Splunk Enterprise Security Reviews

I use Splunk to get logs from the on-prem servers and create dashboards, alerts, and visualizations.

Splunk has helped us reduce our alert volume. It has sped up our security investigations. For example, it's easy to detect if there are multiple login failures.

It has saved us a lot of time. We previously used OpenShift to collect CPU and memory data for over 900 clusters, so we needed to log in to each cluster to get the details. Even if it only took one minute per cluster, we would spend 900 minutes doing them all, whereas Splunk can collect all the data in under a minute. 

Splunk's machine learning toolkit helps us predict things like CPU and memory usage. The user interface is excellent, and since I'm using Splunk as a power user, it's easy to create dashboards.  Splunk helps monitor multiple cloud environments. We have OpenShift. All of our VMs and servers are present in the cloud. 

Customizing our commands should be simpler. Creating custom commands in Splunk requires a long, complex process. For example, we have a command to add all the column data, but we don't have a command to get the average of the column data at the end. It would be useful to have a blank at the end to create our commands and leave the rest to others.

We have used Splunk for three and a half years.

I rate Splunk eight out of 10 for stability. 

I rate Splunk seven out of 10 for scalability. The architecture needs to be tweaked, so it might take some time to scale it. 

Setting up the architecture is somewhat difficult, but if you follow the steps laid out in the documentation perfectly, you'll understand how to do it. It's medium difficulty. 

I don't know the exact pricing, but I know that Splunk is more expensive than competing solutions.  At the same time, Splunk provides more features than others, so it's priced fairly. It's worth the money.

I rate Splunk Enterprise Security eight out of 10. SES is an excellent product. While it has some room for improvement, it's constantly adapting and trying to stay ahead of the competition. Adding commands to Splunk can be tedious. Automation, for example, helps to make the task smaller. We use Python scripts for automation. 

We primarily use Splunk Enterprise Security for security incidents and event management. The solution is deployed in one department, but it covers multiple locations worldwide. 

With Splunk, we can monitor and manage enterprise-wide events. It provides a single console for various data sources covering the entire organization, which is critical for compliance purposes.

We can integrate Splunk Enterprise Security with other solutions to automate some security tasks, saving us some time. For example, if you detect potential malware and you want to isolate one system from the organization's network, you don't need to trigger a process. We can fully automate that. Minutes after malware is detected, the machine will be automatically quarantined from the rest of the network. 

You can integrate Splunk with third-party security automation solutions and set rules for automatic response. Splunk can monitor multiple cloud environments, but it's a little tricky if you're working with several vendors. Every cloud environment is slightly different, and some are better integrated.

The visibility into multi-cloud environments is decent. It depends on the number of sources you have, and Splunk is pretty flexible from that perspective. You can add any type of data source. The challenge is the engineering effort some of these data sources require, but others are effortless to manage.

We haven't used the insider threat capabilities yet, but it's an area that we want to explore. We have other tools for this. We use different products for threat intelligence. 

Splunk Enterprise Security could have more pre-built integrations and rules. The detection is fairly accurate, but it depends on the rules you create. Splunk's out-of-the-box configuration isn't that useful. 

If you spend time with your team creating rules specific to your environment, you can get a lot of value from Splunk. At the same time, that requires some additional effort and costs. Splunk has a few built-in integrations that are ready to go. In other cases, we need to build custom solutions, which is more difficult and costly.

I have used Splunk Enterprise Security for about three years. 

It is stable overall. 

Splunk Enterprise Security scales up pretty well. 

I rate Splunk support seven out of 10. There is a little room for improvement. We always start with junior support engineers who lack the experience to deal with complex issues, which are the only problems we ever contact support about. Our staff members can handle most minor issues. 

We typically need to escalate, and we've had an excellent experience with the higher-level engineers. Those qualified engineers are scarce, so I can imagine a situation where two big Splunk customers have significant problems simultaneously, but there aren't enough available technicians. Splunk has the right people but maybe not enough of them. The process could also be improved. 

Neutral

Deploying Splunk was relatively complex. After deployment, it requires some maintenance and management. A team of about 10-15 people is responsible for the solution. 

We deployed Splunk with an in-house team of five to 10 people and some professional support from the vendor. 

We've seen an ROI by automating Splunk Enterprise Security, but automation requires another product and license. 

Splunk Enterprise Security is quite expensive compared to some products on the market. 

