Splunk Enterprise Security vs Splunk ITSI (IT Service Intelligence) comparison

The compared Splunk Enterprise Security and Splunk ITSI (IT Service Intelligence) solutions aren't in the same category. Splunk Enterprise Security is ranked #1 in SIEM , with an average rating of 8.4, and holds a 11.2% mindshare in the category. Splunk ITSI (IT Service Intelligence) is ranked #4 in IMS , with an average rating of 8.2. Additionally, 93% of Splunk Enterprise Security users are willing to recommend the solution, compared to 97% of Splunk ITSI (IT Service Intelligence) users who would recommend it.

Splunk Enterprise Security

Read 303 Splunk Enterprise Security reviews

16,171 Views
13,494 Comparison Views

93% willing to recommend

Splunk ITSI (IT Service Int...

Read 49 Splunk ITSI (IT Service Intelligence) reviews

195 Views
114 Comparison Views

97% willing to recommend

Splunk Enterprise Security

Splunk ITSI (IT Service Int...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jul 31, 2024

Splunk Enterprise Security and Splunk ITSI compete in cybersecurity and IT operations. Splunk ITSI appears to have the upper hand due to its advanced features and overall value.

Features: Splunk Enterprise Security offers threat detection, incident response, and real-time monitoring. Splunk ITSI provides advanced analytics, predictive insights, and service monitoring capabilities.

Room for Improvement: Splunk Enterprise Security users suggest improvements in configuration and performance optimization. Splunk ITSI users seek better integration capabilities and more intuitive customization options. Both products can enhance user access and reporting efficiency.

Ease of Deployment and Customer Service: Splunk Enterprise Security reports prolonged deployment times and a need for better out-of-the-box solutions. Splunk ITSI receives better feedback on deployment simplicity and consistent customer support.

Pricing and ROI: Splunk Enterprise Security involves high setup costs and significant resource investment with satisfactory ROI. Splunk ITSI, despite its higher initial cost, is seen as offering better long-term value and a better perceived ROI.

To learn more, read our detailed Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence) Report (Updated: May 2023).

Buyer's Guide

Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence)

May 2023

Download the complete report

Helped 824,067 peers since 2012

Categories and Ranking

Splunk Enterprise Security

Average Rating

8.4

Reviews Sentiment

7.1

Number of Reviews

303

Ranking in other categories

Log Management (1st), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)

Splunk ITSI (IT Service Int...

Average Rating

8.2

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

Application Performance Monitoring (APM) and Observability (10th), IT Alerting and Incident Management (4th)

Featured Reviews

Avinash Gopu.

Associate VP & Cyber Security Specialist at US Bank

Offers good visibility into multiple environments, significantly reduces our alert volume, and speeds up our security investigations

There are limitations with Splunk not detecting all user activity, especially on mainframes and network devices. This is because Splunk relies on agents, which cannot access certain workstations. In these cases, we have to rely on application data. For example, with mainframes, manual reports are generated and sent to Splunk, limiting visibility to what's manually reported. This lack of automation for specific platforms needs improvement from Splunk. Additionally, API access is limited for other applications that rely on API calls and requests. This requires heavy customization on Splunk's end. These are the main challenges we've encountered. Monitoring multiple cloud platforms, like Azure, GCP, and AWS, with Splunk Enterprise Security presents some challenges. While Splunk provides different connectors for each provider, consolidating data from two domains across distinct cloud environments can be complex. However, leveraging pre-built templates and Splunk's data collation capabilities can help overcome these hurdles. Despite initial difficulties, I believe Splunk can effectively address this task, earning it an eight out of ten rating for its multi-cloud monitoring capabilities. While Splunk Enterprise Security offers insider threat detection capabilities, its effectiveness could be enhanced by integrating with additional tools, such as endpoint security solutions. This integrated approach is particularly crucial for financial institutions, which often require dedicated endpoint security teams. While using multiple tools is valuable, further improvements within Splunk itself are also necessary. Considering both external integration and internal development, I would rate its current insider threat detection capabilities as three out of ten. Threat detection is where Splunk falls behind. While it offers tools, other use cases require additional work. PAM is an enterprise tool that centralizes information about users, servers, and everything else. It needs real-time monitoring, which I haven't seen in any of the companies I've worked for. They only rely on Splunk for alerting, but real-time monitoring should be handled by the endpoint security team's tools. This means there's no detection or analysis at the machine or endpoint level. Additionally, threat analysis reporting is also absent.

