Splunk Enterprise Security Reviews

We primarily use Splunk Enterprise Security for security incidents and event management. The solution is deployed in one department, but it covers multiple locations worldwide. 

With Splunk, we can monitor and manage enterprise-wide events. It provides a single console for various data sources covering the entire organization, which is critical for compliance purposes.

We can integrate Splunk Enterprise Security with other solutions to automate some security tasks, saving us some time. For example, if you detect potential malware and you want to isolate one system from the organization's network, you don't need to trigger a process. We can fully automate that. Minutes after malware is detected, the machine will be automatically quarantined from the rest of the network. 

You can integrate Splunk with third-party security automation solutions and set rules for automatic response. Splunk can monitor multiple cloud environments, but it's a little tricky if you're working with several vendors. Every cloud environment is slightly different, and some are better integrated.

The visibility into multi-cloud environments is decent. It depends on the number of sources you have, and Splunk is pretty flexible from that perspective. You can add any type of data source. The challenge is the engineering effort some of these data sources require, but others are effortless to manage.

We haven't used the insider threat capabilities yet, but it's an area that we want to explore. We have other tools for this. We use different products for threat intelligence. 

Splunk Enterprise Security could have more pre-built integrations and rules. The detection is fairly accurate, but it depends on the rules you create. Splunk's out-of-the-box configuration isn't that useful. 

If you spend time with your team creating rules specific to your environment, you can get a lot of value from Splunk. At the same time, that requires some additional effort and costs. Splunk has a few built-in integrations that are ready to go. In other cases, we need to build custom solutions, which is more difficult and costly.

I have used Splunk Enterprise Security for about three years. 

It is stable overall. 

Splunk Enterprise Security scales up pretty well. 

I rate Splunk support seven out of 10. There is a little room for improvement. We always start with junior support engineers who lack the experience to deal with complex issues, which are the only problems we ever contact support about. Our staff members can handle most minor issues. 

We typically need to escalate, and we've had an excellent experience with the higher-level engineers. Those qualified engineers are scarce, so I can imagine a situation where two big Splunk customers have significant problems simultaneously, but there aren't enough available technicians. Splunk has the right people but maybe not enough of them. The process could also be improved. 

Neutral

Deploying Splunk was relatively complex. After deployment, it requires some maintenance and management. A team of about 10-15 people is responsible for the solution. 

We deployed Splunk with an in-house team of five to 10 people and some professional support from the vendor. 

We've seen an ROI by automating Splunk Enterprise Security, but automation requires another product and license. 

Splunk Enterprise Security is quite expensive compared to some products on the market. 

The company evaluated a few tools before deciding on Splunk. I used ArcSight at a previous job. Splunk is more flexible than ArcSight, and it has various modules you can purchase to expand the functionality. You don't need to invest in a different solution because you can purchase add-ons for your existing infrastructure. 

It's modular, so you can tailor Splunk to your organization's size, structure, and specific needs. The customer can do it. You don't need to request it from a service provider. 

I rate Splunk Enterprise Security eight out of 10. My advice would be that before deploying Splunk, research some of the company's materials and make sure it meets your cybersecurity requirements. 

You may need to purchase other tools, and the solution might not do everything you want it to do out-of-the-box. Depending on your environment, you'll probably need to invest some time and money into the solution to get the results you want. 

Our primary use case is mostly for monitoring security events. We have different endpoints, like router switches. It collects a lot of data and we create reports. 

We also use Enterprise Security to send alerts out. I'm still relatively new. I mostly work for the SPL side of things.

It has been really good at consolidating a lot of data from different sources. It's really good at generating summaries. 

It's exciting to hear that SPL2 is rolling out. We look forward to using that more, especially for the data ingestion part of things. 

In the context of apps, we use a lot of search and reporting. We create many searches and reports, that quickly summarize a lot of information. That's the part that I mostly look into. That has been very valuable. I also like the dashboards and visualization features.

Its ability to provide end-to-end visibility into our environment is important. It helps a lot, especially when other users or stakeholders want that information. So being a little more transparent, but being mindful of the compliance and rules associated with that. It makes it really easy to communicate with people. They want statistics fast. The ability to quickly pull it out without a hassle is very valuable. 

We use Splunk to try to reduce the number of random alerts sent out. We're trying to consolidate a lot of functions. That has been very valuable and helpful for us.

The logging system has been a great help to us. Sometimes when we try to integrate some functions, we're not sure what errors happened. We look into the logging system, and it provides so much information. 

