Splunk Enterprise Security Reviews

I use this solution for data visualization.

The most valuable features of the solution are it is straightforward to use and the documentation is good for finding out how to get the data you are looking for.

The solution could improve by making it more business analysis oriented. The way it is now is designed more for developers.

I have been using Splunk for two weeks.

The solution is stable, I have not experienced any bugs or glitches.

The solution is scalable and it is a requirement of my company to have scalable solutions.

I have used previously Qlik Sense and Kibana.

I did the training with Slunk and once I had the training the installation was easy.

I have evaluated Tableau.

My advice to others is not to be intimidated by the solution and to give it a try. It will become easier over time.

I rate Splunk an eight out of ten.

There is improvement needed when importing from some types of data sources. Most of the time you have to do some customization for the data because not everything is working the way it should. Additionally, in other solutions, it is easier to build use cases.

I have been using this solution for approximately three years.

I have previously used Curator and it was much easier to use than this solution.

I have found the installation can be of medium difficulty to very complex depending on the use case. It is not easy for new customers. You need to have the experience to be able to do it.

When using this solution for Security Information Management(SIM), I highly recommend importing data sources from the whole cycle for the service security chain. Some people only use main inputs and not all of the data sources they have. They might not have some data sources, in this case, you can purchase one or there are free open-source ones available. You will then have this data source that can enrich your life because many correlations are done with this data. 

I rate Splunk an eight out of ten.

We primarily use the solution for monitoring and security.

We can use the solution to try to find some correlational data. For example, in banks, there is usually a protocol whereby users cannot withdraw more than a certain amount of money from an ATM. However, we find that, when people are on holiday, they are trying to withdraw more than the allowed amount. It's a use case we can deploy in our country. You can set certain rules and watch the data in order to gain insights.

I cannot speak to a specific example of how the solution has assisted our organization.

The solution's capability is its most valuable aspect.

The initial setup is very straightforward.

The solution has proven to be quite stable.

We've found the solution to be very mature.

The integration capabilities are excellent. They have apps that integrate quite well with Palo Alto and Cisco, for example.

Sometimes it becomes very difficult to find certain results from Splunk. Not all users are developers and they are not able to write code to find specific results or specific details from Splunk. From a user perspective, the solution needs to improve the search functionality.

The dashboard could be improved. If it was easier for non-developers or those working in network security, it would be ideal. It would be nice if they had a built-in dashboard for those who are less knowledgeable in coding.

The product is relatively expensive. 

I haven't been using the solution for very long just yet.

The solution is very stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

We do not plan to increase usage at this time.

We've used technical support in the past. We've found them to be very helpful and responsive. We're satisfied with the level of support that we receive when we reach out for help.

I've previously used LogRhythm, among other solutions. We sell a few different solutions.

The initial setup is not too difficult. It's not overly complex. It's straightforward. The code is very easy.

The deployment took two or three months or so.

We used an integrator to assist us in the initial setup.

The problem with the product is that the price of Splunk is very high. It is an industry leader and therefore it's high in terms of price. That is the issue in our country. Sometimes people want to buy Splunk, however, due to the budget, they are not able to.

We are resellers.

We use a variety of deployment models, including private cloud and hybrid.

This solution is the best security solution. If a company is looking for the best, they have to buy Splunk. It is a very good and very mature solution. It is very easy to integrate with some other service or security solutions. If they have specific solutions that need to be integrated for monitoring purposes, it should be a problem. For example, it integrates very well with Cisco.

I'd rate the solution at a ten out of ten. We are quite happy with its capabilities.

We are using it for security information and event management (SIEM). We have started to use Splunk recently, and we are in the implementation phase as of now.

The data analysis part is good in Splunk, which is something that I like the most. It is also quite easy to use. Its dashboards, visualizations, and analytics are good.

It currently has limited default rules and customizations. If they can concentrate more on the compliance part and the security information part, it would be helpful. The platform part is good, but it requires many features from the security aspect.

I have been using this solution for a couple of months.

It is absolutely stable.

It is scalable. We have approximately 25 users.

It was easy to install. Its configuration and development are the critical parts, and there are a limited number of people in the market with such a skill set. It takes some time to find people with the right skill set and get it implemented properly. It took approximately three months.

I have a team of a few Splunk consultants who are currently managing it for me. For a mid-sized organization, at least 15 persons are required to manage the entire Splunk instance.

I would recommend this solution to others. I would rate Splunk an eight out of ten.

We are using Splunk for cybersecurity operations.

Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful.

Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding.

To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this.

I have been using this solution for eight months.

