We will have clients that generate events through our platform and wish to export those events as data points to Splunk.
The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
We will have clients that generate events through our platform and wish to export those events as data points to Splunk.
The solution improves our customers' integrations. They really want insights into what their users are doing. They want to be alerted to anomalies, general pain points, or popular areas in the integration to understand what's working and what's not.
The metrics and trends that Splunk Enterprise Security generates using all the data points we send allow customers to understand better what their users are doing.
Splunk Enterprise Security should provide a better and richer integration. It has a regimented integration, where we had to build a Python library. It was a very tough way to integrate officially and get into the marketplace. We'd like to see more options so that we can better send data over to the Splunk platform.
The requirements of building the integration had to be a very specific and certain way to get onto your marketplace. Once it's there, it's fine, but it took a little effort to get it exactly that way. That's not as maintainable as we like, so we'd rather that be a more robust integration.
We've had an integration available for the better part of three or four years.
The solution provides good stability.
We haven’t seen any issues with the solution’s scalability.
We mostly interacted with the marketplace community. Although our support experience was not great, the issue was straightforward.
Our customers have seen a return on investment with the solution. We have seen customer satisfaction as it was a highly sought-after integration, and they're happy now that it exists.
The end-to-end visibility that the solution provides into our environment is incredibly important to our organization. We like to see it as the total answer. Any data point can be picked up, and you can really build anything you need from the integration. It's incredibly valuable with the data that it's generating. What the tool provides once integrated is highly valuable and sufficient for us.
Finding any security event across multi-cloud, on-premises, or hybrid environments with Splunk Enterprise Security has been incredibly easy. Using the rest of the Splunk platform, you can trigger whatever you need off the data coming in through the integration.
The solution has helped improve our organization's ability to ingest and normalize data. It also generates more customer activities so that there's a stickier relationship.
The Splunk integration triggers the necessary events so that downstream alerting isn't necessary.
Splunk Enterprise Security has helped speed up our security investigations. It's a great direct integration so that our customers can react quickly when necessary.
In principle, the solution has helped reduce our mean time to resolve, but not necessarily data points that we see as the integrator.
Overall, I rate the solution an eight out of ten.
I use the solution in my company to deal with certain migrations from a legacy SIEM solution to a new product like Splunk Enterprise Security or from on-prem to cloud migrations. Another use case involves implementing a new SIEM solution like Splunk Enterprise Security from scratch.
The most valuable features are its ability to transact in the cloud and its ability to onboard data easily with minimal connectors. Some of the new players in the market need to build new connectors to bring data into the SIEM solution. With Splunk Enterprise Security, you get built-in connectors, as it is a major platform.
The product's price may be an area of concern where improvements are required.
The metrics that I or my company's clients see in terms of the improvements from the use of Splunk stem from the fact that some of the metrics that the tool provides for senior leadership, specifically in the area of visibility when it comes to organizational split, considering that there are multiple lines of business. It would be a good feature in the tool if it could provide dashboarding for different lines of business in the product's next release.
One of the key areas where Splunk Enterprise Security can do better is if it integrates with AI solutions.
I have been using Splunk Enterprise Security for five years.
Our company's clients who use the solution like the fact that they can rely on Splunk Enterprise Security as a product, especially since it is not a new entrant in the market. Though the tool has moved from on-prem to the cloud, I feel that the fundamentals of Splunk Enterprise Security are strong. The support structure available for Splunk is good.
Scalability is of paramount importance to a lot of clients. Some of the clients value the scalability feature of the product, and they are also willing to pay more to use such features. There are some pharmaceutical clients my company deals with who like the scalability feature but do not like the increase in the price attached to the scalability part.
To be very fair, I have not been directly exposed to Splunk's support team since I deal with our company's clients. I have not heard any major complaint from our company's client regarding Splunk's support team, so I assume that it is pretty good.