These optimization examples have reduced the meantime to resolve. It has been reducing cutting time.

It definitely helps our business resiliency a lot. We have a specialized cybersecurity office and on-prem technology and they really like to use Splunk. It has been addressing a lot of concerns and it is able to output the data that people are looking for. It's able to predict and identify a lot of functions.

Splunk Enterprise Security has been a great help to us in consolidating our tools. It's definitely been pulling a lot of data, especially from the network side of things. We look at it for baseline security tests. Splunk has a lot of apps and add-ons that we have been using Enterprise Security for.

I currently use Splunkbase and some of the add-ons. Integrating into our apps has been very straightforward. It would be nice if Splunk provided a little more documentation and instructions on how to upload. The steps are short, but sometimes it's not so intuitive. It would be nice if there were more user-friendly help guides.

I have been using Splunk Enterprise Security for six months. 

It has been very reliable. We haven't encountered downtime that I know of. 

Splunk works with companies that are a lot bigger than us. We're medium-sized. I have faith that we can scale. 

For technical support, I look at the online community, which has been a great help. I haven't used Splunk support directly. 

The forum is easy to use. I would rate it a nine out of ten. Sometimes the response time is slow. 

Positive

I would rate Splunk Enterprise positively. I hear from coworkers that there could be tweaks. I would give it an eight out of ten.  

In the SPL default, everything's crunched together. The formatting could be neater. When I write it in the search head, it has a lot of information in one small area. It could have a friendlier user interface. 

We use the solution to build correlation searches around insider threats and exultation of data. We also use it for DLP (data loss prevention) and to get more visibility on what's happening in our environment that could increase risk.

The solution's data aggregation has allowed our organization to unify a lot of inputs from various tools in one space and to be able to search from there.

The solution's most valuable feature is risk-based alerting, focusing on building out user risks for individuals throughout the enterprise.

It is important to our organization's security that Splunk Enterprise Security provides end-to-end visibility into our environment.

Splunk Enterprise Security's ability to find any security event across multi-cloud, on-premises, or hybrid environments is good. It's more about how you configure it and how well your company is equipped to provide and allocate resources to make the best use of the tool.

It has helped reduce our mean time to resolve.

The tool should include more real-world use case examples built out either through videos or in the community. These should not just be examples of how it can be implemented but of how previous solutions have been transitioned to new solutions and how they provide a different and better approach.

I have been using Splunk Enterprise Security for one to three years.

Splunk Enterprise Security is a very stable solution.

The solution’s scalability is based on the cost.

Splunk Enterprise Security is just a tool you can use, and then it's really up to the customer how they leverage it best.

Overall, I rate the solution a six out of ten.

Generally, we leverage it to correlate all of our threat intelligence data with all of our log events to make researching them simpler.

Splunk Enterprise Security gives us a lot more visibility into the entire enterprise and makes our analysis simpler. It streamlines the process and makes it easier to handle it.

It is very important for us that Splunk Enterprise Security provides end-to-end visibility into our environment. It saves us all the time where we used to have to go from tool to tool to tool to track down issues. Splunk Enterprise Security has tenfold reduced the amount of time it takes to investigate any one thing.

Splunk Enterprise Security simplifies being able to pivot from one data point to everything else, and it does not matter where in the pipeline that occurred because you can see it all.

It has helped improve our organization’s ability to ingest and normalize data. It has been very impressive how it is able to handle all of that for visibility and tracking things down.

Splunk Enterprise Security has not yet helped to reduce our alert volume. Our alert volume has increased at this point because we are still getting used to it, but I see how it can reduce the alert volume.

It provides us with the relevant context to help guide our investigations. The biggest part of it is that when we go through the alerts and the notable events, we are able to pivot to information from data sources that are not necessarily in Splunk, and we are able to run the automated response actions.

Splunk Enterprise Security has helped reduce our mean time to resolve. I do not have the metrics, but it is a decent amount.

Every process has been streamlined. Things for which you have to bounce between multiple tools can be done in one place, which in its nature speeds everything up and reduces the manpower.

Correlation search, in general, is valuable because it allows us to search multiple data sources easily.

The main issue that I have with it is that the field transformations sometimes overlap with those in Splunk Enterprise, and then you get permissions issues that lead to troubles.

I do not have any additional features that can be included. From what I gather, Mission Control is already included in the next release, as is a lot of the Cisco threat data.

I have been using Splunk Enterprise Security for about five and a half years.

It is quite good.

I have not experienced any issues with the scalability, but I do not handle the scaling, so I cannot speak to that.

