Splunk Enterprise Security Reviews

Splunk has a great platform. Their edge is in their lock management and being a very powerful lock server. Recently, they added some licensing and updated correlation rules to act as a SIEM Solution. They seem to be penetrating the market in a proper way.

I have been using Splunk for more than five or six years.

Splunk solutions are much more expensive than others. Especially when it comes to megaprojects or deals, there's a lot of competition when it comes to financials.

I would rate this solution a seven out of ten. Splunk has a user-friendly interface and GUI. Its architecture is also much more sophisticated than others. 

The solution is primarily a SIEM tool and it basically helps companies with security.

It's basically one of the best SIEM products on the market.

The scalability is great.

We have found the solution to be stable. 

Technical support is helpful. They respond in a timely manner. 

I'd like to see more documentation on the product.

The initial setup is not straightforward.

You do need a lot of training and certification with this product. Other than that, it's pretty good.

I've been dealing with the solution for about three years. It's been a while. 

The stability of the product is very good. The performance is reliable. There are no bugs or glitches. it doesn't crash or freeze. We've had no issues. 

The scalability of the solution is great. If a company needs to expand it, it can do so. It's not a problem.

We have about nine customers that are using Splunk.

I've dealt with technical support and it's pretty good. They are helpful. I find them responsive. 

The initial setup is not straightforward. It depends upon the IT infrastructure that the customer has. If they have a lot of security solutions, such as DLP and other security solutions, then it is more complicated. The more you have the more complicated it gets.

The deployment of Splunk takes about three weeks.

We have six or seven team members within our organization that can handle deployment and maintenance tasks. 

I handled the implementation myself. It was done in-house. 

Splunk requires a paid license. There's no free option. Customers have to pay for the license, implementation, support - everything.

The solution can be deployed both on-premises and on the cloud. 

I'd rate the solution at a nine out of ten. We've been very happy with the product.

I would recommend the solution. It really is the best.

In our organization, Splunk is used in our data centers.

We have integration services and other types of systems in our new IoT architecture. We're using it to capture information.

We use Splunk as an aggregator for monitoring information from different sources, however, for our protection suite, we're using Comodo.

It's designed to collect data from different points. It has a lot of integrations built into it and that's why we're using it.

We use it for our enterprise more - such as for messaging. There's a lot of stuff we do on our integration services layer that we use Splunk for. For security purposes, we're using Comodo. Therefore we're not using Splunk for security purposes. We're using it for monitoring what's happening at our integration services layer.

Splunk indicates when we've got problems popping up somewhere or we're not getting the flow we expected. If there's a problem, we have those flagged and we use it for logging.

Splunk handles a high volume of data that we have, and it does it really well.

For what we're using it for, we're happy with its functionality.

The reporting aspect is good and it does what I need it to do.

From an operational standpoint, it helps us on the operations side and it also shows where we're having issues.

It connects to a lot of stuff. We can collect information from a lot of sources.

The interface or maybe some settings need to be improved a bit. It cannot be perfect, however, the issues may be related to the configuration or setup.

If you monitor too much, you can lose performance on your systems. You have to be careful what you're monitoring. If you monitor everything, everything stops working. You can go overboard in monitoring. You have to plan your monitoring pretty carefully.

It could be easier for beginners. As it is, right now, You have to have a good understanding of the solution in order to use it properly.

That said, as the user, I'm at a higher level of management on the architecture side in dealing with resilience. My concerns are different from other user concerns. Also, most of our clients are using it way more than we're using it.

We've used the solution for more than a decade. It's been a long time. 

We haven't had any problems with stability. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

We've never had an issue with scalability. If a company needs to scale, it can.

The danger of Splunk is that it can get too big too quickly and you have to be very careful with what you want to be monitoring due to the fact that if you monitor too much, you can slow down things and you can hurt your performance on your system. We have to be very careful of what we're logging.

We have about 12 users on the solution right now.

We do not plan to increase usage in the future.

We don't use technical support very much. We've been using it for so long, we generally understand it and do not require assistance.

We used to use Splunk a lot more, however, we've moved more to Comodo right now. I'd say we've moved to Comodo from Splunk in a lot of areas.

On the security side, we use Comodo. Not all of our clients even have Comodo. A lot of them are using Splunk, however, a lot of them are using Splunk for enterprise operations and network operations items. Some of them are using security and a lot of them aren't. Splunk is offered as a security option now, however, originally, when you used it, it was to collect enterprise operations information and know-how your systems are running. 