Read full review

Sunil K R

Senior Software Engineer at Wipro Limited

Helps improve our incident response time, and our mean time to resolve, but visibility is limited

In my previous project, I successfully led the end-to-end deployment of a Splunk migration. The process went smoothly thanks in part to Splunk's professional services team. They conducted a thorough assessment, identified all our potential pain points, and developed a tailored solution and migration plan. This comprehensive approach ensured a seamless transition. Our core deployment team consisted of 5 internal members and two specialists from Splunk. Additionally, the project included a project manager and a product owner. We also benefited from the expertise of two professional service consultants and two representatives from the customer's side. An on-site admin architect further provided valuable technical support. Throughout the deployment process, we leveraged support from various resources whenever necessary. This included assistance with configuration changes, deployments, and other related tasks. We also collaborated effectively with our teammates to ensure a smooth and successful implementation.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Splunk helps us be more proactive. We can take predictive action to identify and block threats so that nothing harmful gets into the system."

"If I need to integrate devices for logs, it is easier with Splunk. We can integrate different applications, network devices, and databases. It is also very rich in documents. It is the best."

"Deployment server for deploying changes in one go."

"The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature."

"I like Splunk's automated threat detection and orchestration capabilities. Splunk offers a single solution for analyzing, aggregating, correlating, monitoring, reporting, visualizing, etc. You can get all of these capabilities in one place. On top of that, it provides a cloud, testing, on-premise, and hybrid solution, giving customers more flexibility for their use cases."

"Splunk Enterprise Security allows us to create custom dashboards by changing fonts and modifying widgets."

"Search language is easy to understand and teach to new users."

"The client site login is pretty extensible and probably cost-effective."

More Splunk Enterprise Security pros

"Splunk ITSI can be easily integrated with the incident management platform. You can automate workflows and certain actions can be taken."

"The most valuable features are the mapping of the entities, which provides a comprehensive analysis, and the service analyzer for thresholding."

"The flexibility to develop and consolidate many solutions into one platform is great."

"ITSI includes a feature called a glass table."

"The most valuable features of Splunk ITSI are event analytics and service insight."

"We can automate routine tasks. We're able to create alerts, reports, scheduled searches, et cetera. It's helping us to save time."

"We liked the built-in calculation of health scores."

"The solution is easy to scale."

More Splunk ITSI (IT Service Intelligence) pros

Cons

"Free-floating panels in the dashboards are like a glass table."

"DMC should be a little more intuitive with better dashboarding. Seeing the cause of data flow can be tough to track down."

"Due to its high licensing cost, Splunk is out of reach for many organizations."

"Previously, they developed custom connectors or add-ons for a lot of applications. But that number can be upgraded still. There are a lot of applications in the world that are not supported."

"While there aren't any major areas where the solution has to be improved, there are certain integrations that are still not available. I would specifically like to see legacy applications integrated."

"We were inundated with the amount of alerts and alarms that we could get out of it. It is also a resource hog and we didn't have the resources to support it on-prem so we're taking it offline now."

"The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more."

"If you monitor too much, you can lose performance on your systems."

More Splunk Enterprise Security cons

"The user interface visualization could be improved."

"ITSI currently lacks the capability for automated response, mitigation, and remediation."

"The dashboard queries should be improved. More queries should be suggested in order to produce better dashboards."

"The dashboard function inside the individual episodes, not at the ITSI Notable Event Aggregation Policy level but actually at the correlation search layer, is an area where improvements are required."

"We're getting alerts with delays of maybe five minutes, however, we'd like to see real-time alerting in the future."

"When we check the service analyzer, and we have custom inputs, there are issues."

"They should make it easier to use. Many people are new to it. It is hard and has a steep learning curve."

"The problem becomes the price, as Splunk is an expensive product."

More Splunk ITSI (IT Service Intelligence) cons

Pricing and Cost Advice

"The pricing seems good relative to the other vendors that we have had here. However, they need to find ways to be more flexible with the licensing and be able to deal with situations where we start generating more logs. Maybe having some controls in the Splunk interface to turn it off, so we don't have to change anything in our application."

"My customers have found the price of the solution to be high."

"Splunk Enterprise Security's pricing is based on data volume, which generally suits large enterprises."

"Splunk Enterprise Security is an expensive solution."

"ROI is estimated at saving my team roughly 10 to 12 man hours per week in troubleshooting for our company as well as what our profits had been from our services of installing, configuring, and supporting other clients with the product."

"Splunk Enterprise Security is expensive."

"In terms of pricing, I believe Splunk is unreasonably costly for the majority of mid and small-sized companies."

"The license for Splunk Enterprise Security is expensive."

More Splunk Enterprise Security pricing and cost advice

"I know that it is expensive, but I do not think there is another solution that can do similar things for that price."

"Pricing was pretty good, and it is possible to just add on the features we want."

"Splunk ITSI is an expensive tool, and we need to purchase the utility license."

"Splunk ITSI is a pay-per-use service that is priced fairly based on the amount of data we use."

"Splunk ITSI is expensive compared to other tools."