The company evaluated a few tools before deciding on Splunk. I used ArcSight at a previous job. Splunk is more flexible than ArcSight, and it has various modules you can purchase to expand the functionality. You don't need to invest in a different solution because you can purchase add-ons for your existing infrastructure. 

It's modular, so you can tailor Splunk to your organization's size, structure, and specific needs. The customer can do it. You don't need to request it from a service provider. 

I rate Splunk Enterprise Security eight out of 10. My advice would be that before deploying Splunk, research some of the company's materials and make sure it meets your cybersecurity requirements. 

You may need to purchase other tools, and the solution might not do everything you want it to do out-of-the-box. Depending on your environment, you'll probably need to invest some time and money into the solution to get the results you want. 

We gather all the security logs from all the endpoints, network appliances, and the security filter. We have set up automatic alerts that are sent to system administrators, so we have pretty much real-time alerts about anything that happens. 

Splunk Enterprise Security has definitely improved my organization. First of all, it helps with compliance. Our organization has something called scorecard requirements. It is an annual self-check checklist. Having alerts set up is one of the requirements, and secondly, we have a local administrator who gets the alerts. That makes our job a lot easier. So, we pretty much know what is going on in a real-time setting.

We are the judicial branch of the government, so we are pretty much into our private cloud. We do have a setup to monitor our private cloud but not outside our organization. If we can monitor one cloud, multiple clouds will not be hard at all. It is easy.

Splunk has absolutely reduced our mean time to resolve. Knowing on time and having firsthand information is very helpful for any organization. We are able to capture what is going on, and the visibility of it is absolutely tremendous. I cannot provide the metrics, but it has saved a lot of time.

Splunk has absolutely improved our organization’s business resilience. We have been using Splunk for the last six or seven years, and I cannot imagine a life without Splunk. 

In terms of Splunk’s ability to predict, identify, and solve problems in real-time, this is something that we will look into. We have not yet looked into machine learning, AI, and all of Splunk. Currently, we are more in the reaction mode, but we are trying to get more in the protection mode or have more proactive measures. We have not got to that point yet, but we will definitely be there.

I am not into the administrator type of setup. I am more like an advanced user. The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. That is helpful for a power user like me.

Splunk conferences are very helpful for networking and talking to folks who have a similar situation. It would be helpful for customers if they could create some real-world cases, and we can find a case study to align with. I know that Splunk has tremendous potential. We only include a tiny piece of it. There is a lot of stuff that we need to learn. If Splunk can provide more real-time examples, that will be helpful for customers.

It has been six or seven years. 

Splunk has a reputation for being scalable. You can start small, and if your demand increases, you can scale your platform. Splunk does a good job. It allows customers to have scalability so that they can expand their capacity. I would rate it a ten out of ten in terms of scalability.

In our company, we have a Splunk consultant who is very good at providing a solution. So far, I have not had any problem that is unresolved. I would rate their support a ten out of ten. In this industry, there is good support, and there is bad support. Splunk's support is more like Cisco's support. It is pretty good.

Positive

We used something else, but I do not remember the name. Splunk is what we have been using for a long time. It is more advanced in terms of IT security. There is more scalability and the capability to do a lot of different things on multiple platforms. This is where it is more advanced than other products.

I was not in the deployment team, but I was involved in the early stage of evaluating all different kinds of products.

There are a lot of things for which you can measure a return on investment, but security is something on which it is hard to put a dollar value and measure how much return you have got. However, in terms of helping the administrator or helping the company to put security in place, Splunk does a great job. I cannot imagine a life without Splunk.

The pricing is a little bit on the higher side, but looking at what Splunk provides us, it is reasonable.

We evaluated what was on the market, and fortunately, we picked Splunk. Looking back, it was the right decision.

Splunk is moving in the right direction and providing better and more mature products. This is my fifth conference, and I see the progress. I see Splunk bringing in all new products. They are pretty much in line with the security trends. They have improved a whole lot to meet customers' needs.

I would rate Splunk Enterprise Security a ten out of ten.

The primary use case is for failed login attempts. I typically stick to the security use cases.

The risk-based alerting helped to decrease false positives. We would just get a bunch of email alerts every time a threshold was reached previously and we'd have to investigate them. We'd have to deal with alert fatigue, the standard scenario where no one believes in the alerts anymore. So risk-based alerting has helped us tune out some of the noisier issues and then tune into the alerts, endpoints, and users that are problematic.

