Splunk Enterprise Security Reviews

We use Splunk Enterprise Security for insider risk and security operations centers.

Splunk Enterprise Security primarily reduces our lead time for identifying risks and threats. Since a lot of the work is being outsourced or we depend on those new threat intelligence feeds, we're able to identify and triage them quicker. So, it leads to a quicker incident response.

The solution's most valuable feature is threat intelligence correlations. It's too hard to stay up-to-date on all the different data feeds yourself. So, having a tool that does it for you is very beneficial.

Splunk Enterprise Security has increased our alert volume because we now have new data to work with, and we're writing more alerts. We don't use the solution a lot for observability. Usually, our primary use case for Splunk Enterprise Security is cybersecurity.

It is extremely important to our organization that Splunk Enterprise Security provides end-to-end visibility into our environment. That's the primary reason we use it. We want the ability to do everything from one tool without having to trash back and forth and take that precious time.

Splunk Enterprise Security has helped reduce our mean time to resolve. We're at least twice as efficient with Splunk Enterprise Security at identifying risk, following up, tracing it throughout the chain, and resolving it. We still have various toolings, but over time, the goal is to nest everything into Splunk Enterprise Security to make it cohesive from end to end.

I'd love to see more integrations, which is one of the primary points of the key node with Splunk Enterprise Security. I would also like to see more admin capability to enable the health of Splunk Enterprise Security because, a lot of times, it's difficult to know when and why things are failing, especially for on-premises customers.

Splunk Cloud is a little clearer because it has more integrated support. For on-premises, it feels like sometimes you have to guess and then hope for the best. Troubleshooting some things related to Splunk Enterprise Security takes a lot of time.

I have been using Splunk Enterprise Security for five years.

The solution's clustering is great, but it could have easier containerization where it's more dynamic, and you can spin up and scale down as needed. Right now, Splunk is a very large expense for us as far as our cloud environment is concerned. Anything we can do to cut costs would be great.

Right now, we run the servers 24/7 and never change the size unless they're underpowered. We're spending a lot of money on off-hours to keep it alive, which is not ideal.

We've got a lot of experience on our team solving Splunk, but the few times we used Splunk's technical support, we found them to be very effective and efficient. Occasionally, we'll forget to respond to them, and they'll follow up with us, which is usually the opposite of what you see. So, I've got nothing but good things to say about Splunk support.

The solution's deployment was difficult because we were going through admin changes right as we were installing it. It took three admins over the course of five years to get it set up. I think if we had one dedicated admin from the start and kept them on the job until the job was done, we wouldn't have had nearly as much trouble.

We used a reseller to implement the solution.

We have seen a return on investment with the solution.

Splunk Enterprise Security is really strong, capable, and great at what it does. There are obvious areas of improvement, but it looks like Splunk has already identified them and is working on road maps to enhance SOAR integration and AI digital assistance for Splunk Enterprise Security. Once those are fully implemented, the product will further improve.

Overall, I rate the solution an eight out of ten.

We use Splunk for identity protection, threat defense, vulnerability scanning, zero-trust, and user entity behavior and analytics.

Splunk Enterprise Security has helped our customers reduce the alert volume. We ended up validating the false positives manually. We have to do quite a review assessment task. It can do some automatically, but we end up doing them manually to improve the detection. 

Splunk's advanced threat detection capabilities are excellent. Recently, Cisco acquired Splunk, so many customers are migrating to the Microsoft platform, but historically, I've found Splunk does a better job of correlating and collecting the security logs of all kinds of appliances. Most customers want to consolidate their security products into Microsoft.

It supports just about every cloud solution. It is easy to collect and correlate all the data. The visibility is good. Insider threat detection can be customized. My customer was integrated with many third-party credentials and other threat sources as well. The integration part was seamless and easy. The rates for allocating valuable information and IOCs from different sources are also good. 

The incident response technique should be available out of the box. That isn't as available as we would expect. 

I have used Splunk for around two years.

