Splunk User Behavior Analytics Reviews

Four technicians in our company work within the active directory to look for compartmental behaviors associated with users and conduct analytics like clustering, grouping, and searching. 

The solution is fast, flexible, and easy to use. 

I would like improved downward integration with other tools such as McAfee and other GCP solutions. 

I have been using the solution for four years. 

The solution is stable. 

The solution is scalable. 

Technical support is very good and answers my questions. 

The initial setup is easy. 

The solution works very well with large data sets. 

I rate the solution a ten out of ten. 

We do technical training and so we do training on the platform. We deploy it on our lab machines for students.

We're building some Splunk dashboards with it and it's useful.

We're currently monitoring students' log in, log out and verifying how they can collect the information. It's a good system for a learning environment. 

We're not specifically using it, we're doing training on it.

The solution appears to be stable, although we haven't used it heavily.

You can use the demo version in order to try the solution for free.

I'm not aware of any lacking features. 

I've been using the solution for six years. 

We don't generate enough data to know whether it's reliable or not.

That said, with the small usage that we do utilize, it's pretty stable.

I've never dealt with technical support. I cannot rate their services or speak to how helpful or responsive they are.

We did not previously use a different solution before choosing Splunk. 

The initial setup is pretty straightforward. It's a couple of scripts you run. It's pretty easy.

We simply use the free demo version of the product. We do not pay any licensing fees at this time. 

We're just end-users. We don't have a business relationship with Splunk.

I'm not sure what version of the solution we are on currently. I believe it's about a year and a half or so old.

This product is the easiest way to check if the work's correct.

It works well. It does what we need it to. I'd rate it a ten out of ten.

We use the solution to feed telemetry data from the network into the collective for display-only. We haven't yet come to a point where we have decided on the process of the status for subsequent operational automation. 

The automation is very good.

The product is at the forefront of auto-remediation networking. It's great.

The pricing of the solution is very reasonable.

Currently, a lot of network operations need improvement. We still need people to handle incidents. Our vision is to leverage status and convert it directly from the network devices. It would be ideal if we could take action using APIs and API code and remove manual processes.  

I've been using the solution for one year at this point.

The solution, from what I have witnessed, is stable. There aren't bugs or glitches. It doesn't crash or freeze. A company can rely on its performance.

The scalability is pretty good. A company that wants to expand it out shouldn't have an issue doing so.

There's a handful of people on it at my organization. We have maybe ten users on it in total. They are mostly admins and engineers. We do have plans to continue to use the solution.

Technical support has been adequate. We aren't blown away by amazing service, however, they do help if we need them to. I personally haven't had any direct contact with them.

We didn't previously use a different product. We're rather new to automation and Splunk in general.

The solution doesn't have a complex setup. It's rather straightforward. 

If you are talking of simply spinning off a container, it's very easy.

The complexity should be on the workflow. It's also the most time-consiuming process. For example, how do you handle this incident? It has to be very careful to ensure you don't have false positives that could mistakenly trigger actions. That can to be the most costly mistake. Other than that, a lot of products you can acquire from open source.

There were a few of us that were tained specifically for the implementation. There were a number of us to speed up the process in order to get automation happening quickly for hte company. 

The solution isn't overly expensive. It's quite affordable. It's not the priciest option on the market. I'm not sure of the exact cost as its not an aspect of the solution I directly deal with.

We're simply customers. We don't have a business relationship with Splunk.

We're using the latest version of the solution. I'm not sure of the exact version number.

I'd recommend the solution to other companies.

On a scale from one to ten, I'd rate it at a seven. If the cost was more reasonable, I might rate it a bit higher. It's not too expensive, but it could always be better.

Our main use of this solution is threat intelligence and we are very satisfied with it, as it is exactly what we need in our situation. 

In the future I would like to see simplified statistics and analytical threats, as well as a more user-friendly interface for dashboards.

I think the solution is very stable.

The solution is definitely scalable, because we currently have 1000 users in our company and we plan to increase.

I am really satisfied with their technical support. The technicians are very professional.

The licensing costs is around 10,000 dollars.

I will rate this product a seven out of ten, and I would definitely recommend it to others.

Threat hunting is our primary use case.

It hasn't really improved the way our organization functions. It has been neutral.

We have, however, seen a decrease in the mean time to detect threats, by about 15 to 20 percent. We can do more hunting so we can find stuff quicker, but we had other tools that could also do that. It's not bad. It's fine.

The most valuable feature is the ability to search through a large amount of data.

The feature set isn't too bad as is. My biggest complaint is the way they do pricing.

It is fairly stable.

It's scalable.

I don't like their support.

Our previous solution was a really limited version of what Splunk is. Splunk is the number-one leader in this area, so we went with it. It works. But it's the pricing model which is the problem. And you really don't understand upfront how bad the pricing model is until you get stuck with it.