I do not have to deal with them, so I do not have any information. Our administrators handle that side of things.

I did not. We acquired Splunk around about the same time I joined the cybersecurity team. 

I do not handle the administrative part. I am more of a user.

In terms of the deployment model, I believe it is technically a hybrid deployment. I am not involved in the architecture, but I know we are not exclusively cloud and we are not exclusively on-prem. We use AWS.

I know we had Splunk Professional Services for the deployment, but I was not involved.

I do not know what the cost is, but I would imagine we have seen an ROI because we are able to run our security team with fewer people than previously.

I do not know what we evaluated because I came to the company at the same time we got Splunk.

I would rate Splunk Enterprise Security an eight out of ten. It is an amazing tool that provides so much visibility and streamlines so much. The main issues I have encountered with Splunk are the difficulties in configuration and keeping everything up to date as the data sources change.

We use Splunk Enterprise Security to monitor our environment.

The threat intelligence and monitoring of Splunk are good. 

We have integrated Splunk Enterprise Security with ServiceNow so whenever there is a detection it will automatically raise a ticket and send it to the appropriate team for analysis. The integration was seamless.

Splunk has helped reduce our alert volume by 20 percent and sped up our security investigations.

It does a good job detecting threats fast.

Splunk's reporting functionality would benefit from enhanced customization capabilities, allowing users to tailor reports to their specific needs for better data visualization and analysis.

I have been using Splunk Enterprise Security for one and a half years.

Splunk Enterprise Security is stable.

Splunk Enterprise Security is scalable.

The initial deployment was straightforward.

Splunk Enterprise Security is expensive.

I would rate Splunk Enterprise Security ten out of ten.

For reporting we don't use the Splunk dashboard, we use Tableau and Power BI.

I would recommend Splunk to others.

While Splunk Enterprise Security offers robust features for large organizations, its cost might be prohibitive for smaller businesses. To address this, I recommend exploring open-source SIEM solutions for small and medium organizations and Splunk for larger organizations.

We're using the solution for log analysis and our internal infrastructure. We may use it for customer offering at some point, but currently, it's completely internal.

The solution's most valuable features are the granularity and analysis of the logs. Once you learn the syntax, it's a great tool. These features are important to us because they enable us to drill down to certain users doing certain things and perform trend analysis.

I have been using Splunk Enterprise Security for well over a year.

We’ve had no issues with the solution’s stability.

We have 90,000 users and deal with massive amounts of data volume.

The solution’s technical support is fantastic.

Positive

We were using IBM's TSM backup tool and our own internal tool. We switched to Splunk Enterprise Security because we wanted to be more of a cloud-forward company and didn't want to host everything on-premises.

We installed the solution mostly by ourselves, but we did have a little help. We installed heavy forwarders at a relatively low cost. Since we already had a VMware environment, we just set up the VMs for the forwarding.

We have seen a return on investment with the tool in terms of seeing what users are doing.

Splunk Enterprise Security incurs a significant cost because of the amount of data we send, but we are fine with the value we're getting for that price.

The tool provides much more insight into what users and our apps do. We also use the solution to monitor a lot of machine-to-machine traffic.

We have a hybrid environment. All of our internal tooling is in our internal data centers, but we also have a big cloud presence for some of our other tooling and mostly for our customers. Speaking from the internal side, Splunk Enterprise Security has been fantastic in helping us find all kinds of security events every day.

Splunk Enterprise Security has helped improve our organization's ability to ingest and normalize data. The solution has helped us have everything in one place and grab everything at once. The tool has also helped us solve problems in real time. The Ops team will approach us when they are stuck with a problem ticket. We can look instantly, see what's happening, and track it down.

The solution provides us with the relevant context to help guide our investigations. This context information makes things easier and faster for us. We get more information about exactly what's going on.

Splunk Enterprise Security has helped us save around 50% of our time.

Splunk Enterprise Security has helped reduce our mean time to resolve by 50%.

Overall, I rate the solution ten out of ten.

The solution is used to detect and protect against threats using a hypervisor infrastructure that works with artificial intelligence. 

There are a lot of third-party applications that can be installed. You get a lot of good visibility on your infrastructure regarding risk. It's very data-driven, and it integrates into systems well. 

We are able to monitor multiple cloud environments with Splunk. Each data source has different stuff that requires monthly payments. 

I have used its threat intelligence management function. It can be a very useful feature for customers. 

The MITRE ATT&CK framework is helpful for helping uncover the scope of incidents. It offers a good level of simplicity.

