This solution is used more for the analytics available on the platform.
The main use was for a COVID-19 White House initiative that was handled by the Vice President, Michael Pence.
The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
This solution is used more for the analytics available on the platform.
The main use was for a COVID-19 White House initiative that was handled by the Vice President, Michael Pence.
It has been the platform for end to end data processing, manipulations, and reporting, greatly improved org's data reporting effort.
The solution offers very good end-to-end capabilities.
It works very seamlessly. Behind the scenes, the workflow is pretty decent.
The stability is good.
The product can scale.
Technical support is very good.
The workflow could be improved. Although it works rather seamlessly, the workflow too complicated sometimes. Maybe they can reduce the complexity of the workflow. It could be more modularized in the future.
The performance of the engine could be better.
I've been using the solution for three years or so.
The solution is pretty stable. There are no bugs or glitches. However, the performance could be a bit better.
The solution can scale well. If a company needs to expand, it can do so pretty easily.
The solution has pretty good technical support. They are helpful and responsive and we have been satisfied with their services so far.
Positive
As implementors, we can deploy the solution for our clients. We don't need the assistance of consultants.
We're implementors.
There are still place the solution can have room to improve, we've been mostly quite happy with it. I would rate the product at a nine out of ten.
I'd advise a company considering the solution gets a technical consultant for the platform. They also have sales training on their website. The modules range from simple to complex. You can do some pretty good self-training with your team if you need to.
The solution is used in my company to help the security operation center in work areas like detection, response, and investigation while maintaining cybersecurity standards.
My company has benefited from using Splunk Enterprise Security, which has helped us stay out of the headlines in newspapers. The tool helps detect threats early and respond to them effectively.
The solution's most valuable feature is that it helps with our use cases to detect anomalies in our data and it is important to my company since we have a lot of data on different logs on the systems. We need to be able to create insights that are indicative of malicious activities, which is one of the main purposes of having Splunk Enterprise Security in our company.
The product lacks cross-cutting capabilities. The features in Splunk Enterprise Security that were initially promised to our company are still not available. My company has been asking Splunk for some of these features to be provided in the product for years, and we have been promised that they will be introduced soon in the solution and be part of the product's next release.
I believe that the contract and the terms and conditions mentioned in it are areas where improvements are required.
I have experience with Splunk Enterprise Security.
When it comes to the on-premises version, the stability of the product was quite reliable. When my company moved to the product's cloud version, we faced some major issues related to availability and dealing with events like data corruption.
The product's scalability is okay. I do not think my company faced issues in the area of scalability.
The product's support services were not great initially, but now they are in really good shape. Whenever my company connects with the product's support team, they listen to our questions and queries, so I feel that we are in a much better place now. I rate the technical support as eight out of ten.
Positive
My company has experience with ArcSight. We switched to Splunk Enterprise Security because we couldn't get good answers to our questions from ArcSight, and it was just not functional.
The solution is deployed using the cloud services offered by Splunk. Recently, my company also deployed the tool on an on-premises model. In our company, we monitor both, cloud and on-premises, with our cloud instance.
In the beginning phase, I would describe the deployment experience as a costly and hard process. The migration process from on-premises to cloud was hard and took our company a year to complete. There were different kinds of roadblocks on our company's and Splunk's end. My company worked directly with the migration process associated with the product.
It is difficult to say whether I have seen an ROI since it is like trying to figure out how much an insurance policy works. I think that our company will receive a return on investment from the use of the solution since it helps the organization's cybersecurity team stay out of the newspapers. My company has always been able to deal with threats quickly with the product.
Regarding the product's pricing, I think it has always been difficult to have a conversation with Splunk. Considering the contract thing and the whole legal area, it takes forever to get the contracts signed and to be able to agree to the terms and conditions for my company as well as for Splunk's team. I like the direction Splunk stays in by thinking with the customers about how to reduce costs and only have that data searchable or available, which you need at a particular time. I like the path Splunk is going on, specifically its current trajectory. I appreciate the efforts put in by Splunk in the area partnership, which is what my company expects.
My company uses Microsoft Sentinel. A multi-SIEM environment provides my company with the best of both worlds. Sentinel has some good features, like Microsoft Graph Security, that the tool uses for the whole Microsoft ecosystem. Microsoft Sentinel is a good option for my organization.
In my company, Splunk acts as a product that complements Sentinel because the former lacks some features. I think Microsoft is strong in the area of service delivery. Microsoft's EDR tools, like Microsoft Defender, use Servers from Microsoft Graph Security, and my company benefits from such a type of integration, and we are able to send alerts to Splunk. In our company, if we start to ingest all the data we usually ingest in Splunk by moving to Sentinel, it will become too expensive, so we have to choose where to keep our data.
My company has been able to reduce the mean time to resolve with Splunk Enterprise Security as it went down from a couple of days to hours.
My company has seen a significant reduction in alert volume. It was very noisy earlier, but lately, my company hardly sees any false positives.
It is super important that the solution provides end-to-end visibility of our company's environment because you can never know from where threats can materialize. The fact that users can correlate and ingest data makes sense and is crucial, considering the massive amounts of data.
Splunk Enterprise Security has helped improve our company's ability to ingest and normalize data, which is one of the tool's key benefits.
I would not say that Splunk Enterprise Security has helped solve problems in real-time scenarios, but it has helped solve problems on a near real-time basis. In my company, there is always some lag between the data that comes in and the ones being ingested and correlated. Splunk Enterprise Security aids in solving problems in a matter of minutes.
Splunk Enterprise Security provides relevant context to help guide our company's investigations, and it is very important and can be considered everything for our organization. In our company, we pull in data from assets and registries to give index-based alerts and be able to find owners quickly to notify them and respond to threats.
Splunk Enterprise Security's ability to help our company find any security events across environments is excellent. My company is really happy with Splunk Enterprise Security. The product helps our company find bad stuff when needed.
The truth is that it is very hard to deliver solutions that work at a certain scale. I think that one of the things I could say is that it is a solution that scales up at work. There are many organizations where solutions fail, and I can say that since I have been a part of the deployment of many other tools, it is hard to get many products to work. Splunk Enterprise Security works, and our company's analysts rely on it and trust it. I can only see improvements considering the strategies in terms of where the product's management team is going, and I believe that I will be able to rate the tool a nine out of ten pretty soon.
I rate the overall solution an eight out of ten.
