Splunk Enterprise Security Reviews

We are using the mobile SDK to check the stability of mobile applications.

The completeness of the solution is what we like the most.

It's difficult to set up initially, and their billing model is also a bit complicated. 

We have to predict in advance how much data we will have and what the storage would be that we don't have. This makes the licensing complicated because when you start you don't have these numbers.

In order to know how much it will cost, you need those numbers.

I really wish that it was an application that was easier to use.

I have been working with Splunk for more than five years.

We have not experienced any issues.

For our use cases, we have not required any scaling.

The technical support is fine. At times, they take time to respond back but it may have been the support contract that our client had.

I would assume that they are not as responsive as we want them to be.

We have a team of approximately 100 people who are responsible for the development of mobile applications, DevOps, and application development.

The licensing cost model is complicated.

I think that most of the monitoring solutions are expensive. I wish they were less expensive, for all types of products for monitoring.

We work with Splunk, but we are looking for some LOG Kinetics solutions for our clients.

I would definitely suggest sending people to analyze or evaluate Splunk.

Because the licensing model is very complicated to understand, it would be better to start with another product that provides a better licensing model. Later, if the product is not working well, they can consider using Splunk and may have a better understanding of the cost.

For me, I would not recommend Splunk as their first solution unless they have all of the data that is required.

I would rate Splunk a seven out of ten.

We are using it for logging and monitoring.

Splunk Enterprise Security helps with application events. It provides end-to-end visibility into our environment which is most important for us. It reduces the time to react to an event.

Splunk Enterprise Security has helped improve our organization’s ability to ingest and normalize data. It can help identify and solve problems in real-time, but we have mainly utilized it for post-identification correction.

It provides us with the relevant context to help guide our investigations. It is easier for developers to take action once an anomaly is detected. We have been leveraging Splunk dashboards for that.

Splunk Enterprise Security has helped speed up our security investigations, but I do not have the metrics.

They are a good partner for Google Cloud. It provides great visibility, threat detection, and proactive mitigation of risks for our mutual consumers.

We have been selling Splunk Enterprise Security along with Google Cloud for about two years.

We had a very bespoke solution. It was a shared model. The scalability was good.

Their technical support has been good. I would rate them an eight out of ten.

Positive

We have not used any other solution previously.

Our customers have seen an ROI, but I do not have the metrics.

The variables and the flexibility that Splunk provides are helpful, especially in a hybrid and multi-cloud environment.

I would advise others to start early.

Overall, I would rate Splunk Enterprise Security a ten out of ten.

We use Splunk Enterprise Security for our enterprise security.

Adding more use cases to Splunk can improve our threat detection speed.

It has helped normalize our data.

Splunk Enterprise Security has helped reduce our alert volume and speed up our security investigations.

The graph visualization is the most valuable feature.

Splunk Enterprise Security needs to improve its stability.

The UI can be difficult to understand for non-technical people.

I have been using Splunk Enterprise Security for four months.

I would rate the stability of Splunk Enterprise Security a four out of ten. Some bugs cause downtime.

I would rate the scalability a six out of ten.

I would rate Splunk Enterprise Security an eight out of ten.

Splunk Enterprise Security's robust framework enables it to support a wider range of use cases, making it more adaptable and versatile for tackling diverse security challenges.

We have Splunk Enterprise Security deployed across multiple locations.

Splunk Enterprise Security's visualizations are detailed and help users normalize data, making it extremely useful.

The vast array of use cases enabled by Splunk Enterprise Security empowers security teams to address diverse threats and enhance overall security posture.

I used it in the SOC environment to get logs, create dashboards, and filter out data.

The indexing and data collection are valuable. 

Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better.

Their sales support and tech support need improvement. Their support is really bad.

I used it for nearly one year in my previous organization. I last used it about seven months ago.

It is stable.

Its scalability is good.

Their sales support and tech support are really bad. They take really long to respond.

We were using AlienVault. We switched because we weren't really happy with it. So, we looked into different solutions, such as Splunk.

Its initial setup was okay.

We did it ourselves. We had around two people for deployment and maintenance, but we had around 15 users. They all were SOC people.

We had a yearly subscription.

I can recommend this solution to others. It is a great product. 

I would rate it an eight out of 10.

Splunk just acts as an extra presentation layer, and we tried it because of the plugins they have to try and get more logs into the environment.

Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize.

Aside from the 5GB limit on the community version, I believe it is the same as ELK. It's a useful tool, and nothing comes to mind right now.

I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part.

Splunk is a stable solution. I am very happy with the stability of Splunk.

Splunk can be scaled to any environment. The way it's designed, it's cloud-ready, and it has a lot of performance, in-built indexing, and performance tuning options. Splunk is easily scalable.

I am happy to report that I've never needed to contact technical support. The README tutorials and the existing forums provide me with practically everything I need. So far, I haven't had to do so. This should be a testament to the solution.

We broaden the scope of IT governance and IT security.

