Splunk Enterprise Security Reviews

Our SOC is using Splunk Enterprise Security as a SIEM. There are multiple use cases because it is the main tool for SOC analysts. We have plenty of use cases. It is being used for IT security monitoring. We also have some custom use cases for securing applications, and then we have some of our internal customers developing their own use cases, but the main purpose is for the SOC. 

We also have additional work that is much more tricky. It is related to using AI to detect insider threats.

We are incredibly increasing our coverage as per the NIST framework that we are using for our operations. We are always extending. That really took off after implementing Splunk. It was a big moment. I have been there from the very beginning when we started implementing Splunk. Like everything new, there was a little bit of difficulty, but after we implemented it, there was an incredible increase in our SOC efficiency.

Splunk Enterprise Security helped reduce our mean time to resolve based on my knowledge, but I do not know how much because I left the department one year ago. On the security monitoring side, we have very good MTTR globally due to Splunk and the processes that we have implemented. We have other kinds of tools. Compared to the other tools that we have, our MTTR is far better with Splunk. Compared to last year, it was reduced by half. It was already good, but it got reduced a lot again.

It is lovely to have everything we need in one tool. Everything is quite centralized.

AI is everywhere, and I feel we need to discover AI for cybersecurity. For the last five years, I myself have been setting up a product and evaluating AI, but I did not do it directly in Splunk because there was some fear about the performance on the platform. That is why we chose to build our own platform based on S3 and AWS to execute and run all the algorithms and send the data back into Splunk. We now have a good base with innovation. We have a better base to directly include machine learning use cases in Enterprise Security, but they need to provide more capability and autonomy to the customers because there is so much to do. When you are lucky enough to have a team of data scientists, they want to have free hands, so a balance has to be found between giving a lot of autonomy and putting enough control so that they do not do something stupid on the platform, which can impact the performance of the standard use cases as well. There is a compromise there. However, AI is growing so fast that you absolutely need to give autonomy to the team to manage and utilize AI. This means providing easy access to a new library to build machine learning. They need to give us some flexibility, and it seems that with the new toolkit, it would be okay. Data scientists love to have freedom.

Splunk Enterprise Security provides us with the relevant context to help guide our investigations, but it would be interesting to add even more context, for instance, in order to raise the level of risk. That is something that can be implemented. For instance, when it comes to data loss prevention, it is known that somebody who is about to leave the company is much more likely to take data. If you have this information soon enough, because the person will tell HR in advance, you can increase the level of risk for data loss for that user, but you do not always get to know that in advance. In such cases, some indicators in the behavior of the users who are leaving could be connected to AI. For instance, if you are using natural language programming, you can grab emails with words like farewell. There are plenty of keywords that you can catch that would give you an indication that the person is about to live. When you have internal and external partners, they can leave at any time. You do not always get the information in advance, but there are always farewell parties or goodbye emails. You can use this kind of information to raise their risk on the specific alert. It is efficient in the sense that you decrease your false positive rate. To me, AI is something that can help them accelerate and improve on what they are already doing.

Splunk Enterprise Security is very costly. Pricing is probably its weakest spot.

I have been using Splunk Enterprise Security for five years.

It is difficult for me to answer this because I am no longer in charge now, but it has been stable from my point of view. 

Its scalability is good provided you have the right license agreements.

It depends on the situation. The problem at our end that is causing an issue with Splunk support is that we have a customized environment. All the problems that we submit are specific, and they can be a bit difficult to solve. Sometimes, their support is efficient, and at other times, we have to wait a bit too much. I would rate their support a seven out of ten.

Neutral

I arrived at the time of transition. We were probably using RSA. We switched to Splunk Enterprise Security because we needed to jump to another scale. At that time, there was a complete change in the organization. We went from the old-school cyber to Cyber 2.0. We had a lot more visionary managers who came from other companies where they were using Splunk. We had good guidance.

It was a bit difficult. The team that was developing the use cases did not have access to the real data because it was not ready yet. Developing a SOC use case without the data is something difficult. That is why it was difficult at the start, but it was not because of the tool. It was more of a matter of project management. After we moved on from the difficult stage, we were able to set up this use case factory where some of the users were themselves in a bit of self-service mode. This was a very good opportunity to enlarge our capability to cover all the applications in the best way.

For Splunk, we use AWS. We have a private cloud. We have difficulty using cloud-managed services.

