Splunk Enterprise Security and Cortex XSIAM are competitive solutions in the security analytics and SIEM space. Splunk excels with robust data analysis and ease of use, while Cortex XSIAM is noted for its effective integration capabilities and machine learning-enhanced threat detection.
Features: Splunk Enterprise Security provides comprehensive log management, fast searches, and scalable performance with advanced operational intelligence. It integrates multiple data sources and supports real-time alerts. Cortex XSIAM is valued for its machine learning capabilities, automation, and efficient threat detection. It enhances investigation processes with third-party integration.
Room for Improvement: Splunk Enterprise Security could improve its operational workflows and visualization stability. The integration methods for security devices and support for cluster management are complex. Cortex XSIAM lacks extensive integrations compared to rivals and could refine its dashboard usability and licensing process.
Ease of Deployment and Customer Service: Splunk Enterprise Security supports versatile deployment options across on-premises, private, public, and hybrid clouds, with knowledgeable technical support. Cortex XSIAM primarily supports public cloud deployments, with less hybrid cloud support, and could benefit from faster response times.
Pricing and ROI: Splunk Enterprise Security offers high licensing costs justified by its rich feature set, resulting in significant ROI for larger organizations. Cortex XSIAM, while competitively priced, remains expensive, offering value through integration and threat detection features. Both solutions entail costs linked to deployment scale.
I have noticed a return on investment with Splunk Enterprise Security, as it delivers substantial value for money.
Splunk's cost is justified for large environments with extensive assets.
It is ineffective in terms of responding to basic queries and addressing future requirements.
The Palo Alto support team is fully responsive and helpful.
If you want to write your own correlation rules, it is very difficult to do, and you need Splunk's support to write new correlation rules for the SIEM tool.
I have sought assistance from Splunk Enterprise Security support in the past, particularly during deployment, and they provide friendly and effective help.
The technical support for Splunk met my expectations.
Without proper integration, scaling up with more servers is meaningless.
Cortex XSIAM is highly scalable.
They struggle a bit with pure virtual environments, but in terms of how much they can handle, it is pretty good.
It is easy to scale.
I find it easy to scale Splunk Enterprise Security for our environment.
The product was easy to install and set up and worked right.
Overall, Cortex XSIAM is stable.
It provides a stable environment but needs to integrate with ITSM platforms to achieve better visibility.
It is very stable.
Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long.
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports.
Cortex could improve the detection and online resolution of security vulnerabilities.
Improving the infrastructure behind Splunk Enterprise Security is vital—enhanced cores, CPUs, and memory should be prioritized to support better processing power.
What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel.
Splunk Enterprise Security would benefit from a more robust rule engine to reduce false positives.
The first impression is that XSIAM would be more expensive than others we tried.
The product is very expensive.
Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable.
I saw clients spend two million dollars a year just feeding data into the Splunk solution.
The platform requires significant financial investment and resources, making it expensive despite its comprehensive features.
Splunk is priced higher than other solutions.
One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities.
The flexibility for creating manual workflows stands out.
Its signature-less subscriptions and robust detection power stand out in improving threat detection.
This capability is useful for performance monitoring and issue identification.
They have approximately 50,000 predefined correlation rules.
The Splunk Enterprise Security's threat-hunting capabilities have been particularly useful in later releases.
Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.
Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.
What are Cortex XSIAM's key features?
What benefits are evident in Cortex XSIAM reviews?
Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.
Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.
Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.
What are the key features?Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