We've been using it for a long time, therefore, I don't even remember when we set it up or how it went. We do keep it updated and use the latest versions.

I only have one or two people doing maintenance on it.

ROI's a hard thing to pin down. We've had it for so long, it's part of our core operating infrastructure.

Everything we do is either yearly or multi-year. I don't know if there is any additional cost to standard license fees.

We use Splunk and we also sell and support it for our clients.

Normally our policy is to keep software updated to the latest version.

The main issue is that we do enterprise architecture and network and security operations. We recommend certain platforms to clients. We don't always sell Splunk directly to them due to the fact that, since we're being hired to help them make choices, we need to be neutral. In the cases where it doesn't make sense, we don't sell it. We just help clients make decisions.

I don't know which version of the solution we're using. I'm an architect; I'm not on the operations level. I'm not the one who actually uses it. Our operations use it. I get dashboard results and I do reports that are based on it, however, I'm not the one actually running it. We have a NOC and a SOC and others use it a lot more individually. They have a lot more interaction than I do. I'm getting reports out of it. Others are actually connecting to it, using it as a tool. I'm not a tool user. I'm an information user.

All Splunk is, is data collection and it can sort things out on a dashboard. However, a lot of what Splunk does is collect data and you have to decide what kind of information you're going to let it collect. When we're doing design operations we have to really pay attention to what we're doing, so we don't actually slow things down or impede things. The reason we use Splunk is we put a lot of data into it.

With Splunk, you need to really be careful about what you're monitoring and how you use it, to get keep the results working. It's a good tool if you know what you're doing and what you need to be logging. You need to be aware of what you're logging to ensure it isn't going to cause problems with your performance.

I wouldn't recommend it for somebody who's coming in new. Of the clients we have using it, I don't know if any of them don't have professional IT running it. It's important to really understand what's going on.

I'd rate the solution at an eight out of ten. In certain environments, it could be a bit complex. It's not something you could just drop into an organization, you need to be trained to use it. You need the experience to use it properly.

We have found all the features useful. However, the dashboarding and logging have been very helpful. Additionally, the log analysis does a great job.

The solution could improve by giving more email details.

In a future release, the solution could improve on the artificial intelligence features, such as if an alert comes, it could automatically do logging from the system, get the KV knowledge base, and perform other functions. This would be a benefit.

I have used Splunk for approximately five years.

The technical support is good.

The initial setup is complex.

The price of Splunk is reasonable.

We have evaluated SoapUI and Postman, and we are still evaluating others.

I rate Splunk a seven out of ten.

We typically use Splunk to collect and check all the logs and events around the diverse network environment which includes, firewall, switches, and routers. For example, we have traffic that needs to go from one part of the network to another and if we think there is a firewall blocking it along the path, rather than log in to all the firewalls to see what is happening, we simply go into Splunk and the check traffic going across the parts of the network to see where it is being dropped and what is the likely reason it has been dropped.

Splunk has saved our organization time by resolving problems in a quicker timeframe. Before if we had networking issues we would have to log into every single device, check the firewall to see why the traffic is not going across to solve the problem. With Splunk, you only have a single pane of glass to check what is likely happening. This has enabled us to easily go to the right environment and write the necessary security policy to permit such traffic. It brings about faster resolution of problems reduced with visibility.

The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening.

Over time I will have more requirements and I can foresee the solution could improve the search algorithm to run and output the data faster.

I have been using Splunk for approximately six months.

We have been satisfied with the stability of the solution.

Slunk scale very well.

We have approximately 50 people in our infrastructure and applications teams using this solution in my organization.

We plan to increase usage in the future.

I have not needed to open a ticket up with technical support. 

Previously to using Splunk we only had some Syslog servers that we sent logs to. However, Syslog servers, do not analyze your logs, they only capturing them. Whereas, in Splunk, you can assess the logs and you can do other things with the log.

I do not think the implementation is difficult.

We have an internal team that does the maintenance of the solution.

I have evaluated DataDog.

Splunk is easy to use and not having the need to log into every single network device for management is helpful.

I rate Splunk a seven out of ten.

Typically, we use the solution for critical infrastructure companies. 

The speed is a very valuable aspect of the solution. 

The way Splunk handles low data and low-rate costs are great.