The risk-based alerting is excellent. It was most helpful in decreasing the amount of false positives that help bubble up the most problematic users and assets for the analysts, and it's fairly easy to implement.

Splunk Enterprise Security provides end-to-end visibility into our environment. It's a ten out of ten for that capability. Everyone wants to know what's happening across their environment. The more difficult part is defining the visibility, as we can't we can't ingest the entire company into Splunk. So, the harder part is not necessarily gaining visibility. It's rather determining what visibility looks like. Oftentimes, it comes down to determining and prioritizing using the highest value.

Splunk Enterprise Security, when set up properly,  helps us find any security events across multi-cloud, on-premises, or hybrid environments. It helps with investigations and helps us find that needle in a haystack. 

While it doesn't necessarily help with data normalization, some pieces determine whether the data is usable and create that usability outside of enterprise security. It does assist in the process. 

Splunk Enterprise Security provides us with relevant context to help guide our investigations. The context helps with risk-based learning, which is one of the things I rely on fairly heavily. It also helps reduce false positives and increases visibility to the most problematic endpoints and end users.

The Splunk Enterprise Security Hub has reduced our mean time to resolve; however, how much is hard to quantify. The dashboard is color-coded, and it's easy to read for the analysts. I don't often have to explain anything to them. Red is bad, green is good. The dashboards are relatively self-explanatory and it helps reveal the most difficult, problematic parts.

The solution does help with resilience - a bit. What it does is help us discover problems and reactively fix them.

I've definitely seen improvement. However, assets and identity are probably some of the most important integrations for risk-based learning. So if there was a way to make it easier - and, again, I know there's been significant improvement - that is one of the more annoying friction points when setting up risk based alerting.

The Splunk platform is not unified. We have all of these different tools and they feel a bit disjointed.

I've used the solution for maybe six years.

It's a complex tool. Everything needs to be done proactively. That said, it's relatively stable. There's a lot of stability built in, and I don't have any problems with it.

I've worked in on-premises environments as large as 300 terabytes, and they return data very quickly. When it's done right, it can scale tremendously.

The customer service and technical support can be hit or miss. Sometimes you get someone that is really good and knows their stuff and is really helpful. Sometimes you are trying to be patient and help them through. That's hard when you have someone breathing down your neck to get things fixed. They're nice. However, sometimes, when I have pressure on my end, I don't need someone who is nice - I need someone who knows how to fix my issue 

Positive

I'm usually the one performing the setup work. I've been working with Splunk for a long time; it's relatively easy for me.

Enterprise Security is a beast. The best practice is to put it on its own search head. When setting it up, I'm asking for not only an additional light license for Enterprise Security. I have to ask for another server on top of it, too. It is quite a difficult task to ask when Splunk is already as expensive as it is. Then, there is technically setting it up and configuring it. It does take time to configure and normalize all the very foundational parts, such as the assets on identities, which is absolutely integral to getting security working. While I enjoyed the process, it took a lot of work. 

I am a consultant and do assist with the setup.

My work typically has to do with improving the quality of alerts or content and normalizing data. I don't usually get to the point where I'd be able to measure ROI.

I'm not the person that deals with pricing. I have heard there is sticker shock.

I'd give the solution an eight out of ten. There are a lot of great features. They're constantly increasing the value of Enterprise Security. However, they're leaving behind many smaller clients that don't have the knowledge or expertise and don't have professional services, which is another large expense. A lot of smaller clients just don't have the ability to set it up properly, and when that happens, they're only leveraging 30% to 40% of its capabilities. They're upset and wonder why this very expensive tool is not working for them. That said, when it works, it works great. 

Our primary use case is SOC operations. However, we do have a lot of people sprinkled around that deal specifically with data analytics.

Splunk Enterprise Security definitely improved our organization. It has helped out with handling our SOC operations across the enterprise. It has increased observability exponentially as we build out the solution to support enterprise operations, and we definitely hope to see it evolve in the near future as well.

We manage multiple clouds. The Spunk solution for the cloud environment is a great asset for us, especially because we are able to get full observability of our cloud platforms in a consolidated environment. In terms of integrations, Splunk has so many integrations with our different cloud service providers, which allows us to easily get that data down to our operators.

We run a global operation, so we have to have observability across the board. Splunk allows our operators to quickly gain insights into the global operation so that they can handle the day-to-day activities that they do, which includes the security analysts' work, data analysts' work, or anything along the lines of handling troubleshooting.

