Splunk User Behavior Analytics and Cisco Secure IPS (NGIPS) are competing in the network security and user behavior monitoring category. Cisco Secure IPS (NGIPS) appears to have the upper hand due to its superior features, justifying its cost.
Features: Splunk User Behavior Analytics excels in anomaly detection and focuses on user and entity behavior analytics. It’s also appreciated for its proactive threat detection capabilities. Cisco Secure IPS (NGIPS) is recognized for its advanced intrusion prevention capabilities and seamless integration with other Cisco security products. The main feature distinction is Splunk’s inclination toward uncovering insider threats compared to Cisco’s comprehensive external threat defense.
Room for Improvement: Splunk could benefit from simpler deployment processes and enhanced integrations with third-party solutions. Improvement in reporting capabilities and user interface refinement could enhance its appeal. Cisco Secure IPS (NGIPS) might improve by offering more flexible pricing models and simplifying its licensing process. Further tuning of their IPS engine and enhancing threat intelligence features are areas to consider.
Ease of Deployment and Customer Service: Cisco Secure IPS (NGIPS) boasts a more extensive deployment model that offers seamless integration into existing infrastructures, with a renowned service experience. Splunk User Behavior Analytics presents a more complex deployment scenario, but its customer service is well-regarded for its comprehensive support.
Pricing and ROI: Splunk User Behavior Analytics is linked with a lower initial setup cost providing strong ROI focused on optimizing security management. Cisco Secure IPS (NGIPS), while having a higher upfront cost, delivers robust ROI through sophisticated threat detection and prevention capabilities. The compelling difference remains Splunk’s lower cost of entry against Cisco’s justified investment due to superior threat management features.
The solution can save costs by improving incident resolution times and reducing security incident costs.
Fortinet, on the other hand, offers quicker response times and same-day RMAs, which gives them an edge in customer service.
The response was fast, and they provided experts to solve our issues quickly.
A few years ago, I had a very bad situation. We lost a lot of money, and I opened for the first time in my life, a case with priority one. The person responsible for the ticket didn't respond for two days.
Mission-critical offering a dedicated team, proactive monitoring, and fast resolution.
From the responsiveness perspective, Splunk is very responsive with SLA-bound support for premium tiers.
I would rate their technical support as 8.5 out of 10.
Splunk User Behavior Analytics is highly scalable, designed for enterprise scalability, allowing expansion of data ingestion, indexing, and search capabilities as log volumes grow.
The software situation with Cisco is problematic.
With built-in redundancy across zones and regions, 99.9% uptime is achievable.
Splunk User Behavior Analytics is a one hundred percent stable solution.
Splunk User Behavior Analytics is highly stable and reliable, even in large-scale enterprise environments with high log injection rates.
Incorporating AI capabilities would enhance its functionality.
CLI is very important in professional working, and it was an unwise decision by Cisco to remove it.
Global reach allows deployment of apps and services closer to users worldwide, but data sovereignty concerns exist and region selection must align with compliance requirements.
I encountered several issues while trying to create solutions for this advanced version, which seem unrelated to query or data issues.
High data ingestion costs can be an issue, especially for large enterprises, as Splunk charges based on the amount of data processed.
It's cheaper to integrate with existing IT security solutions compared to other expensive brands with subscription costs.
Reserved instances with one or three-year commitments offer lower rates, providing up to 70% savings.
Compared to all other products in the market, it is the most expensive one in all aspects including professional service and licenses, even the cloud version.
Comparing with the competitors, it's a bit expensive.
Cisco Secure IPS (NGIPS) is quite powerful for threat detection and includes botnet detection.
They can discover new versions of malware, which is very beneficial.
I also utilize it for anomaly detection and behavior analysis, particularly using Splunk's machine learning environment.
The dashboards themselves are nice, very good, and very helpful, but the accuracy of the data or the information that will be presented on the dashboard is something that needs to be questioned.
Features like alerts and auto report generation are valuable.
| Product | Market Share (%) |
|---|---|
| Cisco Secure IPS (NGIPS) | 3.4% |
| Splunk User Behavior Analytics | 1.9% |
| Other | 94.7% |
| Company Size | Count |
|---|---|
| Small Business | 26 |
| Midsize Enterprise | 17 |
| Large Enterprise | 26 |
| Company Size | Count |
|---|---|
| Small Business | 7 |
| Midsize Enterprise | 5 |
| Large Enterprise | 12 |
Cisco Secure IPS (NGIPS) provides intrusion prevention, malware detection, and DDoS protection with modularity, third-party integration, and cloud capabilities, focusing on flexibility, automation, and real-time threat detection, while offering centralized management and ease of upgrading.
Cisco Secure IPS (NGIPS) is designed to support network security through an open platform, delivering features such as anomaly detection and security intelligence. Users benefit from robust technical support, making it a reliable choice for enterprises seeking to protect their network infrastructures. However, improvements are needed in user-friendliness, interface complexity, and integration with third-party tools. There is a demand for better reporting, sandboxing capabilities, and enhanced AI-driven threat detection and response times, especially for zero-day attacks. Pricing remains a concern due to high costs and licensing complexity.
What are the key features of Cisco Secure IPS?Businesses deploy Cisco Secure IPS (NGIPS) in both on-premises and cloud environments, addressing needs like compliance audits and integration with platforms such as Cisco Talos and Umbrella. Its implementation strengthens perimeter security, enhances cybersecurity in enterprise and banking sectors, and ensures effective threat management for network defense.
Splunk User Behavior Analytics is a behavior-based threat detection is based on machine learning methodologies that require no signatures or human analysis, enabling multi-entity behavior profiling and peer group analytics for users, devices, service accounts and applications. It detects insider threats and external attacks using out-of-the-box purpose-built that helps organizations find known, unknown and hidden threats, but extensible unsupervised machine learning (ML) algorithms, provides context around the threat via ML driven anomaly correlation and visual mapping of stitched anomalies over various phases of the attack lifecycle (Kill-Chain View). It uses a data science driven approach that produces actionable results with risk ratings and supporting evidence that increases SOC efficiency and supports bi-directional integration with Splunk Enterprise for data ingestion and correlation and with Splunk Enterprise Security for incident scoping, workflow management and automated response. The result is automated, accurate threat and anomaly detection.
We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