Splunk is stable. We've had no breakdowns in the past few weeks.

We can scale Splunk quickly. 

I rate Splunk support seven out of 10. 

Neutral

Deploying Splunk was moderately difficult compared to Sentinel. Collecting logs, provisioning firewall servers, and indexing are all complex tasks. You need someone with expert knowledge to do the job. The process takes four to six weeks. You need to design the solution and onboard the data, then start collecting logs and doing the detection. 

I rate Splunk three out of 10 for affordability.

I rate Splunk Enterprise Security seven out of 10. Splunk needs to compete with other products like Microsoft, and right now, it looks like they're losing the race. They need to make drastic changes and accommodate more flexible options and integration solutions. 

I use Splunk to get logs from the on-prem servers and create dashboards, alerts, and visualizations.

Splunk has helped us reduce our alert volume. It has sped up our security investigations. For example, it's easy to detect if there are multiple login failures.

It has saved us a lot of time. We previously used OpenShift to collect CPU and memory data for over 900 clusters, so we needed to log in to each cluster to get the details. Even if it only took one minute per cluster, we would spend 900 minutes doing them all, whereas Splunk can collect all the data in under a minute. 

Splunk's machine learning toolkit helps us predict things like CPU and memory usage. The user interface is excellent, and since I'm using Splunk as a power user, it's easy to create dashboards.  Splunk helps monitor multiple cloud environments. We have OpenShift. All of our VMs and servers are present in the cloud. 

Customizing our commands should be simpler. Creating custom commands in Splunk requires a long, complex process. For example, we have a command to add all the column data, but we don't have a command to get the average of the column data at the end. It would be useful to have a blank at the end to create our commands and leave the rest to others.

We have used Splunk for three and a half years.

I rate Splunk eight out of 10 for stability. 

I rate Splunk seven out of 10 for scalability. The architecture needs to be tweaked, so it might take some time to scale it. 

Setting up the architecture is somewhat difficult, but if you follow the steps laid out in the documentation perfectly, you'll understand how to do it. It's medium difficulty. 

I don't know the exact pricing, but I know that Splunk is more expensive than competing solutions.  At the same time, Splunk provides more features than others, so it's priced fairly. It's worth the money.

I rate Splunk Enterprise Security eight out of 10. SES is an excellent product. While it has some room for improvement, it's constantly adapting and trying to stay ahead of the competition. Adding commands to Splunk can be tedious. Automation, for example, helps to make the task smaller. We use Python scripts for automation. 

We use Splunk Enterprise Security for 24-hour monitoring and security log checks.

It is easy to monitor multiple cloud environments with Splunk Enterprise Security. The visibility into multi-cloud environments is good.

We have some open-source tools integrated with Splunk that help with threat intelligence.

Even though we already have several SIEM solutions in place, their similarities make adopting Splunk Enterprise Security a breeze.

Splunk Enterprise Security helps speed up our investigations.

Splunk Enterprise Security is complicated in terms of developing specific cybersecurity use cases.

Our alert volume is still high and we are working on reducing those.

I have been using Splunk Enterprise Security for six months.

Splunk Enterprise Security is stable.

The technical support was responsive and knowledgeable.

Neutral

Compared to Sumo Logic which is organized, Splunk Enterprise Security is complicated.

While the deployment was straightforward, it took a few months to complete because we had to make customizations to fit our specific environment.

Splunk is priced similarly to other SIEM solutions.

We evaluated several solutions and selected Splunk due to the functionality and cost. 

I would rate Splunk Enterprise Security seven out of ten.

We're currently integrating our log sources with Splunk. Once logs are flowing, we'll deploy security monitoring use cases with alerts. We'll then explore Splunk's further capabilities.

We're using the solution for log analysis and our internal infrastructure. We may use it for customer offering at some point, but currently, it's completely internal.

The solution's most valuable features are the granularity and analysis of the logs. Once you learn the syntax, it's a great tool. These features are important to us because they enable us to drill down to certain users doing certain things and perform trend analysis.