It has reduced our operation time, and it has cut time by more than half. 

It has improved our organization’s business resilience. It has helped with disaster recovery and continued operations in the event of disaster recovery.

It has been an extremely good asset to support day-to-day activities for operations. It is something that was required and needed for over a decade now. It is definitely a nice change of pace, and it also improves the quality of service that our operators can provide to our customers and clientele.

It has cut our costs when it comes to running security operations. I do not have the exact numbers, but it has been a significant cut, especially because we have better access to data engineering and data scientists' tool sets to cut the data cost.

The consolidated overview of all the events that come in through our environment and an easy-to-access interface for all our end users are valuable. As we get more people onboard, it is important that they are able to easily jump onto the platform and understand what they need to see in our environment. Having that quick operational capability allows us to get our observability up to speed as fast as possible.

I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk.

We have been using Splunk Enterprise Security for about a good five years.

It is probably one of the most resilient tools in our environment, so I really enjoy what it provides us. It definitely provides us that 24/7 accessibility to our environment.

The scalability is exactly what we needed to make sure that we have observability at the global scale. For global operations, Splunk has great scaling features to make sure that it is able to handle the large volume of data that we handle.

Splunk's support is great and amazing. The people we work with in our corporate environment are top-tier experts. They understand our environment very well, especially because they have worked in our environment before, so Splunk has done a great job in getting that type of talent to support their customers. I would rate them a ten out of ten.

Positive

I was not involved in its deployment. I adopted it after I took this role.

We have seen a significant return on investment when it comes to Splunk, especially because of how it has allowed our operators to quickly respond to events on a day-to-day basis. It has allowed global observability.

There has definitely been a time to value. It comes down to having operators have access to such a unified platform.

From what I have seen so far, Splunk has multiple cost models. The one that we are using is pretty good when it comes to ingesting data into the environment. It has worked out pretty well.

We have evaluated other solutions, and Splunk definitely comes out as one of the top competitors due to its interoperability with a lot of data sources that are sprinkled around in our environment. This interoperability is a key piece because we have such a diverse asset environment.

Overall, I would rate Splunk Enterprise Security a ten out of ten.

The biggest value I get from Splunk conferences is being able to interact with my peers throughout our organization. I get an idea of what they are doing to make sure that we are on the same page and that we are able to cohesively build our security operations.

We use Splunk Enterprise Security as our primary security event manager. We collect data from various log sources into our Splunk SIEM to build context around what is happening in our environment. We then use the capabilities of Splunk Enterprise Security and other tools to enrich this data and help us manage the data, events, and detections.

Splunk Enterprise Security helps us focus on security. It provides us with data and a number of pre-built learnings that allow us to view the content in very useful ways. We can apply filters to the data to get more value out of it. This is the primary use case for Splunk Enterprise Security: to help us analyze and leverage the content we have.

Monitoring multiple cloud environments can be relatively easy, but it depends on the vendors. There can be challenges, such as ensuring that all of the data is ingested and aligned correctly. This is because vendors, especially in the cloud, can change their log formats at any time. Additionally, some vendors may not provide the same log feeds in the cloud as they do with on-premises solutions. As a result, it is important to be aware of these potential challenges and to take steps to mitigate them.

Splunk Enterprise Security provides reasonable visibility into multiple environments by harnessing the power of Splunk and the data it ingests to unify and provide a consistent view.

Splunk Enterprise Security's threat detection can help our organization find unknown threats and anomalous user behavior. We are early adopters of the user behavior piece, so we are still working to normalize our data. Splunk is working with developers to ensure that they can intake our data. We use Windows Log Forwarding for a lot of our host-based logs. We are leveraging this with an on-premises GPO. The gathering mechanism is a little bit different than what Splunk has seen, but it is still within the realm of acceptable. We are working through this issue.

We have a few different STIX and TAXII feeds that are being processed by the Threat Intelligence Management feature. We are members of a few different organizations that provide these feeds, and we use them as needed. The feeds also feed into some of our security products.

Actionable intelligence provided by Threat Intelligence Management is valuable, but it is important to be aware of its limitations. Threat intelligence can help organizations to correlate and build context around security events, but it is important to remember that the information provided is often brittle and can change quickly. For example, an IP address that is associated with a threat actor today may be used by a legitimate user tomorrow. Additionally, some threat intelligence feeds may be contaminated with false positives, which can lead to false alarms. It is important to carefully evaluate the quality and reliability of the threat intelligence before taking any action. Organizations should also have a process in place to verify and validate any threat intelligence before using it to make security decisions.

