Splunk Enterprise Security Reviews

With the use of Splunk, we were able to identify a brute force attack against a "switch" network device. An external attacker attempted to connect multiple times using multiple usernames. Splunk was able to detect these attempts and immediately blocked these attempts.

Splunk has facilitated the correlation of information security logs to look for incidents which could cause damage to the company's infrastructure, as well as financial losses from leaks.

Splunk's ability to receive all types of data and identify it correctly. It obtains a correlation of the logs and identifies incidents.

Splunk can improve regex/asset analysis as we do not want to crawl until it is done. I could not find a timestamp for when the log was processed and generated.

Splunk is our monitoring and investigating Swiss Army knife for key applications and systems. If we run it, we Splunk it.

We are much faster finding and addressing issues with Splunk. We reduce the MTR and get more done.

So many of Splunk's features are invaluable to us:  

• Machine and business data retention
• Solid HA and distribution
• Adaptability to custom data
• Search, Search, Search.

I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications.

No stability issues.

No scalability issues.

The support team is very competent.

The initial setup is very straightforward.

We implemented in-house

Our ROI is high.

We evaluated LogRhythm.

I love this product.

What Splunk calls operational intelligence: fast availability of operational data spread across several servers to prevent or react faster to outages or performance decreases.

MES is a complex and very critical distributed system here. Production WIP is directly connected to it and ICT is required to provide a continuous availability and very stable performance (line production has a costant speed, software cannot slowdown). Collect operational data from hardware, middleware and application software can potentially improve ICT proactive and reactive tasks.

I've ever used it, just studied it.

We also use a traditional monitor, and Microsoft SCOM.

Every stop or slowdown of the production line means lost of money, e.g. 30% reduction when compared to the current baseline.

Every stop or slowdown of the production line means lost of money, e.g. 30% of reduction compare to the current baseline.

IBM QRadar

Great Log management capabilities with flexible and comprehensive search capabilities. Scalable and Easy to use.

Operational Workflow, Use Case Framework, and ticketing systems to make it suitable for SOC environments

3 years

Splunk is extremely scalable with the limit being the hardware in use.

If you get the right people engaged, support can be a bliss.

Setup is simple and straight forward.

http://infosecnirvana.com/splunk-enterprise-need-know/

MTTR is drastically reduced, because the developers and other IT support staff have instant access to log events.

People costs are saved by not having to involve the domain developers from multiple teams, when tracing a problem that spans multiple platforms.

Security is improved by not having to give as many people access to log on to the servers.

The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature.

Official training, even CBT, is expensive so not many people are able to get certified. This leads/causes the users to make use of the most basic functionality only.

It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded. Splunk has moved towards not applying hard caps in data ingestion, and this will help us in the future.

However, I’d like an easier way to flag certain source log files as non-critical and have Splunk automatically disable those event sources when the license capacity exceeds an arbitrary value.

There were no stability issues.

There were no scalability issues.

Customer Service:

I haven't had the need to log any critical issues. Most of my support tickets have been revolved around configuration questions. I'm very happy with the way Splunk's support staff respond - they're pretty helpful. I think I've only had one situation where the response was acceptable, but not stellar.

Technical Support:

The technical support is good. I'm sometimes surprised when the support engineer doesn't immediately know the answer to my questions (as I feel they must be fairly common queries). But, this can probably be excused because of the breath of features Splunk Enterprise has.

We were not using any other solution previously.

I evaluated ELK Stack but at the time, Splunk offered more flexibility, better support and was easier for us to implement.

Initial setup was fairly straightforward, but we used an experienced implementation partner and ensured that our team was intimately involved in the installation/configuration process on a technical level.

We used a combintation of in-house (ie. myself) and an experienced Splunk partner.

The product has a lot of value, and I feel that we’re getting the value that we’re paying for.

Splunk Enterprise becomes extremely expensive after the 20GB/month license, but if you take care of what you log, i.e., by not logging excessive application events, then that license will get you a long way.

We looked at ELK Stack.

Use an experienced Splunk architect to design your infrastructure configuration.

Ensure that your tech leads are intimately involved and understand exactly how the product fits together.

Manage your Splunk configuration in a repository (Git).

Educate the end users as quickly as possible to use the tool effectively.

Change practices and encourage staff to use Splunk instead of old ways of getting the data they need. Prevent, or limit, direct access to the servers or server log files if you can.

We use Splunk for analyzing data.

The solution allows easy gathering and ingestion of the data.

The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed.

I have been using Splunk within the past 12 months.

The solution has been stable.

Our customers are mostly enterprise-sized companies using this solution. 

Splunk has many partners that provide customer support that can be used.

The initial setup is not easy. Customers have to learn the Splunk language and it is hard to operate it by themselves. They will need Splunk engineers to assist in their projects.

You will need a Splunk implementation specialist for the deployment.

My customers have found the price of the solution to be high.

I rate Splunk a five out of ten.

We use the solution for monitoring systems. We also use it with servers and CG routers from the data center, as well as for collecting the ADL from all networks which are located in our regions of the country.

I like that the solution is easy to use and stable. 

The price of the solution could be cheaper. 

I am currently working with Splunk and have a year's experience doing so. 

The solution is stable. 

The solution is scalable. 

Support is at a level one department and I am responsible for managing both IT support and node engineers. 

I am satisfied with the support. 

The solution is easy to install. 

It took half a day. 

We were able to handle the installation on our own. 

There are 40 people responsible for the deployment and maintenance of the solution, four of whom are engineers. There is a computer DE who is responsible for the engineering and a candidate for graduation in 2022.

The solution could be more cost-effective, as we charge our customers the cheapest price. 

The subscription is monthly. 

The solution is cloud-based. 

There are more than a thousand users making use of the solution in our organization, who are connected with us in over 530 different areas. 

I recommend the solution and plan to continue using it. 

I rate Splunk as a seven out of ten.