I have been using Splunk Enterprise Security for well over a year.

We’ve had no issues with the solution’s stability.

We have 90,000 users and deal with massive amounts of data volume.

The solution’s technical support is fantastic.

Positive

We were using IBM's TSM backup tool and our own internal tool. We switched to Splunk Enterprise Security because we wanted to be more of a cloud-forward company and didn't want to host everything on-premises.

We installed the solution mostly by ourselves, but we did have a little help. We installed heavy forwarders at a relatively low cost. Since we already had a VMware environment, we just set up the VMs for the forwarding.

We have seen a return on investment with the tool in terms of seeing what users are doing.

Splunk Enterprise Security incurs a significant cost because of the amount of data we send, but we are fine with the value we're getting for that price.

The tool provides much more insight into what users and our apps do. We also use the solution to monitor a lot of machine-to-machine traffic.

We have a hybrid environment. All of our internal tooling is in our internal data centers, but we also have a big cloud presence for some of our other tooling and mostly for our customers. Speaking from the internal side, Splunk Enterprise Security has been fantastic in helping us find all kinds of security events every day.

Splunk Enterprise Security has helped improve our organization's ability to ingest and normalize data. The solution has helped us have everything in one place and grab everything at once. The tool has also helped us solve problems in real time. The Ops team will approach us when they are stuck with a problem ticket. We can look instantly, see what's happening, and track it down.

The solution provides us with the relevant context to help guide our investigations. This context information makes things easier and faster for us. We get more information about exactly what's going on.

Splunk Enterprise Security has helped us save around 50% of our time.

Splunk Enterprise Security has helped reduce our mean time to resolve by 50%.

Overall, I rate the solution ten out of ten.

The solution is used to detect and protect against threats using a hypervisor infrastructure that works with artificial intelligence. 

There are a lot of third-party applications that can be installed. You get a lot of good visibility on your infrastructure regarding risk. It's very data-driven, and it integrates into systems well. 

We are able to monitor multiple cloud environments with Splunk. Each data source has different stuff that requires monthly payments. 

I have used its threat intelligence management function. It can be a very useful feature for customers. 

The MITRE ATT&CK framework is helpful for helping uncover the scope of incidents. It offers a good level of simplicity.

Splunk Enterprise Security is great for analyzing malicious activities and detecting breaches.

It's costly. 

The data speed between apps could be improved. It could be faster. 

I've been using the solution for 2 years.

The stability is mostly fine. 

I haven't attempted to scale the solution. I'm not 100% sure of how well it scales. 

The technical support is very good. They also offer a lot of basic resources. 

Positive

I'm also familiar with Microsoft Sentinel, and I find Splunk to be better. That said, although I have more experience with Splunk software, I find it a bit slow. Sentinel is much faster. 

The setup is pretty straightforward. It's not overly complicated. I don't have too much experience with the setup, as I'm currently involved as a consultant and only help with support. 

The cost is very high. It's got a fairly high price point in terms of price range. 

I work in cybersecurity consultation. 

I'd recommend the product to others. I'd rate the solution overall 9 out of 10. 

We use Splunk Enterprise Security for monitoring. We've been using it for monitoring our network. We've created some rules and use cases and we get alerts based on rules. 

It’s helpful in relation to the security perspective. With it, we can monitor all log sources and it helps us to reduce risks to our enterprise from a security perspective.

We can monitor all of our digital assets and reduce threats via constant monitoring. Using Splunk, we can mitigate malicious activities on the spot. 

The solution offers a variety of good features. It has a simple user interface where we can find various options easily. The search functionality is great.

Integrations can be done easily. It’s not complex like other solutions, like Radar or Azure. Everything is easy to manage, including the low sources.

The visibility is continuous. We have different web servers, databases, routers, endpoints, et cetera, and we gain visibility from a security perspective to all of them. We can generate different types of dashboards to visualize traffic from various resources.

