Splunk Enterprise Security and Logpoint compete in the SIEM solution market. Splunk Enterprise Security stands out due to its advanced data searching capabilities and integration options, making it a stronger contender.
Features: Splunk Enterprise Security is known for its ease of searching large data volumes, advanced operational intelligence, and high scalability. It features innovative data collection methods, flexible search capabilities, and robust machine learning and data visualization tools. Conversely, Logpoint integrates SIEM and SOAR into a single platform, boasts user-friendliness, and offers straightforward and cost-effective licensing. It supports effective integration with good out-of-the-box use cases for a comprehensive yet less complex solution.
Room for Improvement: Splunk Enterprise Security could enhance operational workflows and streamline its setup, as well as improve SOC ticketing and real-time threat detection capabilities. Its pricing is steep for smaller enterprises. Logpoint needs to improve its visualization features and make complex rule creation more intuitive. Stability during high-volume deployments and user interface enhancements are also necessary. It lacks the depth of Splunk's pre-built integrations and incident response functionalities.
Ease of Deployment and Customer Service: Splunk Enterprise Security offers flexibility with deployments on public, hybrid, and on-premises platforms. Although it has strong online community support, technical support response times need improvement. Logpoint offers easy on-premises deployment, praised for its simple licensing and user-friendly approach. However, there is room for improvement in extending support availability globally.
Pricing and ROI: Splunk Enterprise Security is perceived as expensive, with pricing based on daily data ingestion. However, its comprehensive features justify the high cost with substantial ROI through enhanced security and efficiencies. Logpoint provides predictable pricing based on the number of devices, appealing to those seeking cost control. While it may not provide the same depth as Splunk, it is a cost-effective alternative for budget-conscious organizations.
For smaller organizations, other products may provide better value for money.
Logpoint's customer support is not sufficient with only one engineer in the US.
If you want to write your own correlation rules, it is very difficult to do, and you need Splunk's support to write new correlation rules for the SIEM tool.
The technical support for Splunk met my expectations.
It is web-based and accommodates the expansion of our organization.
They struggle a bit with pure virtual environments, but in terms of how much they can handle, it is pretty good.
It provides a stable environment but needs to integrate with ITSM platforms to achieve better visibility.
It is very stable.
Dealing with foreign entities for support was a challenge, leading us to switch providers due to lack of adequate support.
An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.
Splunk Enterprise Security would benefit from a more robust rule engine to reduce false positives.
I saw clients spend two million dollars a year just feeding data into the Splunk solution.
Splunk is priced higher than other solutions.
The UEBA enables us to monitor at the device level, and SOAR provides playbooks and templates that we can modify and incorporate into the platform.
The Splunk Enterprise Security's threat-hunting capabilities have been particularly useful in later releases.
They have approximately 50,000 predefined correlation rules.
Logpoint is a cutting-edge security information and event management (SIEM) solution that is designed to be intuitive and flexible enough to be used by an array of different businesses. It is capable of expanding according to its users' needs.
Benefits of Logpoint
Some of the benefits of using Logpoint include:
Reviews from Real Users
Logpoint is a security and management solution that stands out among its competitors for a number of reasons. Two major ones are its data gathering and artificial intelligence (AI) capabilities. Logpoint enables users to not only gather the data, but also to maximize both the amount of data that can be gathered and its usefulness. It removes many of the challenges that users may face in data collection. The solution allows users to set rules for collection and then it pulls information from sources that meet the rules that have been set. This data is then broken into manageable segments and ordered. Users can then analyze these ordered segments with ease. Additionally, LogPoint utilizes both machine learning and AI technology. Users gain the ability to protect themselves from and if necessary resolve emerging threats as soon as they arise. The AI sets security parameters for a user’s system. These act as a baseline that are triggered and notify the user if anything deviates from the rules that it set up.
The chief infrastructure & security officer at a financial services firm writes, “It is a very comprehensive solution for gathering data. It has got a lot of capabilities for collecting logs from different systems. Logs are notoriously difficult to collect because they come in all formats. Logpoint has a very sophisticated mechanism for you to be able to connect to or listen to a system, get the data, and parse it. Logs come in text formats that are not easily parsed because all logs are not the same, but with Logpoint, you can define a policy for collecting the data. You can create a parser very quickly to get the logs into a structured mechanism so that you can analyze them.”
A. Secca., a Cyber Security Analyst at a transportation company, writes, “It is an AI technology because it is using machine learning technology. So far, there is nothing better out there for UEBA in terms of monitoring endpoints and user activity. It is using machine learning language, so it is right at the top. It provides that capability and monitors all of the user’s activities. It devises a baseline and monitors if there is any deviation from the baseline.”
Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.
Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.
What are the key features?Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
