Splunk Enterprise Security Reviews

When we identify a threat in the environment, we try to track down whether it has moved from one system to another or there is any lateral movement. When we are trying to figure out how it got started and where it came from, we use Splunk to identify those logs. Palo Alto is our biggest index for the firewall, and we can look into those logs, see the relevant data, and correlate it into something that makes sense, so we can track down the problem.

For the most part, it makes it easier to read the index data. Instead of trying to look through an individual index, all the logs, and other aspects, it brings everything to one area. I can look at the relevant data that I need to identify the threat.

Splunk Enterprise Security has helped reduce our mean time to resolve. I do not have the metrics, but I know it is faster compared to the old way of doing it. Previously, we had to go through Windows logs and security logs. We had to go through each log to figure out what happened. I can pull all of the information way faster with Splunk Enterprise Security. I can look at multiple systems.

Splunk's unified platform has helped consolidate networking, security, and IT observability tools.

Splunk Enterprise Security brings all the logs into one central location to look at the relevant data and filter out the things I do not use. We are able to see the logs of multiple systems, the logs of the firewall, and the logs of the DNS and the Windows servers. It is able to bring all of that together and give a nice, solid picture of what is happening. We can read those logs faster.

Splunk Enterprise Security provides end-to-end visibility into the environment. It is very important for our organization to be able to see the threats, understand the threats, and figure out how to stop those threats. That is the importance of it. We are a casino. After what happened last year with two casinos in terms of hacking, we want to be able to stop that from happening to us. We learned a lot of lessons from what happened to the other two casino properties, and we applied them to a lot of our tools. Splunk Enterprise Security gives us a heads-up a lot faster.

Splunk Enterprise Security helped improve our organization’s business resilience.

Its alerting is most valuable. We have alerts set up in our environment for certain attacks, such as an SQL injection attempt. We have a front-facing server for the website. It is out there, and anybody can access it. When those SQL injection attempts come in, we can detect that with the alert. We get the alert in our mailbox, so we can start looking at it right away. Generally, with a SQL injection attempt, there is way more to it than just the SQL injection. There could be another 15 or 20 different types of attacks attempted during the injection. They are just trying to see if there is any vulnerability, and then they can take a shot at it.

I do not have any pain points for Splunk Enterprise Security. I am still trying to learn it, but there can be more information on the education side for Splunk Enterprise Security. It would be nice if the certification path was more specific to what I use instead of being so broad.

I have been using Splunk Enterprise Security for about six months.

Besides the forwarder, it is nice. The forwarder ran out of space, so it occasionally has to be rebooted to clear out the space that is being utilized.

We have 50 gigs of data.

I never really had to use professional services. For the most part, everybody is knowledgeable and patient, and there is a decent amount of communication back and forth.

I would rate their support an eight out of ten. My biggest issue right now has not been solved yet. Our heavy forwarder ran out of space. It is a VM. By using vCenter, we presented more space to the drive, but we could not get the VM or the Linux OS to allocate the new space. So far, nobody has been able to help us fix that. The current solution is to just upgrade it. We are not in a position to upgrade it right now because of the workload.

I changed my career last year to InfoSec. I was in IT before that. With IT, if there is a problem with the system, we just look at the logs. With Splunk, it is nice to be able to have it all centralized in my location where I can look at the data relatively fast as opposed to a line-by-line.

I was not involved in its setup. We have a bit of a hybrid setup. We have an on-prem data center and then we also have a cloud. We have Azure Cloud.

I would say that we have seen an ROI, but I do not know the numbers.

I would rate Splunk Enterprise Security a ten out of ten.

We use Splunk Enterprise Security for security log investigation. It is a SIEM platform. Many cybersecurity and technical alerts generated by Splunk turn out to be false positives. We then analyze these alerts to determine if they indicate a genuine security threat.

We will be ingesting logs from various sources, including firewalls, databases, Windows devices, and Linux devices. These logs will be used to investigate security incidents and troubleshoot system issues. Our use cases will be brief and focused, allowing us to leverage pre-defined queries in Splunk for efficient analysis. These queries will trigger alerts based on specific security or operational criteria within the predefined use cases. We will then investigate the triggered alerts by further analyzing the corresponding logs.