We can see user behavior and have access to user behavior analytics. We also are able to have some custom rules that allow us to effectively continuously monitor the activities of our users. We use a third-party solution for that.

Splunk Enterprise Security is helpful for analyzing malicious activities and detecting breaches. I can take various logs from log sources and centrally manage everything via custom rules. We have been satisfied with the capability to analyze malicious activities and detect breaches.

It helped us with faster detection of threats. If we compare it with other solutions, it is much faster. For big organizations that have their logs and terabytes, working with something like QRadar takes lots of time. Splunk is much faster.

Since the time of deployment, we've been able to use all of the features and integrate rules and use cases with threat intelligence. We've reduced false positives by 90%. Between the first and sixth months, we reduced our alert volume by 50% to 60%.

Splunk Enterprise Security helped speed up our security investigations. We now have an in-depth insight into endpoint usage. We've saved about 60% of our time if you compare Splunk to how we were operating before in terms of monitoring. 

We'd like to have the number of devices covered under the license to be increased. 

I've been using the solution for seven months.

I'd rate the ability eight out of ten. 

The solution is mostly scalable. The ability to scale is related to storage. If you want to expand storage, it can be quite difficult. 

At this point, we do not have plans to increase our usage.

I'm satisfied with the level of service technical support provides. 

Positive

Previously, I have used QRadar. My current company uses Splunk. 

I was not involved in the deployment of the solution. 

There is some maintenance required. Users need to do some administration around storage and monitoring. 

I'm not sure how much the solution costs, or how much my company pays for it. 

If a company needs something cheaper than Splunk, there are some open-source solutions available to them. 

The resilience of the solution is good. It's quite scalable, however, it does depend on the license. If you want more sources or logs you need to increase your license.  

I'd advise users to evaluate the solution to see if it meets their personal requirements.

I would rate the solution eight out of ten. 

We are using the solution for security. We can use it to track what has happened in our network. We can check via dashboards and alerts. We can use it for load balancing and high-performance tasks. We use it to analyze data and logs. It normalizes logs and we can detect attacks, such as brute-force attacks. We can receive information from our firewall, our Fortigate. Since we receive a lot of traffic, we have to investigate events using the solution. It provides updates on attacks. The solution helps us report on what happens in our network.

We use Splunk for security and tracking what happens on our network and it is effective at that.

We like the big data analyzer.

The dashboard and alerts are good. We can use them for monitoring to see what’s happening on our network. It’s centralized. It gives us good visibility into multiple environments. We can use it in Windows, Linux, et cetera.

We can use platforms and integrate everything together. We can see multiple environments on-premises.

When something happens, we get alerts via SMS or email. 

We use the MTTR attack feature and it is very effective to use for detecting threats.

We can also schedule reports on a monthly or weekly basis.

It’s very useful for tracking. If you can look at the steps and see what happens, you can investigate effectively, and so on.

Splunk Enterprise Security is excellent for analyzing malicious activities and detecting breaches. We can see, step by step, what happened. We can escalate and investigate and so on.

Splunk has helped us detect threats faster. The alerts are very effective.

It helped to reduce alert volume. I’m not sure precisely how much, however, it depends on how many client devices you are tracking and analyzing.

Splunk is a suitable resource for collecting logs. 

The threat intelligence management feature is something we cannot use.

We'd like Splunk to reduce false positives. 

It would be helpful to be able to configure everything a bit more. If your network is very big, it's important to customize.

The dashboard could be improved so that tracking and analysis could be better visualized.

I've been using the solution for two years. 

The solution is stable. If you have suitable resources and buy and use the correct license, you'll get fine performance. 

The ability to scale Splunk depends on your network. If it is big, you can add more resources easily. You can use a cluster and several servers. 

When you work on Splunk, it's very easy. However, when you need to reach out to support, it could be better. It would be helpful if they could respond faster. 

Neutral

I have experience with another solution called ELK; I find Splunk better, even though it is not free to use.

