SECDO Platform vs Splunk SOAR comparison

The compared Palo Alto Networks and Splunk solutions aren't in the same category. Palo Alto Networks is ranked #10 in IRP , and holds a 1.6% mindshare in the category. Splunk is ranked #3 in SOAR , with an average rating of 8.1, and holds a 8.8% mindshare. Additionally, 75% of Palo Alto Networks users are willing to recommend the solution, compared to 87% of Splunk users who would recommend it.

SECDO Platform

Read 3 SECDO Platform reviews

177 Views
41 Comparison Views

75% willing to recommend

Splunk SOAR

Read 43 Splunk SOAR reviews

5,505 Views
3,291 Comparison Views

87% willing to recommend

SECDO Platform

Splunk SOAR

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between SECDO Platform and Splunk SOAR based on real PeerSpot user reviews.

Find out what your peers are saying about VMware, ServiceNow, IBM and others in Security Incident Response.

To learn more, read our detailed Security Incident Response Report (Updated: October 2024).

Buyer's Guide

Security Incident Response

October 2024

Download the complete report

Helped 814,763 peers since 2012

Categories and Ranking

SECDO Platform

Average Rating

9.0

Number of Reviews

Ranking in other categories

Security Incident Response (10th), Endpoint Detection and Response (EDR) (68th)

Splunk SOAR

Average Rating

8.2

Number of Reviews

Ranking in other categories

Security Orchestration Automation and Response (SOAR) (3rd)

Mindshare comparison

While both are Security Software solutions, they serve different purposes. SECDO Platform is designed for Security Incident Response and holds a mindshare of 1.6%, down 2.4% compared to last year.
Splunk SOAR, on the other hand, focuses on Security Orchestration Automation and Response (SOAR), holds 8.8% mindshare, down 9.8% since last year.

Security Incident Response

Security Orchestration Automation and Response (SOAR)

Featured Reviews

reviewer1643085

Founder/ CEO

Aug 3, 2021

Great documentation, good technical support, and very in-depth

The initial setup can be complex. I would advise users to leverage all of the access with Palo Alto, in terms of setting up with the technical account management teams. They need to ensure that what they have in mind for the product is actually going to be what happens. I have not run into any problems with deploying the product. Any of their security products are well-documented, either with open source intelligence or the documentation from Palo Alto. We had a client with less than a thousand users that received a dedicated engineer and a technical account manager that was able to walk them through the first 90 days of ownership. The support is certainly there.

Read full review

Ryan Plas

SOAR Engineer at Accenture Federal Services

Jun 12, 2024

Offers playbook automation that helps reduce the manual and tedious work for users

When it comes to Splunk SOAR's ability to provide end-to-end visibility into our company's cloud-native environment, I would say that we are not using the cloud portions of it. I don't know if that's super relevant to what we are doing in our organization. I am 100 percent sure that Splunk SOAR helped reduce your mean time to resolve, but I don't have any metrics on hand but I know it has dramatically decreased. The tool has helped with the business resilience part. I think having it as a platform has been a solid portion of the product that we offer to people. Spunk SOAR has definitely saved my time in alert triage. When some of the tedious enrichment and lookup stuff happens, the analyst doesn't have to deal with such areas, and they can just jump in and see relevant data all in one pane of glass, which has been super helpful for speeding things up. The unified platform helps consolidate networking, security, and IT observability tools. The consolidation of tools impacts our organization as it just helps focus the SOC analyst on a single unified place to find information. It helps keep things streamlined and regular so they know where to look for certain stuff they want. It really helps people with training. It is a really easy tool to onboard people into because everything is right there in the product itself. The product is really great. I would love to see more SOAR innovation going into the tool, especially the on-premises version since it is what we use in our company. I feel the tool needs to encourage continuous improvements, but as a product itself, my company is really happy with the solution. I rate the tool an eight out of ten.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Technical support is great. Palo Alto is extremely helpful and responsive."

"It basically automates the entire alert investigation process."

"The ease of deployment is a valuable feature."

"Very flexible integration with other tools"

"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."

"The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools."

"The most valuable feature of the solution is the playbook automation just because it allows us to reduce the manual actions that SOC has to handle."

"SOAR allows custom code to be written and integrates with various technologies through pre-built apps like Windows Remote Management or custom apps we can build ourselves like a secret retrieval app from our vault."

