Splunk Enterprise Security Reviews

Typically, we use the solution for critical infrastructure companies. 

The speed is a very valuable aspect of the solution. 

The way Splunk handles low data and low-rate costs are great.

The level of robustness on offer is very good. 

The initial setup is very straightforward. 

We have found that the solution offers good integrations with other products.

Overall, the solution works very well.

The complexity could be worked on so that it's even easier and faster. However, I understand that, if some complexity was removed, there might be slightly more limitations.

Occasionally there are data sizing and data-related issues that need to be overcome.

I've been using the solution for a couple of years.

The performance is very good. It's something that customers are always looking for. The product offers good stability. There are no bugs or glitches and it doesn't crash or freeze. It's reliable. 

We have about five to ten partners that use Splunk.

I'm a fan of QRadar. I use them as well.

The initial setup is very straightforward. It's not overly complex or difficult. A company shouldn't have any issues with the process. The deployment process doesn't take too long. You can manage it with fewer people and smaller teams. This is especially true if it isn't the critical infrastructure that you are working with. 

For deployment and maintenance, you only need two to three people. That can include one manager and two professionals. Since Splunk is easier to handle, more people can join in on the client-side.

We also use QRadar, and we make more money with QRadar than with Splunk as we can make bigger projects happen. However, we find that with Splunk, while we don't make as much money on each project, we can do more of them.

I'd rate the solution at an eight out of ten.

We're using the solution to try to build a virtual network and put Splunk inside it and do some kind of transcentralization with a log server. Our aim is to track connections, network traffic and some personal databases. I'm the founder of the company and we are customers of Splunk.

Splunk can quickly be deployed and it's not difficult to learn the solution. 

The solution could be more user friendly and it's difficult to know at this stage whether our requirements will be met by the solution. 

I've been using this solution for a couple of months. 

The solution is stable. 

Scalability is good with Splunk. 

The initial setup doesn't take much time especially if there's good bandwidth. In a small company deployment might take a month or two. If you have 100 devices then a technical team of three should be sufficient. They would need to be able to deal with log analysis, forensics and have general knowledge about admin systems. In time, we would expect to have thousands of users. 

I think Splunk is expensive compared to other tools at the purchase stage. It's possible that if we can keep control of the costs involved down the track, it won't be so bad.

We studied four or five tools including Logrhythm and Exabeam. We went with Splunk for now and will see how that goes.

I think this is a good solution and rate it a seven out of 10. 

We are using Splunk for cybersecurity operations.

Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful.

Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding.

To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this.

I have been using this solution for eight months.

In terms of operations, it is stable, but if you don't have a proper configuration and sizing, there could be many issues. It could be more efficient on the storage part. We are still in the deployment stage to be able to say that for sure.

It is very scalable. Currently, we have around 50 users. We will increase its usage if more people need access.

We have raised multiple tickets. Some of them are good, and some of them can be better. Overall, their technical support is okay.

We didn't use any other solution.

I didn't do the initial configuration. I take care of the operations part. One of our clients did it, and it is somehow complex, and it takes time. It also depends on your knowledge. If you don't have knowledge of Splunk, it is complex.

We are a partner of Splunk. So, we did not evaluate other solutions.

I would rate Splunk a seven out of ten.

Splunk is a SIEM, a Security Information and Event Management solution. It is used, for example, for monitoring security logs and security information in companies and organizations. It is also used for correlation, meaning making policies, for detecting/monitoring attacks, and the like; for monitoring security logs, security events, preventing hackers from attacking. It's really for business continuity.

For a long period of time we analyzed logs, traffic, something like tcpdump. Splunk UBA is useful for fraud detection and for detection of APTs, advanced persistent threats. It's really important for our business because I work a PSP, a payment service provider, e-payments.

UBA, User Behavior Analytics.

In the next release of Splunk, I think the machine learning should be emphasized. Now, it's really important to analyze Big Data, data mining. A SIEM solution, like Splunk, needs an improved data mining solution, artificial intelligence. Splunk would be the best if it improved these features.

It's stable and very safe. 

Splunk's scalability is good for an enterprise situation. It's scalable in all situations.

For us, technical support has been good. Splunk has good documentation and it is really easy to work with Splunk and the Splunk community.

I used ELK. It was good. It is an open-source solution, but there is some complexity in configuring it, working with it.

In choosing a vendor I use industry reviews to find feedback from the community that works with the solution.

The initial setup was straightforward.

