Try our new research platform with insights from 80,000+ expert users
Head of cybersecurity at NOVARED SA
MSP
A fast and flexible solution for conducting analytics on large data sets
Pros and Cons
  • "The solution is fast, flexible, and easy to use."
  • "I would like improved downward integration with other tools such as McAfee and other GCP solutions."

What is our primary use case?

Four technicians in our company work within the active directory to look for compartmental behaviors associated with users and conduct analytics like clustering, grouping, and searching. 

What is most valuable?

The solution is fast, flexible, and easy to use. 

What needs improvement?

I would like improved downward integration with other tools such as McAfee and other GCP solutions. 

For how long have I used the solution?

I have been using the solution for four years. 

Buyer's Guide
Splunk User Behavior Analytics
November 2024
Learn what your peers think about Splunk User Behavior Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,053 professionals have used our research since 2012.

What do I think about the stability of the solution?

The solution is stable. 

What do I think about the scalability of the solution?

The solution is scalable. 

How are customer service and support?

Technical support is very good and answers my questions. 

How was the initial setup?

The initial setup is easy. 

What other advice do I have?

The solution works very well with large data sets. 

I rate the solution a ten out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1418904 - PeerSpot reviewer
Global Engineer at a financial services firm with 10,001+ employees
Real User
Stable, with good automation capabilities, however, we want to be able to automate even more
Pros and Cons
  • "The product is at the forefront of auto-remediation networking. It's great."
  • "Currently, a lot of network operations need improvement. We still need people to handle incidents. Our vision is to leverage status and convert it directly from the network devices. It would be ideal if we could take action using APIs and API code and remove manual processes."

What is our primary use case?

We use the solution to feed telemetry data from the network into the collective for display-only. We haven't yet come to a point where we have decided on the process of the status for subsequent operational automation. 

What is most valuable?

The automation is very good.

The product is at the forefront of auto-remediation networking. It's great.

The pricing of the solution is very reasonable.

What needs improvement?

Currently, a lot of network operations need improvement. We still need people to handle incidents. Our vision is to leverage status and convert it directly from the network devices. It would be ideal if we could take action using APIs and API code and remove manual processes.  

For how long have I used the solution?

I've been using the solution for one year at this point.

What do I think about the stability of the solution?

The solution, from what I have witnessed, is stable. There aren't bugs or glitches. It doesn't crash or freeze. A company can rely on its performance.

What do I think about the scalability of the solution?

The scalability is pretty good. A company that wants to expand it out shouldn't have an issue doing so.

There's a handful of people on it at my organization. We have maybe ten users on it in total. They are mostly admins and engineers. We do have plans to continue to use the solution.

How are customer service and technical support?

Technical support has been adequate. We aren't blown away by amazing service, however, they do help if we need them to. I personally haven't had any direct contact with them.

Which solution did I use previously and why did I switch?

We didn't previously use a different product. We're rather new to automation and Splunk in general.

How was the initial setup?

The solution doesn't have a complex setup. It's rather straightforward. 

If you are talking of simply spinning off a container, it's very easy.

The complexity should be on the workflow. It's also the most time-consiuming process. For example, how do you handle this incident? It has to be very careful to ensure you don't have false positives that could mistakenly trigger actions. That can to be the most costly mistake. Other than that, a lot of products you can acquire from open source.

What about the implementation team?

There were a few of us that were tained specifically for the implementation. There were a number of us to speed up the process in order to get automation happening quickly for hte company. 

What's my experience with pricing, setup cost, and licensing?

The solution isn't overly expensive. It's quite affordable. It's not the priciest option on the market. I'm not sure of the exact cost as its not an aspect of the solution I directly deal with.

What other advice do I have?

We're simply customers. We don't have a business relationship with Splunk.

We're using the latest version of the solution. I'm not sure of the exact version number.

I'd recommend the solution to other companies.

