Cisco SecureX [EOL] vs Splunk SOAR comparison

The compared Cisco and Splunk solutions aren't in the same category. Splunk is ranked #3 in SOAR , with an average rating of 8.0, and holds a 7.3% mindshare. Additionally, 100% of Cisco users are willing to recommend the solution, compared to 86% of Splunk users who would recommend it.

Cisco SecureX [EOL]

Read 13 Cisco SecureX [EOL] reviews

100% willing to recommend

Splunk SOAR

Read 45 Splunk SOAR reviews

4,351 Views
2,662 Comparison Views

86% willing to recommend

Cisco SecureX [EOL]

Splunk SOAR

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Cisco SecureX [EOL] and Splunk SOAR based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools.

To learn more, read our detailed Application Security Tools Report (Updated: April 2025).

Buyer's Guide

Application Security Tools

April 2025

Download the complete report

Helped 850,671 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cisco SecureX [EOL]

Average Rating

9.0

Reviews Sentiment

8.2

Number of Reviews

Ranking in other categories

No ranking in other categories

Splunk SOAR

Average Rating

8.0

Reviews Sentiment

6.8

Number of Reviews

Ranking in other categories

Security Orchestration Automation and Response (SOAR) (3rd)

Featured Reviews

Alon K

CTO & VP of Cyber Solutions, Israel at Rockwell Automation

Gives our customers visibility and they don't have to go multiple management consoles anymore

One of the examples is related to forensics. The forensics are amazing because when you have enrichment, and the solutions talk with each other, when you need it, you have the ability to know everything in the organization: when, why, whatever. With just one click you have information from email, from the endpoint, from the web. Let's say that tomorrow morning, you have a ransom[ware] attack in your organization and you would like to know from which email it came, or where the customer saved the file, even though the incident didn't occur at the same moment. With SecureX, you have Cisco Threat Response inside. [With] one click, you get all of the flow. That's amazing value. That also releases resources for our customers. The customers don't have to connect many systems and try to register the event on each system, or to go to the SIEM and do a correlation. That's the one-stop shop for the customers, and that's amazing.

Read full review

Shubham Sinha.

Senior Principal Information Security Analyst at Veritas Technologies LLC

Helped eliminate repetitive and redundant tasks, but custom functions and reporting need a lot of work

The visibility of the solution’s playbook viewer depends on the right you assign to the analyst. SOAR has the flexibility to distinguish between the roles of analyst and owner. If the analyst's role is to just work on a ticket, they cannot view the playbook design platform. That is limited to the owner. That can be both a good and bad thing. A major problem I have faced in SOAR's rights distribution is roles and responsibilities. Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch, just to amend the rights and responsibilities of one role. This bug was not fixed. Also, the latest GUI is terrible. The previous one was better. Another point is that while using Splunk SOAR in an investigation is not difficult, there are some complex parameters. We have SOAR case management, but the licensing is going to put a big hole in your pocket. Also, there is an issue with investigation node addition. When you are doing node additions you cannot grant the entire environment to have SOAR visibility into the incident. So when you integrate it with an ITSM tool, like ServiceNow or Jira for ticketing purposes, there is a challenge. When you do nodes for investigation on a regular basis, sometimes it does not update our ServiceNow platform, which is terrible. It is a redundant activity for an analyst to update that in the case management as well as in the ITSM tool. Although SOAR provides integration, the functionality of investigation and nodes is terrible when it comes to integration. An additional area for improvement is custom function creation. It's terrible. A newbie cannot create custom functions right away. They would require a solid understanding first. Also, the reporting is really awful. If I want to do a report for a customized time period, such as the last three days or the last four days, or from the 10th to the 12th of June, that is not available in SOAR at all. That kind of feature is available in Cortex XSOAR. Reporting is a real challenge.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable feature is its ability to manage all the applications and visibility. For example, if there is malware, spam, or another component that wants to attack the company in my servers, network, or applications, then SecureX will react to the problem."

"Using SecureX, a tool provided by Cisco, we can easily integrate it with many of our other Cisco products such as Cisco ISE and many networking devices."

"It has evolved a lot, just that monitoring piece to the current Orchestrator piece. The additional analytics are there. They now have something called Insight, which can basically take data from Microsoft Azure AD and Intune to give us information about our endpoints. This is detailed information about the endpoints, from Secure Endpoint and all these different products. So, it is just constantly evolving. Every time that it evolves, we have more information with more visibility. There are more features that we have that just make everything so much easier, and it is in one place. I don't have to keep going back and forth. I don't have to go to Secure Endpoint and ISE to get the data. I don't have to go to Intune on Microsoft to get the information. It is all in one place."

"SecureX enables us to have all the threat intelligence and threat event data in one place."

