We performed a comparison between Splunk Enterprise Security and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"It's pretty powerful and its performance is pretty good."
"The automation feature is valuable."
"The machine learning and artificial intelligence on offer are great."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The main benefit is the ease of integration."
"The alerts are very effective."
"Splunk Enterprise Security's dashboards are a key asset."
"Splunk works based on parsing log files."
"The level of robustness on offer is very good."
"Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful."
"Splunk is a user-friendly solution."
"The search lookups are useful."
"We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company."
"It can be easily deployed with the other solutions."
"Compared to other solutions, the user interface is good."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"I like the ease of deployment."
"It is easy to use and deploy. It comes with user-friendly manuals."
"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."
"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
"McAfee as a whole is a good solution."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"I would like to see more AI used in processes."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"I would like to be able to monitor applications outside of the Azure Cloud."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk."
". Having a trial version or more training on Splunk would be helpful."
"If you have to do your own stuff, such as customized charts, it is a little bit more work, but once you're familiar with the Splunk query language, you can pretty much do whatever you want. In terms of features, it should probably have the features that other competitors provide."
"Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it."
"Its interface and usability can always be improved."
"An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times."
"There is a definite learning curve to starting out."
"Sometimes, there is latency in the logs."
"There's no software support from McAfee."
"The initial setup is difficult and could improve."
"McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."
"I would like to see good analytics in future releases."
"Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."
"The solution needs to improve case management. The UI is confusing."
"The user interface could be more user-friendly."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. Splunk Enterprise Security is rated 8.4, while Trellix ESM is rated 7.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Trellix Helix and Cybereason Endpoint Detection & Response. See our Splunk Enterprise Security vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.