Pricing is probably its weakest spot. As compared to some competitors, Splunk is really expensive. The problem is that Splunk is like Rolls-Royce. It, for sure, is the best one. Gartner says it, and the customers say it, but sometimes, you do not need a Rolls-Royce to get to the supermarket.

The problem is that the licenses that we have are based on the volume of data that we ingest in a day. The data that we ingest is only growing. We have initiatives right now for better management of data. It makes sense in terms of storage and sustainability. The pricing model, especially for Europe, is difficult. I am just out of the negotiation for the renewal of the license. We bought it for three more years. This is good news for Splunk and us as well, but it was difficult to discuss with the sales and explain that we do not want to increase the cost because it is already too high, and if it could decrease, it would make sense. It is very difficult to have this understanding from the salesperson. It was difficult for my Splunk account partner, but we succeeded in the negotiation. It was a win-win situation.

They need to be fair and adjust the price as per the usage. If the price goes too high, we would just have a no-go from the top level of the company, which would be a pity. It can happen. It has happened in the past. At some point, we had a big contract with Microsoft for Office, and we are now with Google. It was a shock for the partners and people inside the company, but we did it. We now have Google and we are happy with it. We still have a bit of Microsoft. It is important to keep the balance.

We are looking at the data usage with Splunk's team. We are looking at whether the data onboarded and dashboards that were developed are really being used to avoid wastage. If any data is not necessary in Splunk, we just stop onboarding it. We have other data to onboard anyway. My idea is to be much more efficient in the way we are managing the data and not to go the way we did it in the past.

I did not evaluate other solutions but the company surely did.

Splunk's unified platform has not helped consolidate networking, security, and IT observability tools, but it is not due to the tool. It is due to our company's structure. I have been part of the two teams. Previously, I was a part of the cybersecurity team, so I was mainly using Splunk Enterprise Security. Now I am leading the monitoring team, so I am much more on the SOC side of it. My team provides service to the cybersecurity team that is using Splunk Enterprise Security. In the end, we would like to have one solution, which would be Splunk. I would like to have IT monitoring and observability with ITSI in the future. This centralization would bring efficiency. One log being used for cybersecurity purposes can also be used for other purposes. Everything centralized would give us the most efficient way to access the data and limit duplication. It would be helpful for efficiency, cost control, and data governance.

It is absolutely crucial for us to have end-to-end visibility. For our cybersecurity needs, we should be able to reach anything. We even have this concept of Watch the Watcher, so visibility is absolutely key. We have the opportunity to audit the activities of even cyber analysts, so visibility at every stage is absolutely key. For example, all the SIEMs could be under attack, which would be a nightmare. Imagine it being an insider threat where the attacker knows what exactly we are monitoring. With AI, these kinds of risks are even higher. That is why we are all in for AI for Cyber and Cyber for AI. We need absolute visibility, but we also need protection.

Splunk Enterprise Security has not helped us reduce our alert volume. We are not at that level of maturity at this point. It is still growing.

I would rate Splunk Enterprise Security a nine out of ten. It is a good product. It needs some progress with AI, but based on what I have seen in the presentation for version 8, it seems promising.

Splunk Enterprise Security is a SIEM solution we use for security compliance and threat detection. 

Splunk helped us fulfill our requirements for security compliance and auditing. It also protects us from attacks. We can quickly notify our customers if they are facing any attack or breach. 

The solution's analytical features helped us reduce our alert volume by 30 to 40 percent. Splunk significantly speeds up our security investigations. 

I like Splunk's data aggregation and search capabilities. The insider threat detection features are handy, and Splunk's user behavior analytics are solid. It's one of the best tools for UBA. It covers everything. 

Splunk's Threat Intelligence Management draws from 10 to 15 open-source sites in real-time, enabling us to correlate our data with the IOCs. It helps us detect zero-day attacks. Splunk's threat topology and MITRE ATT&CK framework cover everything, including endpoints and application security from Layer 3 to Layer 7. Most queries are available out of the box. 

It's a fantastic tool for monitoring your environment. It allows you to do some granular analysis and see which assets are part of an attack. When breaches occur, you can quickly search your entire environment. It speeds up our threat-hunting process. 

Splunk could add more ways to manage archiving and storage. There isn't a web interface. You can do this on the SaaS version, but the on-premise platform doesn't have this option. It has other things but no option for remote NAS. I would like to have a personal web interface where I can specify how long logs should be stored. To have this readily available on the web, you need to adjust some settings on the backend. That is tricky. 

