Splunk Enterprise Security Reviews

We need something to collect all our logs in a centralized solution. We have several servers but we don't have any log collection system.

Without Splunk or a similar product, if I want to check the log files every day, I have to log in to the individual hardware components in our system. I have to log in to the firewall, I have to log in to Windows. There are so many devices I would have to manually log into, one-by-one. It would take a very long time for me. 

Also, we don't have a dashboard so we don't know which issues are critical. When we use a centralized log monitoring system we can see things on the dashboard and it is easier for the IT manager or an IT engineer to take corrective action in the system.

The most valuable feature of Splunk is the log monitoring.

If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well.

It's very stable.

Up until we trialed Splunk we did not have any solution. We used Splunk because we don't have anything to monitor our system. I contacted our local vendor in Vietnam, and they suggest using the trial version of Splunk to see how it works in our environment. This is the main reason I trialed Splunk. We just used the trial version in our office and, since it expired, we haven't used it.

For me, the initial setup was not too complex. For an IT person like me, it was okay.

Our local vendor knows Splunk very well. He had already implemented Splunk for another customer. I called him to our office to have him install the Splunk. It took a couple of hours for him to finish.

We used a consultant for the deployment, from KDDI Vietnam. Our experience with him was good.

Because it was a trial version, I was the only one who used it in our company.

I kept some snapshots from our trial with the Splunk system and we are preparing a proposal to submit to our manager in Vietnam. If in the near future we have enough money to purchase the system, we will invest in this system for our company.

Log collection and search.

The search and query feature is very fast but due to the log size limit (in trial version), we did not get the full benefit.

Selecting the relevant events and records.

Due to the size limit, we could not see the full product.

Testing for insider threat behavior.

It gave management confidence in current operations.

The ability to correlate results.

A few more analysis aids might help. The next release could have more intuitive help examples.

We use it to do SIEM. 

It can log more logs than other solutions. It's a good way to troubleshoot problems.

Splunk is a good solution to collect more events than other solutions. It's a good solution, for me, for this reason.

Cybersecurity and infrastructure monitoring have room for improvement. 

On a scale from one to ten I would rate the initial setup a seven for its complexity. 

We also looked at AlienVault.

I would rate it an eight out of ten. 

Splunk is more efficient than other solutions but it's also more expensive. 

• Log collection and analysis
• Reporting for the whole enterprise environment.

Improved visibility.

Log search and alerting/reporting.

Code understanding requirement is complicated for most users.

Our primary use case is reporting from the Windows administration. We have SCCM that configures the manager to update every PC workstation and server in the company. We have a lot of PCs and servers in our environment and we use Splunk for the gathering of the PCs and Windows service. We also use it to collect information from the security tools, for example, to provide the management information about how the everyday connection is. 

We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company.

The security can be improved. 

It is scalable. We have five admins so far that we have in the solution. We have two as techs to develop the design on the world map of the solution, and we have the end users, so 80,000 users altogether. 

The initial setup was complex. We have two data centers in France, two in Germany, and we have 18 countries in the world. It's a big company and we have a lot of services, servers, etc. So the setup is more complex.

I would rate this solution a perfect ten out of ten. 

We use it for security incident event management and for IT service intermediates.

We sell it to clients so clients benefit from Splunk in terms of live security monitoring of their parent IP infrastructure base. Their IP security and network application base is where we have a 24/7 monitoring interface.

Splunk has many good apps and has a contribution from all security vendors. That's where Splunk wins.

Splunk's cost is very high. They need to review the pricing. They have to go back and totally readdress the market.

Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud. 

Its costs are too high and it should be more cost effective because it's going to be a cloud offering. 

Stability is perfect. It's a good product. The market right now is moving towards cloud. We will use cloud in our option strategy. One thing that Splunk does not have is a partner consulting base so Splunk depends heavily on its own consulting, which I think should not be there. They should promote more partners for consulting. In fact, their education program is also very costly for all partners. For example, if you want to get your guys certified it's really costly. Because they have a good solution, they're completely inflexible with pricing. I don't see a lot of enablement from Splunk. 

The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers.

The client has to bear that cost plus the initial infrastructure, Splunk does not come in and install it. The client, retailer or the partner has to do it. Secondly, then comes the software installation part of Splunk wherein you go and install the Splunk components. Then you have the configuration part which includes the revenue use cases on the Splunk apps on the Splunk platform which is another big phase. You can build your project the way you want to. It's a life phase. Use cases are not something which cannot be quantified. Initial set up can be done through the Splunk apps and then, later on, you can modify the use cases as per what the client needs.

Pricing is one factor that hurts everybody on the market; the client, the reseller, everybody that touches it. Only Splunk makes money. It is hard to have it for the long term if it's a stretch for your budget. Pricing becomes a problem and people are just focused on numbers rather than creating a vision for the entire product. That is the biggest factor I found with Splunk, that they just want to make money and they don't care about anything else. They lost national, country-level projects because of this attitude.

I will rate it as a security product an eight out of 10. There's no product which is perfect unless you go back and you create a psychic of the solutions.

Our primary use case of this solution is as a centralized lab collection.

The search function for splunk is like a google search. You just enter and it will quickly show you the results. 

Splunk has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried many of them.

It would be best if they can incorporate all security locks with minimal incidents. 

It's a little hard to scale on-prem. 

The initial setup was easy. It took us one to two days. 

It's a little bit expensive for a small to medium enterprise.

We also looked at AlienVault.

I would rate this solution an eight out of ten. To make it a ten they should have more integration with outside vendors.