My main use case is for log management and checking the logs. We have rules running in Splunk Enterprise Security. We are using it as a main SIEM solution for our customers.
The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
My main use case is for log management and checking the logs. We have rules running in Splunk Enterprise Security. We are using it as a main SIEM solution for our customers.
Alert fatigue is a common issue with security solutions, but Splunk Enterprise Security reduces alert fatigue. When we encounter real incidents, we get to dive deeper to check out the main cause of that incident. It is useful because it reduces alert fatigue.
The best feature of Splunk Enterprise Security is the documentation. Splunk Enterprise Security's documentation is well-organized. For example, if you have a problem or if you want to read about what you're looking for, you can easily go there and read from the documentation. It also has many resources worldwide. It is a de facto standard of the SIEM solutions. For example, I have used IBM QRadar, which is another solution many companies are using.
One of the most beneficial use cases for me is that Splunk Enterprise Security is fast. I cannot speak to how the SIEMs work in the backend, but I can say it is fast to find any logs.
Its UX and UI experience is getting better. It is much better than one year ago. Some of the buttons and other features are much easier to locate and choose. The user interactions are much better than one year ago. The advanced queries are much faster. The UI design is much better. That is one of the best changes that happened in one year.
AI is an area that has room for improvement in Splunk Enterprise Security. I would say that AI plays a significant role in many of the cybersecurity tools I've used, not just Splunk. Many AI tools offer some form of assistance. By "AI assistance," I mean that while AI may not have complete knowledge of all customer flow data, it can still help engineers who often encounter unfamiliar situations. For example, during incidents, a large volume of logs can be generated, and it can be difficult to analyze all of them in a timely manner. In such cases, AI tools can be beneficial, even if they are not universally applicable. Certain events, like denial-of-service attacks, can result in massive log flows, which complicate detection and response efforts. Additionally, there may be similar collective issues affecting multiple customers.
Many cybersecurity tools incorporate some limited AI capabilities, which can assist operators. For instance, if a specific endpoint security issue arises with a customer, AI can help identify potential causes and suggest improvements. In my experience, most cybersecurity operators and companies rely on security tools that may not offer full-fledged SIEM solutions but do provide integrated security functionalities such as Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). My expectation is that even small, incremental integrations of AI will significantly enhance these tools' effectiveness.
I have been using the solution for approximately one year. I used it for 12 months in the company.
It's stable. I would rate it a ten out of ten for stability.
The scalability of Splunk Enterprise Security rates as an eight out of ten. I have not used the scalability option, but I would say the other procedures and processes are flawless. Scalability might be the same.
I have not reached out to their technical support because whenever I have an issue, I use the documentation rather than reaching out to technicians. When there is an issue, people need swift assistance to solve it. People do not want to wait, so I mainly use the documentation.
Neutral
I have worked with other SIEM solutions. Splunk Enterprise Security is great but can have some frustration points. It can sometimes be slower to use. On the other hand, when I use IBM QRadar, it rarely experiences slowdowns, especially when using the Incident Command Module (ICM). In the case of Splunk Enterprise Security, the speed might be affected by the number of systems in use or possibly due to how the security engineers configure it. As an operator, I find that the speed is a reason I would rate it an eight out of ten. Overall, it's very fast and accurate, and the user interface is excellent for various uses, such as querying data. However, I do notice that it can be slightly slower compared to other large enterprise solutions.
Most of the time, it is deployed on-premises. We don’t rely heavily on cloud solutions, although we have explored them a bit. Our customers, particularly in the financial industry, tend to prefer on-premises systems due to their concerns about cloud security.
Having good documentation is helpful for deployment. If the documentation is lacking, it can be challenging. The ease of navigating the systems really depends on a person's experience.
The duration varies depending on the company. I can't give a specific answer because it depends on several factors, such as the number of people working in the system, the number of endpoints, and how many on-premises servers are running. In my case, I haven't experienced a full deployment, as I've only deployed a few endpoints and on-premises services. This process took just a couple of days for me, but I haven't dealt with a large-scale on-premises deployment. When I joined the company, they were already using Splunk for various on-premises services, so I haven't gone through a complete zero to one hundred type of scenario.
Splunk Enterprise Security absolutely requires maintenance, but I don't deal with maintenance. It needs maintenance, but I have not encountered much of it.
