays, and challenges with integration. Frequent alerts and the mobile app's performance are areas for improvement.
What are the key features of CrowdStrike Falcon?
What are the benefits or ROI of CrowdStrike Falcon?
In industries like finance, healthcare, and retail, CrowdStrike Falcon is often used for critical security due to its robust threat detection capabilities. Financial firms value its rapid response and detailed reporting for compliance, while healthcare providers appreciate the minimal system performance impact. Retailers benefit from its comprehensive endpoint visibility and integration with other security tools.
Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.
Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.
What are the key features?Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.