Splunk Enterprise Security Reviews

• Event matching between several appliances
• Correlating data from different sources
• Report viewer

It helps us to detect viruses and security events from our network.

It needs documentation, and "how-to-do" information. It's complicated to build reports and views.

I have used Splunk for about two years.

There were no stability issues. It was running on a VM over Hyper-V.

There were no scalability issues. It was running on a VM over Hyper-V.

I used support a little bit for some templates for formatting data from Cisco and Fortinet logs. They were very fast with their response. I didn't have any support contract, but only entry level support.

This was our first try for log analysis.

The setup was easy.

There is nothing to say. At that time, it was for GBs of data received.

We did not look at alternatives. It was a consulting provider recommendation. It was a rapid implementation to accomplish legal requirements. After we used it for a while, we decided to keep it.

Check for the plugin to format data of already completed templates for the appliance to which you want to keep logs and events.

It is deployed to investigate, detect, respond, and prevent security incidents and threats by providing valuable context and visual insights to make faster and smarter security decisions.

• Splunk delivers a holistic view of an application (the big picture).
• Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value.
• Significant reduction in mean-time-to-investigate (MTTI) and mean-time-to-resolve (MTTR) production incidents from days to hours.
• Splunk visualization capabilities help pinpoint problem areas, spikes, and anomalies easier and faster.
• Ability to monitor and resolve integration problems before they impact the business user area.
• Splunk is being used as part of the development life cycle, resulting in better quality and more efficient applications.
• Provides additional insights into a 360 degree view of the customer.

We usually have to follow up with technical support on our open cases. Otherwise, Splunk listens to customers and is constantly incorporating their feedback in future releases.

There are no software stability issues. The issues so far have been internal.

There are no scalability issues. If you are planning on using Splunk for security use cases, I would recommend you go with Linux for your OS.

We have the enterprise level of support. This is one area Splunk could improve upon, since we usually have to follow up with them on our open cases.

We did not have a previous solution.

There were no issues with the initial setup. We utilized Splunk’s partner zones for the initial setup. In retrospect, we should have utilized Splunk Professional Services.

Although Splunk is an expensive product, it is designed to be utilized across your organization in order to maximize your ROI and lower your TCO.

We contacted Gartner and other business associates to determine what others are paying for Splunk.

We started researching ELK (Elastic, Logstash, Kibana). But management was so impressed with Splunk that we ended this research.

Ensure you have an executive sponsors to fully deploy Splunk across your organization to maximize your ROI and lower your TCO.

Make use of Splunk Professional Services.

The analytics and querying the indices is super easy.

The data representation options in the dashboards are excellent.

Multiple datasource/filetypes are supported and each can be customized in a few clicks.

Security administration and user access control is pretty basic. This can be improved.

The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc.

If this is improved, with a mapping against LDAP roles, it would be excellent.

We had no stability issues.

We had no scalability issues.

Technical support and the online community are some of the best for any product.

We did not have a previous solution.

The setup was quite easy and there is lot of technical documentation for handholding you through the process.

Pricing and licensing is quite expensive. But for the value the product provides, it seems at par in the market.

We looked at IBM SmartCloud Analytics and Log Analytics.

Please watch out for the licensing agreement. There are a lot of IP specific clauses that Splunk has included in their license agreement. Per my understanding, any plugin available in the community cannot be used OOB, due to licensing restrictions. (This might be specific to our organization.)

• Flexibility when creating dashboards
• Automated cron searches
• Real-time and scheduled searches with alternate functionalities
• User-base integration with LDAP

It alerted many situations before other monitoring systems identified that there is a critical issue.

VMware and security device integration looks a bit complex.

I have used Splunk for almost three years.

As of now, we have had no issues with stability. It is running like a charm.

From a nodes perspective, there have been no scalability issues.

I can say that support is good.

We never used other solutions.

We used the Splunk Cluster setup. It was a bit complex to set up, but management-wise and stability-wise, it was awesome.

License costs fall under the NDA, but Splunk license costs are public, I believe.

We evaluated Logstash and others, but Splunk plays a pivotal role.

I would strongly recommend this product, as it would be very beneficial for service operations and management.

They provide excellent predefined user cases.

This helps us in the footprinting of all the incidents.

When we deep dive into the events for the triggers, we have very little information in some instances.

I have used Splunk for two years.

We raised support cases.

Scalability is always a question for this product.

Response from technical support can be improved. There was always a delay and we had to chase them.

We didn’t have a previous solution.

I was not present during the initial setup.

Pricing and licensing are always high compared to other products in the market. Storage is very expensive as well.

It is a good product, but expensive.

• Collects data from any source
• Powerful search, analysis, and visualization
• Easy to build system on any platform
• API and easily integrated search
• Action script

We have over 7000 devices in our network infrastructure for monitoring, maintenance, and performance assessment.

We achieve this by collecting data and applying the analysis.

I have used this solution for one year.

We did not encounter any issues with scalability. Everything is normal with no bugs.

It’s easy to obtain support from Splunk for technical issues. We also have enough knowledge ourselves to apply fixes.

We used to deploy Elastic Stack. The search language of Splunk is easier and friendlier than Elastic Stack. It has helped me to search quickly and easily. Based on the results, it’s easy to visualize and add results to a previously built, personal dashboard.

Licensing is free. Pricing is based on usage.

We evaluated Elastic Stack and Sumo Logic.

If you are an enterprise and you need the best service for critical business analysis, Splunk would be one of the best choices.

Rapid search is a valuable feature. Performance and incident response were the top priorities for most MSSPs. Breaches of SLAs will have a negative impact on customer trust, which eventually leads to losing customer confidence on services to which they’re subscribing. Hence, the proactive approaches will be the main differentiator from one MSSP to the others.

It has been helping a lot of my clients with fast data mining and information propagation.

The GUI should be improved, in other words, the overall appearance.

I am not the end-user. However, my job was more relevant as a consultant.

Performance upgrades are needed when more processing power is required.

We have not had scalability issues.

Technical support is good.

The client was using an open source solution. They decided to switch to an enterprise product.

The setup can be straightforward, if use cases are well defined.

Overall, it the cost is reasonable and it is easy to upgrade.

Our client was considering the other solutions as well. However, due to their overall assessment, they still considered going with it.

Start off with something at a comfortable level, expand gradually, and then move upwards, expanding steadily.

• Can ingest data from various data sources.
• Is very useful for organizations who are attempting to meet compliance requirements.
• Is able to fully configure and integrate various solutions into one tool and provide actionable results.

My use of Splunk at my previous place of employment improved how we functioned.

I have used Splunk for three years.

We didn’t have any stability issues.

We didn’t have any scalability issues.

During our use of Splunk, we had professional services assisting and not actual technical support. However, the professional services team was great.

Our organization did not have an established SIEM tool.

The initial setup is straightforward, depending on the level of implementation of the tool.

Take into consideration the labor costs for a dedicated Splunk developer who can craft the required queries needed for each organization. Organizations usually have their own form of implementation of each tool.

We didn’t evaluate any alternatives.