Splunk Enterprise Security Reviews

Splunk Enterprise Security is an expensive solution. The cost may vary depending on the customer's budget and requirements. Some customers believe that the price is worth it due to the unique features and long-term security compliance it provides. However, others express concerns about the high cost and suggest that Splunk could lower their prices or offer better discounts. 

The pricing model is yearly, with different licensing options available. The pricing structure is described as complicated, and some customers find it difficult to calculate additional costs based on data usage. 

ROI from Splunk Enterprise Security can vary depending on the context and perspective. Some users have seen a positive ROI through automation and strengthening their security stance. Others mention the inability to quantify the ROI but emphasize the satisfaction of customers and the ability to solve previously unknown problems. 

Splunk Enterprise Security is used for: 

• monitoring security operations 
• correlating events and analytics for incidents
• security compliance
• threat detection
• centralizing data in one location
• creating alerts
• providing operational and security dashboards
• infra monitoring and threat analysis
• collecting data from various log sources
• monitoring intrusion detection and prevention
• logging and filtering data
• monitoring private cloud, data center, and other applications 
• testing purposes
• creating use cases for detection and blocking malicious IP addresses

The most valuable features of Splunk Enterprise Security, according to the reviews, are: 

1. Dashboard and reporting capabilities: Splunk provides good visibility and allows users to build custom utilization APIs. It also offers threat-hunting capabilities and anomaly detection using an AI-based system. The solution allows users to feed multiple threat sources and provides complete security support in the threat intelligence space. The Splunk Mission Control feature simplifies security operations for SOC analysts. 

2. Data aggregation and search capabilities: Users appreciate Splunk's ability to aggregate and search through large amounts of data. It offers solid user behavior analytics and covers various UBA needs. The solution also includes threat intelligence management, which helps detect zero-day attacks and provides comprehensive coverage from Layer 3 to Layer 7. 

3. User interface and ease of management: Splunk's user interface is highly praised for its simplicity and ease of use. Users can integrate multiple solutions and adjust settings within the Splunk interface. It also offers a wide range of plugins and add-ons for cloud and on-prem environments. 

4. Customization and flexibility: Users can customize dashboards, queries, and alerts in Splunk. It supports integration with third-party security automation solutions and allows for automatic response rules. Splunk is known for its flexibility in handling multi-cloud environments and various data sources.

5. Visibility and threat detection: Splunk provides good visibility into multiple environments, including cloud, on-premises, and hybrid. It offers extensive coverage of security questions and helps users develop new dashboards and approaches. The solution's threat-hunting capabilities and integration with threat intelligence databases enable users to identify and mitigate malicious activities.

6. Scalability and stability: Users appreciate Splunk's scalability and stability. It can handle high volumes of data effectively and provides a stable platform for security operations. The solution is also praised for its performance and low-maintenance requirements. 

7. Integration and compatibility: Splunk can integrate with various tools, solutions, and technologies, making it highly flexible and compatible with different environments. It offers connectors for every technology and allows users to leverage existing solutions. 

8. SIEM functionality: Splunk's security information and event management (SIEM) capabilities are highly valued. It provides robust log management, analysis, and reporting features. The solution helps reduce security risks and enables organizations to achieve compliance requirements. 

9. Machine learning and automation: Splunk incorporates machine learning capabilities, which enhance its threat detection and analysis capabilities. It also supports automation and the creation of playbooks for efficient incident response. 

10. Community and support: Users appreciate the active Splunk user community and the availability of forums for sharing knowledge and getting support. Splunk's technical support is also praised for its timeliness and helpfulness.

Improvements that can be made to Splunk Enterprise Security include: 

• the integration of legacy applications
• the addition of a web interface for managing archiving and storage
• enhancements to default machine-learning models and native threat intelligence
• more pre-built integrations and rules
• reduction of false positives
• improved alignment of log feeds
• better algorithms and alerts
• increased integration with antivirus systems
• improved cluster environment stability and internal log visibility
• simplified search filtering
• more labs and training resources
• customization of algorithms 
• improved UI for dashboards and reports
• more flexible licensing options
• enhanced analytics
• a wizard for constructing searches
• lower pricing
• increased integration with other products
• improved documentation and orchestration

Some users found the initial setup of Splunk straightforward and easy, especially with the help of documentation and support. They mentioned that deploying Splunk is simple and can be done in a short period of time, particularly on the cloud. 

However, a few users mentioned that the initial setup can be complex, especially for those who are new to Splunk or have a more intricate environment. They emphasized the need for expertise and assistance from experienced professionals or Splunk engineers. 

Some users also mentioned the importance of maintenance and monitoring after deployment, indicating that the solution requires ongoing attention.

Splunk Enterprise Security is highly scalable and can be scaled horizontally or vertically. It scales up well and is widely used in organizations. It can handle a large amount of data and is used extensively for security purposes. 

The solution can be scaled up to any size of enterprise or agency, and customers can easily add additional licenses if needed. It is cloud-ready and has performance-tuning options. 

However, there are some concerns about the cost and storage requirements for scalability.

The customer service and support for Splunk Enterprise Security have received mixed reviews. Some customers have rated the support as very good. These customers appreciate the expertise and assistance provided by Splunk's support team. 

However, there are also customers who have experienced delays in receiving support due to the availability of qualified engineers and the process of opening tickets. 

Some customers have found online resources, such as tutorials and forums, to be sufficient for finding answers to their questions. 

The stability of Splunk Enterprise Security is highly praised. Users consistently mention that the solution is stable, and reliable, and does not experience crashes, freezes, bugs, or glitches. 

Some reviewers highlight that the product has gone through multiple versions, indicating its maturity and stability. The performance is also mentioned as good, and the solution is described as low maintenance.