"SecureX takes all the separate pieces of security within your company, adds in intelligence from different sites and services on the internet, and makes them work together."

"The forensics are amazing because when you have enrichment, and the solutions talk with each other, when you need it, you have the ability to know everything in the organization: when, why, whatever."

"The most beneficial feature of Cisco SecureX for cybersecurity efforts is its integration with other Cisco solutions and the environment. This sets it apart, as its APIs and overall integration capabilities are very strong. Additionally, its detection capabilities are commendable."

"Integrates well with our existing security infrastructure."

More Cisco SecureX [EOL] pros

"Splunk has many features that make work easier, and it's simple to implement in a large production environment. Splunk collects a massive amount of data from cloud servers and handles it perfectly."

"The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it."

"The product provides 100% automation for certain processes."

"The automation part of the product is great."

"Workflow management is most valuable. It is easily customizable"

"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."

"The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me."

"I like the integration capabilities of Phantom. It has a lot of integrations with other products. Its searching methodologies are also good. It is also easy to understand and easy to create playbooks."

More Splunk SOAR pros

Cons

"I'm not sure that I would call it a bug, but sometimes the solution is a little slow."

"For us, the biggest sticking point is that the product is not being designed for multi-tenancy use at present, from an MSP perspective."

"The playbooks provided with the product are great, although I would appreciate having more playbooks available. Threats are constantly evolving, so having access to updated playbooks is crucial."

"I would like it to integrate with another solution, e.g., DNA. I would like it to connect to that solution, but not the security aspect."

"The documentation can be improved and the on-prem integration. The set of applications that it was integrated with wasn't comprehensive."

"what's missing right now is the multi-tenant capability."

"The automation and orchestration could be simpler. It could be that all the other parts are that easy to use so that these stick out as a negative, but that's the trickiest part for us. The workflows within the orchestration are just a bit more difficult."

"If they could make the Cisco Umbrella piece a little bit more advanced or easier to manage, that would help. We use it for filtering and when you compare it to a normal content filter, it lacks some functionality."

More Cisco SecureX [EOL] cons

"Creating playbooks using the solution’s playbook editor, for me, is very cumbersome. There have been instances where I have said to myself that I just don't want to use this editor. I might just use a code block and write my own code within it... The functionality in the playbook editor is 80 percent there, but that 20 percent is still lacking. They could make it more efficient."

"The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginners to learn. It's hard for a new user to figure out how to visualize old threat data. It took two to three months to learn with hands-on experience how to use the dashboard, visualize events, and analyze threats."

"Unfortunately, not all of our analysts are iPhone users or iOS users. The mobile app is only supported on iOS. Our analysts who have Android do not have that benefit. That would be a nice thing to have so that we can have it across the board and not just for iOS."

"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."

"While there have been improvements to the investigation process, particularly with the playbook data, the current log review method is cumbersome."

"The cost of Splunk SOAR has room for improvement."

"SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks."

"We've run into a few minor issues. Some of the playbook writing is a bit complicated. We've had a few hiccups with the source control. We'd really like to use GitHub deployment keys for a dedicated account. We haven't been able to do that. I think those are some of the major ones."

More Splunk SOAR cons

Pricing and Cost Advice

"For the value you get, the pricing of the solution is excellent."

"You can spend less money for another solution, but if you really want to have a good solution you have to pay. We are happy that we are getting such a good solution for what we are spending."

"It is free. It can't get any better than that."

"The pricing is competitive, especially for education institutions. Licensing can be a little bit difficult to navigate, especially with resellers with Cisco, but for us it has been pretty easy."

"It would be nice if they had a different pricing model. Most of our budget for projects goes towards Cisco."

"Cisco SecureX is more expensive than Trend Micro. However, considering the integration capabilities with other solutions and the quality of technical support, I believe there's justification for the price difference."

"It comes free with all Cisco products. So, it is a good price."

"The pricing is the best part of this solution. It is free if you buy Umbrella or Duo Security. It is also a good solution."

More Cisco SecureX [EOL] pricing and cost advice

"The tool is not cheap."

"I don't know the exact price, but for my region, it is very expensive."

"Splunk SOAR is more expensive compared to other options for SOAR."

"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."

"The licensing cost is reasonable."

"It's very overpriced because it is based on the number of users. There is no bulk licensing."

"While I can't confirm the exact pricing, some colleagues have mentioned that Splunk SOAR may be on the costlier side."

"Splunk SOAR is moderately priced, neither cheap nor overly expensive."

More Splunk SOAR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

850,671 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

36%

Financial Services Firm

Manufacturing Company

Government

Computer Software Company

14%

Financial Services Firm

13%

Manufacturing Company

11%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Ask a question

Earn 20 points

What do you like most about Splunk Phantom?

