Splunk Enterprise Security Reviews

Generally, we leverage it to correlate all of our threat intelligence data with all of our log events to make researching them simpler.

Splunk Enterprise Security gives us a lot more visibility into the entire enterprise and makes our analysis simpler. It streamlines the process and makes it easier to handle it.

It is very important for us that Splunk Enterprise Security provides end-to-end visibility into our environment. It saves us all the time where we used to have to go from tool to tool to tool to track down issues. Splunk Enterprise Security has tenfold reduced the amount of time it takes to investigate any one thing.

Splunk Enterprise Security simplifies being able to pivot from one data point to everything else, and it does not matter where in the pipeline that occurred because you can see it all.

It has helped improve our organization’s ability to ingest and normalize data. It has been very impressive how it is able to handle all of that for visibility and tracking things down.

Splunk Enterprise Security has not yet helped to reduce our alert volume. Our alert volume has increased at this point because we are still getting used to it, but I see how it can reduce the alert volume.

It provides us with the relevant context to help guide our investigations. The biggest part of it is that when we go through the alerts and the notable events, we are able to pivot to information from data sources that are not necessarily in Splunk, and we are able to run the automated response actions.

Splunk Enterprise Security has helped reduce our mean time to resolve. I do not have the metrics, but it is a decent amount.

Every process has been streamlined. Things for which you have to bounce between multiple tools can be done in one place, which in its nature speeds everything up and reduces the manpower.

Correlation search, in general, is valuable because it allows us to search multiple data sources easily.

The main issue that I have with it is that the field transformations sometimes overlap with those in Splunk Enterprise, and then you get permissions issues that lead to troubles.

I do not have any additional features that can be included. From what I gather, Mission Control is already included in the next release, as is a lot of the Cisco threat data.

I have been using Splunk Enterprise Security for about five and a half years.

It is quite good.

I have not experienced any issues with the scalability, but I do not handle the scaling, so I cannot speak to that.

I do not have to deal with them, so I do not have any information. Our administrators handle that side of things.

I did not. We acquired Splunk around about the same time I joined the cybersecurity team. 

I do not handle the administrative part. I am more of a user.

In terms of the deployment model, I believe it is technically a hybrid deployment. I am not involved in the architecture, but I know we are not exclusively cloud and we are not exclusively on-prem. We use AWS.

I know we had Splunk Professional Services for the deployment, but I was not involved.

I do not know what the cost is, but I would imagine we have seen an ROI because we are able to run our security team with fewer people than previously.

I do not know what we evaluated because I came to the company at the same time we got Splunk.

I would rate Splunk Enterprise Security an eight out of ten. It is an amazing tool that provides so much visibility and streamlines so much. The main issues I have encountered with Splunk are the difficulties in configuration and keeping everything up to date as the data sources change.

We use Splunk Enterprise Security to monitor our environment.

The threat intelligence and monitoring of Splunk are good. 

We have integrated Splunk Enterprise Security with ServiceNow so whenever there is a detection it will automatically raise a ticket and send it to the appropriate team for analysis. The integration was seamless.

Splunk has helped reduce our alert volume by 20 percent and sped up our security investigations.

It does a good job detecting threats fast.

Splunk's reporting functionality would benefit from enhanced customization capabilities, allowing users to tailor reports to their specific needs for better data visualization and analysis.

I have been using Splunk Enterprise Security for one and a half years.

Splunk Enterprise Security is stable.

Splunk Enterprise Security is scalable.

The initial deployment was straightforward.

Splunk Enterprise Security is expensive.

I would rate Splunk Enterprise Security ten out of ten.

For reporting we don't use the Splunk dashboard, we use Tableau and Power BI.

I would recommend Splunk to others.

While Splunk Enterprise Security offers robust features for large organizations, its cost might be prohibitive for smaller businesses. To address this, I recommend exploring open-source SIEM solutions for small and medium organizations and Splunk for larger organizations.

We use Splunk for monitoring and investigation and recently integrated it with ServiceNow. It's a SOC tool, and any malicious activities on the client's side trigger an alert here. 