In terms of operations, it is stable, but if you don't have a proper configuration and sizing, there could be many issues. It could be more efficient on the storage part. We are still in the deployment stage to be able to say that for sure.

It is very scalable. Currently, we have around 50 users. We will increase its usage if more people need access.

We have raised multiple tickets. Some of them are good, and some of them can be better. Overall, their technical support is okay.

We didn't use any other solution.

I didn't do the initial configuration. I take care of the operations part. One of our clients did it, and it is somehow complex, and it takes time. It also depends on your knowledge. If you don't have knowledge of Splunk, it is complex.

We are a partner of Splunk. So, we did not evaluate other solutions.

I would rate Splunk a seven out of ten.

Because I'm security focused, I prefer the security features such as Splunk Phantom and Splunk Enterprise Security.

We need to get a Splunk Cloud instance inside South Africa's borders. At this stage, we are pushing Splunk Cloud, but it is not yet within South Africa's borders. So we've got data sovereignty issues, especially with government organizations.

Technical support could be improved as well.

Splunk can be an expensive solution. I think that they need to change their pricing model. At present, it is based on the number of gigabytes that you ingest into the Splunk system. Their competitors are now starting with a pricing model where you pay per device talking back. If Splunk could have a similar alternative, it would then allow people to choose the data model they want such as set data or a set number of devices.

I have been using Splunk for three years.

The technical support here in South Africa hasn't been great, but I understand why as we make up less than 3% of Splunk's total revenue in the world.

The initial setup isn't overly complex, but it's not easy either.

The pricing model is based on the number of gigabytes that you ingest into the Splunk system. So it can be an expensive solution.

Plan your requirements properly from the beginning so that you can get the most value in a shorter space of time.

On a scale from one to ten, I would rate Splunk at six.

There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive.

Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. 

The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature.

A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable.

I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure.

I have been using this solution for almost two years. I am using its latest version.

It is a stable product.

Splunk is definitely scalable.

I have not interacted with them. Another team is taking care of raising tickets with their technical support.

It is quite simple.

Its pricing model can be improved.

A few years ago, I would have definitely recommended Splunk, but nowadays, better alternatives are available. We are currently exploring a few other alternatives, so I won't recommend Splunk as of now.

I would rate Splunk a seven out of ten.

We are a solution provider and Splunk is something that we provide as a service to our customers.

The most valuable feature is the reporting and the information that is provided by the tool.

It is very easy to implement a PoC using Splunk, which will show the value of the reporting and data that it provides.

The integration is seamless with many devices and operating systems.

It is flexible enough that you can choose what kind of deployment model you want.

They have a large solution toolkit that supports IoT, wherein businesses can get a lot of help with the centralized management functionality. There are also tools to assist from the security and SIEM perspective, and there is a centralized dashboard.

Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it. It should be easy to customize dashboards.

When we are monitoring something, we would like to have a more granular outlook. Splunk has a good dashboard that is easier to use than some competing products, but better customizability would be a great help for the users.

We have been working with Splunk for approximately three years.

This product is very stable.

Splunk is a very scalable solution. Being a Japanese product, they will ensure that all of the features work in any environment. It is very heterogeneous. It can integrate with Windows, Linux, AIX, HP-UX, and Solaris. It also supports IoT devices, mobile phones, and more.

We have more than 150,000 people using our services.

The Splunk team has good, proactive support. Also in terms of assisting with the installation, they are quite good.

Splunk is similar to IBM QRadar, which we also have experience with. However, Splunk has advanced SIEM features included with it, so we often use it to satisfy this requirement. Whenever an organization is looking to implement SIEM, they have the flexibility to choose Splunk, QRadar, or the ArcSight Logger solution.

One of the major differences that I see between Splunk and QRadar is that Splunk gives the users fewer devices, so they can do things quicker. 

The installation for Splunk is easier than competing products QRadar and ArcSight.

We have Splunk deployed on the cloud so that we can provide the service, but some of our customers have it installed on-premises.

All the user has to do is download the Splunk server agent, install it on the laptop or endpoint, integrate 50 or 100 devices, then see what kind of reporting is available.

We have an in-house team for deployment in maintenance. Splunk is a tool that does not require much staff to maintain. The users can start with a PoC, simply learn it, and deploy it for themselves. They don't require subject experts to be hired for the installation and configuration.

Price-wise, if you compare QRadar to Splunk for SIEM functionality then they are in the same range but when you integrate SOAR with these solutions, Splunk takes the lead and is more competitive.

This is a product that I recommend for anybody who wants and advanced SIEM solutions. Of the three that I have used including QRadar and ArcSight, Splunk is the one that I prefer.

I would rate this solution a nine out of ten.