Cybereason Endpoint Detection & Response vs Splunk Enterprise Security comparison

The compared Cybereason and Splunk solutions aren't in the same category. Cybereason is ranked #24 in EDR , with an average rating of 8.2, and holds a 0.9% mindshare in the category. Splunk is ranked #1 in SIEM , with an average rating of 8.4, and holds a 9.4% mindshare. Additionally, 89% of Cybereason users are willing to recommend the solution, compared to 93% of Splunk users who would recommend it.

Cybereason Endpoint Detecti...

Read 21 Cybereason Endpoint Detection & Response reviews

4,416 Views
2,561 Comparison Views

89% willing to recommend

Splunk Enterprise Security

Read 318 Splunk Enterprise Security reviews

25,544 Views
13,027 Comparison Views

93% willing to recommend

Cybereason Endpoint Detecti...

Splunk Enterprise Security

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Cybereason Endpoint Detection & Response and Splunk Enterprise Security based on real PeerSpot user reviews.

Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Endpoint Detection and Response (EDR).

To learn more, read our detailed Endpoint Detection and Response (EDR) Report (Updated: January 2025).

Buyer's Guide

Endpoint Detection and Response (EDR)

January 2025

Download the complete report

Helped 861,803 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cybereason Endpoint Detecti...

Average Rating

8.0

Reviews Sentiment

7.9

Number of Reviews

Ranking in other categories

Endpoint Protection Platform (EPP) (35th), Endpoint Detection and Response (EDR) (24th)

Splunk Enterprise Security

Average Rating

8.4

Reviews Sentiment

7.5

Number of Reviews

318

Ranking in other categories

Log Management (2nd), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Cybereason Endpoint Detection & Response is designed for Endpoint Detection and Response (EDR) and holds a mindshare of 0.9%, down 1.1% compared to last year.
Splunk Enterprise Security, on the other hand, focuses on Security Information and Event Management (SIEM), holds 9.4% mindshare, down 12.1% since last year.

Endpoint Detection and Response (EDR)

Security Information and Event Management (SIEM)

Featured Reviews

AtulChaurasia

Operational Technical Security at Metro Bank

Scalable platform with intuitive features for detecting malicious files

The initial setup process is straightforward. We have to install the agent, create a package, and deploy it on servers. It has a prebuilt console managed by the cloud team of Cybereason. We don't have to worry about the console and concentrate on endpoint implementation. It takes ten days to deploy it on 10,000 devices.

Read full review

ROBERT-CHRISTIAN

CTO at kyndryl

Has many predefined correlation rules and is brilliant for investigation and log analysis

It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Their EDR solution, the ability to mitigate issues through their command line, is probably the best feature that we've had. We use that all the time. It's very useful for doing investigations."

"What I find most valuable is the clarity of the platform."

"Cybereason absolutely enables us to mitigate and isolate on the fly. Our managed detection response telemetry has dropped dramatically since we began using it. It's very top-of-mind. We were running some tabletop exercises and none of the detections were getting triggered by the managed security services provider. So we needed to find a solution that would trigger high-fidelity alerts. That was Cybereason and it dramatically changed our landscape from the detection and response perspective."

"It gives all the information in a clear response."

"The most valuable feature is the capability of the command used by the machine so that we see the kind of performance that is running."

"What I like most about Cybereason Endpoint Detection & Response is the support because the support is good. The solution is also easy to use, and it has a dashboard. Everything is good, and there's no problem with it."

"What I find most valuable is the clarity of the platform. It is very straightforward."

"The interface is user-friendly."

More Cybereason Endpoint Detection & Response pros

"It gives us good visibility into multiple environments, including cloud, on-premises, and hybrid; irrespective of platform."

"Our clients use the solution to find any threats or vulnerabilities inside their environment."

"You can use it to gather syslog messages from anything."

"Our clients are easily able to modify and evolve their implementations."

"I like the ease of setting up dashboards on Splunk. They're easy to create, manage, alter, and share. You can fine-tune them any way you see fit."

"Splunk's strongest suit is its user interface. We can integrate multiple solutions and adjust settings in the Splunk interface."

"Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful."

"The feature that we use the most is the correlation search engine within ES."

More Splunk Enterprise Security pros

Cons

"Its Microsoft PowerShell protections still need some compatibility improvements. We have run across just a few. It is compatible with 90% of what we have in our network, but there is that 10% that we are still struggling with as far as compatibility with the type of PowerShell scripts needed to run our day-to-day business."

"Ad hoc higher-level reporting to senior management can be improved or can be implemented. That's definitely an area of improvement that they need to focus on."

"Cybereason does not have sandbox functionality."

"Reporting could be a bit more granular so that we had the ability to check regions and countries. I just noticed that, for instance, if I look at our servers, it's either "contained" or it's "not contained". I don't have the option, for instance, to look at countries. It only allows me to look at users as one big group."

"I feel that the product lacks reporting features and needs improvement."

"There is room for improvement in the product features related to device control, particularly USB management."

"While the product is very good, there are still some areas for improvement. The initial triage area could be a bit simpler. They get into the weeds real fast; it gets very detailed very fast. I am still looking for an easier triage layer on top with the ability to dig deeper."

"I would like to see improvements on the operational side, specifically in grouping."

More Cybereason Endpoint Detection & Response cons

"Improving the infrastructure behind Splunk Enterprise Security is vital—enhanced cores, CPUs, and memory should be prioritized to support better processing power. When we execute heavy, resource-intensive queries over long periods, the performance dips."

"We'd like to see a more seamless cloud-based integration."

"I think the only thing lacking is that there are some answers that I couldn't find about the tool without reaching out to support, and it had to be escalated to the engineering team."