Splunk Enterprise Security is a valuable tool for analyzing malicious activities and detecting breaches. I am glad we added it to our security stack. Previously, we ran for a year or so without it, and while we had some capabilities, we were truly missing out on some things by not having Enterprise Security. It definitely added value for us, and I would not go back to not having it. I think it has been a solid addition to our security posture.

Splunk Enterprise Security helps us detect threats faster, but the lion's share of the work is still in the process of customizing it to our needs. Taking enterprise security and modifying it to apply to our needs is where we see the biggest bang for the buck. From that perspective, it is probably better for us.

A lot of the prebuilt capabilities in Splunk Enterprise Security are extremely beneficial because they cover all the use cases. I think another important aspect is the consistency of their approach and how methodical they are. This is very helpful because it sets a structure for how we view our data and what we can leverage from it. This page clearly drives us to what is happening and what we need to do, and it has a workflow associated with it. This also helps to reinforce the process. When we deal with security issues, this can always be a challenge. We are dealing with a fire drill, and we need to be able to react. We don't want to make mistakes, and it is easy to do so if we are trying to wing it. However, the structure of this approach helps to reinforce that. I think this is another area that is beneficial in terms of the workflow and how it approaches what it does.

Splunk Enterprise Security helps us reduce the volume of alerts we receive. However, we still have to take action on a number of items. Splunk Enterprise Security helped us to do this by ensuring that our input data is accurate and reliable. We are still evolving and maturing in our use of Splunk Enterprise Security, and we believe that it will continue to help us to reduce the volume of alerts we receive and improve our security posture.

Splunk Enterprise Security helps speed up our security investigations to a degree. The workflow is improved, and when we encounter an incident, we can take ownership of it, manage it, dive into individual facets of it, run queries, and expand on them. It makes some items easier to access or understand.

The varied prebuilt feature is the most valuable because it ensures that we have complete coverage over all of the key questions. By seeing how others analyzed the data, we can develop new dashboards and approaches. It is always helpful to see how someone else used a tool to spark ideas about how we can enrich our items based on our specific needs. This feature covers a lot of our core general questions and is helpful, but it also allows us to see what someone who is really focused on this area has done and how we can tune and tweak it to our needs.

It is important to make sure that everything is built off of the threat models and all the underlying items within Splunk. This includes making sure that the log feeds are aligned correctly so that when we look at data and alarms, everything makes sense. Sometimes, I see alarms that are caused by data sources that have snuck in. For example, if my firewall says something about AV, it might get mapped into antivirus. This can happen because firewalls are multipurpose devices, and they can end up in models that aren't really applicable. Part of the problem is the infrastructure within Enterprise Security with how they group data types. For example, authentication data, firewall data, network data, and user-based data are all gathered in different ways. This can lead to confusion, especially when multifunction devices are involved. For example, if a firewall says that antivirus is not enabled, it might still detect something as if it was antivirus-related. This can blur the incidents and the information we have. It is important to identify items that creep in or issues that need to be cleaned. This will help us identify problem areas and their root causes more effectively and quickly. We can then clean up the data model, make sure the lines are correct, and get higher-quality alarms.

I have been using Splunk Enterprise Security for over a year. We have used Splunk as a security SIEM for at least three to four years.

We previously used free Splunk apps.

I believe that Splunk Enterprise Security is worth the price, but it is expensive. I am always trying to balance the need for security with the need to be cost-conscious.

I give Splunk Enterprise Security an eight out of ten.

Using a SIEM is not cheap, no matter how you slice it. So, the first question I would ask is, what are we trying to do with our SIEM? In my opinion, Splunk, including ES shines when we are willing to invest in learning and modifying our SIEM, our solution, and our environment to align it with what we do and how we do it. If we are willing to make that investment to contextualize the security and visibility, then Splunk is a tool that can help us do that. If we are looking for a turnkey solution, where we can just throw logs at something and then pull the arm of the slot machine and get things out, then Splunk is not necessarily the right tool for us. We can get there, but it will be a pricey slot machine. I think we will get the most value out of Splunk if we want to get things that are more contextual to us. We may need to enhance or build off of the Splunk dashboards that ES includes, and that will help us to create dashboards that are extremely relevant to our environment. If we are comfortable with creating Splunk queries, then we will have a lot of power at our fingertips.

