Splunk Enterprise Security Reviews

Splunk has great interoperability with other applications through their SplunkBase app store. The apps can quickly provide visibility and streamline complex data mining tasks.

Unlike other cloud based analytics platforms, at the time of this writing Splunk Cloud is a dedicated instance per customer rather than a shared tenancy platform. While this is beneficial from an overall performance standpoint, the product lacks the seamless integrations one has come to expect from a cloud solution. This translates to a much stronger reliance on Splunk's support organization out of necessity, as the customer cannot make most changes in a self-service manner.

We have been a Splunk customer for five years.

Our Splunk Cloud deployment was a migration from an on-premise implementation of Splunk. The migration took much longer than expected due to constraints within Splunk's cloud team, but there were no technical issues with the launch.

The customer support team at Splunk is very good.

The technical support team at Splunk is highly responsive and knowledgeable.

There is improvement needed when importing from some types of data sources. Most of the time you have to do some customization for the data because not everything is working the way it should. Additionally, in other solutions, it is easier to build use cases.

I have been using this solution for approximately three years.

I have previously used Curator and it was much easier to use than this solution.

I have found the installation can be of medium difficulty to very complex depending on the use case. It is not easy for new customers. You need to have the experience to be able to do it.

When using this solution for Security Information Management(SIM), I highly recommend importing data sources from the whole cycle for the service security chain. Some people only use main inputs and not all of the data sources they have. They might not have some data sources, in this case, you can purchase one or there are free open-source ones available. You will then have this data source that can enrich your life because many correlations are done with this data. 

I rate Splunk an eight out of ten.

We are using it for security information and event management (SIEM). We have started to use Splunk recently, and we are in the implementation phase as of now.

The data analysis part is good in Splunk, which is something that I like the most. It is also quite easy to use. Its dashboards, visualizations, and analytics are good.

It currently has limited default rules and customizations. If they can concentrate more on the compliance part and the security information part, it would be helpful. The platform part is good, but it requires many features from the security aspect.

I have been using this solution for a couple of months.

It is absolutely stable.

It is scalable. We have approximately 25 users.

It was easy to install. Its configuration and development are the critical parts, and there are a limited number of people in the market with such a skill set. It takes some time to find people with the right skill set and get it implemented properly. It took approximately three months.

I have a team of a few Splunk consultants who are currently managing it for me. For a mid-sized organization, at least 15 persons are required to manage the entire Splunk instance.

I would recommend this solution to others. I would rate Splunk an eight out of ten.

Our primary use case is for monitoring and cybersecurity.

The clusters are hard. It has too many moving parts. 

They should make data onboarding easier.

Its ability to scale nicely is one of Splunk's strengths. You just horizontally add another machine and you get your scalability.

Our clients switch from Nagios or other monitoring solutions because the other solutions were not as flexible as Splunk. With Splunk, you can do things very programmatically. With a help of a developer and included SDK you can add needed functionality.

The initial setup is really straightforward. It's one of the easiest installations. 

This product doesn't have any kind of dependencies, it just worked from one package. Install it and boom, you have a working solution.

Splunk is on expensive side.

There are some premium add-ons like Splunk Enterprise Security or ITSI which makes it more expensive.

I would advise to get Splunk professional services from Splunk.

Testing for insider threat behavior.

It gave management confidence in current operations.

The ability to correlate results.

A few more analysis aids might help. The next release could have more intuitive help examples.

Rapid search is a valuable feature. Performance and incident response were the top priorities for most MSSPs. Breaches of SLAs will have a negative impact on customer trust, which eventually leads to losing customer confidence on services to which they’re subscribing. Hence, the proactive approaches will be the main differentiator from one MSSP to the others.

It has been helping a lot of my clients with fast data mining and information propagation.

The GUI should be improved, in other words, the overall appearance.

I am not the end-user. However, my job was more relevant as a consultant.

Performance upgrades are needed when more processing power is required.

We have not had scalability issues.

Technical support is good.

The client was using an open source solution. They decided to switch to an enterprise product.

The setup can be straightforward, if use cases are well defined.

Overall, it the cost is reasonable and it is easy to upgrade.

Our client was considering the other solutions as well. However, due to their overall assessment, they still considered going with it.

Start off with something at a comfortable level, expand gradually, and then move upwards, expanding steadily.

My primary use case for Splunk is for log file visualization and monitoring alert management.

The way this solution has improved our organization is by its ability to do a quick search and immediately stop an incident from happening.

The auto-notification abilities are a huge benefit for us.

After a crash, the product takes a while to recover.

Sometimes we have had instances when it will not run for a couple of days. There is room for improvement here.

There are lots of use cases and features that make Splunk a good choice for us.

I have no opinion on the pricing of the product. 

We considered Datadog and Zabbix. In comparison to those options, Splunk has virtual visualization. Furthermore, it can be a host on our environment. Typically, we cannot deploy SaaS on our environment, but with Splunk, we can. 

When Splunk failed, it took time to recover. We had to recover it from a snapshot. It took a couple of days, and it was as if it had crashed.  But, the instance was resolved.

Our primary use case of this solution is as a centralized lab collection.

The search function for splunk is like a google search. You just enter and it will quickly show you the results. 

Splunk has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried many of them.

It would be best if they can incorporate all security locks with minimal incidents. 

It's a little hard to scale on-prem. 

The initial setup was easy. It took us one to two days. 

It's a little bit expensive for a small to medium enterprise.

We also looked at AlienVault.

I would rate this solution an eight out of ten. To make it a ten they should have more integration with outside vendors.