Enhancing the storage model that they are using is necessary. It's too much. The number of VMs, the total number of VMs, is overwhelming. The system is stable, but for the storage issues requiring a large number of VMs, it will be a nightmare.
Software Engineer IAM at Mercedes-Benz Canada Inc.
Real User
Top 20
2024-05-10T17:45:35Z
May 10, 2024
Sometimes, we need to write explicit queries. It would be good if the solution had an analytics tool that allowed us to analyze the data without writing specific queries. The solution's user interface is not that good and could be improved.
Currently, we do not have any specific improvement projects in progress. However, we have partnered with some companies that are constantly working on improving the system. Therefore, I believe it's in a good place right now. If the price was lowered and the setup process was less complex, I would consider rating it higher.
We want to have an automated system for bot hunting that enables us to detect anomalies predictively based on historical data. It would be helpful if Splunk included process mining as an alternative option. We have a threat workflow, but it would be useful if we could supplement that with some process mining capabilities over time.
Learn what your peers think about Splunk User Behavior Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Global Engineer at a financial services firm with 10,001+ employees
Real User
2020-09-21T06:33:00Z
Sep 21, 2020
Currently, a lot of network operations need improvement. We still need people to handle incidents. Our vision is to leverage status and convert it directly from the network devices. It would be ideal if we could take action using APIs and API code and remove manual processes.
Information Security Specialist at a financial services firm with 201-500 employees
Real User
2019-08-19T05:47:00Z
Aug 19, 2019
The correlation engine should have persistent and definable rules. Splunk should have more features and options in regards to correlating in real-time. It should have the ability to set more permanent rules. Correlation capabilities in ArcSight are better than in Splunk.
They can improve the licensing scheme. They are moving from perpetual to term licensing, which is not good. That is an area they need to improve. On the network monitoring side, if they can have additional features, similar to other solutions like QRadar. They need to add a feature similar to network behavior analytics. If Splunk is able to add some of those features then the solution will be like perfect. I think they could have a built-in user behavior analytics engine, and more advanced artificial intelligence features as well. One bad feature on the solution is the network and the behavior of anomaly detection. Their machine learning is good, but I think they can improve on that as well. They should work to add more built-in correlation searches and more use cases based on worldwide customer experiences. They need more ready-made use cases.
Senior Security Engineer at a government with 1,001-5,000 employees
Real User
2019-08-18T07:52:00Z
Aug 18, 2019
Actually, the most valuable aspect of Splunk is the data. You do not need to use your databases to perform all things from on all the servers we have. Splunk has three big things it can do with data: it can show it hot, warm and cold. The hot of it allows you to see the data as soon as things happen — maybe to the second. We have the warm, the warm will segment the data up to the hot up to three months ago. The cold will store all of the archives of all the data after the six months. After that, you can't make comparisons any further. In the future, we make Splunk in the SOC (Security Operations Center). In the SOC now, we use one feature, it's called the alert system. So in the future, we want to make it so we can send all the data and we can build its security and its management. It will be published in all the places as it is now. We need to do this so we can build more data centers from all the past and existing data crunch.
Security PS Supervisor at a tech services company with 1,001-5,000 employees
Real User
2019-08-13T10:41:00Z
Aug 13, 2019
The solution is much more expensive than relative competitors like ArcSight or LogRhythm. It makes it hard to sell to customers sometimes. I would like to see a better tracking intelligence module with lower costs fully integrated with a user behavior analytics module. It would empower this module with the keys and real-time updates in terms of security.
Director of Technology at a insurance company with 10,001+ employees
Real User
2019-05-09T00:25:00Z
May 9, 2019
I'm not that close to the actual hands-on usage to suggest improvements. One thing I would say is that they should continue to expand it on more devices. I would say continue to broaden the horizon where there are limitations now.
BS Systems Engineer at a tech services company with 501-1,000 employees
Real User
2018-12-02T07:45:00Z
Dec 2, 2018
Splunk can improve the UBA. There are occasional bugs, but they're not so much of an issue. We can definitely improve the features, but it depends on the customer's needs. We need to modify or create new dashboards that increase the customer's satisfaction and customer's needs. It depends upon the customer. Not all of the pre-defined dashboards are suitable to the customers or the customer needs on the pre-defined dashboard so we can create dashboards that meet the customer needs.