Deployment of the product is easier than migration. It is always better to write on a clean board than write on a board where someone has already written something. If you migrate from one solution to another, you also have to migrate some of the use cases, and you need to fine-tune them. If you are deploying a product from scratch, it is easier. My company also recently dealt with one of the clients, and we had to onboard 28 log sources in ten weeks with no issues. We also had to deal with heavy forwarders, syslog, universal forwarders, and everything under the sun, which was a big mix, making it a difficult environment. There were no issues during the onboarding process. In general, I am happy with the product.
ROI depends on a lot of calculations, so my company does not consider it. Most of the complaints from our clients are related to the cost of the product. Our company's clients are happy with the features and reliability of the product. Cost is one of the major factors that companies are migrating from Splunk Enterprise Security to some other solution. I don't know if it is relevant or not, but I feel that the acquisition of Splunk by Cisco has spooked a few of the clients since they are unsure if they will receive any support if they don't have a Cisco-based infrastructure and instead have some other company like HP supporting their infrastructure.
Splunk is really expensive compared to all the other tools on the market, including Microsoft Sentinel. Some of the clients prefer to go for a data lake kind of solution because of Splunk Enterprise Security's prices. Some of the clients have also mentioned that the pricing of Splunk Enterprise Security is not visible for them and it is based on storage because of which they are not able to control various aspects associated with the pricing part.
In cases where I see the replacement of existing SIEM solutions from my company's customers' end, I have dealt with scenarios where Microsoft Sentinel replaces Splunk Enterprise Security. I have also dealt with implementations associated with Splunk Enterprise Security from scratch. I have managed migrations of Splunk Enterprise Security from on-prem to the cloud.
The primary reason customers are moving to a cloud-based solution is that products like QRadar and LogRhythm did not initially offer cloud versions. The other reasons why customers are moving to cloud-based solutions are the difficulty of configuring their use cases and the problem of finding the right resources to support them. With Splunk and Microsoft Sentinel, resources will be much more available to users in the market, but for LogRhythm, the market is going down. Training opportunities, the building of accelerators, available information in the outside world, and a lot of reasons have prompted customers to move to cloud-based products.
I would say that it is easy to configure the use cases, and also to correlate use cases, which in turn helps reduce alert volume. More importantly the product can provide good visibility in the area of dashboarding, metrics and security events.
Splunk Enterprise Security helps me find any security event across multi-cloud, on-premises, or hybrid environments.
Visibility across multiple environments or varied environments is absolutely important to our company's clients, and it is one of the key areas because most clients do not want to go and see multiple tools like CrowdStrike for endpoint protection. Our company's clients want to be able to see one dashboard with all the feeds coming in, along with all the alerts correlated to it.
The product provides relevant context to guide our company in the investigation. When you have more context, L1 or L2 support finds it easier to investigate. I don't know if Splunk already has an AI-based plugin tool or not. If AI is present in the product, it would help L1 and L2 support resolving tickets in a much faster manner, and it is also an area where context helps.
I have seen a reduction in the mean time to resolve from the use of Splunk Enterprise Security by around 30 to 40 percent if it is able to deal with contextualization. L1 and L2 support teams look at a particular incident, and if they end up spending more time adding the context or going through multiple tickets, it adds up the time needed to resolve an issue.
The product helps speed up security investigations by around 30 to 40 percent. Collecting the context is the key step for resolving or investigating purposes.
It is not fair to state why a certain rating is being given to a product since a person rates a solution on certain aspects, and it could be in terms of the migration part. If I speak in terms of the performance and support parts of the solution, I would rate the product a nine. If I consider the cost of implementing and maintaining the product, I would rate other products much better than Splunk Enterprise Security. As a company, we have implemented Splunk Enterprise Security multiple times, and we see the business associated with the product growing higher. My company also provides training to people in relation to Splunk Enterprise Security. My company hopes to do more business with Splunk Enterprise Security. My company has 3,00,000 employees.
I rate the overall tool an eight out of ten.