I have used Splunk Enterprise Security for four years. 

I rate Splunk Enterprise Security nine out of 10 for stability.

I rate Splunk Enterprise Security nine out of 10 for scalability.

I rate Splunk support eight out of 10. 

Positive

Deploying Splunk is straightforward, but it requires some preparation. After you get your platform ready, the onboarding is easy. It isn't rocket science. Configuring visualization is also simple. It doesn't require much maintenance on our end because we have an SLA. 

I work on the technical side, so I don't know precise figures. However, I know that Splunk is a premium product, so it's somewhat costly. Still, you get a lot of unique features for the money. 

You can choose the cheapest solution, but that will only help you achieve compliance in the near term. However, over time, you will begin to realize that there are so many security gaps that your team can't address. You need a solution like Splunk to maintain long-term security compliance. 

I rate Splunk Enterprise Security 10 out of 10. My advice to Splunk users is to keep it simple. You don't need to complicate things or bring in AI and ML. Focus on the fundamentals like data onboarding and extraction, parsing, visualization, etc. Keep your dashboard simple, so it's easy for the end-user to understand. 

We use Splunk Enterprise Security to track threats and errors and receive alerts and notifications.

We implemented Splunk Enterprise Security to improve our troubleshooting, mean time to detect and resolve issues, and our alerting system.

Monitoring multiple cloud environments with Splunk Enterprise Security is not difficult as long as we have data ingestion in place.

Operationally, having end-to-end visibility into our environment is critical. We need to know what is happening in our environment, and Splunk Enterprise Security can provide this.

Splunk Enterprise Security is good for analyzing malicious activities and detecting breaches.

Splunk Enterprise Security helps us detect threats faster. We are not dependent on a person to review the data. We have alerts, dashboards, and pattern definitions.

Splunk Enterprise Security has helped improve our mean time to detect issues.

Since implementing Splunk Enterprise Security, we have seen reduced incidents and the time it takes to resolve them. We saw these benefits within a month of deployment.

Splunk Enterprise Security helps reduce our alert volume, eliminating the need for manual triage of numerous alerts.

Splunk Enterprise Security has helped improve our mean time to resolve issues. We went from three hours down to 20 minutes.

Splunk Enterprise Security has helped us consolidate many of our tools.

The search engine and indexes are fast and optimized, and the report generation dashboard is user-friendly.

I want Splunk Enterprise Security to release more AI and machine learning features in the future.

We use Dynatrace for our monitoring and Splunk for log management. I want to centralize everything within Splunk.

I have been using Splunk Enterprise Security for almost four years.

Splunk Enterprise Security is a stable platform available for many years.

We have a good relationship with the technical support team; they are responsive.

Positive

We previously used Elastic, but Splunk Enterprise Security is a superior product. It offers extensive usability and a vast customer base. The active customer forums are incredibly helpful, allowing me to quickly find the information I need.

The initial deployment was complex due to the presence of both vendor-based and in-house applications. The implementation relied almost exclusively on a Jenkins CI/CD pipeline.

We realized a total return on our investment in Splunk Enterprise Security within the first two years of implementation.

The price of Splunk Enterprise Security is reasonable, falling somewhere in the middle range.

I would rate Splunk Enterprise Security eight out of ten.

Splunk Enterprise Security is easy to maintain and doesn't require much time due to its full automation.

Splunk is a good solution if you haven't automated your log management, as manual log reviews are no longer efficient or practical.

We gather all the security logs from all the endpoints, network appliances, and the security filter. We have set up automatic alerts that are sent to system administrators, so we have pretty much real-time alerts about anything that happens. 

Splunk Enterprise Security has definitely improved my organization. First of all, it helps with compliance. Our organization has something called scorecard requirements. It is an annual self-check checklist. Having alerts set up is one of the requirements, and secondly, we have a local administrator who gets the alerts. That makes our job a lot easier. So, we pretty much know what is going on in a real-time setting.

We are the judicial branch of the government, so we are pretty much into our private cloud. We do have a setup to monitor our private cloud but not outside our organization. If we can monitor one cloud, multiple clouds will not be hard at all. It is easy.

Splunk has absolutely reduced our mean time to resolve. Knowing on time and having firsthand information is very helpful for any organization. We are able to capture what is going on, and the visibility of it is absolutely tremendous. I cannot provide the metrics, but it has saved a lot of time.

