Splunk Enterprise Security Reviews

We primarily use it to correlate logs throughout the enterprise for both searching and use in investigations.

We previously did not have a good centralized solution which could ingest just about any log type, which has been a plus.

The search application has been the most useful. We have also liked the reporting features and dashboard capabilities.

The Enterprise Security app could be improved. We have had trouble with it working from the first day.  

Yes, there have been issues with the Enterprise Security application instance.  

No issues.

It has been a weak point, but has improved over the years. It can be tough to get a hold of somebody depending on the complexity of the issue.  

Years ago, we did use another solution, but I am not sure it exists any longer. We have been using Splunk for many years.  

We had professional services set it up, as it was quite complex.  

Vendor implementation, and I would rate them as a seven out of 10.  

Excellent overall. 

It can be expensive, especially the licensing costs. However, there is added value in what it can do, not just log aggregation.  

We evaluated Trustwave and QRadar.

It is a great product overall. I would like to see improvements on the Enterprise Security app/SIEM functionality.  

Primary use is business intelligence. 

Splunk allows us to find insights that we were not able to with traditional BI tools using ETL. It allows us to dig into raw events. 

Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations. The flexibility of Splunk as well as the resources available for learning and support are the best in the business. 

The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more. 

We ingest roughly 30GB/day. We have a small environment, but it provides big insights. 

We work with Splunk. We use it for our own services, and we also integrate and resell Splunk. It is used for cyber security. 

Different clients have different versions. They have Splunk Cloud and Splunk on-premises with different versions.

It is very easy to use and integrate. There are connectors for every technology.

The UI can be improved. Dashboards and reports can be better in terms of graphics.

We have been using this solution for a few years. In 2016, we became a Splunk partner.

It is very stable.

Its scalability is very good. We work with this platform for our own services. We use Splunk extensively, and we also offer it to our clients. We plan to increase its usage.

Our company has three offices. We have offices in Spain, Columbia, and Mexico. We have around 100 people, and about 50 people are working with Splunk. They all are focused on cyber security. They are security engineers or security specialists.

I don't know about their support. I don't work with it much. On an activity level, I'm not so close to the platform. I'm the country manager, so I am a bit far from the operation.

We tried to work with Exabeam for user behavior analytics, but we stopped it.

Its setup is very easy, but we have been working with Splunk for a lot of years. We have all the certifications in Splunk, and we are a specialist in Splunk. So, for us, it is very easy to set it up and integrate it, but it might not be easy for other companies.

Splunk is a very good platform for analytics and cybersecurity. We use it very extensively. It is very easy to use, and it is very stable and scalable.

I would rate it a nine out of 10.

We are using Splunk for cybersecurity operations.

Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful.

Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding.

To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this.

I have been using this solution for eight months.

In terms of operations, it is stable, but if you don't have a proper configuration and sizing, there could be many issues. It could be more efficient on the storage part. We are still in the deployment stage to be able to say that for sure.

It is very scalable. Currently, we have around 50 users. We will increase its usage if more people need access.

We have raised multiple tickets. Some of them are good, and some of them can be better. Overall, their technical support is okay.

We didn't use any other solution.

I didn't do the initial configuration. I take care of the operations part. One of our clients did it, and it is somehow complex, and it takes time. It also depends on your knowledge. If you don't have knowledge of Splunk, it is complex.

We are a partner of Splunk. So, we did not evaluate other solutions.

I would rate Splunk a seven out of ten.

Its integration is most valuable. Its UI is also pretty much easy.

Its setup is a little bit complex for a distributed environment. 

Their support can also be better. If we raise a case with Splunk support and by any chance we missed to respond for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply. In that case What they can do is they can send a followup mail before closing.

I have been using this solution for a year now.

It is very stable haven't encounter any glitches or bugs till now.

It is very much scalable. I am acting as an admin, and we have more than a hundred users of this solution in our company. We use it on a regular basis. We currently don't have any plan to increase its usage.

I would rate them an eight out of ten. Their response speed is okay, but if, by any chance, we miss the response for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply.

This is the only solution that we have been using.

Its setup is pretty much easy for standalone, but for a distributed environment, it is a little bit complex.

I would recommend this solution to others, but it should meet their needs and architecture.

I would rate Splunk a nine out of ten.

Our primary use case is reporting from the Windows administration. We have SCCM that configures the manager to update every PC workstation and server in the company. We have a lot of PCs and servers in our environment and we use Splunk for the gathering of the PCs and Windows service. We also use it to collect information from the security tools, for example, to provide the management information about how the everyday connection is. 

We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company.

The security can be improved. 

It is scalable. We have five admins so far that we have in the solution. We have two as techs to develop the design on the world map of the solution, and we have the end users, so 80,000 users altogether. 

The initial setup was complex. We have two data centers in France, two in Germany, and we have 18 countries in the world. It's a big company and we have a lot of services, servers, etc. So the setup is more complex.

I would rate this solution a perfect ten out of ten. 

Splunk is a SIEM, a Security Information and Event Management solution. It is used, for example, for monitoring security logs and security information in companies and organizations. It is also used for correlation, meaning making policies, for detecting/monitoring attacks, and the like; for monitoring security logs, security events, preventing hackers from attacking. It's really for business continuity.

For a long period of time we analyzed logs, traffic, something like tcpdump. Splunk UBA is useful for fraud detection and for detection of APTs, advanced persistent threats. It's really important for our business because I work a PSP, a payment service provider, e-payments.

UBA, User Behavior Analytics.

In the next release of Splunk, I think the machine learning should be emphasized. Now, it's really important to analyze Big Data, data mining. A SIEM solution, like Splunk, needs an improved data mining solution, artificial intelligence. Splunk would be the best if it improved these features.

It's stable and very safe. 

Splunk's scalability is good for an enterprise situation. It's scalable in all situations.

For us, technical support has been good. Splunk has good documentation and it is really easy to work with Splunk and the Splunk community.

I used ELK. It was good. It is an open-source solution, but there is some complexity in configuring it, working with it.

In choosing a vendor I use industry reviews to find feedback from the community that works with the solution.

The initial setup was straightforward.

There are a lot of solutions: IBM QRadar, Splunk, LogRhythm. Splunk was good for us because of the support, the documentation, the scalability, the stability. It gives us everything that we need in our business, everything necessary for helping us do our job.

There are three top SIEM solutions in the world: Splunk, LogRhythm, IBM QRadar. I think Splunk is the best.

I would rate Splunk at eight out of 10. The vendor needs to work on this solution to make it better and better. I would recommend this solution but it depends on the situation, the country, the support from the vendor.

• Searches the logs for all network devices and server. 
• Monitors clients' hardware, networking, and security operations. 
• It is good for the administrator to use it when maintaining the whole IT Infrastructure.

Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses.

Searches logs from all devices and gives valuable information to the organisation, so it can drill down on all reports and security threats. 

Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk. 

No, we have not suffered a network breach.

Yes, the solution has improved the efficiency of our security team.

No stability issues.

No scalability issues.

I have received a very good response from support that I have not seen in more than 10 years of my experience. 

We are using OpManager to monitor server logs. 

I implemented it myself.

It made our organization better through integration.

Make it cheaper to help small organisations implement it easier. 

We evaluated QRadar.

I have been using Splunk to increase my security experience.