Try our new research platform with insights from 80,000+ expert users

RSA enVision vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

RSA enVision
Ranking in Security Information and Event Management (SIEM)
36th
Average Rating
7.2
Reviews Sentiment
6.7
Number of Reviews
6
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Ranking in Security Information and Event Management (SIEM)
1st
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
304
Ranking in other categories
Log Management (1st), IT Operations Analytics (1st)
 

Mindshare comparison

As of February 2025, in the Security Information and Event Management (SIEM) category, the mindshare of RSA enVision is 0.3%, down from 0.5% compared to the previous year. The mindshare of Splunk Enterprise Security is 9.8%, down from 13.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

reviewer1093020 - PeerSpot reviewer
Though the solution offers good technical support, it needs to be made more user-friendly
I rate the initial setup a seven and a half out of ten. So, it's closer to seven. The tool is deployed in our organization on-premises with some test servers. In only two tests in a test environment, the deployment can be carried out. The deployment time only depends on the size of your infrastructure. If I limit the company's size, it will not take too much time. So, it can be done in seven to eight hours. Regarding the deployment process, we have managed some test servers, after which we need to install some agents. If you include more servers, you need to install more agents. If you want to use agent-based, I would say that it is totally up to the stakeholder. You will get some additional benefits if you can choose the agent since you will be more assured that less positive false positive results you will get from the tool. For deployment, one test server, a few deployment servers, and some policy configurations are done by the OEM with some local support. We used some Windows servers and Linux servers, and we installed some agents in different types of operating systems. So different versions of Linux and different versions of Windows. We also integrate some network devices like firewalls to integrate firewalls and logs. So, the amount of logs and firewalls is too much. I have to engage too many employees for deployment. So there are those for Linux servers, others for Windows servers, and the rest for network devices. One for SIEM policy creation and one for SIEM management administration is also required.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We developed around this solution and received excellent support from the company."
"The most valuable feature of this solution is the reporting."
"The most valuable feature is the management features. It's capable of managing large enterprises."
"The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten."
"Splunk allows us to customize processing and dashboards, which helps us take care of our customers' needs."
"Our clients use the solution to find any threats or vulnerabilities inside their environment."
"It has helped us look at modern technology, as well as penetrate our legacy systems, to see where the bottlenecks are."
"The solution is the market leader."
"The consolidated overview of all the events that come in through our environment and an easy-to-access interface for all our end users are valuable."
"The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time."
"It is user-friendly. It is more effective than other solutions. The support and help for troubleshooting and the documentation from Splunk make it very effective."
"The most valuable feature of Splunk is the management and built-in workflows."
 

Cons

"Licensing could be improved to be more oriented towards Managed Service Providers (MSPs)."
"In general, the solution currently isn't user-friendly."
"RSA enVision log manager is out of date and is not in use anymore."
"The integration could be easier, it should support more products."
"Splunk could have more built-in use case presets that customers can build on and customize."
"We'd like to see a more seamless cloud-based integration."
"While there aren't any major areas where the solution has to be improved, there are certain integrations that are still not available. I would specifically like to see legacy applications integrated."
"I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."
"We've sometimes faced issues with upgrades. The incident review dashboard sometimes breaks after updates. When we add a space or something in the description or anywhere in the SQL, the drill-down value may be reset with a blank value. Before rolling out any software, they should test it thoroughly and ensure clients won't have issues with the upgraded version. It should be compatible with all or most of the apps. All major issues must be addressed before rolling out the upgrade."
"This solution could be improved by better pricing in general and by easier installation."
"An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times."
"I would like the ability to view logs for specific instances and not have to pull the logs for the entire Cloud environment in Splunk."
 

Pricing and Cost Advice

"We no longer pay a licensing fee because it is out of date and don't pay for support."
"On a scale of one to ten, where one is low, and ten is high price, I rate the pricing a six."
"The Splunk Enterprise Security license is expensive."
"As a team, we prefer the old pricing model with a perpetual license. We are still evaluating the whole subscription-based model."
"It's a little bit expensive for a small to medium enterprise."
"Splunk licensing model might seem expensive but with all the gain in functionalities you will have compared to traditional SIEM solutions I think it’s worth the price."
"The price of Splunk Enterprise Security is high."
"It is expensive, but it is a good tool. It is worth the cost."
"The licensing costs are high for Splunk Enterprise Security."
"It's definitely worth it."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
838,640 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Manufacturing Company
14%
Computer Software Company
12%
Financial Services Firm
10%
Educational Organization
8%
Financial Services Firm
16%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about RSA enVision?
The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten.
What needs improvement with RSA enVision?
Licensing could be improved to be more oriented towards Managed Service Providers (MSPs). Perhaps offering different types of licensing would be beneficial, as it can be expensive for industries wi...
What advice do you have for others considering RSA enVision?
Overall, I would rate it a nine out of ten. I recommend using it, but it also depends on the needs and the budget. If I still had my company, I think we would continue using RSA enVision. However, ...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Overview

 

Sample Customers

BPS (SUISSE), Hypovereinsbank Germany, MAX Hamburgers, Infoplex, Neotel, Telus
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about RSA enVision vs. Splunk Enterprise Security and other solutions. Updated: January 2025.
838,640 professionals have used our research since 2012.