Splunk Enterprise Security Reviews

• SIEM
• Security information 
• Event management

The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication.

What they need to do more than anything else is, they need to take a serious look at purpose-built modules like the SIEM and put a lot more effort into making them more robust. If they did that I think they would have a better chance on the market. The base tool was great, and if the organization that they're looking to sell into requires a good, solid logging solution then they would have a very good sales statement to make because you could get the logging solution you need that could give you the SIEM at the same time.

It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solution would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make.

• AlienVault
• LogRhthym
• ArcSight
• QRadar

I've used a whole bunch of different solutions. For a SIEM based solution, they are more purpose-built for that function. Where Splunk is purpose-built for a general logging and data capture solution so you'd be able to capture a lot of different information.

Anything that's not out of the box requires codding. Even up until recently when they finally released their SIEM or their security add-on. Before then there was not security stuff at all. I would actually have to go in and code that within the system to able to do the necessary searches to pull that information. Where a lot of the other tools, they already have those preconfigured which means I don't have to go and recreate the wheel. Now, we finally figured that out to a certain degree, and started putting the new tool in a place that gives you some SIEM functionality.

As a logging solution, I would say it's probably an eight or nine. If you're talking about the SIEM I'd say it's probably about a five. For logging, I think they would have to change the costing model. The costing model is way out of line. It's built for very large organizations.

We use Splunk for infrastructure monitoring, application monitoring and in the security space for our organization as well as for our customers.

Since Splunk is a platform for data, we can ingest and correlate data from virtually any type of system.

It has a fast turnaround time for setting up monitoring/alerting and forecasting of trends as per our customers' requirements.

The following are top three features that I find quite valuable:

1. Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning.
2. Quick turnaround time for setting up monitoring and alerting with built-in capabilities, plenty of enterprise grade apps available on Splunkbase, and custom coding based on Splunk development skill level.
3. Free Splunk license for PoCs on personal machines and the ability to scale the PoC to an enterprise level app.

• Scheduled PDF generation does not work well for all visualizations, and it does not work for custom visualizations.
• While scheduled reports can be embedded, Splunk dashboard can not be embedded directly without enabling cross origin.
• Missing capability for audio/video and image processing.

It was used for security event management on landscape hosted over AWS.

It helped the organisation to proactively monitor threats and reduce its threat footprint.

Deployment server for deploying changes in one go.

It is quite stable.

No.

Professional support is great, but too expensive. Otherwise content published over website is good.

Not applicable.

Do proper estimation on log ingestion per day as that will impact pricing and licensing.

It was the customer's choice.

It provides a great range of plugins and one can really take great advantage of utilising inbuilt dashboards to derive the desired monitoring.

Our company consults for different customers and are in a good position to recommend the best solution to our clients.

Our company is an IT service provider. We are resellers of Splunk. One of our clients that we monitor is a laboratory that uses this solution.

Splunk is a change management solution. We use the solution as a log collector, and to analyze and provide alerts from the IT instructor.

The product is good, it satisfies our customers.

The price of Splunk is too high for our market.

Our company has been a reseller of Splunk for less than six months.

Splunk is stable.

This is a scalable solution.

We have had no concerns with customer service.

The initial setup of Splunk is somewhat difficult because it was our first time implementing the solution. It was a similar situation to implementing other CM tools like FortiSIEM.

Splunk required two engineers to implement, and we will add another one to maintain the solution.

The prices are complicated as we operate in a small third-world country.

We give support for VMware and other technologies. We purchased Splunk because our customers were asking for our services to take control of the implementation from another company.

If you are considering Splunk and you like what you are seeing; my advice would be to go for it.

I would rate Splunk an 8 out of 10.

We enjoy the whole solution. It is meeting our requirements, especially the SIM solution. 

The alerts are very user-friendly.

We can easily configure things as required in relation to our use cases.

The search functionality is good. It works like Google. 

Onboarding is quite easy.

The scalability is good.

Product-wise, the performance is good. 

From the commercial point of view, they have to bring down their costs. It's a bit pricey right now. The license is quite expensive. 

Much like the SOAR platform, which has security, orchestration, and automation response, all of that should be part of the SIM solution itself. Currently, it is actually separated.  We understand that we have to integrate a SIM with a SOAR platform, however, if they could combine these two products together, that would be ideal. It would make things easy to implement and make more automation possible to avoid false-positive alerts.

We've been using the solution for the last four years. It's been a while. 

The performance is good. It's stable. There are no bugs or glitches. It doesn't crash or freeze. 

The scalability of the solution is very good. If a company needs to expand, it can do so. It's easy.

The solution can be expensive. It's not cheap.

We are customers and end-users. 

I'd rate the solution at a nine out of ten. 

Because I'm security focused, I prefer the security features such as Splunk Phantom and Splunk Enterprise Security.

We need to get a Splunk Cloud instance inside South Africa's borders. At this stage, we are pushing Splunk Cloud, but it is not yet within South Africa's borders. So we've got data sovereignty issues, especially with government organizations.

Technical support could be improved as well.

Splunk can be an expensive solution. I think that they need to change their pricing model. At present, it is based on the number of gigabytes that you ingest into the Splunk system. Their competitors are now starting with a pricing model where you pay per device talking back. If Splunk could have a similar alternative, it would then allow people to choose the data model they want such as set data or a set number of devices.

I have been using Splunk for three years.

The technical support here in South Africa hasn't been great, but I understand why as we make up less than 3% of Splunk's total revenue in the world.

The initial setup isn't overly complex, but it's not easy either.

The pricing model is based on the number of gigabytes that you ingest into the Splunk system. So it can be an expensive solution.

Plan your requirements properly from the beginning so that you can get the most value in a shorter space of time.

On a scale from one to ten, I would rate Splunk at six.

We use it to do SIEM. 

It can log more logs than other solutions. It's a good way to troubleshoot problems.

Splunk is a good solution to collect more events than other solutions. It's a good solution, for me, for this reason.

Cybersecurity and infrastructure monitoring have room for improvement. 

On a scale from one to ten I would rate the initial setup a seven for its complexity. 

We also looked at AlienVault.

I would rate it an eight out of ten. 

Splunk is more efficient than other solutions but it's also more expensive. 

• Cybersecurity defense
• Web app monitoring
• VMware monitoring
  

• Troubleshooting
• Cyber defense
  

• Drill down
• Apps
• REST API
  
• Software development kits
• Architecture
• Replication capabilities
  

• Multi-tenancy support
• Improved user interface
• Non-proprietary search language
• Different licensing model