Splunk Enterprise Security Reviews

The solution is used to detect and protect against threats using a hypervisor infrastructure that works with artificial intelligence. 

There are a lot of third-party applications that can be installed. You get a lot of good visibility on your infrastructure regarding risk. It's very data-driven, and it integrates into systems well. 

We are able to monitor multiple cloud environments with Splunk. Each data source has different stuff that requires monthly payments. 

I have used its threat intelligence management function. It can be a very useful feature for customers. 

The MITRE ATT&CK framework is helpful for helping uncover the scope of incidents. It offers a good level of simplicity.

Splunk Enterprise Security is great for analyzing malicious activities and detecting breaches.

It's costly. 

The data speed between apps could be improved. It could be faster. 

I've been using the solution for 2 years.

The stability is mostly fine. 

I haven't attempted to scale the solution. I'm not 100% sure of how well it scales. 

The technical support is very good. They also offer a lot of basic resources. 

Positive

I'm also familiar with Microsoft Sentinel, and I find Splunk to be better. That said, although I have more experience with Splunk software, I find it a bit slow. Sentinel is much faster. 

The setup is pretty straightforward. It's not overly complicated. I don't have too much experience with the setup, as I'm currently involved as a consultant and only help with support. 

The cost is very high. It's got a fairly high price point in terms of price range. 

I work in cybersecurity consultation. 

I'd recommend the product to others. I'd rate the solution overall 9 out of 10. 

We currently use Splunk Enterprise Security for security monitoring. Previously, we relied on AWS native monitoring tools. In that setup, logs were forwarded to a Splunk dashboard which was also used by our L1 and L2 support teams to evaluate incoming support cases.

CloudWatch, the native AWS monitoring tool, offers limited metric detail and a complex navigation experience across different data streams. In contrast, Splunk empowers us to create custom dashboards. This allows our team to quickly access the relevant dashboard and perform root cause analysis during an incident, streamlining our response process. This is how Splunk has been instrumental in enhancing our efficiency.

Splunk dashboards significantly improved our incident response by providing a single view of all relevant information. This allowed us to quickly identify and address issues. Additionally, Splunk's customization capabilities enabled us to tailor dashboards to focus on the specific metrics most critical to our operations. As a result, we could easily create dashboards highlighting high-priority metrics. Splunk's real-time data ingestion allowed for near-instantaneous monitoring. Logs generated in AWS were pushed to Splunk almost immediately through a collector. This enabled us to use the dashboard to investigate these logs in real-time. Furthermore, integrated identity and access management facilitated easy sharing of dashboards with other users.

Splunk itself may not have directly improved collaboration on security issues. However, in the event of an incident requiring investigation by a senior security professional, Splunk simplifies the process. L1/L2 teams and support engineers can easily point to the relevant dashboard connected to the issue. Additionally, these dashboards provide valuable features for further investigation, post-mortem analysis, or what they might call building the analysis or post-mortem report.

Splunk has been helpful for customers in resolving a wide range of issues. Whenever a problem arises, IT staff can quickly identify the root cause using Splunk. This allows for faster issue resolution, which in turn helps businesses retain customers and maintain their overall value.

The most valuable feature is the custom dashboard feature.

Splunk is robust and user-friendly.

Splunk's ability to analyze malicious activities scores an 8 out of 10, but there's room for improvement. By analyzing emerging patterns, Splunk could identify and predict potential threats more effectively.

I have been using Splunk Enterprise Security for three years.

I would rate Splunk Enterprise Security's stability 9 out of 10. 

Splunk Enterprise Security was able to meet our scalability needs.

We previously used native cloud monitoring. Now, we supplement it with Splunk to benefit from its additional features.

While the initial deployment was simplified by the availability of Splunk connectors in the public cloud, additional effort was required. We had to write the infrastructure as code, build the connector itself, pull the logs, and push them to the Splunk endpoint. These steps, including connection and configuration integration, would equate to moderate effort for a single person.

For those considering a SIEM solution but prioritizing affordability, Splunk is a strong contender. My experience using Splunk for several years has been positive, with minimal glitches. Additionally, its user-friendly GUI allows new users to contribute immediately. Splunk is also feature-rich, offering a wide range of functionalities out-of-the-box. However, remember that quality often comes at a cost. Considering these factors, Splunk emerges as a cost-effective solution.

I would rate Splunk Enterprise Security 8 out of 10.

Splunk did not help us reduce our alert volume because it was not integrated directly for alerting. It was integrated for monitoring. The alerting happened from our native cloud.

Splunk is self-sustainable and doesn't require maintenance.

We have never needed to contact Splunk support because their documentation is good enough for us to resolve the issues ourselves.

