Splunk Enterprise Security Reviews

The solution is primarily used to monitor the operating system for threats, specifically related to login threats. If someone trying to log-in, or somebody trying to break into the system, the idea is it will check that and catch things. It's mainly for external threats to the operating system.

The solution has improved our organization by providing a comprehensive picture of any external threats to the operating system. It improves asset control.

The logs on the solution are excellent. Mostly I see just the reports or the outcome, however, with the log portion, where you could actually take log entries and pass them through the system in order to create events or conditions, and get reports. You can set up your conditions to the logs that you invested into Splunk, and get the reports or the output that you want. 

We're still going through it at this time. However, there are a few changes that could be made.

It could be more user friendly, in terms of the end-user experience. The end-user aspect of it could be more enhanced, whereby you could probably have a lot more people that could sign into the tool and look at the reports, and have the reports actually laid out in plain English. Usually, with tools like Audit Vault and Splunk, if you're not the IT person and you're not trained on that system and you're seeing all of the outputs, the language is something you have to convert.

Therefore, the end-user experience could be improved so that when you get those alerts and notifications, you could have supervisors and different people actually knowing what those reports mean instead of having someone convert them into something more easily digestible. 

There should be more enhancements done to the end-user dashboards. Improved dashboards are always good. If you have an IT tech that's up there, and they're looking at the dashboards and they're seeing everything, it would help they could do events and have a dashboard that they could log into as a supervisor and see everything, and just get specific reports for specific areas.

We've been using the solution for three years.

I can't really speak to the solution's stability beyond how I use it, which is for training. However, I've never experienced bugs or glitches on it and therefore believe it to be very reliable.

The solution seems to be very adaptable, and if not, we'll figure it out what to do in the next couple of years when the program has developed more, and the general capabilities become apparent. 

It is a log parsing tool, so if you take any type of log, operational or financial or security logs, and you put it in there, hopefully, we will find out that a log is a log, and you just create your events and you get the output that you want. Therefore, I don't foresee an issue with scalability per se.

The technical support is pretty good. I would rate it at a seven out of ten. We're mostly happy with the level of service we receive from them.

What they probably need to do is help make the reports more manageable for the end-user or to help the end-user understand them more easily.

We didn't previously use a different solution. We've only ever really used Splunk.

The initial setup was not complex. It was pretty straightforward. It was already loaded on the environment. It's managed by a third party or service provider, therefore we just kind-of fell into the rhythm of using it pretty quickly.

We're just a customer. We don't have a business relationship with Splunk.

We're using the latest version of the solution.

I'd advise those considering the solution to do some basic training before jumping into using the solution. It will help you understand how everything is supposed to work.

I'd rate the solution at an eight out of ten, due to the fact that it's more flexible than other solutions. I like the idea of taking a log, any log, and putting it into a tool and creating your events and your conditions in order to get the output that you're looking for. It's more scalable and flexible than other options on the market.

Log collection and search.

The search and query feature is very fast but due to the log size limit (in trial version), we did not get the full benefit.

Selecting the relevant events and records.

Due to the size limit, we could not see the full product.

We use Splunk for infrastructure monitoring, application monitoring and in the security space for our organization as well as for our customers.

Since Splunk is a platform for data, we can ingest and correlate data from virtually any type of system.

It has a fast turnaround time for setting up monitoring/alerting and forecasting of trends as per our customers' requirements.

The following are top three features that I find quite valuable:

1. Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning.
2. Quick turnaround time for setting up monitoring and alerting with built-in capabilities, plenty of enterprise grade apps available on Splunkbase, and custom coding based on Splunk development skill level.
3. Free Splunk license for PoCs on personal machines and the ability to scale the PoC to an enterprise level app.

• Scheduled PDF generation does not work well for all visualizations, and it does not work for custom visualizations.
• While scheduled reports can be embedded, Splunk dashboard can not be embedded directly without enabling cross origin.
• Missing capability for audio/video and image processing.

The analytics and querying the indices is super easy.

The data representation options in the dashboards are excellent.

Multiple datasource/filetypes are supported and each can be customized in a few clicks.

Security administration and user access control is pretty basic. This can be improved.

The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc.

If this is improved, with a mapping against LDAP roles, it would be excellent.

We had no stability issues.

We had no scalability issues.

Technical support and the online community are some of the best for any product.