We look at everything from SIEM to network management to endpoint protection, server protection, database protection, and anything else that can aid in visibility, policy enforcement, and monitoring.

Our organization is using a combination of Splunk and Elasticsearch. We get most of what we need from the ELK suite. ELK Stack is usually the primary focus.

ELK has the same inbuilt reports and dashboards that you can customize, but ELK is better for central logging and log aggregation. Once they've all been aggregated, you'll be able to run any kind of queries and APIs to query the logs on ELK and then use Splunk as a presentation layer for the consumers to use.

Security tools, in my opinion, are business tools and should be used by businesses rather than security engineers. I'm experimenting with a hybrid of the two, in which ELK serves as the engine for central logging and Splunk handles the presentation layer and aggregation of additional third-party logs from tools that might be difficult to integrate into ELK.

I would rate Elasticsearch a ten out of ten.

It's a cloud-ready package. It has the same characteristics as ELK. From a deployment standpoint, I don't have any issues with it. The material is freely accessible to anyone who wishes to use it. There is a virtual machine option. You can get a virtual machine by downloading it. The deployment options are simply numerous, and it is up to the implementer.

It wasn't that difficult for me. There are no complaints from me. The material is present, and there are numerous options for deployment. It's relatively simple to go from zero to viewing data with Splunk. ELK is the same way. It is now up to the implementers and their environment to provide you with more data about it.

They could improve their discounts. I think it's a good solution, and it's gaining a lot of traction, maybe they are recouping their R&D costs, Further reductions would be fantastic, and I believe that more and more people would flock to it.

We provide IT consulting services. Our customers occasionally ask us to assist them in locating specific solutions.

I would recommend this solution to others who are interested in using this solution.

I would say the forums and READMEs provide more than enough information about Splunk. Most people struggle because they move too quickly through the implementation process. As long as you follow the guidelines, particularly the specifications for environment requirements and implementation methodology, these solutions should work out of the box.

Splunk is a very good solution, I would rate it a ten out of ten.

We are using Splunk for querying data from different sources.

Splunk has machine learning which is a valuable feature.

The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use.

I have used Splunk within the past 12 months.

Splunk is a stable solution.

We have contacted the support and most of the reasons we have contact support has been project-related. For example, we want the APAs to work in a certain way or for certain fixes.

I have been using Splunk for approximately 

We work with Splunk. We use it for our own services, and we also integrate and resell Splunk. It is used for cyber security. 

Different clients have different versions. They have Splunk Cloud and Splunk on-premises with different versions.

It is very easy to use and integrate. There are connectors for every technology.

The UI can be improved. Dashboards and reports can be better in terms of graphics.

We have been using this solution for a few years. In 2016, we became a Splunk partner.

It is very stable.

Its scalability is very good. We work with this platform for our own services. We use Splunk extensively, and we also offer it to our clients. We plan to increase its usage.

Our company has three offices. We have offices in Spain, Columbia, and Mexico. We have around 100 people, and about 50 people are working with Splunk. They all are focused on cyber security. They are security engineers or security specialists.

I don't know about their support. I don't work with it much. On an activity level, I'm not so close to the platform. I'm the country manager, so I am a bit far from the operation.

We tried to work with Exabeam for user behavior analytics, but we stopped it.

Its setup is very easy, but we have been working with Splunk for a lot of years. We have all the certifications in Splunk, and we are a specialist in Splunk. So, for us, it is very easy to set it up and integrate it, but it might not be easy for other companies.

Splunk is a very good platform for analytics and cybersecurity. We use it very extensively. It is very easy to use, and it is very stable and scalable.

I would rate it a nine out of 10.

We are a solution provider and Splunk is one of the products that we distribute.

The primary use case is for SIEM and we have approximately 35 customers.

The fact that Splunk is a platform and not just a SIEM solution is a key benefit.

Our customers like that they can use Splunk to optimize their security.

The Splunk licensing model should be more flexible.

The support that is included with the standard licensing fee is very bad.

We have been working with Splunk since 2017.

Stability-wise, it's perfect. We haven't had any problem with Splunk. It's good software.

One of the key benefits and differences with this software is that the customer can scale up as much as they need to. Our largest Splunk customer is using between three and four petabytes of data per day.

If you don't pay extra for technical support then it is very bad. If you pay extra for it, then the technical support is normal.

I am familiar with other products and Splunk can handle much more data than IBM QRadar or any other competing product.

Direct competitors are more flexible when it comes to licensing.

We have not had any problems installing Splunk.

For a standard case, it takes between one and two weeks to install correctly and deploy. This is for situations where the client has less than 50 gigabytes of data per day.

Problems during the implementation are typically due to something on the customer's side. For example, if the client does not have somebody that is responsible for the deployment, helping to speed up the various procedures, then this is a key problem for us.

It takes two people to deploy and maintain.

Splunk is not a cheap solution and the license is billed annually. The licensing model should be improved and the price should be lower, in general.

You can purchase additional technical support, which is much better than the support that is included.

I would rate this solution an eight out of ten.