"Its pricing has been changed as per the market. You get a good support service with it as well. They have 24/7 customer support. There is a portal, and if you are having issues, they are available in order to resolve them. So, its pricing isn't too much."

"Pricing has some room for improvement."

"It depends on how big an organization is. If we have a lot of resources, the licensing needs to be upgraded. If we have a small environment, the licensing cost is definitely going to be less."

More Splunk ITSI (IT Service Intelligence) pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

824,067 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Financial Services Firm

15%

Computer Software Company

14%

Government

Manufacturing Company

Financial Services Firm

20%

Computer Software Company

13%

Government

13%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What SOC product do you recommend?

For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...

See all answers

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...

See all answers

How does Splunk compare with Azure Monitor?

Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...

See all answers

What do you like most about Splunk ITSI (IT Service Intelligence)?

Our mean time to detect is down to five minutes.

See all answers

What is your experience regarding pricing and costs for Splunk ITSI (IT Service Intelligence)?

Splunk ITSI is expensive compared to other tools.

See all answers

What needs improvement with Splunk ITSI (IT Service Intelligence)?

Currently, Glass tables in ITSI only display metrics related to KPIs. I proposed adding an option to show metrics related to entities. This would eliminate the need for custom SPL to achieve this f...

See all answers

Comparisons

Wazuh vs Splunk Enterprise Security

Compared 10% of the time

IBM Security QRadar vs Splunk Enterprise Security

Compared 9% of the time

Dynatrace vs Splunk Enterprise Security

Compared 8% of the time

Datadog vs Splunk Enterprise Security

Compared 5% of the time

Sentinel vs Splunk Enterprise Security

Compared 4% of the time

More Splunk Enterprise Security Competitors

ServiceNow IT Operations Management vs Splunk ITSI (IT Service Intelligence)

Compared 19% of the time

Dynatrace vs Splunk ITSI (IT Service Intelligence)

Compared 13% of the time

Elastic Observability vs Splunk ITSI (IT Service Intelligence)

Compared 10% of the time

Splunk APM vs Splunk ITSI (IT Service Intelligence)

Compared 9% of the time

Amazon OpenSearch Service vs Splunk ITSI (IT Service Intelligence)

Compared 3% of the time

More Splunk ITSI (IT Service Intelligence) Competitors

Product Reports

Buyer's Guide

Splunk Enterprise Security

November 2024

Download Splunk Enterprise Security product report

Buyer's Guide

Splunk ITSI (IT Service Intelligence)

October 2024

Splunk ITSI (IT Service Intelligence) report

Download Splunk ITSI (IT Service Intelligence) product report

Learn More

Splunk

Overview

Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.

Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.

What are the key features?

Comprehensive Dashboards: Provide a holistic view of security operations.
Flexible Data Ingestion: Supports various data sources for better analysis.
Robust Log Aggregation: Centralizes log management for easier monitoring.
Machine Learning Toolkit: Enhances threat detection and prediction capabilities.
SIEM Capabilities: Integrates security information and event management.
Threat Intelligence: Utilizes external information to improve security measures.
Risk-Based Alerting: Prioritizes alerts based on the risk they pose.
Correlation Searches: Identifies and correlates security events effectively.

What benefits or ROI should users look for?

Enhanced Visibility: Improves monitoring across endpoints, networks, and users.
Faster Incident Response: Speeds up identification and resolution of security issues.
Reduced Alert Volumes: Lowers false positives and enhances signal-to-noise ratio.
Scalability: Adapts to growing and changing security needs.
Improved Security Operations: Integrates multiple security facets into one platform.

Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.

Splunk IT Service Intelligence (ITSI) is a powerful analytics-driven monitoring and analytics solution that provides real-time insights into the health and performance of IT services.

It enables organizations to proactively identify and resolve issues, optimize service delivery, and improve overall IT operations. With its advanced machine learning capabilities, ITSI automatically detects anomalies, predicts future events, and prioritizes alerts based on business impact.

The solution offers a centralized view of IT services, allowing users to visualize and analyze data from multiple sources in a single dashboard. ITSI also provides customizable KPIs, service-level agreements (SLAs), and key performance indicators (KPIs) to measure and track service performance.

With its intuitive interface and powerful analytics capabilities, Splunk ITSI empowers IT teams to deliver reliable and efficient services, ensuring maximum uptime and customer satisfaction.

Sample Customers

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.

TransUnion, Cox Automotive, Carnival Cruises, Leidos, Econocom, National Ignition Factory, Entrust Datacard, Molina Healthcare, United States Census Bureau

Buyer's Guide

Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence)

May 2023

Free Report: Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence)

Find out what your peers are saying about Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence) and other solutions. Updated: May 2023.

DOWNLOAD NOW

824,067 professionals have used our research since 2012.

See our Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence) report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.