I've done one implementation. I installed it across several servers. How long it takes depends on the project. It also depends on how many resources you have. If it's just a small setup it might take two hours. 

The product is easy to maintain. 

I'm a customer. We cannot use the cloud versions as we are based in Iran.

I don’t have experience with the Spunk Mission Control feature.

I've worked with Splunk so far and while it's very easy to use it's not free. There are other solutions that are open-source that you could use, however, I find Splunk to be worth the price and I'd recommend it to others. 

I'd rate the solution ten out of ten. I would recommend Splunk to others.

We use it mostly to generate notables, and then we can use other tools, such as ticketing systems or other SOAR platforms, to investigate.

I was not around before we had Splunk Enterprise Security in our organization, so I do not know about the before and after, but I can tell it would be very painful to not have it. 

It is pretty easy to monitor multiple cloud environments. All the logs from our cloud environments go to Splunk, and then we can search everything at once. It is pretty helpful.

Splunk Enterprise Security has end-to-end visibility into our cloud-native environments. It is pretty important. Especially if you use it as your single source of truth, it is pretty invaluable that you have everything in there.

It has reduced our mean time to detect, so inadvertently, it has also reduced our mean time to resolve. However, I do not have the metrics.

Splunk Enterprise Security has definitely improved our organization’s business resilience. There are a lot of logs that help with monitoring and alerting and keeping the business up.

It can help to predict, identify, and solve problems in real time. We do have some health alerts, and if they kick off, we might be able to fix something before it is really broken. In that sense, it is good.

Splunk Enterprise Security has been pretty good in terms of providing business resilience by empowering our staff. Most of our users are security-focused, but having everybody with the ability to write their own searches or build upon what we already have for detection of the future things is pretty helpful.

The correlation search functions that generate all the notables are valuable. That can get pretty complicated, and it handles that pretty well.

Some of the search functions can be better. There has been a lot of talk at the conference about the update of SPL before each iteration. That will be a lot of help. 

I have been using Splunk Enterprise Security for about two years.

It is pretty stable. We have not had any instances where Splunk just completely died. Its stability is good.

It seems pretty scalable, especially considering how much data we ingest. It is a good tool.

I have not interacted with them recently, but they are pretty good when I do need something from Splunk. I would rate them a ten out of ten. I have not had any issues with their support.

Positive

We were probably using Elasticsearch.

It was already implemented when I got here.

We have probably seen an ROI. We are in the security space, and there has definitely been improvement in uptime and the mean time to detect and respond to security alerts.

Its time to value is pretty immediate. The more logs and the more standardization that we get into Splunk, the quicker that comes.

Most people share the same thought that the ingestion rates can get pretty pricey. There is a lot of work we do to curate the data that we send to Splunk so that it is not too noisy or too expensive.

Overall, I would rate Splunk Enterprise Security an eight out of ten. There are some cool things. A lot of the talks at this Splunk conference have touched on some of the gaps that Splunk is working to close, but it is a very solid tool. 

My use cases are very limited. I use the product mostly to detect internal threats like data exfiltration.

I am a basic user. The search lookups are useful.

The product must improve insider threat detection. Almost everything is outside in, but not inside out.

I have been using the solution for four years.

The solution is very reliable. I like its stability. It always works.

Sometimes, it takes time when we need additional information or something extra. However, the tool’s able to do it.

I haven’t contacted the support team. I reach out to the internal expert. My searches and my requirements are very basic. The expert is great. He’s always able to help me and guide me.

Positive

We do see a return on investment. The product saves us time by automating reports and helping us see data.

The solution helps reduce our mean time to resolve. It’s great to automate some tasks. I believe Splunk has helped improve our organization’s business resilience. We have become stronger in insider threats by just stopping things, being able to show what is leaving, and taking action on it. It's very useful when I try to identify events.

When I started working in my organization, they were using Splunk. Overall, I rate the product a nine out of ten.