On a scale from one to ten, I'd rate it at a seven. If the cost was more reasonable, I might rate it a bit higher. It's not too expensive, but it could always be better.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Splunk User Behavior Analytics
November 2024
Learn what your peers think about Splunk User Behavior Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,053 professionals have used our research since 2012.
CISO at a financial services firm with 201-500 employees
Real User
Professional technical team but I would like to see a more user-friendly interface
Pros and Cons
  • "The solution is definitely scalable."
  • "In the future I would like to see simplified statistics and analytical threats."

What is our primary use case?

Our main use of this solution is threat intelligence and we are very satisfied with it, as it is exactly what we need in our situation. 

What needs improvement?

In the future I would like to see simplified statistics and analytical threats, as well as a more user-friendly interface for dashboards.

For how long have I used the solution?

I have been using Splunk User Behaviour Analytics for two years now.

What do I think about the stability of the solution?

I think the solution is very stable.

What do I think about the scalability of the solution?

The solution is definitely scalable, because we currently have 1000 users in our company and we plan to increase.

How are customer service and technical support?

I am really satisfied with their technical support. The technicians are very professional.

What's my experience with pricing, setup cost, and licensing?

The licensing costs is around 10,000 dollars.

What other advice do I have?

I will rate this product a seven out of ten, and I would definitely recommend it to others.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Informat0a7b - PeerSpot reviewer
Information Security Manager at a financial services firm with 201-500 employees
Real User
Enables searching through a lot of data, but pricing is problematic - you can't budget for it
Pros and Cons
  • "The most valuable feature is the ability to search through a large amount of data."

    What is our primary use case?

    Threat hunting is our primary use case.

    How has it helped my organization?

    It hasn't really improved the way our organization functions. It has been neutral.

    We have, however, seen a decrease in the mean time to detect threats, by about 15 to 20 percent. We can do more hunting so we can find stuff quicker, but we had other tools that could also do that. It's not bad. It's fine.

    What is most valuable?

    The most valuable feature is the ability to search through a large amount of data.

    What needs improvement?

    The feature set isn't too bad as is. My biggest complaint is the way they do pricing.

    What do I think about the stability of the solution?

    It is fairly stable.

    What do I think about the scalability of the solution?

    It's scalable.

    How are customer service and technical support?

    I don't like their support.

    Which solution did I use previously and why did I switch?

    Our previous solution was a really limited version of what Splunk is. Splunk is the number-one leader in this area, so we went with it. It works. But it's the pricing model which is the problem. And you really don't understand upfront how bad the pricing model is until you get stuck with it.

    How was the initial setup?

    The initial setup was complex. There were a lot of moving pieces. It took a lot to get it going.

    What about the implementation team?

    We did not use an integrator or consultant.

    What was our ROI?

    There's a reason everyone is using other tools to reduce the cost of using Splunk. The ROI is not great, that's why. But once you already have all your data in it, if you have so much already invested in the infrastructure, it's hard to leave it, so you do other stuff to reduce the cost.

    What's my experience with pricing, setup cost, and licensing?

    Pricing is the problem with Splunk. You can never know the pricing for next year. Every single time you adjust to something new, the price goes up. It's impossible to truly budget for it. It goes up constantly. You can plan for 2x and it will be 3x. You only find out in the long run.

    What other advice do I have?

    I wouldn't buy Splunk because of the cost, because you can't budget for it. You think you can and then you find out later you can't.

    The company is still using it, but they're adding other pieces in to reduce the cost of Splunk. They're spending money to buy another product to pre-process so then they can save money on it.

    We've been improving and the maturity's pretty great. This is just one small piece in the overall platform. And the overall platform, from a cybersecurity maturity perspective, is doing well. If you look at it from that perspective, it's had a positive impact, it has not been a drag.

    The product itself is a seven out of ten. It's somewhat efficient, if you have the right staff and if everything's working properly. You have to have at least one person do care and feeding at the backend to make sure the infrastructure's working.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    reviewer1934946 - PeerSpot reviewer
    Network Security Engineer at a tech services company with 51-200 employees
    Real User
    Easy to use with a great dashboard and a simple setup
    Pros and Cons
    • "It's easily scalable."
    • "We'd like the ability to do custom searches."

    What is our primary use case?

    We have been using it for performing analytics for the logs. 