Splunk has improved our operations by giving us access to more information and allowing us to deploy more use cases. We have integrated Splunk with ServiceNow, so the information from the queries running on the back end is now directly forwarded to the analysts, reducing the manual work. We are pulling data from Splunk into ServiceNow, so the security analysts have all the user details to conduct their investigations. 

It's easy to monitor multiple environments with Splunk. The cloud model is better than the previous on-premises version. The custom dashboards are helpful. We have created multiple dashboards for user activity, logins, phishing, etc. If you miss an alert, you can check the dashboards. For example, if you need to check some user activity, we have a dashboard for Azure Active Directory, and Mimecast is integrated for monitoring email-based attacks like phishing. It throws the information up on the dashboard when we get an alert.

The monitoring aspect of Splunk could be improved. We have to do some queries to get as much information as CrowdStrike or other solutions provide. If you run a big query, you will see a delay. That is the only concern we have because it will take some time if you query large data sets. 

I have used Splunk for more than three years.

I rate Splunk 10 out of 10 for stability. 

Splunk is a highly scalable product. 

I rate Splunk support 10 out of 10.

Positive

Deploying Splunk is somewhat complex, and it requires maintenance afterward. 

Splunk is expensive based on our current requirements, but it's obviously worth what we pay. 

I rate Splunk Enterprise Security nine out of 10. I see Splunk as a monitoring tool, not as a security tool. It provides alerts, and we conduct an analysis and investigation based on the information we receive. I believe having another sandbox integrated with Splunk will be helpful for the investigator.

I utilize Splunk Enterprise Security to gather logs, and subsequently, I provide the team with access to the servers through a change management ticket or incident. I wasn't involved in the installation process during my tenure as a Windows server lead. I also verify whether all our actions adhere to the compliance framework.

Our deployment of Splunk Enterprise Security was all on-premises.

The visibility that Splunk Enterprise Security provides is beneficial and valuable.

Splunk Enterprise Security helped analyze malicious activities.

With Splunk Enterprise Security we were able to detect threats faster.

Splunk Enterprise Security contributed to a reduction in alert volume as our employees became aware of being monitored and ceased accessing the server without proper authorization.

Splunk Enterprise Security has significantly accelerated our security investigations by centralizing all log data and enabling us to quickly retrieve the necessary information through simple queries.

The most valuable features are the logs, which allow us to identify what happened and who interacted with the web repository.

Some of the queries are difficult to run and have room for improvement.

I am currently using Splunk Enterprise Security. 

I would rate the stability of Splunk Enterprise Security ten out of ten. We have never had an issue with stability.

Splunk Enterprise Security is scalable.

Splunk Enterprise Security's resilience is a valuable asset.

Organizations seeking a more affordable solution should first carefully evaluate their specific business requirements. While cheaper alternatives exist, they may lack the necessary features to adequately address their security needs. In such cases, Splunk Enterprise Security could be a more suitable option.

Splunk Enterprise Security is a worthwhile investment given the comprehensive range of features it offers.

I would rate Splunk Enterprise Security eight out of ten.

I recommend Splunk Enterprise Security.

We use Splunk Enterprise Security to identify and resolve critical issues and errors within our environment.

The visibility that Splunk Enterprise Security provides is good. We can easily find the data we need using the logs.

Monitoring multiple cloud environments using Splunk Enterprise Security was not difficult.

Splunk Enterprise Security's insider threat detection capabilities enable us to effortlessly identify unknown threats and anonymous user behavior.

Splunk Enterprise Security helped us analyze malicious activities and detect breaches between 50 to 90 percent faster.

Splunk Enterprise Security has helped reduce alert volumes by up to 90 percent.

Splunk Enterprise Security has helped speed up our security investigation time by almost 90 percent.

The most valuable feature of Splunk Enterprise Security is the comprehensive logging capabilities it provides.

The price of Splunk Enterprise Security is high and can be improved.

Given the ever-increasing number of threats, I would like Splunk to update its threat signatures more frequently.

I have been using Splunk Enterprise Security for one and a half years.

Splunk Enterprise Security is stable.

Splunk Enterprise Security is scalable.

The resilience of Splunk allows organizations to protect their data and resolve vulnerabilities quickly.

The technical support provides good resolution.