Splunk Enterprise has improved our incident response time. For instance, if an end user attempts to log in to a system with an invalid password from a device using an unusual port number, we will receive an immediate alert. This could be indicative of a brute-force attack aimed at stealing credentials, making it a suspicious activity. This is just one example of how Splunk Enterprise enhances our security posture.

Splunk's threat detection capabilities are strong, and Splunk is a leading platform for SoC monitoring. To maximize effectiveness, we need to develop strong query-building skills. Additionally, we have the flexibility to fine-tune existing queries or remove them altogether once an issue is resolved.

The customizable dashboards of Splunk are good for visualization. It gives a better understanding, and the graph is highly customizable.

I would rate Splunk Enterprise Security a nine out of ten for analyzing malicious activities.

Splunk Enterprise Security helped the organization control suspicious and malicious activities.

Splunk Enterprise Security has helped speed up our security investigations.

Splunk Enterprise Security's customization capabilities enable integration with other tools like EDRs, providing real-time event insights.

I like the Splunk dashboard and search engine.

Although the technical support is adequate, there is still room for improvement.

I have been using Splunk Enterprise Security for 2 years.

I would rate the stability of Splunk Enterprise Security 9 out of 10.

I would rate the scalability of Splunk Enterprise Security 9 out of 10.

The technical support is adequate.

Positive

I would rate Splunk Enterprise Security nine out of ten.

While I understand the desire for a cost-effective SIEM solution, prioritizing security over budget is crucial. In cybersecurity, even a seemingly minor breach can have significant consequences. Therefore, choosing the best SIEM for your needs, even if it has a higher upfront cost, can ultimately save money and protect your organization.

We have Splunk Enterprise Security deployed in four locations in one country.

Splunk takes care of the maintenance of the solution.

I recommend Splunk Enterprise Security to others.

We use it in our company to log everything. We use tools like XSOAR to take appropriate actions to mitigate threats.

Splunk Enterprise Security has aided our organization in the way it provides great visibility and helps with what our company's users do with it.

I like how easy it is to integrate the logging of all of the various nodes. The product also offers nice connectors. Other features include the product's ability to allow users to customize their dashboards, signatures, metrics, and other elements, making it a very valuable and reliable tool for my organization.

I don't know if there is a need for any improvements in the product since it is one of my peers and not me who is directly responsible for Splunk Enterprise Security in our company, so I will have to ask him if there are any requirements associated with the product.

The price may be an area of concern where improvements are required. Splunk Enterprise Security doesn't indulge in whitewashing, but Cisco does it too much.

I have been using Splunk Enterprise Security for two years.

I have not seen any outages in the product in the past two years that it has been running in our company, so I think it is good when it comes to the stability part. I have had an experience with the vendor during which there were two products, one from the vendor and the other from Splunk Enterprise Security, and we saw that one of them was not able to capture all the logs appropriately, after which our company had to figure out whether it was Splunk API or the vendor's tool.

I have never used the product's customer support. My peer has contacted the product's technical support team, and it has worked very well for him.

My company used to use one of the spin-offs from IBM. My organization has used IBM QRadar.

Though I am not sure about the deployment model, I feel that since it may not be on Azure, the product must be deployed with the help of AWS.

I have experienced an ROI revolving around the product's dashboards, metrics, and other such related stuff, but I don't know how to quantify them. My peer would be the best person to speak about the product's ROI.

My peer would be aware of the product's pricing part.

There was a pre-vendor selection approach my company followed, but I don't remember the names of the products involved.

It is pretty important how the solution provides end-to-end visibility in our company's environment because it provides opportunities for shadow IT and for people to do things that they should be doing. If one is appropriately logging in, the product gives us a view and helps our company discover things that we didn't know about.

In terms of Splunk Enterprise Security's ability to help our company find any security events across multi-cloud, on-prem, or hybrid environments, I will have to say that since we are still using it, it has to be effective. If it wasn't effective in the aforementioned area, my peer would have found something else in the product. I don't have enough personal insight into Splunk Enterprise Security's ability to help our company find any security events across multi-cloud, on-prem, or hybrid environments.