"Its ability to integrate with other systems and applications in our environment is pretty easy. Sometimes if we see any complexity we try to involve a consultant to help us. Everything is through the built-in app. Splunk can connect to any assets through the built-in app. It could be in a platform, firewalls, or endpoints. It's easy if it's an app integration."

"Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task."

"So far, the interface is very easy to use."

More Splunk SOAR pros

Cons

"Many will try to use this as an out-of-the-box solution, however, it needs to be configured to fit what a company would like to do with it."

"Maybe the notifications setting could use a simpler setting."

"The price should be reduced in order to be more competitive in the market."

"The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement."

"Splunk's support for integration is subpar and has room for improvement."

"In my opinion, the focus should be on improving its simplicity, specifically the interface, and configuration."

"And most of the challenges that I have faced with the solution can be found in the documentation itself."

"Creating playbooks using the solution’s playbook editor, for me, is very cumbersome. There have been instances where I have said to myself that I just don't want to use this editor. I might just use a code block and write my own code within it... The functionality in the playbook editor is 80 percent there, but that 20 percent is still lacking. They could make it more efficient."

"There is a lot of room for improvement with the UI."

"It would be ideal for us if Splunk SOAR could integrate with Teams."

"SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks."

More Splunk SOAR cons

Pricing and Cost Advice

"Be sure of the actual number of endpoints in your company."

"The price of this solution is the highest in the market, although there are no costs in addition to the standard licensing fees."

"Splunk SOAR is more expensive compared to other options for SOAR."

"We renewed it this year. This year was the first time there was a dramatic increase in the price. It was kind of non-negotiable. It was just a high increase. We had internal communications, and it was definitely a surprise to us. In a short time frame, we renewed it this year. Prices are going up everywhere, but they are not always justifiable, at least not to our eyes. The pricing this year was definitely a big shock."

"It's very overpriced because it is based on the number of users. There is no bulk licensing."

"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."

"The cost is high and the licensing is on an annual basis."

"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."

"The tool is not cheap."

"I found the price of Splunk SOAR to be good."

More Splunk SOAR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Incident Response solutions are best for your needs.

See recommendations

814,763 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

19%

Financial Services Firm

14%

Manufacturing Company

Real Estate/Law Firm

Computer Software Company

15%

Financial Services Firm

13%

Manufacturing Company

11%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

Ask a question

Earn 20 points

What do you like most about Splunk Phantom?

Splunk SOAR's quick response to incidents is the most valuable part.

See all answers

What is your experience regarding pricing and costs for Splunk Phantom?

I rate Splunk SOAR two out of 10 for affordability. Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all ...

See all answers

What needs improvement with Splunk Phantom?

The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginne...

See all answers

Comparisons

Palo Alto Networks Cortex XSOAR vs SECDO Platform

Compared 57% of the time

Fortinet FortiSOAR vs SECDO Platform

Compared 43% of the time

More SECDO Platform Competitors

Cortex XSIAM vs Splunk SOAR

Compared 26% of the time

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Compared 20% of the time

ServiceNow Security Operations vs Splunk SOAR

Compared 8% of the time

Tines vs Splunk SOAR

Compared 8% of the time

Torq vs Splunk SOAR

Compared 7% of the time

More Splunk SOAR Competitors

Product Reports

Buyer's Guide

Security Incident Response

October 2024

Download SECDO Platform product report

Buyer's Guide

Splunk SOAR

October 2024

Download Splunk SOAR product report

Also Known As

No data available

Phantom

Learn More

Palo Alto Networks

Splunk

Overview

SECDO enables security teams to identify and remediate incidents fast. Using thread-level endpoint monitoring and causality analytics, SECDO provides visibility into every endpoint along with the context necessary for understanding whether a suspicious activity is a genuine threat. Unique deception techniques force threats like ransomware out into the open early, and trigger automated containment and remediation.

SECDO provides the most intuitive investigation experience available so you can quickly unravel complex incidents across the organization. You can investigate incidents detected by SECDO as well as alerts from the SIEM. SECDO visualizes the attack chain so you immediately understand the “who, what, where, when and how” behind the incident. Then, based on an analysis of exactly how endpoints were compromised, SECDO surgically remediates the incident with minimum user impact.

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Sample Customers

Valley National Bank, IDT Corporation

Recorded Future, Blackstone

Buyer's Guide

Security Incident Response

October 2024

Download Free Report

Find out what your peers are saying about VMware, ServiceNow, IBM and others in Security Incident Response. Updated: October 2024.

DOWNLOAD NOW

814,763 professionals have used our research since 2012.

We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.