Splunk Enterprise Security is a stable, feature-rich, and user-friendly product with a well-designed graphical user interface.

We use Splunk to monitor unusual user behaviors. For example, if any user onboards from a different domain, it will trigger an alert. We also get alerts and high traffic when the ADI server is down. Splunk will monitor that behavior or when users make repeated wrong login attempts.

My full-time job is managing the IAM product. Splunk is one of our security monitoring tools. Most of my work is on IAM tools like CyberArk and SailPoint, etc. 

Splunk manages all of our security and maintains a hundred percent availability. It improves business while securing the entire cloud environment. In terms of business, we don't need manual monitoring. It automatically monitors and notifies an administrator, so we can easily track and identify the particular issue. It saves our employees' time, and we can manage the environment without any impact on business service.

In the UK, hackers use automated software to make repeated login attempts. Splunk immediately identified these attempts and notified the admins, so the red team suddenly took action to block them.

It's nonstop monitoring that isn't affected by business hours. You don't need a manual administrator. Splunk will monitor everything, and a single administrator can monitor the alerts. Splunk will notify us if any unusual behavior happens, allowing us to take immediate action. There's no need for any further investigation and log analysis. It provides the exact result, what happened, and where it happened. 

Splunk helps us reduce alert volume. Whenever the same type of attack occurs repeatedly, we can change the environment and improve the security so the attack won't repeat. 

It speeds up our investigations through automation. Investigating manually takes a long time, and we sometimes cannot identify the exact issue. Splunk monitors the data and events, so we configured a range. If it triggers that area, it will provide the exact result. We can immediately identify and fix it. There's no need to investigate. It reduces the mean time to resolve by 80 percent. 

Splunk is user-friendly. We can easily customize the monitoring script. We support a multi-cloud environment covering Windows Server, AWS, and Google Cloud. We also use ForgeRock to monitor Linux machines. It sends us alerts when the disk size gets full. When an employee logs in from a different region, it triggers an alert. 

Splunk isn't appropriate for smaller companies. It's too expensive.

I have used Splunk for two years.

Splunk is a highly stable product. 

I rate Splunk nine out of 10. When we have any questions, we raise a ticket and they respond in two or three hours. 

Positive

Splunk provides the tenant, and we can directly integrate it into the cloud URL. For the hosting, we can deploy it to the EC2 instance. Splunk is integrated with Cypress, CyberArk, and Fastdesk. Splunk also supports SAML integration. Splunk is a SAML application, so we can use SAML protocol to enable it. 

I rate Splunk Enterprise Security nine out of 10. 

Our primary use case is mostly for monitoring security events. We have different endpoints, like router switches. It collects a lot of data and we create reports. 

We also use Enterprise Security to send alerts out. I'm still relatively new. I mostly work for the SPL side of things.

It has been really good at consolidating a lot of data from different sources. It's really good at generating summaries. 

It's exciting to hear that SPL2 is rolling out. We look forward to using that more, especially for the data ingestion part of things. 

In the context of apps, we use a lot of search and reporting. We create many searches and reports, that quickly summarize a lot of information. That's the part that I mostly look into. That has been very valuable. I also like the dashboards and visualization features.

Its ability to provide end-to-end visibility into our environment is important. It helps a lot, especially when other users or stakeholders want that information. So being a little more transparent, but being mindful of the compliance and rules associated with that. It makes it really easy to communicate with people. They want statistics fast. The ability to quickly pull it out without a hassle is very valuable. 

We use Splunk to try to reduce the number of random alerts sent out. We're trying to consolidate a lot of functions. That has been very valuable and helpful for us.

The logging system has been a great help to us. Sometimes when we try to integrate some functions, we're not sure what errors happened. We look into the logging system, and it provides so much information. 

These optimization examples have reduced the meantime to resolve. It has been reducing cutting time.

It definitely helps our business resiliency a lot. We have a specialized cybersecurity office and on-prem technology and they really like to use Splunk. It has been addressing a lot of concerns and it is able to output the data that people are looking for. It's able to predict and identify a lot of functions.

Splunk Enterprise Security has been a great help to us in consolidating our tools. It's definitely been pulling a lot of data, especially from the network side of things. We look at it for baseline security tests. Splunk has a lot of apps and add-ons that we have been using Enterprise Security for.

I currently use Splunkbase and some of the add-ons. Integrating into our apps has been very straightforward. It would be nice if Splunk provided a little more documentation and instructions on how to upload. The steps are short, but sometimes it's not so intuitive. It would be nice if there were more user-friendly help guides.

I have been using Splunk Enterprise Security for six months. 