There are a lot of solutions: IBM QRadar, Splunk, LogRhythm. Splunk was good for us because of the support, the documentation, the scalability, the stability. It gives us everything that we need in our business, everything necessary for helping us do our job.

There are three top SIEM solutions in the world: Splunk, LogRhythm, IBM QRadar. I think Splunk is the best.

I would rate Splunk at eight out of 10. The vendor needs to work on this solution to make it better and better. I would recommend this solution but it depends on the situation, the country, the support from the vendor.

• Searches the logs for all network devices and server. 
• Monitors clients' hardware, networking, and security operations. 
• It is good for the administrator to use it when maintaining the whole IT Infrastructure.

Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses.

Searches logs from all devices and gives valuable information to the organisation, so it can drill down on all reports and security threats. 

Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk. 

No, we have not suffered a network breach.

Yes, the solution has improved the efficiency of our security team.

No stability issues.

No scalability issues.

I have received a very good response from support that I have not seen in more than 10 years of my experience. 

We are using OpManager to monitor server logs. 

I implemented it myself.

It made our organization better through integration.

Make it cheaper to help small organisations implement it easier. 

We evaluated QRadar.

I have been using Splunk to increase my security experience. 

Some of my clients had rudimentary home-grown security solutions that Splunk ES has completely replaced.

In these cases, the improvement was dramatic; they had visibility into systems and activities that they never had before.

In the case of clients who already had a SIEM solution, the change was more incremental. However, in my opinion, the Splunk ES solution is superior because it is so flexible. It can consolidate data from almost anything.

Splunk Enterprise Security is most valuable, my clients use it as a SIEM solution. Splunk gives them the ability to bring multiple, disparate types of data together, then correlate and report on them.

The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating.

There were no stability issues. It is one of the most stable systems that I have worked with.

As of now, no scalability issues were experienced. Splunk is highly scalable, so don’t anticipate that. However, scaling can get very expensive with their pricing model.

Technical support is excellent! It is of top notch level. The customer support folks really know their stuff, the turnaround is fast.

Previously, we were using HPE ArcSight.

That’s a hard one. The initial setup is easy but making it actually work is complex. However, the complexity is something that just comes with all top SIEM tools. Very few companies have exactly the same data and issues, so a great deal of data onboarding and normalization are always required.

We evaluated HPE ArcSight.

Plan your implementation carefully. Be sure you have someone to implement it, someone who knows what he is doing. Splunk’s inherent flexibility is a great thing, but it also provides an opportunity to really mess things up.

We are a solution provider and Splunk is one of the products that we distribute.

The primary use case is for SIEM and we have approximately 35 customers.

The fact that Splunk is a platform and not just a SIEM solution is a key benefit.

Our customers like that they can use Splunk to optimize their security.

The Splunk licensing model should be more flexible.

The support that is included with the standard licensing fee is very bad.

We have been working with Splunk since 2017.

Stability-wise, it's perfect. We haven't had any problem with Splunk. It's good software.

One of the key benefits and differences with this software is that the customer can scale up as much as they need to. Our largest Splunk customer is using between three and four petabytes of data per day.

If you don't pay extra for technical support then it is very bad. If you pay extra for it, then the technical support is normal.

I am familiar with other products and Splunk can handle much more data than IBM QRadar or any other competing product.

Direct competitors are more flexible when it comes to licensing.

We have not had any problems installing Splunk.

For a standard case, it takes between one and two weeks to install correctly and deploy. This is for situations where the client has less than 50 gigabytes of data per day.

Problems during the implementation are typically due to something on the customer's side. For example, if the client does not have somebody that is responsible for the deployment, helping to speed up the various procedures, then this is a key problem for us.

It takes two people to deploy and maintain.

Splunk is not a cheap solution and the license is billed annually. The licensing model should be improved and the price should be lower, in general.

You can purchase additional technical support, which is much better than the support that is included.

I would rate this solution an eight out of ten.

There are many use cases for Splunk, we commonly use it for log management and analytics.

The most valuable feature of Splunk is the management and built-in workflows.

The analytics of Splunk could be improved.

I have been using Splunk for approximately four years.

Splunk is a highly stable solution.

I have found Splunk to be scalable.

We have 15 members of our organization that use this solution.

We used to support a few times and our experience was good. 

I would rate the support from Splunk a four out of five.

I have previously used RSA and I prefer Splunk.

The implementation of slunk is not straightforward. It is of a moderate difficulty level.

We used an integrator to do the implementation.

There is an annual license required to use this solution.

I have evaluated other solutions, such as IBM QRadar.

This solution has good technology.

I rate Splunk an eight out of ten.