Splunk User Behavior Analytics is a behavior-based threat detection is based on machine learning methodologies that require no signatures or human analysis, enabling multi-entity behavior profiling and peer group analytics for users, devices, service accounts and applications. It detects insider threats and external attacks using out-of-the-box purpose-built that helps organizations find known, unknown and hidden threats, but extensible unsupervised machine learning (ML) algorithms, provides...
Enhancing the storage model that they are using is necessary. It's too much. The number of VMs, the total number of VMs, is overwhelming. The system is stable, but for the storage issues requiring a large number of VMs, it will be a nightmare.
Sometimes, we need to write explicit queries. It would be good if the solution had an analytics tool that allowed us to analyze the data without writing specific queries. The solution's user interface is not that good and could be improved.
Currently, we do not have any specific improvement projects in progress. However, we have partnered with some companies that are constantly working on improving the system. Therefore, I believe it's in a good place right now. If the price was lowered and the setup process was less complex, I would consider rating it higher.
We want to have an automated system for bot hunting that enables us to detect anomalies predictively based on historical data. It would be helpful if Splunk included process mining as an alternative option. We have a threat workflow, but it would be useful if we could supplement that with some process mining capabilities over time.
I would like improved downward integration with other tools such as McAfee and other GCP solutions.
I'm not aware of any lacking features.
The price of Splunk UBA is too high.
Currently, a lot of network operations need improvement. We still need people to handle incidents. Our vision is to leverage status and convert it directly from the network devices. It would be ideal if we could take action using APIs and API code and remove manual processes.
The correlation engine should have persistent and definable rules. Splunk should have more features and options in regards to correlating in real-time. It should have the ability to set more permanent rules. Correlation capabilities in ArcSight are better than in Splunk.
They can improve the licensing scheme. They are moving from perpetual to term licensing, which is not good. That is an area they need to improve. On the network monitoring side, if they can have additional features, similar to other solutions like QRadar. They need to add a feature similar to network behavior analytics. If Splunk is able to add some of those features then the solution will be like perfect. I think they could have a built-in user behavior analytics engine, and more advanced artificial intelligence features as well. One bad feature on the solution is the network and the behavior of anomaly detection. Their machine learning is good, but I think they can improve on that as well. They should work to add more built-in correlation searches and more use cases based on worldwide customer experiences. They need more ready-made use cases.
In the future I would like to see simplified statistics and analytical threats, as well as a more user-friendly interface for dashboards.
Actually, the most valuable aspect of Splunk is the data. You do not need to use your databases to perform all things from on all the servers we have. Splunk has three big things it can do with data: it can show it hot, warm and cold. The hot of it allows you to see the data as soon as things happen — maybe to the second. We have the warm, the warm will segment the data up to the hot up to three months ago. The cold will store all of the archives of all the data after the six months. After that, you can't make comparisons any further. In the future, we make Splunk in the SOC (Security Operations Center). In the SOC now, we use one feature, it's called the alert system. So in the future, we want to make it so we can send all the data and we can build its security and its management. It will be published in all the places as it is now. We need to do this so we can build more data centers from all the past and existing data crunch.
The solution is much more expensive than relative competitors like ArcSight or LogRhythm. It makes it hard to sell to customers sometimes. I would like to see a better tracking intelligence module with lower costs fully integrated with a user behavior analytics module. It would empower this module with the keys and real-time updates in terms of security.
I'm not that close to the actual hands-on usage to suggest improvements. One thing I would say is that they should continue to expand it on more devices. I would say continue to broaden the horizon where there are limitations now.
The feature set isn't too bad as is. My biggest complaint is the way they do pricing.
I would love to see more integration with other solutions and the ability to perform some actions straightaway from the dashboard.
I would like a bit more flexibility on how to configure it. It is still a little locked down, as compared to some open source offerings.
Splunk can improve the UBA. There are occasional bugs, but they're not so much of an issue. We can definitely improve the features, but it depends on the customer's needs. We need to modify or create new dashboards that increase the customer's satisfaction and customer's needs. It depends upon the customer. Not all of the pre-defined dashboards are suitable to the customers or the customer needs on the pre-defined dashboard so we can create dashboards that meet the customer needs.