The level of robustness on offer is very good. 

The initial setup is very straightforward. 

We have found that the solution offers good integrations with other products.

Overall, the solution works very well.

The complexity could be worked on so that it's even easier and faster. However, I understand that, if some complexity was removed, there might be slightly more limitations.

Occasionally there are data sizing and data-related issues that need to be overcome.

I've been using the solution for a couple of years.

The performance is very good. It's something that customers are always looking for. The product offers good stability. There are no bugs or glitches and it doesn't crash or freeze. It's reliable. 

We have about five to ten partners that use Splunk.

I'm a fan of QRadar. I use them as well.

The initial setup is very straightforward. It's not overly complex or difficult. A company shouldn't have any issues with the process. The deployment process doesn't take too long. You can manage it with fewer people and smaller teams. This is especially true if it isn't the critical infrastructure that you are working with. 

For deployment and maintenance, you only need two to three people. That can include one manager and two professionals. Since Splunk is easier to handle, more people can join in on the client-side.

We also use QRadar, and we make more money with QRadar than with Splunk as we can make bigger projects happen. However, we find that with Splunk, while we don't make as much money on each project, we can do more of them.

I'd rate the solution at an eight out of ten.

We're using the solution to try to build a virtual network and put Splunk inside it and do some kind of transcentralization with a log server. Our aim is to track connections, network traffic and some personal databases. I'm the founder of the company and we are customers of Splunk.

Splunk can quickly be deployed and it's not difficult to learn the solution. 

The solution could be more user friendly and it's difficult to know at this stage whether our requirements will be met by the solution. 

I've been using this solution for a couple of months. 

The solution is stable. 

Scalability is good with Splunk. 

The initial setup doesn't take much time especially if there's good bandwidth. In a small company deployment might take a month or two. If you have 100 devices then a technical team of three should be sufficient. They would need to be able to deal with log analysis, forensics and have general knowledge about admin systems. In time, we would expect to have thousands of users. 

I think Splunk is expensive compared to other tools at the purchase stage. It's possible that if we can keep control of the costs involved down the track, it won't be so bad.

We studied four or five tools including Logrhythm and Exabeam. We went with Splunk for now and will see how that goes.

I think this is a good solution and rate it a seven out of 10. 

We primarily use the solution for monitoring and security.

We can use the solution to try to find some correlational data. For example, in banks, there is usually a protocol whereby users cannot withdraw more than a certain amount of money from an ATM. However, we find that, when people are on holiday, they are trying to withdraw more than the allowed amount. It's a use case we can deploy in our country. You can set certain rules and watch the data in order to gain insights.

I cannot speak to a specific example of how the solution has assisted our organization.

The solution's capability is its most valuable aspect.

The initial setup is very straightforward.

The solution has proven to be quite stable.

We've found the solution to be very mature.

The integration capabilities are excellent. They have apps that integrate quite well with Palo Alto and Cisco, for example.

Sometimes it becomes very difficult to find certain results from Splunk. Not all users are developers and they are not able to write code to find specific results or specific details from Splunk. From a user perspective, the solution needs to improve the search functionality.

The dashboard could be improved. If it was easier for non-developers or those working in network security, it would be ideal. It would be nice if they had a built-in dashboard for those who are less knowledgeable in coding.

The product is relatively expensive. 

I haven't been using the solution for very long just yet.

The solution is very stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

We do not plan to increase usage at this time.

We've used technical support in the past. We've found them to be very helpful and responsive. We're satisfied with the level of support that we receive when we reach out for help.

I've previously used LogRhythm, among other solutions. We sell a few different solutions.

The initial setup is not too difficult. It's not overly complex. It's straightforward. The code is very easy.

The deployment took two or three months or so.

We used an integrator to assist us in the initial setup.

The problem with the product is that the price of Splunk is very high. It is an industry leader and therefore it's high in terms of price. That is the issue in our country. Sometimes people want to buy Splunk, however, due to the budget, they are not able to.

We are resellers.

We use a variety of deployment models, including private cloud and hybrid.

This solution is the best security solution. If a company is looking for the best, they have to buy Splunk. It is a very good and very mature solution. It is very easy to integrate with some other service or security solutions. If they have specific solutions that need to be integrated for monitoring purposes, it should be a problem. For example, it integrates very well with Cisco.

I'd rate the solution at a ten out of ten. We are quite happy with its capabilities.