ArcSight Intelligence and Splunk User Behavior Analytics compete in the security analytics space, with Splunk having an edge due to its extensive features that justify its higher pricing.
Features: ArcSight Intelligence processes large datasets swiftly and provides real-time threat detection and a robust rules engine. Splunk User Behavior Analytics excels with advanced integration options, machine learning for anomaly detection, and comprehensive reporting tools.
Room for Improvement: ArcSight could enhance its machine learning capabilities, integration options, and reporting flexibility. Splunk can streamline its deployment process, reduce the learning curve, and offer more cost-effective pricing tiers.
Ease of Deployment and Customer Service: ArcSight offers a simpler implementation process and standardized support designed to minimize deployment time. While challenging to set up, Splunk provides extensive customization options and personalized customer support solutions.
Pricing and ROI: ArcSight Intelligence offers competitive pricing with lower initial costs and quick ROI due to straightforward deployment. Splunk's higher cost is offset by its rich functionality, offering long-term ROI for organizations needing advanced analytics solutions.
The solution can save costs by improving incident resolution times and reducing security incident costs.
Mission-critical offering a dedicated team, proactive monitoring, and fast resolution.
Splunk's technical support is amazing.
I would rate the support at eight, meaning there's some room for improvement.
Splunk User Behavior Analytics is highly scalable, designed for enterprise scalability, allowing expansion of data ingestion, indexing, and search capabilities as log volumes grow.
Splunk User Behavior Analytics is a one hundred percent stable solution.
Splunk User Behavior Analytics is highly stable and reliable, even in large-scale enterprise environments with high log injection rates.
Sometimes issues occur when handling long-term data.
High data ingestion costs can be an issue, especially for large enterprises, as Splunk charges based on the amount of data processed.
I encountered several issues while trying to create solutions for this advanced version, which seem unrelated to query or data issues.
Advanced reporting could see enhancements as there are some issues with latency.
The pricing is based on the amount of data processed, and it is considered a high-level investment for enterprises.
Comparing with the competitors, it's a bit expensive.
I also utilize it for anomaly detection and behavior analysis, particularly using Splunk's machine learning environment.
It correlates all the historical data, compares the upcoming behavior with what's already stored in the platform, and reduces false positives.
It is highly scalable and stable, even in large-scale enterprise environments.
Empower your threat hunting team to pre-empt elusive attacks with anomaly detection powered by security AI to find insider threats, zero-day attacks, and APTs.
Splunk User Behavior Analytics is a behavior-based threat detection is based on machine learning methodologies that require no signatures or human analysis, enabling multi-entity behavior profiling and peer group analytics for users, devices, service accounts and applications. It detects insider threats and external attacks using out-of-the-box purpose-built that helps organizations find known, unknown and hidden threats, but extensible unsupervised machine learning (ML) algorithms, provides context around the threat via ML driven anomaly correlation and visual mapping of stitched anomalies over various phases of the attack lifecycle (Kill-Chain View). It uses a data science driven approach that produces actionable results with risk ratings and supporting evidence that increases SOC efficiency and supports bi-directional integration with Splunk Enterprise for data ingestion and correlation and with Splunk Enterprise Security for incident scoping, workflow management and automated response. The result is automated, accurate threat and anomaly detection.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.