Splunk Enterprise Security has helped to reduce my company's alert volume. Our organization does get alerts, and we are trained for them. I will have to ask my peer to give me the exact number associated with the alerts my company receives.

The solution provides the relevant context that helps guide our company's investigations. The context information has impacted our company's investigation process as it definitely speeds it up because we have only a single source from which we can get that, and it helps us understand what may have taken place in a particular incident that we are looking at in our organization. In our company, if we look at any of the other services, we can see whether a particular or specific user touched just a single system or ten different systems.

The solution has helped reduce my company's mean time to resolve, but I don't have numbers to explain it.

The reason why I rate the tool a nine is because of the flexibility it provides to go back to the dashboards. The flexibility to be able to customize standard dashboards and other standard things that I want to be able to grab and have them pop out and then be able to create some sort of an action against those kinds of things that I want, of which the first is the standard reporting part, which is very valuable.

To those planning to use the solution, I would suggest that they need to get Splunk to work hard on the pricing part. People also need to encourage Splunk to stay true to its roots because I have seen what has happened to some of the other tools in the market. Splunk has been acquired by Cisco. You want Splunk because of its capabilities, not because of what Cisco wants to give you.

If I consider my company's needs, I rate the overall product a nine out of ten.

We use Splunk Enterprise Security to monitor our network environment for abnormal activities and threats.

We easily monitor multiple cloud environments with Splunk Enterprise Security.

Insider threat detection helps our security posture.

I use the threat intelligence management feature whenever I do a threat analysis.

When Splunk detects breaches and malicious activities it notifies our IT team so they can analyze the notifications and respond accordingly.

Splunk has helped our organization by allowing us to gain valuable insight through the analysis of large datasets.

The customizable dashboards are user-friendly and visually appealing.

It has helped reduce our alert volume.

It has helped speed up our security investigations.

The most valuable feature of Splunk Enterprise Security is website activity monitoring.

While Splunk Enterprise Security offers valuable features, its cost is high and could be more competitive.

I have been using Splunk Enterprise Security for around five months.

Splunk Enterprise Security is stable.

We frequently connect with the support team to review our options. They resolve our issues quickly.

Neutral

We also use IBM QRadar but Splunk Enterprise Security is more functional and user-friendly.

Splunk Enterprise Security is expensive.

I would rate Splunk Enterprise Security eight out of ten.

For someone who wants to use the cheapest solution, I would tell them that this is the best solution and worth the cost.

I recommend Splunk Enterprise Security to others.

The primary focus of our work with Splunk is on security incident monitoring and security log monitoring. This involves utilizing it to analyze and respond to security events effectively. Additionally, compliance with regulatory requirements is another crucial aspect of your role. We also extend Splunk's functionality to custom applications by writing custom parsers and handling logs specific to those applications. This includes the development of unique dashboards tailored to the needs of each application.

Splunk's capabilities in insider threat detection are highly effective in assisting organizations in identifying unknown threats and anonymous user behavior. The sophistication of these features is notable, making them suitable and beneficial across a range of organizational sizes, from small businesses to large enterprises.

The threat topology and MITRE ATT&CK features are seamlessly integrated as complementary components within Azure.

It significantly accelerated security investigations, and I believe the improvement falls within the range of twenty to thirty percent.

The resilience provided by SIEM adds significant value; it is highly effective.

The most valuable features for us include its robust log management capabilities, which allow us to efficiently handle and retain logs for extended periods as needed. The flexibility to customize log retention periods is particularly beneficial. Additionally, we find the dashboard functionality and the advanced query language options to be highly valuable. These features, especially the powerful query language, are extensively utilized in our day-to-day operations.

I find that the learning curve for Splunk is relatively lengthy. To utilize it effectively, one needs a substantial amount of time for learning. I might appreciate a learning curve that comes with more out-of-the-box functionality, such as easily installable Splunk apps or user-friendly features.

