Splunk Enterprise Security and Splunk ITSI compete in cybersecurity and IT operations. Splunk ITSI appears to have the upper hand due to its advanced features and overall value.
Features: Splunk Enterprise Security offers threat detection, incident response, and real-time monitoring. Splunk ITSI provides advanced analytics, predictive insights, and service monitoring capabilities.
Room for Improvement: Splunk Enterprise Security users suggest improvements in configuration and performance optimization. Splunk ITSI users seek better integration capabilities and more intuitive customization options. Both products can enhance user access and reporting efficiency.
Ease of Deployment and Customer Service: Splunk Enterprise Security reports prolonged deployment times and a need for better out-of-the-box solutions. Splunk ITSI receives better feedback on deployment simplicity and consistent customer support.
Pricing and ROI: Splunk Enterprise Security involves high setup costs and significant resource investment with satisfactory ROI. Splunk ITSI, despite its higher initial cost, is seen as offering better long-term value and a better perceived ROI.
Splunk's cost is justified for large environments with extensive assets.
If you want to write your own correlation rules, it is very difficult to do, and you need Splunk's support to write new correlation rules for the SIEM tool.
The technical support for Splunk met my expectations.
The technical support is excellent, and I would rate it at ten.
It is easy to scale.
They struggle a bit with pure virtual environments, but in terms of how much they can handle, it is pretty good.
Splunk is highly scalable, with the ability to expand efficiently.
It provides a stable environment but needs to integrate with ITSM platforms to achieve better visibility.
It is very stable.
The setup, however, must be done correctly as incorrect deployment can lead to issues.
Splunk Enterprise Security would benefit from a more robust rule engine to reduce false positives.
What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel.
Data retention can be better. If we want to look at the data for five months or six months, that is not available to us. We only have a history of 20 or 30 days.
Splunk ITSI could benefit from including more features that other solutions support, such as vulnerability management modules.
The platform requires significant financial investment and resources, making it expensive despite its comprehensive features.
I saw clients spend two million dollars a year just feeding data into the Splunk solution.
Splunk is priced higher than other solutions.
Splunk ITSI tends to be more expensive compared to some open-source solutions.
This capability is useful for performance monitoring and issue identification.
They have approximately 50,000 predefined correlation rules.
Splunk Enterprise Security's most valuable features are its stability and the robust Splunk Search Processing Language.
Splunk ITSI allows for integration with threat intelligence, enabling my organization to correlate more than two events for generating alerts.
Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.
Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.
What are the key features?Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.
Splunk IT Service Intelligence (ITSI) is a powerful analytics-driven monitoring and analytics solution that provides real-time insights into the health and performance of IT services.
It enables organizations to proactively identify and resolve issues, optimize service delivery, and improve overall IT operations. With its advanced machine learning capabilities, ITSI automatically detects anomalies, predicts future events, and prioritizes alerts based on business impact.
The solution offers a centralized view of IT services, allowing users to visualize and analyze data from multiple sources in a single dashboard. ITSI also provides customizable KPIs, service-level agreements (SLAs), and key performance indicators (KPIs) to measure and track service performance.
With its intuitive interface and powerful analytics capabilities, Splunk ITSI empowers IT teams to deliver reliable and efficient services, ensuring maximum uptime and customer satisfaction.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.