Splunk has absolutely improved our organization’s business resilience. We have been using Splunk for the last six or seven years, and I cannot imagine a life without Splunk. 

In terms of Splunk’s ability to predict, identify, and solve problems in real-time, this is something that we will look into. We have not yet looked into machine learning, AI, and all of Splunk. Currently, we are more in the reaction mode, but we are trying to get more in the protection mode or have more proactive measures. We have not got to that point yet, but we will definitely be there.

I am not into the administrator type of setup. I am more like an advanced user. The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. That is helpful for a power user like me.

Splunk conferences are very helpful for networking and talking to folks who have a similar situation. It would be helpful for customers if they could create some real-world cases, and we can find a case study to align with. I know that Splunk has tremendous potential. We only include a tiny piece of it. There is a lot of stuff that we need to learn. If Splunk can provide more real-time examples, that will be helpful for customers.

It has been six or seven years. 

Splunk has a reputation for being scalable. You can start small, and if your demand increases, you can scale your platform. Splunk does a good job. It allows customers to have scalability so that they can expand their capacity. I would rate it a ten out of ten in terms of scalability.

In our company, we have a Splunk consultant who is very good at providing a solution. So far, I have not had any problem that is unresolved. I would rate their support a ten out of ten. In this industry, there is good support, and there is bad support. Splunk's support is more like Cisco's support. It is pretty good.

Positive

We used something else, but I do not remember the name. Splunk is what we have been using for a long time. It is more advanced in terms of IT security. There is more scalability and the capability to do a lot of different things on multiple platforms. This is where it is more advanced than other products.

I was not in the deployment team, but I was involved in the early stage of evaluating all different kinds of products.

There are a lot of things for which you can measure a return on investment, but security is something on which it is hard to put a dollar value and measure how much return you have got. However, in terms of helping the administrator or helping the company to put security in place, Splunk does a great job. I cannot imagine a life without Splunk.

The pricing is a little bit on the higher side, but looking at what Splunk provides us, it is reasonable.

We evaluated what was on the market, and fortunately, we picked Splunk. Looking back, it was the right decision.

Splunk is moving in the right direction and providing better and more mature products. This is my fifth conference, and I see the progress. I see Splunk bringing in all new products. They are pretty much in line with the security trends. They have improved a whole lot to meet customers' needs.

I would rate Splunk Enterprise Security a ten out of ten.

There are tons of use cases for Splunk, but our main one is insider threat.

It's easy to deploy Splunk, and mostly, we don't have to reach out to the customer after it's done. It's a simple tutorial with a couple of pages, and they can configure it themselves. The simplicity of deployment has been the greatest asset

Splunk has improved our customer's ability to ingest enterprise data. We don't have to have hands-on every customer's environment. We can farm that out to the local SAs. They find the install, and it's a simple firewall update. We're getting data.  

It provides an all-in-one resource. Before, we had one product for firewalls and one for our gateways. Pairing up with Cisco helped because a lot of our information is based on our network, firewall, or router. Having Splunk intertwined with them will ensure that it's one resource and one solution.

'The solution has helped to fine-tune false positives. Sometimes, out-of-the-box solutions aren't customizable, but Splunk is. It can clone, alter, and make it your own.

Before Splunk, we didn't have a tiered solution where there was some low-hanging fruit that was easily handled by the tier ones and higher-end stuff. It went from level two to level three bordering on level four CCNA. That's what I was looking for, a maturity model. We've developed into a progression from tier one to tier two, etc. At the high end, we have forensics for long-term solutions or advanced persistent threats.

A lot of things can be handled at the tier one level, and there are 12 to 24 hours before it floats to tier two. Resources are underutilized, and not everyone's working. You're not handing a tier-one ticket to a tier-four guy who's just like, "Dude, it's this." The tier-one guy is getting a tier-four ticket. It streamlines the resolution process.

I like the ease of setting up dashboards on Splunk. They're easy to create, manage, alter, and share. You can fine-tune them any way you see fit. One of Splunk's unique features is that you can customize it for your needs, especially if you've got homegrown solutions. It accepts whatever kind of logs and can be normalized at any point. With a one-off solution, you can work with the developer who created it, and they give you the features or key information you want to keep.