    We resell it to our customers. We are also using the tool so that we can build more use cases for our clients. We basically look into understanding how it is performing analytics with Office 365 and how it is correlating those things. 

    What is most valuable?

    For us, it has been working great as of now.

    We enjoy the overall usability. You just look at the dashboard and you have all the data that you need at a glance. That is probably the best part, I would say. It's easy enough to understand that anyone can pick it up.

    My understanding is that the setup is easy.

    The solution is stable. 

    It's easily scalable. 

    What needs improvement?

    UBA is a separate tool and it should be a part of the Splunk base itself so that we can download it. It should be easier to use just like the normal Splunk in that we should be able to put in queries or add custom things. 

    We'd like the ability to do custom searches. 

    For how long have I used the solution?

    I've been using the solution for the last three months. 

    What do I think about the stability of the solution?

    It's a stable, reliable product with good performance. There aren't bugs or glitches. It doesn't crash or freeze. 

    What do I think about the scalability of the solution?

    It is a scalable product. It can expand with ease. 

    How are customer service and support?

    I've never dealt with technical support. 

    Which solution did I use previously and why did I switch?

    We use all different types of solutions from Splunk, whether it is the SIEM, or ITSI, or even Splunk Enterprise. It's all Splunk. That it's.

    We have not used SignalFx. We have been looking into it, however.

    How was the initial setup?

    From what I have heard, the setup is easy, although I did not set it up myself.

    What's my experience with pricing, setup cost, and licensing?

    I'm not sure of the exact licensing fees. 

    What other advice do I have?

    I'm not sure which version of the solution we're using. 

    We have been using Splunk for a while, and we were looking for some solutions that incorporate a lot of ML and AI to get insights into the activities that are going on in the user's end devices. We feel that UBA was a much better solution than other options. There are different products, however, we went with Splunk as we have been using other Splunk tools for a while now.

    I'd recommend the product to others. 

    I would rate the solution eight out of ten due to the lack of custom search and the fact it is sort of disconnected from the complete Splunk environment.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    PeerSpot user
    Managing Director at Hayyan Horizons
    Real User
    An intuitive solution with excellent integration capabilities
    Pros and Cons
    • "The solution is extremely scalable. Our customers are regularly scaling up after installing Splunk."
    • "They should work to add more built-in correlation searches and more use cases based on worldwide customer experiences. They need more ready-made use cases."

    What is our primary use case?

    We primarily use this solution for security.

    What is most valuable?

    The solution offers good searching and allows for easy creation of dashboards and reports. It's intuitive and not very difficult. You just need to learn the SPL, Search Processing Language, in Splunk. This also helps you to clear more advanced use cases. 

    Integration is very easy as well. It's quite good. If you want to add more devices and solutions, or other technologies for monitoring, it's easily done in Splunk, with all its firewalls, its switches, and network devices. 

    What needs improvement?

    They can improve the licensing scheme. They are moving from perpetual to term licensing, which is not good. That is an area they need to improve.

    On the network monitoring side, if they can have additional features, similar to other solutions like QRadar. They need to add a feature similar to network behavior analytics.

    If Splunk is able to add some of those features then the solution will be like perfect.

    I think they could have a built-in user behavior analytics engine, and more advanced artificial intelligence features as well. One bad feature on the solution is the network and the behavior of anomaly detection. Their machine learning is good, but I think they can improve on that as well. 

    They should work to add more built-in correlation searches and more use cases based on worldwide customer experiences. They need more ready-made use cases.

    For how long have I used the solution?

    I've been using the solution for four years.

    What do I think about the stability of the solution?

    The solution is very stable; it's very good.

    What do I think about the scalability of the solution?

    The solution is extremely scalable. Our customers are regularly scaling up after installing Splunk.

    How are customer service and technical support?

    Technical support is average. It's not bad, but it's not excellent either.

    How was the initial setup?

    The initial Setup is straightforward. It's pretty simple to set it up. You just have to configure it.

    Deployment took about a month, including forming configurations and customizations. For just the setup, it's only about five days of implementation.

    What's my experience with pricing, setup cost, and licensing?

