Splunk Enterprise Security Reviews

We use it for security incident event management and for IT service intermediates.

We sell it to clients so clients benefit from Splunk in terms of live security monitoring of their parent IP infrastructure base. Their IP security and network application base is where we have a 24/7 monitoring interface.

Splunk has many good apps and has a contribution from all security vendors. That's where Splunk wins.

Splunk's cost is very high. They need to review the pricing. They have to go back and totally readdress the market.

Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud. 

Its costs are too high and it should be more cost effective because it's going to be a cloud offering. 

Stability is perfect. It's a good product. The market right now is moving towards cloud. We will use cloud in our option strategy. One thing that Splunk does not have is a partner consulting base so Splunk depends heavily on its own consulting, which I think should not be there. They should promote more partners for consulting. In fact, their education program is also very costly for all partners. For example, if you want to get your guys certified it's really costly. Because they have a good solution, they're completely inflexible with pricing. I don't see a lot of enablement from Splunk. 

The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers.

The client has to bear that cost plus the initial infrastructure, Splunk does not come in and install it. The client, retailer or the partner has to do it. Secondly, then comes the software installation part of Splunk wherein you go and install the Splunk components. Then you have the configuration part which includes the revenue use cases on the Splunk apps on the Splunk platform which is another big phase. You can build your project the way you want to. It's a life phase. Use cases are not something which cannot be quantified. Initial set up can be done through the Splunk apps and then, later on, you can modify the use cases as per what the client needs.

Pricing is one factor that hurts everybody on the market; the client, the reseller, everybody that touches it. Only Splunk makes money. It is hard to have it for the long term if it's a stretch for your budget. Pricing becomes a problem and people are just focused on numbers rather than creating a vision for the entire product. That is the biggest factor I found with Splunk, that they just want to make money and they don't care about anything else. They lost national, country-level projects because of this attitude.

I will rate it as a security product an eight out of 10. There's no product which is perfect unless you go back and you create a psychic of the solutions.

Typically, we use the solution for critical infrastructure companies. 

The speed is a very valuable aspect of the solution. 

The way Splunk handles low data and low-rate costs are great.

The level of robustness on offer is very good. 

The initial setup is very straightforward. 

We have found that the solution offers good integrations with other products.

Overall, the solution works very well.

The complexity could be worked on so that it's even easier and faster. However, I understand that, if some complexity was removed, there might be slightly more limitations.

Occasionally there are data sizing and data-related issues that need to be overcome.

I've been using the solution for a couple of years.

The performance is very good. It's something that customers are always looking for. The product offers good stability. There are no bugs or glitches and it doesn't crash or freeze. It's reliable. 

We have about five to ten partners that use Splunk.

I'm a fan of QRadar. I use them as well.

The initial setup is very straightforward. It's not overly complex or difficult. A company shouldn't have any issues with the process. The deployment process doesn't take too long. You can manage it with fewer people and smaller teams. This is especially true if it isn't the critical infrastructure that you are working with. 

For deployment and maintenance, you only need two to three people. That can include one manager and two professionals. Since Splunk is easier to handle, more people can join in on the client-side.

We also use QRadar, and we make more money with QRadar than with Splunk as we can make bigger projects happen. However, we find that with Splunk, while we don't make as much money on each project, we can do more of them.

I'd rate the solution at an eight out of ten.

Our primary use case of Splunk is for log monitoring and infrastructure monitoring. If we want to diagnose any issue in our application, we just push our application logs. This is on any client server using the universal forwarder logs on the Splunk server. After indexing, we can create a base log, and create attractive dashboards that are simple to understand and use. I'm a system administrator and we are customers of Splunk. 

This is a straightforward solution, easy to configure and difficult to mess up. 

Splunk is a very costly solution and I think it's the most expensive in the market in terms of costing. Splunk provides an application for infrastructure monitoring. If we're monitoring the docker with containers, we can't see the container name, only the ID. That's a big drawback.

I've been using this solution for two years. 

This is a stable solution. Deployment takes one person, it can be a system admin or an engineer.

This is a scalable solution. We can do the clustering of it for large applications. We have around 15 users for this product. 