Many people are talking about deploying upgrades from the deployment server. It's necessary, particularly from the perspective of insider threat. You can see if something's breached. If you notice an anomaly at 2 a.m., we've got your rules firing, letting you know immediately. It's near real-time notification of any issues.

We have used Splunk for two years.

Splunk's stability is inherent to its scalability. It's malleable and adjustable. It's like pottery that you make to fit your needs.

It's easy to divert resources where they're needed. Often, we have several projects that have reached the end of their life, and we shift the resources. The fact that you can set up a new index or set of indexes and push some feeds into specific structured indexes makes it a lot easier instead of having everything in one giant database and trying to find what you're looking for.

With the streamlining, it's a lot easier for the end customers. They've noticed a quicker turnaround for low-level stuff, and the high-level requests get directed to the right people. We used to have a turnaround window of about a month. Now it's down to a week for most tickets. In the past, they sometimes put a ticket in, and it might be a week before someone even looks at it. Now, we have a system in place where they get a response within 24 hours.

We were using ArcSight but switched because our customer said they wanted to go to Splunk. ArcSight didn't have the reach, and the complexity of deploying it inhibited a lot of customers from using it.

Deploying Splunk was easy. We worked on developing the in-house solutions and passed them off to the customers, providing a network location to download what they needed and the instruction guides. After that, it was simple to unzip and configure the inputs and outputs. We were up and running.

We've probably tripled the amount of insight into our infrastructure and environment.

They looked at Elasticsearch and the ELK Stack—trying to do things with Kubernetes and Kafka. That can be used with Splunk. In terms of cost, complexity, and ease of deployment, Splunk is often on top. It gets the data out there as quickly as possible. The fact that Splunk is as vast as it is means it isn't hard to find a resource that's touched it and can use it.

I rate Splunk Enterprise Security eight out of 10. It's missing some features that other solutions have, such as the ability to upgrade the endpoint and perform endpoint universal forwarders from a deployment server instead of using a third-party solution, such as Puppet or Ansible.

We primarily use Splunk Enterprise Security for security incidents and event management. The solution is deployed in one department, but it covers multiple locations worldwide. 

With Splunk, we can monitor and manage enterprise-wide events. It provides a single console for various data sources covering the entire organization, which is critical for compliance purposes.

We can integrate Splunk Enterprise Security with other solutions to automate some security tasks, saving us some time. For example, if you detect potential malware and you want to isolate one system from the organization's network, you don't need to trigger a process. We can fully automate that. Minutes after malware is detected, the machine will be automatically quarantined from the rest of the network. 

You can integrate Splunk with third-party security automation solutions and set rules for automatic response. Splunk can monitor multiple cloud environments, but it's a little tricky if you're working with several vendors. Every cloud environment is slightly different, and some are better integrated.

The visibility into multi-cloud environments is decent. It depends on the number of sources you have, and Splunk is pretty flexible from that perspective. You can add any type of data source. The challenge is the engineering effort some of these data sources require, but others are effortless to manage.

We haven't used the insider threat capabilities yet, but it's an area that we want to explore. We have other tools for this. We use different products for threat intelligence. 

Splunk Enterprise Security could have more pre-built integrations and rules. The detection is fairly accurate, but it depends on the rules you create. Splunk's out-of-the-box configuration isn't that useful. 

If you spend time with your team creating rules specific to your environment, you can get a lot of value from Splunk. At the same time, that requires some additional effort and costs. Splunk has a few built-in integrations that are ready to go. In other cases, we need to build custom solutions, which is more difficult and costly.

I have used Splunk Enterprise Security for about three years. 

It is stable overall. 

Splunk Enterprise Security scales up pretty well. 

I rate Splunk support seven out of 10. There is a little room for improvement. We always start with junior support engineers who lack the experience to deal with complex issues, which are the only problems we ever contact support about. Our staff members can handle most minor issues. 

We typically need to escalate, and we've had an excellent experience with the higher-level engineers. Those qualified engineers are scarce, so I can imagine a situation where two big Splunk customers have significant problems simultaneously, but there aren't enough available technicians. Splunk has the right people but maybe not enough of them. The process could also be improved. 

Neutral

Deploying Splunk was relatively complex. After deployment, it requires some maintenance and management. A team of about 10-15 people is responsible for the solution. 

We deployed Splunk with an in-house team of five to 10 people and some professional support from the vendor. 

We've seen an ROI by automating Splunk Enterprise Security, but automation requires another product and license. 

