Cybereason Endpoint Detection & Response vs Splunk Enterprise Security comparison

The compared Cybereason and Splunk solutions aren't in the same category. Cybereason is ranked #34 in EDR , with an average rating of 8.3, and holds a 1.3% mindshare in the category. Splunk is ranked #1 in SIEM , with an average rating of 8.4, and holds a 10.9% mindshare. Additionally, 88% of Cybereason users are willing to recommend the solution, compared to 93% of Splunk users who would recommend it.

Cybereason Endpoint Detecti...

Read 20 Cybereason Endpoint Detection & Response reviews

3,655 Views
2,033 Comparison Views

88% willing to recommend

Splunk Enterprise Security

Read 301 Splunk Enterprise Security reviews

17,426 Views
14,446 Comparison Views

93% willing to recommend

Cybereason Endpoint Detecti...

Splunk Enterprise Security

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Cybereason Endpoint Detection & Response and Splunk Enterprise Security based on real PeerSpot user reviews.

Find out what your peers are saying about CrowdStrike, Microsoft, SentinelOne and others in Endpoint Detection and Response (EDR).

To learn more, read our detailed Endpoint Detection and Response (EDR) Report (Updated: November 2024).

Buyer's Guide

Endpoint Detection and Response (EDR)

November 2024

Download the complete report

Helped 814,649 peers since 2012

Categories and Ranking

Cybereason Endpoint Detecti...

Average Rating

8.0

Number of Reviews

Ranking in other categories

Endpoint Protection Platform (EPP) (45th), Endpoint Detection and Response (EDR) (34th)

Splunk Enterprise Security

Average Rating

8.4

Number of Reviews

301

Ranking in other categories

Log Management (1st), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Cybereason Endpoint Detection & Response is designed for Endpoint Detection and Response (EDR) and holds a mindshare of 1.3%, down 1.5% compared to last year.
Splunk Enterprise Security, on the other hand, focuses on Security Information and Event Management (SIEM), holds 10.9% mindshare, down 14.3% since last year.

Endpoint Detection and Response (EDR)

Security Information and Event Management (SIEM)

Featured Reviews

AtulChaurasia

Operational Technical Security at Metro Bank

Aug 28, 2023

Scalable platform with intuitive features for detecting malicious files

We use Cybereason Endpoint Detection & Response to scan and detect unusual processes and malicious files on the endpoint The product's threat-hunting feature is very intuitive and easy to use as it is GUI-based. We need to know the specific fields we want to scan. It gives the entire report of…

Read full review

Sameep Agarwal.

Group manager at HCM Technologies

Oct 23, 2023

It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query

The ingestion happens quickly, so you can run up the data costs if you use the default settings. It isn't a problem for government agencies in the Saudi market, but many of the corporations in India are small or medium-sized enterprises that cannot afford that kind of ingestion system. Splunk needs to be tweaked in JSON so you can limit what is coming from the endpoints, especially the events. One needs to filter that out so that only certain events are ingested, like login failures, Active Directory changes, password reset requests, privilege modifications, etc. Each Windows machine generates about 310 KB of information per event, but we can tweak that down to about 50 KB.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable feature is the capability of the command used by the machine so that we see the kind of performance that is running."

"The dashboard is very good and you can consider it as an interactive UI."

"Their EDR solution, the ability to mitigate issues through their command line, is probably the best feature that we've had. We use that all the time. It's very useful for doing investigations."

"Immediately we can pick up the computers in the network if any malicious operation that is triggered."

"I haven't had any issues with the solution. Stability-wise, I rate the solution a ten out of ten."

"Cybereason's threat hunting and investigation are the most valuable features. Threat hunting is a user-friendly feature that keeps you safe. Investigation offers an added value that I haven't seen with other EDR services. It allows you to find specific policy problems within your environment."

"The initial setup process is straightforward."