"If it could be made available as a service, this would be much better than as a product."

"Spam has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried any of them."

"Splunk needs local technical support."

"The use cases provided by Splunk are a good starting point, but could cover many additional topics to ensure that a smaller or less experienced shop might maximize the value of an ES deployment."

"The implementation and the scanning of the logs can be difficult."

More Splunk Enterprise Security cons

Pricing and Cost Advice

"I do not have experience with the licensing of the product."

"On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing an eight."

"In terms of cost, this is a good choice for our needs."

"We considered a few other solutions. Some were ridiculously overpriced, while others didn't have solutions for Mac endpoints. That was a deal-breaker because most of our organization is on Mac. It came down to two vendors: Cybereason and another. They had similar pitches and almost identical approaches, but in the end, Cybereason gave us the best value for our money."

"This product is somewhat expensive and should be cheaper."

"Though it is not the cheapest solution but it fits our budget. We pay an annual licensing fee."

"In terms of pricing, it's a good solution."

"The pricing is manageable."

More Cybereason Endpoint Detection & Response pricing and cost advice

"Pricing and licensing are quite high compared to other tools or SIEM tools, but the features justify it."

"Expensive compared to other options."

"Splunk licensing model might seem expensive but with all the gain in functionalities you will have compared to traditional SIEM solutions I think it’s worth the price."

"The pricing seems good relative to the other vendors that we have had here. However, they need to find ways to be more flexible with the licensing and be able to deal with situations where we start generating more logs. Maybe having some controls in the Splunk interface to turn it off, so we don't have to change anything in our application."

"Some of the insights that we have obtained as a part of using Splunk have greatly helped us in increasing our revenue in terms of selling our products."

"Splunk is not a cheap solution and the license is billed annually."

"It is expensive. I used to buy it early on, but then they combined it into a higher-up organization. They buy it for multiple systems now. Last time, I paid around 60K for it. There is just the licensing fee. That's all."

"Splunk is not free."

More Splunk Enterprise Security pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.

See recommendations

861,803 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

11%

Manufacturing Company

Government

Financial Services Firm

14%

Computer Software Company

14%

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What is your experience regarding pricing and costs for Cybereason Endpoint Detection & Response?

Comparison with other products showed it be cheaper than some larger competitors. Set up cost for us were cheaper as we already had users experienced with the product in other business units. Initi...

See all answers

What is your primary use case for Cybereason Endpoint Detection & Response?

We use it to improve detection in the whole industrial sector. We are a big energy company. Across multiple endpoints, we deploy the EDR to secure all, improve detection, and also attempt to automa...

See all answers

What do you like most about Cybereason Endpoint Detection & Response?

The interface is user-friendly.

See all answers

What SOC product do you recommend?

For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...

See all answers

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...

See all answers

How does Splunk compare with Azure Monitor?

Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...

See all answers

Comparisons

Darktrace vs Cybereason Endpoint Detection & Response

Compared 28% of the time

CrowdStrike Falcon vs Cybereason Endpoint Detection & Response

Compared 11% of the time

SentinelOne Singularity Complete vs Cybereason Endpoint Detection & Response

Compared 11% of the time

Microsoft Defender for Endpoint vs Cybereason Endpoint Detection & Response

Compared 10% of the time

Kaspersky Endpoint Security for Business vs Cybereason Endpoint Detection & Response

Compared 5% of the time

More Cybereason Endpoint Detection & Response Competitors

IBM Security QRadar vs Splunk Enterprise Security

Compared 8% of the time

Wazuh vs Splunk Enterprise Security

Compared 8% of the time

Dynatrace vs Splunk Enterprise Security

Compared 7% of the time

Datadog vs Splunk Enterprise Security

Compared 6% of the time

Security Onion vs Splunk Enterprise Security

Compared 4% of the time

More Splunk Enterprise Security Competitors

Product Reports

Buyer's Guide

Cybereason Endpoint Detection & Response

July 2025

Cybereason Endpoint Detection & Response report

Download Cybereason Endpoint Detection & Response product report

Buyer's Guide

Splunk Enterprise Security

June 2025

Download Splunk Enterprise Security product report

Also Known As

Cybereason EDR, Cybereason Deep Detect & Respond

No data available

Overview

Cybereason's Endpoint Detection and Response platform detects in real-time both signature and non-signature-based attacks and accelerates incident investigation and response. Cybereason connects together individual pieces of evidence to form a complete picture of a malicious operation.

Cybereason

Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.

Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.

What are the key features?

Comprehensive Dashboards: Provide a holistic view of security operations.
Flexible Data Ingestion: Supports various data sources for better analysis.
Robust Log Aggregation: Centralizes log management for easier monitoring.
Machine Learning Toolkit: Enhances threat detection and prediction capabilities.
SIEM Capabilities: Integrates security information and event management.
Threat Intelligence: Utilizes external information to improve security measures.
Risk-Based Alerting: Prioritizes alerts based on the risk they pose.
Correlation Searches: Identifies and correlates security events effectively.

What benefits or ROI should users look for?

Enhanced Visibility: Improves monitoring across endpoints, networks, and users.
Faster Incident Response: Speeds up identification and resolution of security issues.
Reduced Alert Volumes: Lowers false positives and enhances signal-to-noise ratio.
Scalability: Adapts to growing and changing security needs.
Improved Security Operations: Integrates multiple security facets into one platform.

Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.

Splunk

Sample Customers

Lockheed Martin, Spark Capital, DocuSign, Softbank Capital

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.

Buyer's Guide

Endpoint Detection and Response (EDR)

January 2025

Download Free Report

Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Endpoint Detection and Response (EDR). Updated: January 2025.

DOWNLOAD NOW

861,803 professionals have used our research since 2012.

We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.