If I have any issues, I'll go to the community. I can generally get a response within a day. Although most of the documentation is good, some of it is unclear, particularly if you're new to the product. 

I think it takes around 10 minutes to install it on the server. On the client side, it takes around five minutes. I do the installation myself. 

If you're going with this solution, make sure that when implementing the ports are open. If they're not open, it creates problems with the server. Other than that, this is a very stable and very easy to configure product. We can easily deploy and easily use. Other similar solutions are difficult to configure, Splunk is the simplest. I've used three or four monitoring tools and Splunk is the easiest. If a company can afford it, this is a good product. We are planning to shift to another product because of the cost. We're searching for an open source or cheaper product.

I would rate this solution a nine out of 10. They lose one point for the price and lack of infrastructure support.

With the use of Splunk, we were able to identify a brute force attack against a "switch" network device. An external attacker attempted to connect multiple times using multiple usernames. Splunk was able to detect these attempts and immediately blocked these attempts.

Splunk has facilitated the correlation of information security logs to look for incidents which could cause damage to the company's infrastructure, as well as financial losses from leaks.

Splunk's ability to receive all types of data and identify it correctly. It obtains a correlation of the logs and identifies incidents.

Splunk can improve regex/asset analysis as we do not want to crawl until it is done. I could not find a timestamp for when the log was processed and generated.

We primarily use it to correlate logs throughout the enterprise for both searching and use in investigations.

We previously did not have a good centralized solution which could ingest just about any log type, which has been a plus.

The search application has been the most useful. We have also liked the reporting features and dashboard capabilities.

The Enterprise Security app could be improved. We have had trouble with it working from the first day.  

Yes, there have been issues with the Enterprise Security application instance.  

No issues.

It has been a weak point, but has improved over the years. It can be tough to get a hold of somebody depending on the complexity of the issue.  

Years ago, we did use another solution, but I am not sure it exists any longer. We have been using Splunk for many years.  

We had professional services set it up, as it was quite complex.  

Vendor implementation, and I would rate them as a seven out of 10.  

Excellent overall. 

It can be expensive, especially the licensing costs. However, there is added value in what it can do, not just log aggregation.  

We evaluated Trustwave and QRadar.

It is a great product overall. I would like to see improvements on the Enterprise Security app/SIEM functionality.  

Primary use is business intelligence. 

Splunk allows us to find insights that we were not able to with traditional BI tools using ETL. It allows us to dig into raw events. 

Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations. The flexibility of Splunk as well as the resources available for learning and support are the best in the business. 

The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more. 

We ingest roughly 30GB/day. We have a small environment, but it provides big insights. 

We work with Splunk. We use it for our own services, and we also integrate and resell Splunk. It is used for cyber security. 

Different clients have different versions. They have Splunk Cloud and Splunk on-premises with different versions.

It is very easy to use and integrate. There are connectors for every technology.

The UI can be improved. Dashboards and reports can be better in terms of graphics.

We have been using this solution for a few years. In 2016, we became a Splunk partner.

It is very stable.

Its scalability is very good. We work with this platform for our own services. We use Splunk extensively, and we also offer it to our clients. We plan to increase its usage.

Our company has three offices. We have offices in Spain, Columbia, and Mexico. We have around 100 people, and about 50 people are working with Splunk. They all are focused on cyber security. They are security engineers or security specialists.

I don't know about their support. I don't work with it much. On an activity level, I'm not so close to the platform. I'm the country manager, so I am a bit far from the operation.

We tried to work with Exabeam for user behavior analytics, but we stopped it.

Its setup is very easy, but we have been working with Splunk for a lot of years. We have all the certifications in Splunk, and we are a specialist in Splunk. So, for us, it is very easy to set it up and integrate it, but it might not be easy for other companies.

Splunk is a very good platform for analytics and cybersecurity. We use it very extensively. It is very easy to use, and it is very stable and scalable.

I would rate it a nine out of 10.

In our organization, Splunk is used in our data centers.

We have integration services and other types of systems in our new IoT architecture. We're using it to capture information.

We use Splunk as an aggregator for monitoring information from different sources, however, for our protection suite, we're using Comodo.

It's designed to collect data from different points. It has a lot of integrations built into it and that's why we're using it.