It has been very reliable. We haven't encountered downtime that I know of. 

Splunk works with companies that are a lot bigger than us. We're medium-sized. I have faith that we can scale. 

For technical support, I look at the online community, which has been a great help. I haven't used Splunk support directly. 

The forum is easy to use. I would rate it a nine out of ten. Sometimes the response time is slow. 

Positive

I would rate Splunk Enterprise positively. I hear from coworkers that there could be tweaks. I would give it an eight out of ten.  

In the SPL default, everything's crunched together. The formatting could be neater. When I write it in the search head, it has a lot of information in one small area. It could have a friendlier user interface. 

We use Splunk Enterprise Security for 24-hour monitoring and security log checks.

It is easy to monitor multiple cloud environments with Splunk Enterprise Security. The visibility into multi-cloud environments is good.

We have some open-source tools integrated with Splunk that help with threat intelligence.

Even though we already have several SIEM solutions in place, their similarities make adopting Splunk Enterprise Security a breeze.

Splunk Enterprise Security helps speed up our investigations.

Splunk Enterprise Security is complicated in terms of developing specific cybersecurity use cases.

Our alert volume is still high and we are working on reducing those.

I have been using Splunk Enterprise Security for six months.

Splunk Enterprise Security is stable.

The technical support was responsive and knowledgeable.

Neutral

Compared to Sumo Logic which is organized, Splunk Enterprise Security is complicated.

While the deployment was straightforward, it took a few months to complete because we had to make customizations to fit our specific environment.

Splunk is priced similarly to other SIEM solutions.

We evaluated several solutions and selected Splunk due to the functionality and cost. 

I would rate Splunk Enterprise Security seven out of ten.

We're currently integrating our log sources with Splunk. Once logs are flowing, we'll deploy security monitoring use cases with alerts. We'll then explore Splunk's further capabilities.

We use the product to analyze security anomalies and research specific threats that we get on our network.

The solution has made us more secure. It has given us the ability to address threats faster, with greater accuracy.

The availability of the data and the fact that we're able to collect a large amount of data into the system and analyze it is valuable to us. The product’s speed and availability make it really useful for us. I'm excited about the additional enhancements to the machine learning toolkit. To be able to use it more is exciting to me.

My organization needs more people to learn how to use the solution effectively. It takes time to train people.

I have been using the solution for six years.

I have never seen any issues with the tool’s stability.

Considering how much we have in place, I would assume that the solution’s scalability is pretty strong.

I haven't had to go to Splunk directly for many things. Communicating with our success managers has been very positive.

Positive

We need to improve our implementation. We're a pretty large customer of Splunk, so I think we do have a lot of resources available. Splunk has really good courses and availability. We need to get more people to be more familiar with the tool. The solution has helped us reduce our mean time to resolve. It really works well for us, and it helps us to look at our data more effectively.

Splunk has helped improve our organization’s business resilience. It's not just used for security. We have big use for it. It has definitely helped us prevent problems from occurring and identify them when they do. Splunk’s ability to predict, identify, and solve problems in real time is very strong. It works as well as we use it. There's a lot of value within the tool. It can be very powerful if used properly and if people are knowledgeable about it.

Splunk has a strong ability to provide business resiliency by empowering staff. I've been using it for as long as I've been with this organization. Compared to other solutions, Splunk is really strong.

I have seen time to value using this solution. I love using it. It’s a great tool. I cannot compare Splunk to other tools because I've been using it for as long as I've been with my current organization. In my previous organization, we didn't have big data, so we really didn't need the product. I am a consumer of the solution from a security perspective.

Overall, I rate the solution an eight or a nine out of ten.

Splunk Enterprise Security provides more visibility into endpoints in our environment.

We only monitor AWS, but we also have SaaS services that are in our own clouds. So far, it is easy to monitor our cloud environment with this solution. As long as we ingest our data correctly and tune it, it will read it. It is very easy to use.

It provides end-to-end visibility into our cloud-native environment. This is critical for us because we are always one step away from a security incident, which could impact the company and cost a lot of money. That is our main point of focus.

It provides a risk score for each object, device, or user. We can then take action if they are at a higher risk.

The pricing can be better.

We have been evaluating Splunk Enterprise Security for the last eight months.

I cannot say anything about stability, but I am assuming it would be the same as Splunk. It is an app. It is going to work.

The technical support is above average, but they do not go into the details, so we have a contract with a third party to help us.

There might be more Splunk support tiers, but we are working with SP6. They will get their hands directly onto our Splunk environment, whereas Splunk support does not do that. Maybe there is a different tier that does that, but we do not have that. It is more of an email dialogue. They are not going to VPN into our environment. SP6 is more hands-on. I would rate SP6 a nine out of ten.

