Splunk Enterprise Security Reviews

We use Splunk for analyzing data.

The solution allows easy gathering and ingestion of the data.

The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed.

I have been using Splunk within the past 12 months.

The solution has been stable.

Our customers are mostly enterprise-sized companies using this solution. 

Splunk has many partners that provide customer support that can be used.

The initial setup is not easy. Customers have to learn the Splunk language and it is hard to operate it by themselves. They will need Splunk engineers to assist in their projects.

You will need a Splunk implementation specialist for the deployment.

My customers have found the price of the solution to be high.

I rate Splunk a five out of ten.

We used it to create a full security operations center (SOC) for our IT department by adding all network and security devices, the AD, and mail servers to it. Then Splunk started to receive their logs, it analyzed them, and provided useful reports.  

It helps the IT staff to monitor the full structure. It also makes use of all logs and takes proactive actions.

Integrity with many vendors: This simplifies the implementation and integration with different devices. 

Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it.

Splunk has great interoperability with other applications through their SplunkBase app store. The apps can quickly provide visibility and streamline complex data mining tasks.

Unlike other cloud based analytics platforms, at the time of this writing Splunk Cloud is a dedicated instance per customer rather than a shared tenancy platform. While this is beneficial from an overall performance standpoint, the product lacks the seamless integrations one has come to expect from a cloud solution. This translates to a much stronger reliance on Splunk's support organization out of necessity, as the customer cannot make most changes in a self-service manner.

We have been a Splunk customer for five years.

Our Splunk Cloud deployment was a migration from an on-premise implementation of Splunk. The migration took much longer than expected due to constraints within Splunk's cloud team, but there were no technical issues with the launch.

The customer support team at Splunk is very good.

The technical support team at Splunk is highly responsive and knowledgeable.

There is improvement needed when importing from some types of data sources. Most of the time you have to do some customization for the data because not everything is working the way it should. Additionally, in other solutions, it is easier to build use cases.

I have been using this solution for approximately three years.

I have previously used Curator and it was much easier to use than this solution.

I have found the installation can be of medium difficulty to very complex depending on the use case. It is not easy for new customers. You need to have the experience to be able to do it.

When using this solution for Security Information Management(SIM), I highly recommend importing data sources from the whole cycle for the service security chain. Some people only use main inputs and not all of the data sources they have. They might not have some data sources, in this case, you can purchase one or there are free open-source ones available. You will then have this data source that can enrich your life because many correlations are done with this data. 

I rate Splunk an eight out of ten.

We are using it for security information and event management (SIEM). We have started to use Splunk recently, and we are in the implementation phase as of now.

The data analysis part is good in Splunk, which is something that I like the most. It is also quite easy to use. Its dashboards, visualizations, and analytics are good.

It currently has limited default rules and customizations. If they can concentrate more on the compliance part and the security information part, it would be helpful. The platform part is good, but it requires many features from the security aspect.

I have been using this solution for a couple of months.

It is absolutely stable.

It is scalable. We have approximately 25 users.

It was easy to install. Its configuration and development are the critical parts, and there are a limited number of people in the market with such a skill set. It takes some time to find people with the right skill set and get it implemented properly. It took approximately three months.

I have a team of a few Splunk consultants who are currently managing it for me. For a mid-sized organization, at least 15 persons are required to manage the entire Splunk instance.

I would recommend this solution to others. I would rate Splunk an eight out of ten.

Our primary use case is for monitoring and cybersecurity.

The clusters are hard. It has too many moving parts. 

They should make data onboarding easier.

Its ability to scale nicely is one of Splunk's strengths. You just horizontally add another machine and you get your scalability.

Our clients switch from Nagios or other monitoring solutions because the other solutions were not as flexible as Splunk. With Splunk, you can do things very programmatically. With a help of a developer and included SDK you can add needed functionality.

The initial setup is really straightforward. It's one of the easiest installations. 

This product doesn't have any kind of dependencies, it just worked from one package. Install it and boom, you have a working solution.

Splunk is on expensive side.

There are some premium add-ons like Splunk Enterprise Security or ITSI which makes it more expensive.

I would advise to get Splunk professional services from Splunk.

Testing for insider threat behavior.

It gave management confidence in current operations.

The ability to correlate results.

A few more analysis aids might help. The next release could have more intuitive help examples.

Rapid search is a valuable feature. Performance and incident response were the top priorities for most MSSPs. Breaches of SLAs will have a negative impact on customer trust, which eventually leads to losing customer confidence on services to which they’re subscribing. Hence, the proactive approaches will be the main differentiator from one MSSP to the others.

It has been helping a lot of my clients with fast data mining and information propagation.

The GUI should be improved, in other words, the overall appearance.

I am not the end-user. However, my job was more relevant as a consultant.

Performance upgrades are needed when more processing power is required.

We have not had scalability issues.

Technical support is good.

The client was using an open source solution. They decided to switch to an enterprise product.

The setup can be straightforward, if use cases are well defined.

Overall, it the cost is reasonable and it is easy to upgrade.

Our client was considering the other solutions as well. However, due to their overall assessment, they still considered going with it.

Start off with something at a comfortable level, expand gradually, and then move upwards, expanding steadily.