What is our primary use case?
We are currently using it with SIEM, and SOAR which is Security Orchestration, Automation, and Response.
Splunk is primarily used for security, incident response, and security analytics.
How has it helped my organization?
Using Splunk, give us the visualization we need, we can easily observe things such as user behavior analytics, irregular traffic, frequency, and any spikes in unusual activity inside the network.
What is most valuable?
The additional vendors we've brought on board, particularly the Elastic, have been quite beneficial.
It's a solid platform.
What needs improvement?
Other than the pricing modules, I have no issues with the product itself.
The configuration had a bit of a learning curve.
I would like to learn more about the Cloud solution, but I'm aware that it's lacking some core applications.
If they could bring on more vendors, you would be able to monitor a larger number of applications. We could have visualization with other applications we have with the infrastructure in our organization.
For how long have I used the solution?
I did a POC, but we have recently procured it. We did a rudimentary setup to get an understanding of how it works. We are into our sixth month of using it now.
What do I think about the stability of the solution?
Splunk is a very stable solution.
What do I think about the scalability of the solution?
This solution is quite scalable.
In our organization, we have 10 users, who use this solution but we have plans to increase our usage.
How are customer service and support?
The technical support has been quite helpful.
Which solution did I use previously and why did I switch?
The previous solution was limited in its functionality.
We were looking at the additional controls that enterprise security may have, as well as visualization, to gain greater visibility.
Splunk offered us more visibility.
How was the initial setup?
The initial setup was complex.
We had some assistance with the actual deployment, but while I was doing the POC, I was working with a vendor. There were things I had to do myself, such as the configuration, which was a bit challenging for me, it was a big learning curve.
What about the implementation team?
For the installation, we received some assistance from the vendor.
What was our ROI?
It's too early to know if there will be a return on investment.
What's my experience with pricing, setup cost, and licensing?
The pricing modules could be improved.
The licensing fees are paid on a yearly basis.
There is a standard license with provisions for more. As we are still exploring the functionality, there may be other departments that want to use it.
What other advice do I have?
Those who are interested in implementing this solution should be prepared to dig deep into their pockets.
I would rate Splunk a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
