Share your experience using Evolven

The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.

Use our online form to submit your review. It's quick and you can post anonymously.

Your review helps others learn about this solution
The PeerSpot community is built upon trust and sharing with peers.
It's good for your career
In today's digital world, your review shows you have valuable expertise.
You can influence the market
Vendors read their reviews and make improvements based on your feedback.
Examples of the 83,000+ reviews on PeerSpot:

Wallace Hugh - PeerSpot reviewer
VP of Data and Analytics at a tech services company with 201-500 employees
Real User
Top 5Leaderboard
Works seamlessly with good en-to-end capabilities and the capability to scale
Pros and Cons
  • "The solution offers very good end-to-end capabilities."
  • "The workflow could be improved."

What is our primary use case?

This solution is used more for the analytics available on the platform.

The main use was for a COVID-19 White House initiative that was handled by the Vice President, Michael Pence.

How has it helped my organization?

It has been the platform for end to end data processing, manipulations, and reporting, greatly improved org's data reporting effort.

What is most valuable?

The solution offers very good end-to-end capabilities. 

It works very seamlessly. Behind the scenes, the workflow is pretty decent.

The stability is good.

The product can scale.

Technical support is very good.

What needs improvement?

The workflow could be improved. Although it works rather seamlessly, the workflow too complicated sometimes. Maybe they can reduce the complexity of the workflow. It could be more modularized in the future.

The performance of the engine could be better.

For how long have I used the solution?

I've been using the solution for three years or so.

What do I think about the stability of the solution?

The solution is pretty stable. There are no bugs or glitches. However, the performance could be a bit better.

What do I think about the scalability of the solution?

The solution can scale well. If a company needs to expand, it can do so pretty easily.

How are customer service and support?

The solution has pretty good technical support. They are helpful and responsive and we have been satisfied with their services so far.

How would you rate customer service and support?

Positive

What about the implementation team?

As implementors, we can deploy the solution for our clients. We don't need the assistance of consultants.

What other advice do I have?

We're implementors.

There are still place the solution can have room to improve, we've been mostly quite happy with it. I would rate the product at a nine out of ten.

I'd advise a company considering the solution gets a technical consultant for the platform. They also have sales training on their website. The modules range from simple to complex. You can do some pretty good self-training with your team if you need to.  

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SAURABHYADAV4 - PeerSpot reviewer
Technical Specialist at HCL Technologies Limited
Real User
The solution speeds up our response by enabling us to automate some of the investigation steps
Pros and Cons
  • "Splunk's interface is user-friendly, and it has apps and add-ons for most applications. We can easily normalize the data to make it readable and understand the logs. We easily get all the field extractions and enrichment done by using the apps and add-ons. This helps us understand the application logs because the raw data is useless unless we extract some useful information from it. These add-ons make it so much easier."
  • "It would be nice if Splunk reduced the cost of training. Their training sessions are way too costly."

What is our primary use case?

I work in security and use Splunk for endpoint and application security, use case development reports, etc. I haven't used Splunk much for threat intelligence. We have a threat intel feed configured, and we create use cases based on those and the recommendations by the threat intel team. If something isn't covered, we create a use case for it. For example, if an application has an authentication interface enabled, we check all their authentication mechanisms and all the login policies. 

How has it helped my organization?

Splunk speeds up our incident response by enabling us to automate some of the investigation steps, such as finding information about the user or the source of the incident on machines. We can then move directly into the remediation phase and assign those tickets to the remediation team. It also triggers automatic email alerts to the recipient user. If our security analyst wants to see the alert logs or anything, they can easily drill down to identify any information required.

It allows us to configure use cases involving our machine-learning toolkit, and we have an adaptive threshold in ITSI. Using these tools, we can eliminate false positives and do some whitelisting to weed out users who are performing benign activities. Removing the false positives reduces the incident response time.

We can start to see results immediately once we have achieved a steady state. For instance, we can easily show how much our mean resolution time for incidents has fallen and provide metrics in a way that is easy for our clients to understand. 

What is most valuable?

Splunk's interface is user-friendly, and it has apps and add-ons for most applications. We can easily normalize the data to make it readable and understand the logs. We easily get all the field extractions and enrichment done by using the apps and add-ons. This helps us understand the application logs because the raw data is useless unless we extract some useful information from it. These add-ons make it so much easier.

Dashboards are useful when we present things to management. They want the numbers and the results. The leaders aren't interested in what we are working on. We need some visualization for our presentations. Splunk has beautiful and useful visualization and dashboard alerts. We can easily create visualizations using the available options and create different types of charts, reports, and graphs that are easy for management to understand. We can also provide our leaders direct access to the dashboards, so they don't need to reach out to our team to get this data or we can automatically send them the reports via email. 

Splunk has several useful features, like asset and identity management. If we integrate our asset and identity management properly in this log, it's effortless to identify the user, device, or asset. We can get all the details if we integrate those things into the lookup engine.

What needs improvement?

It would be nice if Splunk reduced the cost of training. Their training sessions are way too costly.

For how long have I used the solution?

We have used Splunk for around seven years.

What do I think about the stability of the solution?

Splunk is highly stable if you meet all the prerequisites and have enough physical memory for your local storage. 

What do I think about the scalability of the solution?

If you use the cloud version you can scale as much as your licensing allows. It's easy to scale, upgrade, or add instances according to your needs. 

How are customer service and support?

I rate Splunk support 8 out of 10. They're good, but I think there is room to improve because Splunk is the market leader, and they should strive to provide the best possible support. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I previously used QRadar and ArcSight. Splunk is one of the top products. Compared to Sentinel or QRadar, Splunk is the market leader in features and security. You can integrate application, physical, or cloud security and onboard those logs into Splunk, then tailor it to your requirements. 

How was the initial setup?

I've worked on multiple deployment models for Splunk, including hybrid, cloud, and on-prem. The deployment is straightforward. We do a POC and then scale it based on our requirements. 

What was our ROI?

I feel like Splunk is worth our investment. 

What's my experience with pricing, setup cost, and licensing?

The cloud version of Splunk is somewhat expensive, but it does provide some flexibility because you do not need engineers to manage the system. Everything is hosted in the cloud because it is a SaaS service. It depends on the usage. It is costly, but everything good thing comes at a price.

What other advice do I have?

I rate Splunk Enterprise Security 9 out of 10. 

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Flag as inappropriate