We did not have a previous solution.

The setup was quite easy and there is lot of technical documentation for handholding you through the process.

Pricing and licensing is quite expensive. But for the value the product provides, it seems at par in the market.

We looked at IBM SmartCloud Analytics and Log Analytics.

Please watch out for the licensing agreement. There are a lot of IP specific clauses that Splunk has included in their license agreement. Per my understanding, any plugin available in the community cannot be used OOB, due to licensing restrictions. (This might be specific to our organization.)

• Flexibility when creating dashboards
• Automated cron searches
• Real-time and scheduled searches with alternate functionalities
• User-base integration with LDAP

It alerted many situations before other monitoring systems identified that there is a critical issue.

VMware and security device integration looks a bit complex.

I have used Splunk for almost three years.

As of now, we have had no issues with stability. It is running like a charm.

From a nodes perspective, there have been no scalability issues.

I can say that support is good.

We never used other solutions.

We used the Splunk Cluster setup. It was a bit complex to set up, but management-wise and stability-wise, it was awesome.

License costs fall under the NDA, but Splunk license costs are public, I believe.

We evaluated Logstash and others, but Splunk plays a pivotal role.

I would strongly recommend this product, as it would be very beneficial for service operations and management.

Our company is an IT service provider. We are resellers of Splunk. One of our clients that we monitor is a laboratory that uses this solution.

Splunk is a change management solution. We use the solution as a log collector, and to analyze and provide alerts from the IT instructor.

The product is good, it satisfies our customers.

The price of Splunk is too high for our market.

Our company has been a reseller of Splunk for less than six months.

Splunk is stable.

This is a scalable solution.

We have had no concerns with customer service.

The initial setup of Splunk is somewhat difficult because it was our first time implementing the solution. It was a similar situation to implementing other CM tools like FortiSIEM.

Splunk required two engineers to implement, and we will add another one to maintain the solution.

The prices are complicated as we operate in a small third-world country.

We give support for VMware and other technologies. We purchased Splunk because our customers were asking for our services to take control of the implementation from another company.

If you are considering Splunk and you like what you are seeing; my advice would be to go for it.

I would rate Splunk an 8 out of 10.

We are resellers. We provide solutions to our clients.

Splunk is primarily used for developing CM solutions that are based on the Splunk platform for future security operation center development.

We are concentrating on assisting in the development of a security monitor as well as analysis.

If I am not mistaken, it's a standard CM system for identification, security verification, and event monitoring.

In my opinion, it is too expensive for our projects.

It is very competitive for small and medium businesses. Perhaps some should be set aside for developing markets. To begin with, similar to the current market, there may be some special conditions for large transactions.

In the next releases, I would like to see more pricing flexibility. It's a subscription-based service, and they don't sell professional licenses.

In some cases, particularly with large projects, we are not competitive in terms of pricing when compared to IBM QRadar and other solutions; even if we offer the maximum discount available, our prices remain uncompetitive.

We have been selling Splunk for approximately five years.

The scalability is good. It can be added on-demand in increments of one gigabyte or ten gigabytes. It's a per-gigabyte license, and you can add whatever you need at the time.

Our projects are sized per our current IT infrastructure.

Splunk is used by 10 of our customers.

Our team provides technical support.

I have not communicated with technical support.

We no longer resell Checkmarks. 

We were unable to assist in establishing their business on-premises because It could have been too expensive for our clientele.

Installing Splunk is not difficult, but it can be complicated in some cases.

The issue is the integration with the customer's system, as well as the configuration of the rules for correlation, log collecting, and analysis.

It has good documentation and guides, but the main works should be focused on customer needs and customer resources for monitoring.

It can take three months to complete the installation.

We have a team of three certified engineers who will deploy and maintain this solution.

The licensing fees and pricing models could be reduced.

It's a yearly subscription.

They don't sell professionally because it's a subscription service. As a result, it is only a subscription service that is dependent on the customer's IT infrastructure.

We do not sell Compliance Control Limited solutions because our focus is on auditing and independent security assessments. We put an end to our selling program with Checkmarks.

I would recommend this solution to others. Splunk is appropriate for small to medium-sized projects, and it should be calculated for large projects.

It's one of the best CM solutions on the market for monitoring, and correlation, as well as IT monitoring security.

I would rate Splunk an eight out of ten.