Splunk SOAR's quick response to incidents is the most valuable part.

See all answers

What is your experience regarding pricing and costs for Splunk Phantom?

Splunk SOAR is affordable cost-wise only, but not competitive from a technical perspective compared to Palo Alto SOAR and FortiSOAR.

See all answers

What needs improvement with Splunk Phantom?

The creation of playbooks is complex in Splunk SOAR ( /categories/security-orchestration-automation-and-response-soar ), and the number of integrations needs enhancement. Although it enhances alert...

See all answers

Comparisons

Microsoft Defender XDR vs Cisco SecureX [EOL]

Compared 52% of the time

Cisco Secure Network Analytics vs Cisco SecureX [EOL]

Compared 48% of the time

More Cisco SecureX [EOL] Competitors

Cortex XSIAM vs Splunk SOAR

Compared 20% of the time

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Compared 19% of the time

Fortinet FortiSOAR vs Splunk SOAR

Compared 10% of the time

Tines vs Splunk SOAR

Compared 9% of the time

ServiceNow Security Operations vs Splunk SOAR

Compared 8% of the time

More Splunk SOAR Competitors

Product Reports

Buyer's Guide

Cisco SecureX [EOL]

May 2025

Download Cisco SecureX [EOL] product report

Buyer's Guide

Splunk SOAR

April 2025

Download Splunk SOAR product report

Also Known As

Kenna.AppSec, Kenna.VI

Phantom

Overview

Cisco SecureX is an integrated security platform that connects the breadth of Cisco's integrated security portfolio and the customer's infrastructure to create a consistent experience. The solution unifies visibility, enables automation, and strengthens your security across network, endpoints, cloud, and applications. Cisco SecureX is embedded within every Cisco Security product and supports integrations with SIEM and SOAR, so customers will not need to replace any solution or worry about layering on new technology.

Cisco SecureX Features

Cisco SecureX has many valuable key features. Some of the most useful ones include:

Unified overview: Cisco SecureX offers key metrics on transactions and threats for network, endpoints, cloud and applications. In addition, the SecureX interface is integrated into all Cisco Security technologies.

Automation and an increase in operational efficiency: With Cisco SecureX, you gain better automation of workflows for products of the Cisco Security portfolio and third parties, allowing you to focus on other more important tasks. By eliminating manual work (through automatic identification of threats using analytical data of Cisco Talos and other sources), the solution helps your organization save a significant amount of time.

Security strengthening: Cisco SecureX makes it easy to compare analytical data from a set of various sources with the telemetry received from network, endpoints, e-mail, cloud, and third-party products.

Cisco SecureX Benefits

Some of the benefits of using Cisco SecureX include:

Secure every business endeavor with an open, integrated platform that has out-of-the-box interoperability and scales to meet security needs.

Advance your security maturity level using existing resources.

Turn security from a blocker into an enabler. Cisco SecureX allows you to add new security capabilities for the threat landscape.

Maximize your operational efficiency, helping you get the most from your security investments.

Reviews from Real Users

Below are some reviews and helpful feedback written by Cisco SecureX users.

PeerSpot user Wouter H., Technical Team Lead Network & Security at Missing Piece BV, shares several reasons why he thinks the solution is fantastic. In his opinion, “SecureX takes all the separate pieces of security within your company, adds in intelligence from different sites and services on the internet, and makes them work together. If an email is received on a machine and malware is being executed, it can be put into lockdown mode. The fact that you can have a single solution that combines endpoint intelligence with email intelligence, firewalls, and publicly available intelligence is really helpful. Also, SecureX provides us with contextual awareness throughout our security ecosystem. Before SecureX, things that were not possible, or that would take days, now literally take seconds to find out.

Michal S., Infrastructure Engineer at a media company, says, “SecureX provides many measurements and has a really good dashboard. Working with it you are able to see things very clearly and you have every detail on a single display. That saves us money and time.” He also adds, “It brings all our data into a central point. It also shows us many data connections between many of our environments. SecureX gives you really good information about potential risks. You are able to find the source of a risk, a potential risk from a user or a machine.”

Blair A., Technology Director at Shawnee Heights USD #450, explains, "One of the most valuable features is the simplicity of deploying SecureX. It's very easy to do that and then you gain very detailed visibility into everything that's going on in your network and, obviously, at the device level. There's just a wealth of information that you can pull from all of these products that are part of SecureX. You know exactly if you have an issue or not."

Cisco

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Splunk

Sample Customers

NHS, Rackspace, UNC Pembroke, University of North Carolina at Charlotte, Missing Piece

Recorded Future, Blackstone

Buyer's Guide

Application Security Tools

April 2025

Download Free Report

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools. Updated: April 2025.

DOWNLOAD NOW

850,671 professionals have used our research since 2012.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.