"Cybereason absolutely enables us to mitigate and isolate on the fly. Our managed detection response telemetry has dropped dramatically since we began using it. It's very top-of-mind. We were running some tabletop exercises and none of the detections were getting triggered by the managed security services provider. So we needed to find a solution that would trigger high-fidelity alerts. That was Cybereason and it dramatically changed our landscape from the detection and response perspective."

More Cybereason Endpoint Detection & Response pros

"The ability to analyze huge amounts of sales data and accurate prediction of sales forecasting is the most valuable feature."

"Splunk Enterprise Security offers two valuable features: the Common Information Model and arrangement modules."

"Splunk gives my clients the ability to bring multiple, disparate types of data together, then correlate and report on them."

"The solution's newly developed dashboard is pretty amazing."

"We were able to create a catalog of dashboards and have a holistic view at all levels. We could understand our business much better. Real-time errors, which were buried in emails before now, surfaced up on dashboards."

"The most valuable feature is the incident dashboard, and the extensive use of correlation searches, which isn't available with a standard Splunk search package. This feature is important to me because it enables SOC analysts to do their job more efficiently and be able to investigate or mediate incidents at a faster pace."

"Splunk incorporates a lot of elements that help to reduce security risks. For it to reach certain compliance, we need to have some security insight. Splunk is a very good SIEM, it’s a top solution, but the best feature is its cost of visibility. We have all the most important features to detect vulnerabilities or risks."

"It is very easy to use and integrate. There are connectors for every technology."

More Splunk Enterprise Security pros

Cons

"There is room for improvement in the product features related to device control, particularly USB management."

"Cybereason does not have sandbox functionality."

"There can be problems with the EDI."

"The deployment on individual endpoints is more geared toward larger organizations. It might prove to be a bit too complicated for a smaller organization. You need to know what you're doing when you're deploying the sensor."

"The reporting feature needs improvement."

"The product's reporting isn't great."

"It should be more stable, and the sensor needs improvement in terms of connectivity."

"The network coverage becomes an issue most of the time."

More Cybereason Endpoint Detection & Response cons

"Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution."

"I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."

"Splunk Enterprise Security can provide more details and help CISOs resolve vulnerability situations better. The reason is that the tools we choose for data analysis and log collection cannot collect all the data and logs. Splunk Enterprise Security should help me with this, but it cannot."

"Splunk is such a large product. Allowing it to be more easily used by people who have not had a lot of training on it would be an improvement."

"I would like to see the asset and identity lookups be more automatic and less manual."

"The level of scalability depends on the license you have. You can expand or reduce it based on the environment. It does cost more money to scale, however."

"Professional support is great, but too expensive."

"Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk."

More Splunk Enterprise Security cons

Pricing and Cost Advice

"I had to go through a third-party to purchase it, which I wasn't really pleased about."

"Though it is not the cheapest solution but it fits our budget. We pay an annual licensing fee."

"On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing an eight."

"The pricing is manageable."

"In terms of pricing, it's a good solution."

"In terms of cost, this is a good choice for our needs."

"I do not have experience with the licensing of the product."

"We considered a few other solutions. Some were ridiculously overpriced, while others didn't have solutions for Mac endpoints. That was a deal-breaker because most of our organization is on Mac. It came down to two vendors: Cybereason and another. They had similar pitches and almost identical approaches, but in the end, Cybereason gave us the best value for our money."

More Cybereason Endpoint Detection & Response pricing and cost advice

"The price of Splunk is too high for our market."

"Splunk's cost is very high. They need to review the pricing. They have to go back and totally readdress the market."

"My customers have found the price of the solution to be high."

"The pricing is a little bit on the higher side, but looking at what Splunk provides us, it is reasonable."

"Splunk Enterprise Security is expensive. I would rate the cost an eight out of ten with ten being the most expensive."

"Personnel costs are saved by not having to involve the domain developers from multiple teams when tracing a problem that spans multiple platforms."

"The price of Splunk is reasonable."

"I am fine with the licensing, but in terms of the cost, it is expensive for the data that we have. We have an open discussion with our account rep about this."