Positive

I had previously used Loggly, developed by SolarWinds and Elastic. However, I found it to be inaccurate and slow. Elastic offers a free version of its solution, which is more commonly used by smaller businesses.

The implementation was completed by a third party.

Splunk Enterprise Security is expensive. I would rate the cost an eight out of ten with ten being the most expensive.

I recommend Splunk Enterprise Security over cheaper SIEM solutions because of its offerings.

I would rate Splunk Enterprise Security nine out of ten.

Splunk Enterprise Security does not require any maintenance. It is plug-and-play.

I recommend Splunk Enterprise Security for organizations that want to detect threats quickly.

We use Splunk for log analytics, blocking dangerous files, etc. It helps to shape our security policies. Splunk is managed by our service provider, but we regularly get security insights from them.

I like the search feature and the indexing. It's very fast and comprehensive. It's easily tuned by your service provider, so I can quickly find the results I'm seeking. So it's very practical. We are working with the search feature and using multiple indexes that combine devices from different environments, so it's easy to collect information across environments. 

We can relatively quickly detect some malicious activities based on attack patterns and implement use cases configured by our service provider with help from Splunk. It improves the speed of threat mitigation because you can gather information about the attack patterns from a few days of online activity to block threats and take the necessary actions. 

We implemented Splunk at the end of 2020, so it's been around three years. 

Splunk Enterprise Security is scalable.

We have not been in direct contact with Splunk except for a workshop where I met a few of them. My impression was that they were skilled, experienced experts. They seemed helpful, so I had a good impression.

The service provider deployed Splunk, so I wasn't involved. I had heard that they experienced some difficulties setting it up, but I don't think it was harder to install than other solutions.

Splunk is very expensive. The license is based on the volume of the logs ingested. I was responsible for managing the contract with our service integrator. I don't know the precise details of the competing solution, but I have heard that Splunk is more expensive than others. I don't know what the going rate is on the market, but I think there are at least two competitors that are less expensive. We have experienced a few issues with our service providers in terms of log filtering and ingestion, so we continue to pay a bit more per day for our logs.

I rate Splunk Enterprise Security eight out of 10. 

We use the solution for tracking successful and unsuccessful logins. We track privileged account activities and also a variety of other things, like developing use cases for data exfiltration or integration with ETRs and other security tools for data analysis. 

We wanted to solve the issue of unauthorized access, brute force attacks, and exfiltration. It's helped with MITRE ATT&CK frameworks. 

The organization has been able to quickly triage issues and investigate if something is a true threat or not. Most times, it helps our security posture. The level of confidence we have is high. With Splunk, you can query accounts when you see some strange activity. 

It gives me notifications of notable events. 

The default dashboard is very good. We can see our security posture from there.

On-prem and cloud data analysis are good. You can aggregate it if you need to in order to get good data.

Splunk has proven to be great when tracking down anomalous behavior. The logs are excellent. It is the platform in the industry.  You can integrate anything. The amount of information and usability you get out of Splunk is very good.

We do use the Threat Intelligence Manager. It can be integrated with third parties. The actionable intelligence we get is useful. There is sequencing where you can gauge some actionable steps. 

I use the MITRE ATT&CK framework when I am developing a new use case. It helps us discover the overall scope of an incident. Using Splunk is essential in developing that. 

It's good for analyzing malicious activities and detecting breaches. I'd rate it highly in its capabilities. However, if you don't have the knowledge, it may be difficult. You might get a lot of false positives.

It's helped us detect threats very fast, in almost real time. 

We have reduced our alert volume. I'm not sure of the exact number, however, instead of having 100 to 200 false positives, we might get 20 to 30. 

It has helped us speed up our security investigation, although I don't handle it directly. I simply do triage, and it definitely helps there. 

There are a lot of false positives which can cause a lot of fatigue. 

Sometimes, there is latency in the logs. 

When you deploy Splunk, you need a high level of knowledge. You really need to know what you are doing. It requires a lot of things.

They need to come up with straight steps to get things done, to have a step-by-step process to achieve this or that. 

I've been using the solution since 2020.

The stability is okay.

Splunk would tell you, especially on the different licenses they have, your storage, and your level of ingesting, it can vary. 

Splunk needs to be more clear between storage and performance. 