Splunk Enterprise Security is great for analyzing malicious activities and detecting breaches.

It's costly. 

The data speed between apps could be improved. It could be faster. 

I've been using the solution for 2 years.

The stability is mostly fine. 

I haven't attempted to scale the solution. I'm not 100% sure of how well it scales. 

The technical support is very good. They also offer a lot of basic resources. 

Positive

I'm also familiar with Microsoft Sentinel, and I find Splunk to be better. That said, although I have more experience with Splunk software, I find it a bit slow. Sentinel is much faster. 

The setup is pretty straightforward. It's not overly complicated. I don't have too much experience with the setup, as I'm currently involved as a consultant and only help with support. 

The cost is very high. It's got a fairly high price point in terms of price range. 

I work in cybersecurity consultation. 

I'd recommend the product to others. I'd rate the solution overall 9 out of 10. 

As a software analyst, I utilize Splunk Enterprise Security for security purposes, including threat hunting on developed and customized applications for vulnerability management. I also use it to display dashboards, analyze data, and address alerts.

We implemented Splunk Enterprise Security to consolidate all our security data into a single platform. This has enhanced our visibility into our security posture and the potential threats we face.

Splunk Enterprise Security enables us to monitor multiple cloud environments, which is crucial for receiving real-time email alerts in the event of critical incidents. However, directing me to the source can be time-consuming compared to the verified swim methodology used by SIEMs. For my application, I have approximately ten million records. Directing me to the service code takes two minutes to instruct them to view the file using VLOOKUP. However, sending it to the capital takes about half an hour.

The ability to monitor multiple environments is excellent. We have customers who use Splunk Enterprise Security both on-premises and in the cloud. Both options have their merits, depending on the specific needs of the customer. If a customer has the required resources, the cloud is often the most suitable solution.

The robust threat detection capabilities of Splunk are essential for our project. However, it's crucial to manage user access carefully. While we need to grant access to certain users, we must not provide them with unrestricted capabilities. Splunk's granular access control feature empowers administrators to customize user permissions, ensuring that only authorized users have access to the necessary features.

Splunk's threat topology helps us identify the scope of an incident. This is crucial due to the high likelihood of unauthorized data being compromised, necessitating prompt incident detection.

Splunk Enterprise Security has facilitated the timely detection of threats, enabling us to swiftly customize it to identify a wider range of threats and potential risks. We can incorporate external scripts for enhanced threat intelligence and threat-hunting capabilities.

Before implementing Splunk Enterprise Security, we relied on a patchwork of other tools, each requiring manual implementation for data collection, rule definition, and threat identification. This approach was not optimized and occasionally resulted in delayed threat detection. Limiting our focus to device security alone proved insufficient, as it lacked the real-time threat actor intelligence and activity insights provided by Splunk Enterprise Security. Our reliance on licensed development restricted us to pre-built alerts or manually uploaded scripts for mitigation and response.

Splunk Enterprise Security has helped reduce our alert volume.

Splunk Enterprise Security has helped speed up our security investigation time.

Three features stand out for me: the SDK for writing Python, the customizable and adaptable diagnostic dashboard, and the optimizer for collecting data.

The threat detection system has room for improvement. The critical aspect for an organization is the timely detection of incidents. If the rules are not defined correctly, threats may not be detected in real-time, resulting in incidents being detected months or even years after they occur.

I have been using Splunk Enterprise Security for almost seven years.

I would rate the scalability of the solution eight out of ten.

I would rate the resilience an eight out of ten.

I contacted Splunk support once for a separate product.

Positive

The initial deployment was straightforward for me, likely due to my extensive experience using Splunk. When implementing the solution, we begin by defining customer needs and requirements to optimize Splunk. This involves identifying the systems necessary for daily use and ensuring the protection of the integrated licenses and external apps in the Splunk environment. This protection encompasses program security, cloud-based security, and data analysis for specific apps. Additionally, we configure personal authentication for private applications.

The deployment time is dependent on the specific requirements and can range from two to ten days.

The implementation was completed in-house.

Splunk Enterprise Security has delivered a return on investment through its effective threat detection and vulnerability response capabilities. We have successfully demonstrated this positive impact on our customers through comprehensive reports.

I would rate Splunk Enterprise Security nine out of ten.

While there may be cheaper solutions available, they lack the optimizer, dynamic dashboard, and security APIs that Splunk offers. These capabilities are not found in other solutions.

Maintenance is minimal for updates only.

When using Splunk Enterprise Security, ensure that optimization is performed correctly to minimize response times and resource consumption.