Try our new research platform with insights from 80,000+ expert users

Splunk Enterprise Security vs Trellix Helix comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 29, 2024
 

Categories and Ranking

Splunk Enterprise Security
Ranking in Security Information and Event Management (SIEM)
1st
Average Rating
8.4
Number of Reviews
301
Ranking in other categories
Log Management (1st), IT Operations Analytics (1st)
Trellix Helix
Ranking in Security Information and Event Management (SIEM)
32nd
Average Rating
8.8
Number of Reviews
10
Ranking in other categories
Security Incident Response (7th)
 

Mindshare comparison

As of November 2024, in the Security Information and Event Management (SIEM) category, the mindshare of Splunk Enterprise Security is 10.9%, down from 14.3% compared to the previous year. The mindshare of Trellix Helix is 0.5%, down from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Sameep Agarwal. - PeerSpot reviewer
Oct 23, 2023
It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query
The ingestion happens quickly, so you can run up the data costs if you use the default settings. It isn't a problem for government agencies in the Saudi market, but many of the corporations in India are small or medium-sized enterprises that cannot afford that kind of ingestion system. Splunk needs to be tweaked in JSON so you can limit what is coming from the endpoints, especially the events. One needs to filter that out so that only certain events are ingested, like login failures, Active Directory changes, password reset requests, privilege modifications, etc. Each Windows machine generates about 310 KB of information per event, but we can tweak that down to about 50 KB.
Abanoub Alfy - PeerSpot reviewer
May 15, 2023
Helps prevent email attacks, like phishing and email spoofing attacks
We use Trellix Helix for protection against network attacks, TLS, and SSL attacks. We also use the solution for user behaviour accesses Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks. Trellix Helix's configuration and learning could be improved to identify…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Splunk Enterprise Security is a valuable tool that allows us to monitor data from the APS daily."
"Three features stand out for me: the SDK for writing Python, the customizable and adaptable diagnostic dashboard, and the optimizer for collecting data."
"We saw the granularity that we could get from Splunk far exceeded what we already had. We had the ability to have our security team really focus on the platform and stay within the platform, but they could correlate with a variety of other stakeholders, and our stakeholders were growing."
"UBA, User Behavior Analytics, is a key feature."
"The solution has made us more secure."
"Exporting is a good feature. It helps me out when I have to do reports. I do a lot of exporting and crunching of the numbers. Dashboards are okay for showing to the leadership, but for doing statistics and updating tickets, the export feature is very beneficial for me."
"I like Splunk's automated threat detection and orchestration capabilities. Splunk offers a single solution for analyzing, aggregating, correlating, monitoring, reporting, visualizing, etc. You can get all of these capabilities in one place. On top of that, it provides a cloud, testing, on-premise, and hybrid solution, giving customers more flexibility for their use cases."
"Its huge, versatile AppBase helped me to configure and bring data from different sources to a unified platform."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs."
"We are able to block some advanced malware and other things."
"The most valuable features include predefined use cases and threatening states."
"We have started working with various customers, one of whom is particularly concerned about adjacency. We have identified several use cases where automation is possible."
"Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks."
"The integration is very useful and very easy. You can have an API connection with any cloud and I'll be able to do both ways of communication with the help of APA."
"As far as its core functionality goes, it’s spot-on."
 

Cons

"The Splunk platform is not unified. We have all of these different tools and they feel a bit disjointed."
"The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed."
"Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature. A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable. I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure."
"I do not like the pricing model. It is expensive."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
"It's difficult to set up initially, and their billing model is also a bit complicated."
"The GUI could be improved to include some of the capabilities that other BI solutions have. The layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code."
"Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution."
"Trellix needs to address the price for the product to be more appealing to customers."
"FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer."
"There is room for improvement in the integration capabilities of third-party tools."
"We often rely on Martins to create logs and provide professional threat services rather than basic support."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
"Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains."
"It should have more cloud connectors. It could also be cheaper."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
 

Pricing and Cost Advice

"I think the price could be improved."
"While some clients find the cost of Splunk Enterprise Security to be on the higher end, its pricing is comparable to other SIEM solutions."
"Pricing can be a limiting factor. You have to continuously tune what you are bringing in and make sure what you bring in is of value."
"I remember Splunk being relatively affordable. Kibana was more reasonable, but you get more with Splunk. If I was suggesting something, I would probably suggest Splunk because it is better to pay a little bit more and get a lot more."
"The pricing is a little bit on the higher side, but looking at what Splunk provides us, it is reasonable."
"Splunk licensing model might seem expensive but with all the gain in functionalities you will have compared to traditional SIEM solutions I think it’s worth the price."
"Splunk is really expensive compared to all the other tools on the market, including Microsoft Sentinel."
"Its price is fair. Like with anything else, if you go into the cloud, different providers cost more, and you are able to throttle back or throttle up. The cost is comparable with anything else."
"I rate Trellix Helix a five out of ten for pricing."
"The price could be better. But I think it's rightly placed when we buy everything in one shot, and we get some discount for that. That's how we basically plan our deployment, and it's holistic. We pay for the license yearly."
"It could be cheaper, but that applies to every product."
"FireEye Helix is a little expensive."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Computer Software Company
14%
Government
9%
Manufacturing Company
8%
Computer Software Company
16%
Comms Service Provider
13%
Manufacturing Company
11%
Financial Services Firm
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
What do you like most about FireEye Helix?
Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks.
What needs improvement with FireEye Helix?
There is room for improvement in the integration capabilities of third-party tools. It has no problem connecting all solutions to Helix. Right now, we only connect one of Trellix's appliances to th...
 

Also Known As

No data available
FireEye Helix, FireEye Threat Analytics
 

Learn More

Video not available
 

Overview

 

Sample Customers

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Police Bank, Verisk Analytics, Teck Resources
Find out what your peers are saying about Splunk Enterprise Security vs. Trellix Helix and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.