To those looking into the solution, I would ask: What are they looking for? What are they willing to invest in? Do they want to understand queries? Do they want to build the knowledge around how to structure them? Are they willing to put in the effort to get the real power out of it, or are they expecting something to tell them what is going on? They need to realize that it is never going to be built for them at that point. So they are going to be getting something generic. They have to consider their specific situation, such as how many people they have on their team, etc. They should also probably take a good stock of what they are trying to log and how long they have to retain it. I have been very happy with our Splunk Cloud instances. They have been very reliable. I think it has been incredibly powerful for us. I think that is also another aspect of whether they are going to have their SIEM in their environment or outside of their environment. They need to think about some of these items. Obviously, Splunk can go either way. They have to make their decisions there. We have been very happy with our Splunk Cloud instance. So that's what's been really good for us. And, also, it takes some of the administrative aspects and puts them on somebody else. That's valuable for us too.

We use Splunk Enterprise Security to identify and resolve critical issues and errors within our environment.

The visibility that Splunk Enterprise Security provides is good. We can easily find the data we need using the logs.

Monitoring multiple cloud environments using Splunk Enterprise Security was not difficult.

Splunk Enterprise Security's insider threat detection capabilities enable us to effortlessly identify unknown threats and anonymous user behavior.

Splunk Enterprise Security helped us analyze malicious activities and detect breaches between 50 to 90 percent faster.

Splunk Enterprise Security has helped reduce alert volumes by up to 90 percent.

Splunk Enterprise Security has helped speed up our security investigation time by almost 90 percent.

The most valuable feature of Splunk Enterprise Security is the comprehensive logging capabilities it provides.

The price of Splunk Enterprise Security is high and can be improved.

Given the ever-increasing number of threats, I would like Splunk to update its threat signatures more frequently.

I have been using Splunk Enterprise Security for one and a half years.

Splunk Enterprise Security is stable.

Splunk Enterprise Security is scalable.

The resilience of Splunk allows organizations to protect their data and resolve vulnerabilities quickly.

The technical support provides good resolution.

Positive

I had previously used Loggly, developed by SolarWinds and Elastic. However, I found it to be inaccurate and slow. Elastic offers a free version of its solution, which is more commonly used by smaller businesses.

The implementation was completed by a third party.

Splunk Enterprise Security is expensive. I would rate the cost an eight out of ten with ten being the most expensive.

I recommend Splunk Enterprise Security over cheaper SIEM solutions because of its offerings.

I would rate Splunk Enterprise Security nine out of ten.

Splunk Enterprise Security does not require any maintenance. It is plug-and-play.

I recommend Splunk Enterprise Security for organizations that want to detect threats quickly.

I utilize Splunk Enterprise Security to gather logs, and subsequently, I provide the team with access to the servers through a change management ticket or incident. I wasn't involved in the installation process during my tenure as a Windows server lead. I also verify whether all our actions adhere to the compliance framework.

Our deployment of Splunk Enterprise Security was all on-premises.

The visibility that Splunk Enterprise Security provides is beneficial and valuable.

Splunk Enterprise Security helped analyze malicious activities.

With Splunk Enterprise Security we were able to detect threats faster.

Splunk Enterprise Security contributed to a reduction in alert volume as our employees became aware of being monitored and ceased accessing the server without proper authorization.

Splunk Enterprise Security has significantly accelerated our security investigations by centralizing all log data and enabling us to quickly retrieve the necessary information through simple queries.

The most valuable features are the logs, which allow us to identify what happened and who interacted with the web repository.

Some of the queries are difficult to run and have room for improvement.

I am currently using Splunk Enterprise Security. 

I would rate the stability of Splunk Enterprise Security ten out of ten. We have never had an issue with stability.

Splunk Enterprise Security is scalable.

Splunk Enterprise Security's resilience is a valuable asset.

Organizations seeking a more affordable solution should first carefully evaluate their specific business requirements. While cheaper alternatives exist, they may lack the necessary features to adequately address their security needs. In such cases, Splunk Enterprise Security could be a more suitable option.

Splunk Enterprise Security is a worthwhile investment given the comprehensive range of features it offers.

I would rate Splunk Enterprise Security eight out of ten.

I recommend Splunk Enterprise Security.