    Right now, they have two licensing models, a perpetual license and a term license with an annual subscription. Splunk decided that they would stop the perpetual licensing model, which means that customers will need to buy a subscription going forward.

    What other advice do I have?

    We use the on-premises deployment model of the solution.

    The more types of clusters you have feeding into Splunk, the better the results you have. If you have a customer environment in which you have diverse solutions and technologies, which cater to a large network of applications you are able to inject more value for the customer. One of the key lessons from using Splunk is to have adequate hardware and pre-plan the implementation. It is reasonably balanced, in terms of how much it uses a CPU and the amount of memory it needs.

    It's important that you start with good infrastructure when you implement Splunk, or you may run into issues.

    Also, make sure to have trained people working on the solution. Otherwise, it will be a waste of investment. 

    I would rate the solution nine out of ten. I would recommend the solution to others.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    reviewer890208 - PeerSpot reviewer
    Information Security Specialist at a financial services firm with 201-500 employees
    Real User
    Has powerful search, indexing, and scalability features
    Pros and Cons
    • "The most valuable features are the indexing and powerful search features."
    • "The correlation engine should have persistent and definable rules."

    What is our primary use case?

    Splunk has features that no other solutions have. We work in organizations that have a big volume of data. Our primary use case of this solution is for indexing. The best solution that we found that could fit our needs was Splunk.

    What is most valuable?

    The most valuable features are the indexing and powerful search features. 

    What needs improvement?

    The correlation engine should have persistent and definable rules. Splunk should have more features and options in regards to correlating in real-time. It should have the ability to set more permanent rules.  

    Correlation capabilities in ArcSight are better than in Splunk. 

    For how long have I used the solution?

    I have been using Splunk for more than three years.

    What do I think about the stability of the solution?

    The stability is good. It's reliable and can be used in enterprise environments. 

    What do I think about the scalability of the solution?

    It is a scalable solution and can support many users. The scalability is another powerful feature of this solution.

    We have around ten users using this solution in our company. We also provide this solution to our subsidiary companies so there are more than twenty users.

    How are customer service and technical support?

    We are in Iran and are under U.S. sanctions so we can only use online forums for support. We can't use their technical support. 

    How was the initial setup?

    The initial setup was easy. 

    What about the implementation team?

    We did the implementation in-house. 

    What's my experience with pricing, setup cost, and licensing?

    Our licensing costs are on a yearly basis. 

    Which other solutions did I evaluate?

    We researched many solutions before choosing Splunk like LogRhythm, ELK, and FortiSIEM.

    What other advice do I have?

    After more than three years of using this solution, I would recommend this solution, especially for environments that have a big volume of data. I would rate this solution a nine out of ten. It is a really great product. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    reviewer1276995 - PeerSpot reviewer
    Sr. CyberSecurity Solutions Architect at a security firm with 11-50 employees
    Real User
    Good support, stable, and provides good security
    Pros and Cons
    • "This is a good security product."
    • "The price of Splunk UBA is too high."

    What is our primary use case?

    We are a cybersecurity vendor and Splunk is the main product that we work with. We are predominantly a Splunk shop. We sell security solutions, so our primary use case for Splunk UBA is security.

    What is most valuable?

    This is a good security product.

    What needs improvement?

    The price of Splunk UBA is too high.

    For how long have I used the solution?

    I have been working with Splunk UBA at this company for the past year.

    What do I think about the stability of the solution?

    Everything that Splunk does is great, as far as stability.

    What do I think about the scalability of the solution?

    Scalability is excellent on all Splunk products that I've dealt with.

    How are customer service and support?

    The technical support is excellent.

    What other advice do I have?

    The biggest lesson that I have learned from working with this product is that it is priced high, and you can achieve much of what it does through other methods. That combination makes it hard to sell.

    I would rate this solution a nine out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Splunk User Behavior Analytics Report and get advice and tips from experienced pros sharing their opinions.
    Updated: November 2024
    Buyer's Guide
    Download our free Splunk User Behavior Analytics Report and get advice and tips from experienced pros sharing their opinions.