The solution is used in my company to help the security operation center in work areas like detection, response, and investigation while maintaining cybersecurity standards.
The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
The solution is used in my company to help the security operation center in work areas like detection, response, and investigation while maintaining cybersecurity standards.
My company has benefited from using Splunk Enterprise Security, which has helped us stay out of the headlines in newspapers. The tool helps detect threats early and respond to them effectively.
The solution's most valuable feature is that it helps with our use cases to detect anomalies in our data and it is important to my company since we have a lot of data on different logs on the systems. We need to be able to create insights that are indicative of malicious activities, which is one of the main purposes of having Splunk Enterprise Security in our company.
The product lacks cross-cutting capabilities. The features in Splunk Enterprise Security that were initially promised to our company are still not available. My company has been asking Splunk for some of these features to be provided in the product for years, and we have been promised that they will be introduced soon in the solution and be part of the product's next release.
I believe that the contract and the terms and conditions mentioned in it are areas where improvements are required.
I have experience with Splunk Enterprise Security.
When it comes to the on-premises version, the stability of the product was quite reliable. When my company moved to the product's cloud version, we faced some major issues related to availability and dealing with events like data corruption.
The product's scalability is okay. I do not think my company faced issues in the area of scalability.
The product's support services were not great initially, but now they are in really good shape. Whenever my company connects with the product's support team, they listen to our questions and queries, so I feel that we are in a much better place now. I rate the technical support as eight out of ten.
Positive
My company has experience with ArcSight. We switched to Splunk Enterprise Security because we couldn't get good answers to our questions from ArcSight, and it was just not functional.
The solution is deployed using the cloud services offered by Splunk. Recently, my company also deployed the tool on an on-premises model. In our company, we monitor both, cloud and on-premises, with our cloud instance.
In the beginning phase, I would describe the deployment experience as a costly and hard process. The migration process from on-premises to cloud was hard and took our company a year to complete. There were different kinds of roadblocks on our company's and Splunk's end. My company worked directly with the migration process associated with the product.
It is difficult to say whether I have seen an ROI since it is like trying to figure out how much an insurance policy works. I think that our company will receive a return on investment from the use of the solution since it helps the organization's cybersecurity team stay out of the newspapers. My company has always been able to deal with threats quickly with the product.
Regarding the product's pricing, I think it has always been difficult to have a conversation with Splunk. Considering the contract thing and the whole legal area, it takes forever to get the contracts signed and to be able to agree to the terms and conditions for my company as well as for Splunk's team. I like the direction Splunk stays in by thinking with the customers about how to reduce costs and only have that data searchable or available, which you need at a particular time. I like the path Splunk is going on, specifically its current trajectory. I appreciate the efforts put in by Splunk in the area partnership, which is what my company expects.
My company uses Microsoft Sentinel. A multi-SIEM environment provides my company with the best of both worlds. Sentinel has some good features, like Microsoft Graph Security, that the tool uses for the whole Microsoft ecosystem. Microsoft Sentinel is a good option for my organization.
In my company, Splunk acts as a product that complements Sentinel because the former lacks some features. I think Microsoft is strong in the area of service delivery. Microsoft's EDR tools, like Microsoft Defender, use Servers from Microsoft Graph Security, and my company benefits from such a type of integration, and we are able to send alerts to Splunk. In our company, if we start to ingest all the data we usually ingest in Splunk by moving to Sentinel, it will become too expensive, so we have to choose where to keep our data.
My company has been able to reduce the mean time to resolve with Splunk Enterprise Security as it went down from a couple of days to hours.
My company has seen a significant reduction in alert volume. It was very noisy earlier, but lately, my company hardly sees any false positives.
It is super important that the solution provides end-to-end visibility of our company's environment because you can never know from where threats can materialize. The fact that users can correlate and ingest data makes sense and is crucial, considering the massive amounts of data.
Splunk Enterprise Security has helped improve our company's ability to ingest and normalize data, which is one of the tool's key benefits.
I would not say that Splunk Enterprise Security has helped solve problems in real-time scenarios, but it has helped solve problems on a near real-time basis. In my company, there is always some lag between the data that comes in and the ones being ingested and correlated. Splunk Enterprise Security aids in solving problems in a matter of minutes.
Splunk Enterprise Security provides relevant context to help guide our company's investigations, and it is very important and can be considered everything for our organization. In our company, we pull in data from assets and registries to give index-based alerts and be able to find owners quickly to notify them and respond to threats.
Splunk Enterprise Security's ability to help our company find any security events across environments is excellent. My company is really happy with Splunk Enterprise Security. The product helps our company find bad stuff when needed.
The truth is that it is very hard to deliver solutions that work at a certain scale. I think that one of the things I could say is that it is a solution that scales up at work. There are many organizations where solutions fail, and I can say that since I have been a part of the deployment of many other tools, it is hard to get many products to work. Splunk Enterprise Security works, and our company's analysts rely on it and trust it. I can only see improvements considering the strategies in terms of where the product's management team is going, and I believe that I will be able to rate the tool a nine out of ten pretty soon.
I rate the overall solution an eight out of ten.
We mostly use the solution for compliance, logging, log storage, and root cause analysis. In 2015, we had AIG as a client, and they only had Splunk. Splunk Enterprise Security is one of the oldest solutions that did the logging and storage.
Splunk has fantastic brand value, which helps us sell it as resellers. The solution's pricing is quite competitive. The solution meets all the requirements. As a compliance person, I know that log storage is very important for data privacy compliance guidelines like ISO or CCPA. Splunk provides all of those compliances and checkmarks.
I like that the tool is light and the agent doesn't slow down the machine. Splunk Enterprise Security is a standard solution providing good customer service and partnership.
The solution should improve regional knowledge of the new regulations coming out of the Middle East. As a consulting firm, we are currently targeting many Middle Eastern markets, including Saudi Arabia and Dubai. They don't have a local server support cloud center there, which is a big issue because they don't want their data to go out of the region. Splunk should have more regional data centers in the Middle East.
I have been using Splunk Enterprise Security for five years.
Splunk Enterprise Security provides good stability.
The solution's scalability is fantastic. Even 10,000 to 50,000 endpoints don't slow anything down. The servers, log storage, and ingestion work smoothly, irrespective of whether there are 5,000 or 50,000 endpoints.
The solution’s technical support is very good.
Our customers using Splunk Enterprise Security don't have any compliance issues, and they don't get fined by the regulators, which saves them money.
Splunk Enterprise Security's pricing is pretty competitive.
I'm a consultant who uses Splunk for other clients. It's important for the clients that it can communicate with all kinds of devices, like firewalls, WAFs, servers, endpoints, switches, and routers. All of that is figured out over time, which is useful.
Splunk Enterprise Security is a good tool for finding security events across multi-cloud, on-premises, or hybrid environments.
Splunk has helped improve our organization's ability to ingest and normalize data. It can also identify and solve P1 or high-critical-priority problems in real-time.
Splunk Enterprise Security has helped us reduce our alert volume by around 50%.
The solution provides us with the relevant context to help guide our investigations, and this context information has impacted our investigation process. Having all the data in a single place does help with post-incident response and forensic root cause analysis.
Splunk Enterprise Security has significantly helped speed up our security investigations. I save 60% to 70% of my time because it's easier to find what I want to find through the tool's user interface.
Splunk Enterprise Security has helped reduce our mean time to resolve by around 50%.
Overall, I rate the solution ten out of ten.