We performed a comparison between Splunk Enterprise Security and vRealize Network Insight based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The main benefit is the ease of integration."
"The Log analytics are useful."
"Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize."
"We did not encounter any issues with scalability. It is almost seamless to add new index (storage) or search (used to analyze the data) nodes to the cluster."
"Three features stand out for me: the SDK for writing Python, the customizable and adaptable diagnostic dashboard, and the optimizer for collecting data."
"I have found the installation can be of medium difficulty to very complex depending on the use case."
"The scalability is good."
"The most valuable feature of Splunk Enterprise Security is the comprehensive logging capabilities it provides."
"The data representation options in the dashboards are excellent."
"it can explain to management about what kind of traffic is visiting the network. It can also explain other traffic coming in and out, along with protecting against malware."
"It has definitely helped us to meet compliance rules by assuring that all traffic is going to where it's supposed to go. It can be used to report that you are in compliance, as well as helping you get into compliance."
"It's a very powerful, very manageable product."
"It has enabled us to set up and do application discovery, as far as network traffic is concerned, and set up the appropriate rules that we need to make sure we're compliant with our security frameworks."
"The best feature of this application is its ability to capture everything within the same application, as well as capture all the traffic."
"It's very user-friendly in the sense that the querying is just regular language like you and I speak or write. You don't need to know any SQL-query type of language to be able to get what you want out of it."
"One of the most valuable features is the ability to look at the traffic flows, to look at NetFlow data."
"The ability to use the natural language query and see the visualization is quickly intuitive, and it works very well."
"I like being able to see the flows coming in and out of the product. In terms of monitoring network flows, we use it to verify whether or not different servers/applications should be communicating with each other."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"I would like to see more AI used in processes."
"The solution could improve the playbooks."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"The setup time is quite long."
"Missing capability for audio/video and image processing."
"In terms of the interface, it could include some improvements for the look and feel."
"It could be more user friendly, in terms of the end-user experience."
"Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment."
"The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating."
"They can incorporate the SOAR solution within the actual product so that we do not require two different products, two different installations, and two different pricing methods. In regards to UBA, I am familiar with the UBA that existed two years ago. I am not updated about it today, but two years ago, UBA required such an amount of data that from a cost perspective, it was not worth it. When you compare it to what you get out of the box with Microsoft Sentinel without additional costs, there is no match."
"The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed."
"The product is slightly complex use, while still being user-friendly. It could use more training modules, as it is not a straightforward product."
"I want to be able to monitor a network flow that is approximately two weeks back, but I haven't found an easy way to do this."
"I would like to see more interoperability on the firewall and low balancer sides."
"I would like to see them expand the capabilities to infrastructure types other than just VMware."
"The compatibility with each and every component of the infrastructure is the main thing that I am looking for. I would like them to make sure that it's compatible with different kinds of storage systems, etc. I have seen the compatibility list. I feel it can be more compatible than it is right now."
"I want to see more in terms of microsegmentation. As of now, I can see the rules, but they are not in a readable format that I can convert to microsegmentation and can fit into NSX Manager."
"If it were more application-aware, more descriptive; if it were able to determine the application that is actually doing the communication, that would be easier. More application information: which user or account it's accessing, is it accessing this application, doing these calls, if it is accessing a script, what script is it accessing. Things like that would provide deeper analytics so I can track what's going on. It would not just be, "These people shouldn't be talking," but who is actually doing these calls."
"I'd like to see better support for being able to search the hardware NetFlow data. It ingests fairly well, but you can't tell, in a lot of cases, what source the data came from. I'd like to see more support for picking specific sources. That way you could really make a compelling use case. There are also some difficulties where it can't exactly trace the path between source and destination but if you hit the reverse flow on the same search it shows the entire path."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 221 reviews while vRealize Network Insight is ranked 25th in IT Infrastructure Monitoring with 44 reviews. Splunk Enterprise Security is rated 8.4, while vRealize Network Insight is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of vRealize Network Insight writes "Provides deep analytical insights and makes migrations efficient with dependency mapping". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas vRealize Network Insight is most compared with ThousandEyes, NETSCOUT vSTREAM, Zabbix, VMware Aria Operations for Applications and Nutanix Prism.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.