Splunk Enterprise Security Reviews

I used it in the SOC environment to get logs, create dashboards, and filter out data.

The indexing and data collection are valuable. 

Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better.

Their sales support and tech support need improvement. Their support is really bad.

I used it for nearly one year in my previous organization. I last used it about seven months ago.

It is stable.

Its scalability is good.

Their sales support and tech support are really bad. They take really long to respond.

We were using AlienVault. We switched because we weren't really happy with it. So, we looked into different solutions, such as Splunk.

Its initial setup was okay.

We did it ourselves. We had around two people for deployment and maintenance, but we had around 15 users. They all were SOC people.

We had a yearly subscription.

I can recommend this solution to others. It is a great product. 

I would rate it an eight out of 10.

Its integration is most valuable. Its UI is also pretty much easy.

Its setup is a little bit complex for a distributed environment. 

Their support can also be better. If we raise a case with Splunk support and by any chance we missed to respond for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply. In that case What they can do is they can send a followup mail before closing.

I have been using this solution for a year now.

It is very stable haven't encounter any glitches or bugs till now.

It is very much scalable. I am acting as an admin, and we have more than a hundred users of this solution in our company. We use it on a regular basis. We currently don't have any plan to increase its usage.

I would rate them an eight out of ten. Their response speed is okay, but if, by any chance, we miss the response for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply.

This is the only solution that we have been using.

Its setup is pretty much easy for standalone, but for a distributed environment, it is a little bit complex.

I would recommend this solution to others, but it should meet their needs and architecture.

I would rate Splunk a nine out of ten.

• Collects data from any source
• Powerful search, analysis, and visualization
• Easy to build system on any platform
• API and easily integrated search
• Action script

We have over 7000 devices in our network infrastructure for monitoring, maintenance, and performance assessment.

We achieve this by collecting data and applying the analysis.

I have used this solution for one year.

We did not encounter any issues with scalability. Everything is normal with no bugs.

It’s easy to obtain support from Splunk for technical issues. We also have enough knowledge ourselves to apply fixes.

We used to deploy Elastic Stack. The search language of Splunk is easier and friendlier than Elastic Stack. It has helped me to search quickly and easily. Based on the results, it’s easy to visualize and add results to a previously built, personal dashboard.

Licensing is free. Pricing is based on usage.

We evaluated Elastic Stack and Sumo Logic.

If you are an enterprise and you need the best service for critical business analysis, Splunk would be one of the best choices.

What Splunk calls operational intelligence: fast availability of operational data spread across several servers to prevent or react faster to outages or performance decreases.

MES is a complex and very critical distributed system here. Production WIP is directly connected to it and ICT is required to provide a continuous availability and very stable performance (line production has a costant speed, software cannot slowdown). Collect operational data from hardware, middleware and application software can potentially improve ICT proactive and reactive tasks.

I've ever used it, just studied it.

We also use a traditional monitor, and Microsoft SCOM.

Every stop or slowdown of the production line means lost of money, e.g. 30% reduction when compared to the current baseline.

Every stop or slowdown of the production line means lost of money, e.g. 30% of reduction compare to the current baseline.

IBM QRadar

Great Log management capabilities with flexible and comprehensive search capabilities. Scalable and Easy to use.

Operational Workflow, Use Case Framework, and ticketing systems to make it suitable for SOC environments

3 years

Splunk is extremely scalable with the limit being the hardware in use.

If you get the right people engaged, support can be a bliss.

Setup is simple and straight forward.

http://infosecnirvana.com/splunk-enterprise-need-know/

We are resellers. We provide solutions to our clients.

Splunk is primarily used for developing CM solutions that are based on the Splunk platform for future security operation center development.

We are concentrating on assisting in the development of a security monitor as well as analysis.

If I am not mistaken, it's a standard CM system for identification, security verification, and event monitoring.

In my opinion, it is too expensive for our projects.

It is very competitive for small and medium businesses. Perhaps some should be set aside for developing markets. To begin with, similar to the current market, there may be some special conditions for large transactions.

In the next releases, I would like to see more pricing flexibility. It's a subscription-based service, and they don't sell professional licenses.

In some cases, particularly with large projects, we are not competitive in terms of pricing when compared to IBM QRadar and other solutions; even if we offer the maximum discount available, our prices remain uncompetitive.

We have been selling Splunk for approximately five years.

The scalability is good. It can be added on-demand in increments of one gigabyte or ten gigabytes. It's a per-gigabyte license, and you can add whatever you need at the time.

Our projects are sized per our current IT infrastructure.

Splunk is used by 10 of our customers.

Our team provides technical support.

I have not communicated with technical support.

We no longer resell Checkmarks. 

We were unable to assist in establishing their business on-premises because It could have been too expensive for our clientele.

Installing Splunk is not difficult, but it can be complicated in some cases.

The issue is the integration with the customer's system, as well as the configuration of the rules for correlation, log collecting, and analysis.

It has good documentation and guides, but the main works should be focused on customer needs and customer resources for monitoring.

It can take three months to complete the installation.

We have a team of three certified engineers who will deploy and maintain this solution.

The licensing fees and pricing models could be reduced.

It's a yearly subscription.

They don't sell professionally because it's a subscription service. As a result, it is only a subscription service that is dependent on the customer's IT infrastructure.

We do not sell Compliance Control Limited solutions because our focus is on auditing and independent security assessments. We put an end to our selling program with Checkmarks.

I would recommend this solution to others. Splunk is appropriate for small to medium-sized projects, and it should be calculated for large projects.

It's one of the best CM solutions on the market for monitoring, and correlation, as well as IT monitoring security.

I would rate Splunk an eight out of ten.

I use this solution for data visualization.

The most valuable features of the solution are it is straightforward to use and the documentation is good for finding out how to get the data you are looking for.

The solution could improve by making it more business analysis oriented. The way it is now is designed more for developers.

I have been using Splunk for two weeks.

The solution is stable, I have not experienced any bugs or glitches.

The solution is scalable and it is a requirement of my company to have scalable solutions.

I have used previously Qlik Sense and Kibana.

I did the training with Slunk and once I had the training the installation was easy.

I have evaluated Tableau.

My advice to others is not to be intimidated by the solution and to give it a try. It will become easier over time.

I rate Splunk an eight out of ten.

We were using Splunk for our networking to know exactly what kind of the traffic was going from one network to another network because we had a lot of the connections on other sites.

it can explain to management about what kind of traffic is visiting the network. It can also explain other traffic coming in and out, along with protecting against malware.

All the features are valuable. It helps us uncover bottlenecks in the network.

Splunk should be able to integrate with other product using the free version.

The product was difficult to back up the first time.

The stability is fine.

We have two people maintaining it.

Splunk needs local technical support.

We did not use another solution previously.

The deployment was great and took three to four days.

The pricing and licensing of the product are quite high.

Splunk is great product, especially for my organization.