I have been working with it for three years.

I find it to be highly stable, and I would rate it a solid ten out of ten.

I would rate its scalability capabilities ten out of ten.

Before using Splunk, I relied on the built-in tools of Linux operating systems, such as Syslog NG, but specifically the open-source versions. I haven't had experience with the commercial version of Syslog NG, which is a more advanced tool. In this category, Splunk is essentially my first exposure to such advanced features.

Setting up Splunk is quite straightforward, especially for basic configurations. The process is not overly complicated. While a cluster implementation may require more advanced steps, the basic setup is generally easy to handle.

I handled the deployment independently, but the required personnel depends on the organization's size and the expected outcomes. For larger organizations, especially when the new tool integrates with various departments like operations, development, and security, it becomes a collaborative effort. In such cases, it's not a one-person job and involvement from multiple departments is essential. However, for smaller companies, the process is less complicated. It involves coordinating with support and developer teams to communicate the implementation, and the focus is on providing the necessary outputs from the tool to support their ongoing work effectively.

I utilized it in a single, non-geographically dispersed location. My experience is limited to a single site, and I haven't worked on a multi-site installation.

While it can run stably for a certain period, eventually, there is a need to manage or archive logs, especially if your background storage is not unlimited, as is often the case in these scenarios.

The return on investment is quite favorable with Splunk, particularly for large enterprises that have made the initial purchase and possess the requisite expertise and technical support.

In terms of pricing, I believe Splunk is unreasonably costly for the majority of mid and small-sized companies. Its real advantages, or what sets it apart, seem to be more suitable for large enterprises.

For the market I focus on, which includes small to medium-sized companies, I would recommend Wazuh. It's an open-source security information and event management solution. The main consideration is that, in terms of both functionality and cost, Wazuh is sufficient for the requirements of smaller enterprises. Utilizing an open-source tool like Wazuh can effectively cover the necessary areas without the need for the higher costs associated with Splunk.

I would recommend that anyone considering implementing Splunk should first thoroughly assess their environment. It's crucial to determine whether Splunk is genuinely needed for your specific usage scenario or if a smaller software solution might suffice. Overall, I would rate it nine out of ten.

I use Splunk Enterprise Security for monitoring, threat hunting, and quick response. By implementing Splunk Enterprise Security I aimed to address security challenges and threats for both myself and my clients.

Splunk Enterprise Security has significantly improved our organization by centralizing data and enabling efficient correlation across multiple vectors. The benefits were realized quickly after deployment, with noticeable improvements within the first three to six months.

Splunk Enterprise Security has sped up my security investigations, approximately by 30-40%.

The most valuable features of Splunk Enterprise Security are its high-performance data collection, flexible query language, and its versatility across the organization. The unique query language, once mastered, provides flexibility, and the tool extends beyond just security, benefiting network and development teams. This versatility and speed in searching and trend identification enable quick defense for my clients. For me, it is about fast detection, rapid response, and easy access to crucial data.

Splunk Enterprise Security could improve in automation, flexibility, and providing more content out of the box. The effort required for tuning and management is higher compared to some other solutions. Focusing on automation and reducing the engineering effort would enhance its effectiveness. I would like a store platform similar to what Sentinel offers to be included in the next release of Splunk Enterprise Security. Additionally, the pricing structure needs improvement.

I have been using Splunk Enterprise Security since 2016.

The stability of the solution is quite good.

The scalability of Splunk Enterprise Security is good. The solution is stable and performance-driven, making it well-suited for scalability.

The community support for Splunk is excellent, with an engaged user community. However, for the standard technical support, unless you opt for the premium, I would rate the support as three on a scale of one to ten. It is not as helpful as desired.

Negative

Before Splunk Enterprise Security, I used various solutions, including LogRhythm. I chose Splunk because it proved to be more stable and reliable, especially compared to the issues I experienced with LogRhythm. With Splunk Enterprise Security, it takes my analysts approximately 30-40% less time to resolve alerts compared to our previous solution.