We worked with a client where almost immediately their storage was already in red. They didn't understand their storage needs as that wasn't clear. 

The solution cuts across countries. I'm not sure how many end-users we have.

The scalability is okay. It scales well even though you have to consider your licensing and storage.

Technical support is good. 

Positive

I have used ELK previously. 

I have been involved in the deployment of Splunk in the past.

The initial setup is not so straightforward for those new to it. I'm accredited and have four years of implementation. You really need that level of knowledge. It's straightforward to make a feed, make it compliant, and do field mapping, however, there are many things you need to do before deployment. 

We had six to eight people deploying Splunk. They were all mostly Splunk professionals, who understood the product and devised a plan and timeline for implementation. We integrated the relevant stakeholders into the process. We were connecting to the Splunk Cloud. 

There is a little bit of maintenance required to maintain the infrastructure. 

We used all in-house resources to implement Splunk.

I have witnessed an ROI while using Splunk. There were some incidents previously in which the company lost millions of dollars. Bringing in Splunk has curbed that. 

The pricing is on the high side. It's not a solution for SMEs.

I'm not sure if any other options were evaluated by the company. 

Currently, we are just Splunk customers. 

We do not monitor various clouds; we only monitor one. However, they have a good solution in that we don't need to worry about maintenance if we do. 

We've never used the Mission Control feature.

If someone is looking for the cheapest SIEM solution, there are a lot of open-source options out there. However, Splunk definitely is an option. If a company is bigger, it would benefit from Splunk. They will be paying some money for it, however, it's worth it.

Resilience is important. To some extent, Splunk addresses this as we haven't had any issues. It's important to have resiliency. If your solution is not resilient, you risk security issues. 

I'd rate the solution eight out of ten. 

I would advise others to spell out what you really need and make it measurable so that you will understand if Splunk is right for you. If you are going to use Splunk, it's important to do your due diligence. 

We use Splunk Enterprise Security for continuous monitoring, ensuring compliance, and advanced threat protection.

Splunk Enterprise Security allows our customers to view their decentralized infrastructure from a single pane of glass.

Splunk Enterprise Security's insider threat detection capabilities are good.

The actionable intelligence provided by the threat intelligence management feature is effective. The solutions are integrated into the platform, and customers receive operational insights.

The MITRE ATT&CK framework's ability to help our customers discover the overall scope of an incident is high.

Splunk Enterprise Security is good for analyzing malicious activities and detecting breaches.

Splunk Enterprise Security helps our customers detect threats faster.

Splunk Enterprise Security is able to process a huge amount of data without any issues. Our customers can see the benefits two to three months after deployment.

Splunk Enterprise Security helped our customers reduce their alert volume by 40 to 50 percent.

Splunk Enterprise Security helped speed up our customer's investigation time by 60 to 70 percent.

Splunk Enterprise Security can be improved by including backup network detection and response and safe management to the paid platform.

Splunk Enterprise Security's price is high and could be lowered.

I have been using Splunk Enterprise Security for two years.

I would rate the stability a ten out of ten.

I would rate the scalability a ten out of ten.

The technical support response time is delayed and they can take two to three days to respond sometimes.

Neutral

The initial setup can be complex for customers who require advanced configurations and customizations, but it is straightforward for basic usage.

The deployment process is simple. We first identify the platform and determine if it is a unique system. Then, we define the virtual environment. After installing Splunk's platform, we perform the necessary configurations and other tasks. Splunk Security Essentials is a premium add-on for this tool, which is installed on the Splunk Enterprise platform.

The number of people required for the deployment depends on the customer's requirements and the use case they are developing. For example, if the customer needs to gather data from their network, we will need to add network experts to the project. However, if we already have experts who are familiar with the API and application connectivity, we may not need to add any additional people. Ultimately, the number of technical resources required will depend on the specific needs of the project. On average, we require four to five technical people for deployment.

Splunk Enterprise Security's price is high. I would rate the cost as ten out of ten, with ten being the most expensive.

I would rate Splunk Enterprise Security an eight out of ten.

There are many cheaper solutions available on the market but Splunk Enterprise Security is worth the cost.

Two people are required for maintenance.

The value Resilience offers our customers is good.