From a return on investment standpoint, Splunk Enterprise Security saves a lot of time. I have used other SIEM solutions, and they are not so great. They create lots of exhaustion and frustrating periods of checking queries, and the response times are slower. This leads to a lot of frustration because many companies don’t rely on just one SIEM tool; they often use multiple alternatives simultaneously.
The documentation for Splunk Enterprise Security is outstanding. It is well-organized and easy to access. You can simply go to the Splunk documentation website, search for what you need, and by the end of the day, you’ll have a great solution for any issue you encounter with Splunk Enterprise Security. In contrast, other SIEM tools often lack this level of documentation, which is quite disappointing.
Splunk Enterprise Security also excels with its user interface. It is easy to navigate and integrates seamlessly with other services, which is a significant advantage. You can easily search for solutions, try out different features, and create reports.
As a security operator, one of our main responsibilities is writing reports. If an issue arises, clients will often ask, “What happened around noon? Can you explain the main issue?” Other SIEM tools can make it difficult to find the appropriate buttons or functions to navigate and analyze these incidents. However, with Splunk Enterprise Security, you just look up the documentation, write what you’re searching for, and apply the same rules in Splunk Enterprise Security. Everything is easy to follow, and the system works effectively. In summary, I would say that the well-documented guidance is one of the most valuable aspects for saving me time.
I have not used the advanced correlation capabilities so much because mainly all of them are running. Specifically, I have not gone very deep into the use case of Splunk Enterprise Security. I have used advanced queries a couple of times. For example, there was a sort of attack, a false positive attack. We had to check out all the timelines or block queries to find out what might have happened or what the reason was for the false positive. I used that and it is quite fast.
I have not used the risk-based alerting feature. It is more for log management and checking the log flow.
Whenever you want to apply for any exams, such as the SOC exam or Blue Team certification exams, they mainly ask for Splunk rather than other SIEM solutions. For me, it is overall the best SIEM solution to use.
I can recommend Splunk Enterprise Security to other users. It is fast and well-documented. User interface and user interaction are well-designed compared to other SIEM solutions. It is a great SIEM tool.
I would rate Splunk Enterprise Security an eight out of ten.
We work with CrowdStrike, Securonix Next-Gen SIEM, and other cybersecurity products such as Gurucul. We are a service provider and partner of Securonix Next-Gen SIEM. We operate as a reseller of Securonix Next-Gen SIEM for their customers' cybersecurity as their primary defense mechanism.
They are very updated. Their customer responses are great, and they keep using the new AI tools to keep themselves at the edge of the game.
This is very helpful because there are many false positives which keep cropping up, and one of the things that Securonix Next-Gen SIEM does very well is ensuring they don't give attention to false positives. They don't take attention away from the real problems and reduce a lot of noise.
We look forward to more developments from Securonix Next-Gen SIEM in terms of their service turnaround times and staying connected with customers.
Given that they have already started improving on the service levels, there isn't much we can recommend at this point. We will wait and see how things unfold.
We have been using the solution for about four years.
We have experienced no latency issues with the system.
It's fairly scalable. We have not had any customers come back to say they cannot scale at the speed of their business growth. Typically, Securonix Next-Gen SIEM is chosen by customers who are already fairly large. They don't have very small customers implementing Securonix Next-Gen SIEM.
It's certainly meant for large entities and to some extent medium entities who are on a growth trajectory, but certainly not for small ones.
They excel in response times and quick reactions when there's an actual threat. We work with a particular team which is regionally based out of the Middle East, and they have been very responsive, so we don't want to make any changes.
Positive
The solution is easily integrable and fairly easy to implement.
The solution is definitely not expensive. It's benchmarked against others in this space, and we haven't received any negative feedback about pricing from customers or prospects.
The choice depends on the posture that the particular company would take. If they are more mobile intensive with more endpoints, they would go for solutions from companies such as CrowdStrike. It also depends on which tool the CISO and the rest of their team is more comfortable dealing with.
Automated threat hunting is an evolving space because you can only hunt so many threats, but there are always some that go completely unnoticed. You only know what you know.
The system is pretty robust because it covers all applications and the entire spectrum. There are cycles that you keep going through and review periodically.
Whatever feedback we provide to the Securonix Next-Gen SIEM team, they have been very forthcoming.
I rate Securonix Next-Gen SIEM a 9 out of 10.