More Splunk Enterprise Security pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.

See recommendations

814,649 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Computer Software Company

19%

Financial Services Firm

Manufacturing Company

Government

Financial Services Firm

16%

Computer Software Company

14%

Government

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What is your experience regarding pricing and costs for Cybereason Endpoint Detection & Response?

Comparison with other products showed it be cheaper than some larger competitors. Set up cost for us were cheaper as we already had users experienced with the product in other business units. Initi...

See all answers

What is your primary use case for Cybereason Endpoint Detection & Response?

We use the product for enhancing security postures by leveraging behavioral analytics and security engines effectively minimizing false positives and detecting threats.

See all answers

What do you like most about Cybereason Endpoint Detection & Response?

The interface is user-friendly.

See all answers

What SOC product do you recommend?

For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...

See all answers

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...

See all answers

How does Splunk compare with Azure Monitor?

Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...

See all answers

Comparisons

CrowdStrike Falcon vs Cybereason Endpoint Detection & Response

Compared 26% of the time

Darktrace vs Cybereason Endpoint Detection & Response

Compared 23% of the time

Microsoft Defender for Endpoint vs Cybereason Endpoint Detection & Response

Compared 9% of the time

SentinelOne Singularity Complete vs Cybereason Endpoint Detection & Response

Compared 7% of the time

IBM Security QRadar vs Cybereason Endpoint Detection & Response

Compared 1% of the time

More Cybereason Endpoint Detection & Response Competitors

Wazuh vs Splunk Enterprise Security

Compared 11% of the time

IBM Security QRadar vs Splunk Enterprise Security

Compared 9% of the time

Dynatrace vs Splunk Enterprise Security

Compared 8% of the time

Datadog vs Splunk Enterprise Security

Compared 4% of the time

AppDynamics vs Splunk Enterprise Security

Compared 4% of the time

More Splunk Enterprise Security Competitors

Product Reports

Buyer's Guide

Cybereason Endpoint Detection & Response

November 2024

Cybereason Endpoint Detection & Response report

Download Cybereason Endpoint Detection & Response product report

Buyer's Guide

Splunk Enterprise Security

October 2024

Download Splunk Enterprise Security product report

Also Known As

Cybereason EDR, Cybereason Deep Detect & Respond

No data available

Learn More

Video not available

Cybereason

Splunk

Overview

Cybereason's Endpoint Detection and Response platform detects in real-time both signature and non-signature-based attacks and accelerates incident investigation and response. Cybereason connects together individual pieces of evidence to form a complete picture of a malicious operation.

Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.

Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.

What are the key features?

Comprehensive Dashboards: Provide a holistic view of security operations.
Flexible Data Ingestion: Supports various data sources for better analysis.
Robust Log Aggregation: Centralizes log management for easier monitoring.
Machine Learning Toolkit: Enhances threat detection and prediction capabilities.
SIEM Capabilities: Integrates security information and event management.
Threat Intelligence: Utilizes external information to improve security measures.
Risk-Based Alerting: Prioritizes alerts based on the risk they pose.
Correlation Searches: Identifies and correlates security events effectively.

What benefits or ROI should users look for?

Enhanced Visibility: Improves monitoring across endpoints, networks, and users.
Faster Incident Response: Speeds up identification and resolution of security issues.
Reduced Alert Volumes: Lowers false positives and enhances signal-to-noise ratio.
Scalability: Adapts to growing and changing security needs.
Improved Security Operations: Integrates multiple security facets into one platform.

Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.

Sample Customers

Lockheed Martin, Spark Capital, DocuSign, Softbank Capital

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.

Buyer's Guide

Endpoint Detection and Response (EDR)

November 2024

Download Free Report

Find out what your peers are saying about CrowdStrike, Microsoft, SentinelOne and others in Endpoint Detection and Response (EDR). Updated: November 2024.

DOWNLOAD NOW

814,649 professionals have used our research since 2012.

We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.