We use it for our enterprise more - such as for messaging. There's a lot of stuff we do on our integration services layer that we use Splunk for. For security purposes, we're using Comodo. Therefore we're not using Splunk for security purposes. We're using it for monitoring what's happening at our integration services layer.

Splunk indicates when we've got problems popping up somewhere or we're not getting the flow we expected. If there's a problem, we have those flagged and we use it for logging.

Splunk handles a high volume of data that we have, and it does it really well.

For what we're using it for, we're happy with its functionality.

The reporting aspect is good and it does what I need it to do.

From an operational standpoint, it helps us on the operations side and it also shows where we're having issues.

It connects to a lot of stuff. We can collect information from a lot of sources.

The interface or maybe some settings need to be improved a bit. It cannot be perfect, however, the issues may be related to the configuration or setup.

If you monitor too much, you can lose performance on your systems. You have to be careful what you're monitoring. If you monitor everything, everything stops working. You can go overboard in monitoring. You have to plan your monitoring pretty carefully.

It could be easier for beginners. As it is, right now, You have to have a good understanding of the solution in order to use it properly.

That said, as the user, I'm at a higher level of management on the architecture side in dealing with resilience. My concerns are different from other user concerns. Also, most of our clients are using it way more than we're using it.

We've used the solution for more than a decade. It's been a long time. 

We haven't had any problems with stability. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

We've never had an issue with scalability. If a company needs to scale, it can.

The danger of Splunk is that it can get too big too quickly and you have to be very careful with what you want to be monitoring due to the fact that if you monitor too much, you can slow down things and you can hurt your performance on your system. We have to be very careful of what we're logging.

We have about 12 users on the solution right now.

We do not plan to increase usage in the future.

We don't use technical support very much. We've been using it for so long, we generally understand it and do not require assistance.

We used to use Splunk a lot more, however, we've moved more to Comodo right now. I'd say we've moved to Comodo from Splunk in a lot of areas.

On the security side, we use Comodo. Not all of our clients even have Comodo. A lot of them are using Splunk, however, a lot of them are using Splunk for enterprise operations and network operations items. Some of them are using security and a lot of them aren't. Splunk is offered as a security option now, however, originally, when you used it, it was to collect enterprise operations information and know-how your systems are running. 

We've been using it for a long time, therefore, I don't even remember when we set it up or how it went. We do keep it updated and use the latest versions.

I only have one or two people doing maintenance on it.

ROI's a hard thing to pin down. We've had it for so long, it's part of our core operating infrastructure.

Everything we do is either yearly or multi-year. I don't know if there is any additional cost to standard license fees.

We use Splunk and we also sell and support it for our clients.

Normally our policy is to keep software updated to the latest version.

The main issue is that we do enterprise architecture and network and security operations. We recommend certain platforms to clients. We don't always sell Splunk directly to them due to the fact that, since we're being hired to help them make choices, we need to be neutral. In the cases where it doesn't make sense, we don't sell it. We just help clients make decisions.

I don't know which version of the solution we're using. I'm an architect; I'm not on the operations level. I'm not the one who actually uses it. Our operations use it. I get dashboard results and I do reports that are based on it, however, I'm not the one actually running it. We have a NOC and a SOC and others use it a lot more individually. They have a lot more interaction than I do. I'm getting reports out of it. Others are actually connecting to it, using it as a tool. I'm not a tool user. I'm an information user.

All Splunk is, is data collection and it can sort things out on a dashboard. However, a lot of what Splunk does is collect data and you have to decide what kind of information you're going to let it collect. When we're doing design operations we have to really pay attention to what we're doing, so we don't actually slow things down or impede things. The reason we use Splunk is we put a lot of data into it.

With Splunk, you need to really be careful about what you're monitoring and how you use it, to get keep the results working. It's a good tool if you know what you're doing and what you need to be logging. You need to be aware of what you're logging to ensure it isn't going to cause problems with your performance.

I wouldn't recommend it for somebody who's coming in new. Of the clients we have using it, I don't know if any of them don't have professional IT running it. It's important to really understand what's going on.

I'd rate the solution at an eight out of ten. In certain environments, it could be a bit complex. It's not something you could just drop into an organization, you need to be trained to use it. You need the experience to use it properly.