We did not use a similar solution. We have Carbon Black for endpoints, but this is going to be a lot bigger than that.

We are still evaluating it. We have not deployed it yet, but I was involved with the deployment of Splunk. 

It was very easy to set it up for evaluation. It is just an installer file. It is an add-on app for Splunk, and if you know how to install Splunk and add-ons, it is easy.

I am fine with the licensing, but in terms of the cost, it is expensive for the data that we have. We have an open discussion with our account rep about this.

We are not evaluating any solutions because we already have Splunk, and we do not want to leave Splunk. I like it, so it is just a matter of making the commitment.

The value that I get from attending Splunk Conferences is going to sessions and learning about what other people are doing and use cases that I have not really thought of. Also, I am able to talk directly to people about questions I have regarding our Splunk instances, and I can get some answers right away. It is very good to know what people are doing because sometimes we do something one way, but we do not know if we are doing it the right way. Here, we can get validation, or realize that we are doing it wrong and make the necessary changes. That is very valuable.

I would rate Splunk Enterprise Security a ten out of ten. Most customers at the conference have already implemented it, except for our company. It is a critical foundation app that allows you to explore other apps that Splunk is grading, and it works.

Splunk helps us to be proactive and it integrates with many devices. It offers visibility from many different levels, areas, zones, and devices rather than from a single system. We can use this intelligence to create correlations, system solutions, etc. Splunk reduces the risk factors and helps us in many ways beyond just collecting logs. Though Splunk is costly, it has many features like threat intelligence which is very useful. It helps us be proactive about reducing risks.

Splunk incorporates a lot of elements that help to reduce security risks. For it to reach certain compliance, we need to have some security insight. Splunk is a very good SIEM, it’s a top solution, but the best feature is its cost of visibility. We have all the most important features to detect vulnerabilities or risks.

Customers cannot manage or maintain the servers on the cloud since they are all deployed. Since there are platforms, they can become a little bit hectic. One of my other observations is that the applications that are available on the store are not updated as much as those available on on-prem.

Moreover, I have had issues with the Splunk store. I believe that the developers in the Splunk store are external and I can see that the level of maturity of these developers ranges between low and medium. I have never seen the maturity go up higher. The applications are not maintained regularly and it can cause issues in the visibility dashboard. I would suggest to Splunk's tech team to keep the store private, so that Splunk creates its own applications without the interference of external developers.

I have concerns about the architecture as well since I can see it is not very well defined. However, this is not the case with on-prem. We were able to manage and do whatever we wanted on the server level without opening a case or anything else. Moreover, the applications are updated every six months.

Splunk is a stable solution.

Splunk is a scalable solution. I am also impressed with the integrity of the solution. It is very good at collecting logs.

To resolve issues in the Splunk platform, you need to wait in a queue and then open a ticket with the support team. I find it a bit time-consuming since it takes time to call tech support and get what you need.

I have used Wazuh. From my point of view, Wazuh is a simple and basic SIEM solution compared to Splunk in terms of features. I don’t see Wazuh as a competitor to Splunk. Wazuh relies greatly on human tactics. It is best suited for cloud environments and maybe smaller ones. I have issues with Wazuh’s stability as well because I have found scenarios where it was working for one instance and not for another. These issues might be because it is open-source.

Wazuh is not actively working on their platform. I opine that they need to integrate many components and have many aspects automated so that the solution does not depend on its users. I have found issues with the language of Wazuh as well. It requires a lot of resources and time to learn the language. These issues make me think that Splunk is better than Wazuh.

The initial setup process for Splunk was simple. The language used in Splunk is very easy to pick up and you can rely on any person using it to be able to learn it quickly. The language and picking up logs are easier with Splunk.

I implemented Splunk through a POC.

Splunk is costly but it’s worth it due to the high-end features.

I have worked with Wazuh and ManageEngine Endpoint Central.

I would rate Splunk Cloud a 6.5 out of 10, but plugged on time, I would give it 8.8 out of 10. The maintenance of Splunk is a bit difficult due to the time-consuming tech support.

I would recommend Splunk. I cannot compare Splunk with any other SIEM solution because I have worked with many different solutions and logarithms, like the ManageEngine Endpoint Central, and Wazuh. I have used Splunk for two years and I can see Splunk as really the best SIEM solution that can be used for work. I totally recommend it even though I gave some negative feedback, it's because I am coming from a product perspective. We have to also take into consideration the security perspective. I am not talking about only visibility in which they should take a lot of care, but the way the solution is handling and even manipulating the data. This is the most valuable thing.