The initial setup was complex. There were a lot of moving pieces. It took a lot to get it going.

We did not use an integrator or consultant.

There's a reason everyone is using other tools to reduce the cost of using Splunk. The ROI is not great, that's why. But once you already have all your data in it, if you have so much already invested in the infrastructure, it's hard to leave it, so you do other stuff to reduce the cost.

Pricing is the problem with Splunk. You can never know the pricing for next year. Every single time you adjust to something new, the price goes up. It's impossible to truly budget for it. It goes up constantly. You can plan for 2x and it will be 3x. You only find out in the long run.

I wouldn't buy Splunk because of the cost, because you can't budget for it. You think you can and then you find out later you can't.

The company is still using it, but they're adding other pieces in to reduce the cost of Splunk. They're spending money to buy another product to pre-process so then they can save money on it.

We've been improving and the maturity's pretty great. This is just one small piece in the overall platform. And the overall platform, from a cybersecurity maturity perspective, is doing well. If you look at it from that perspective, it's had a positive impact, it has not been a drag.

The product itself is a seven out of ten. It's somewhat efficient, if you have the right staff and if everything's working properly. You have to have at least one person do care and feeding at the backend to make sure the infrastructure's working.

We use this product to support our operations.

Because of some of the visualizations that we utilize, we are able to understand strange, unusual traffic on our networks.

Being able to look at data rapidly to make a decision.

We have seen a measurable decrease in the mean time to detect and respond to threats. We are now 40 percent or more effective or faster.

I would like a bit more flexibility on how to configure it. It is still a little locked down, as compared to some open source offerings.

It is very stable.

It is pretty scalable.

The technical support is good.

We invested in this solution because our previous way of doing business was not scalable.

The initial setup was complex because some of the configurations that we required needed customization.

We used an integrator for the deployment. They did a pretty good job and continue to help support the product.

Some of the customization is a bit tedious. You really need an integrator to help you out.

The solution has increased staff productivity by around 20 percent.

There are additional costs associated with the integrator.

We currently have a blended environment of ELK, ELK Stack, Elasticsearch, and Splunk.

It helps us make decisions faster.

We primarily use this solution for security.

The solution offers good searching and allows for easy creation of dashboards and reports. It's intuitive and not very difficult. You just need to learn the SPL, Search Processing Language, in Splunk. This also helps you to clear more advanced use cases. 

Integration is very easy as well. It's quite good. If you want to add more devices and solutions, or other technologies for monitoring, it's easily done in Splunk, with all its firewalls, its switches, and network devices. 

They can improve the licensing scheme. They are moving from perpetual to term licensing, which is not good. That is an area they need to improve.

On the network monitoring side, if they can have additional features, similar to other solutions like QRadar. They need to add a feature similar to network behavior analytics.

If Splunk is able to add some of those features then the solution will be like perfect.

I think they could have a built-in user behavior analytics engine, and more advanced artificial intelligence features as well. One bad feature on the solution is the network and the behavior of anomaly detection. Their machine learning is good, but I think they can improve on that as well. 

They should work to add more built-in correlation searches and more use cases based on worldwide customer experiences. They need more ready-made use cases.

The solution is very stable; it's very good.

The solution is extremely scalable. Our customers are regularly scaling up after installing Splunk.

Technical support is average. It's not bad, but it's not excellent either.

The initial Setup is straightforward. It's pretty simple to set it up. You just have to configure it.

Deployment took about a month, including forming configurations and customizations. For just the setup, it's only about five days of implementation.

Right now, they have two licensing models, a perpetual license and a term license with an annual subscription. Splunk decided that they would stop the perpetual licensing model, which means that customers will need to buy a subscription going forward.

We use the on-premises deployment model of the solution.

The more types of clusters you have feeding into Splunk, the better the results you have. If you have a customer environment in which you have diverse solutions and technologies, which cater to a large network of applications you are able to inject more value for the customer. One of the key lessons from using Splunk is to have adequate hardware and pre-plan the implementation. It is reasonably balanced, in terms of how much it uses a CPU and the amount of memory it needs.

It's important that you start with good infrastructure when you implement Splunk, or you may run into issues.

Also, make sure to have trained people working on the solution. Otherwise, it will be a waste of investment. 

I would rate the solution nine out of ten. I would recommend the solution to others.

We are a cybersecurity vendor and Splunk is the main product that we work with. We are predominantly a Splunk shop. We sell security solutions, so our primary use case for Splunk UBA is security.

This is a good security product.

The price of Splunk UBA is too high.

I have been working with Splunk UBA at this company for the past year.

Everything that Splunk does is great, as far as stability.

Scalability is excellent on all Splunk products that I've dealt with.

The technical support is excellent.

The biggest lesson that I have learned from working with this product is that it is priced high, and you can achieve much of what it does through other methods. That combination makes it hard to sell.

I would rate this solution a nine out of ten.