Splunk Enterprise Security is quite expensive compared to some products on the market. 

The company evaluated a few tools before deciding on Splunk. I used ArcSight at a previous job. Splunk is more flexible than ArcSight, and it has various modules you can purchase to expand the functionality. You don't need to invest in a different solution because you can purchase add-ons for your existing infrastructure. 

It's modular, so you can tailor Splunk to your organization's size, structure, and specific needs. The customer can do it. You don't need to request it from a service provider. 

I rate Splunk Enterprise Security eight out of 10. My advice would be that before deploying Splunk, research some of the company's materials and make sure it meets your cybersecurity requirements. 

You may need to purchase other tools, and the solution might not do everything you want it to do out-of-the-box. Depending on your environment, you'll probably need to invest some time and money into the solution to get the results you want. 

I use Splunk to get logs from the on-prem servers and create dashboards, alerts, and visualizations.

Splunk has helped us reduce our alert volume. It has sped up our security investigations. For example, it's easy to detect if there are multiple login failures.

It has saved us a lot of time. We previously used OpenShift to collect CPU and memory data for over 900 clusters, so we needed to log in to each cluster to get the details. Even if it only took one minute per cluster, we would spend 900 minutes doing them all, whereas Splunk can collect all the data in under a minute. 

Splunk's machine learning toolkit helps us predict things like CPU and memory usage. The user interface is excellent, and since I'm using Splunk as a power user, it's easy to create dashboards.  Splunk helps monitor multiple cloud environments. We have OpenShift. All of our VMs and servers are present in the cloud. 

Customizing our commands should be simpler. Creating custom commands in Splunk requires a long, complex process. For example, we have a command to add all the column data, but we don't have a command to get the average of the column data at the end. It would be useful to have a blank at the end to create our commands and leave the rest to others.

We have used Splunk for three and a half years.

I rate Splunk eight out of 10 for stability. 

I rate Splunk seven out of 10 for scalability. The architecture needs to be tweaked, so it might take some time to scale it. 

Setting up the architecture is somewhat difficult, but if you follow the steps laid out in the documentation perfectly, you'll understand how to do it. It's medium difficulty. 

I don't know the exact pricing, but I know that Splunk is more expensive than competing solutions.  At the same time, Splunk provides more features than others, so it's priced fairly. It's worth the money.

I rate Splunk Enterprise Security eight out of 10. SES is an excellent product. While it has some room for improvement, it's constantly adapting and trying to stay ahead of the competition. Adding commands to Splunk can be tedious. Automation, for example, helps to make the task smaller. We use Python scripts for automation. 

We use Splunk Enterprise Security to identify and resolve critical issues and errors within our environment.

The visibility that Splunk Enterprise Security provides is good. We can easily find the data we need using the logs.

Monitoring multiple cloud environments using Splunk Enterprise Security was not difficult.

Splunk Enterprise Security's insider threat detection capabilities enable us to effortlessly identify unknown threats and anonymous user behavior.

Splunk Enterprise Security helped us analyze malicious activities and detect breaches between 50 to 90 percent faster.

Splunk Enterprise Security has helped reduce alert volumes by up to 90 percent.

Splunk Enterprise Security has helped speed up our security investigation time by almost 90 percent.

The most valuable feature of Splunk Enterprise Security is the comprehensive logging capabilities it provides.

The price of Splunk Enterprise Security is high and can be improved.

Given the ever-increasing number of threats, I would like Splunk to update its threat signatures more frequently.

I have been using Splunk Enterprise Security for one and a half years.

Splunk Enterprise Security is stable.

Splunk Enterprise Security is scalable.

The resilience of Splunk allows organizations to protect their data and resolve vulnerabilities quickly.

The technical support provides good resolution.

Positive

I had previously used Loggly, developed by SolarWinds and Elastic. However, I found it to be inaccurate and slow. Elastic offers a free version of its solution, which is more commonly used by smaller businesses.

The implementation was completed by a third party.

Splunk Enterprise Security is expensive. I would rate the cost an eight out of ten with ten being the most expensive.

I recommend Splunk Enterprise Security over cheaper SIEM solutions because of its offerings.

I would rate Splunk Enterprise Security nine out of ten.

Splunk Enterprise Security does not require any maintenance. It is plug-and-play.

I recommend Splunk Enterprise Security for organizations that want to detect threats quickly.