Monitoring multiple cloud environments using Splunk Enterprise Security dashboards is moderately easy, around a six out of ten. Setting it up requires a fair amount of engineering effort, especially for non-Splunk Cloud environments like Azure and GCP. Once configured, monitoring becomes straightforward, allowing easy creation of use cases and efficient log monitoring for improved cloud security.

The initial deployment of Splunk Enterprise Security was complex, involving significant engineering effort and tuning. It took anywhere from three to twelve months, which is considered a relatively long time. In comparison, deploying Microsoft solutions typically takes around six weeks on average, which is a significant difference in deployment efficiency.

The implementation strategy for Splunk Enterprise Security involved workshops, high-level design approval, and phased deployment covering physical deployment, log collection, testing, and tuning. Typically, three people from my team (project manager, lead engineer, and lead analyst) and around half a person from the customer's side are involved. Maintenance is substantial, requiring a team of 13 engineers for 60 customers, ensuring not everything breaks simultaneously.

I find Splunk Enterprise Security to be overly expensive, and their pricing model lacks flexibility. There is no consumption-based pricing, and dealing with Splunk can be challenging. They seem rigid, less accommodating, and often don't listen to customer needs. A more flexible and customer-friendly pricing approach, aligning with industry trends, would be appreciated.

Before choosing Splunk, I evaluated other options, including QRadar. However, if I were to evaluate them today, my choice might be different.

If you are willing to invest in engineering effort, Splunk Enterprise Security provides excellent visibility into multiple environments, including cloud, on-premises, and hybrid setups. While some solutions may require less effort, Splunk is capable and versatile, making it a strong choice for comprehensive visibility across diverse IT environments.

Assessing threat detection capabilities in Splunk Enterprise Security is like evaluating how easy it is to drive a car. It provides powerful tools, but mastering the query language for utilizing these features requires effort. Once you know how to use them, it becomes an effective tool for detecting unknown threats and monitoring user behavior.

I use the Splunk Mission Control feature, which is highly important to my security operations. It is particularly valuable for multi-tenant and multi-site mission control scenarios. The Splunk Mission Control feature is effective for centralizing threat intelligence and ticketing system data when dealing with a single entity or group. However, its usefulness diminishes when managing multiple customers with diverse policies and groups.

The features in Splunk for discovering the overall scope of an incident, including the topography aspect, are considered industry standards. However, the topography feature is not particularly useful in my case, so I don't extensively use it.

Splunk Enterprise Security is effective for analyzing malicious activities and detecting breaches, especially if you invest the effort. However, newer solutions are considered better and more flexible. While Splunk was an industry leader five years ago, today, platforms like Microsoft Sentinel may outshine it in terms of ease of use, especially for users unfamiliar with Splunk.

Splunk Enterprise Security has helped me detect threats faster compared to other solutions. It stands out in terms of speed and effectiveness.

My advice to others is that if you are looking for the cheapest solution, Splunk may not be the right choice. Consider alternatives like LogPoint or Arctic Wolf, but be cautious as they might not offer the quality and capabilities needed for effective security. Sometimes it is better to invest in a more robust solution than settling for a cheap option that might not meet your requirements. Overall, I would rate the solution as a six out of ten, mostly because of its pricing.

We use the product mostly just to pull out the reports, medical investigations, et cetera. As a security analyst, we can look at and pull data. You can make a central hub for a lot of different sources, including servers and endpoints. It makes it easy to check logs for every device connected.

If you are a data analyst, security analyst, or anyone who basically requires a set of data in your database job, and you have to have normalized data represented or, just to check for any patterns, this is quite helpful. With Splunk, you can pull in the data, you can transform it, and represent the data via graphs or pull the data and export it into Excel and perform further investigations. The use cases are quite deep. 

With this product, you can go for an in-depth search or just perform a surface-level search. There are different modes in which you can perform searches, and that basically defines the speed of how fast you can get the data. If you are going for a more detailed version offered, it'll take a bit of time. However, they'll give you more and more data. There's also a fast mode in it. 

The data which you can pull, you can basically visualize it, you can normalize the data, evaluate it, and convert the data into tables. It's much easier to pull the data, organize it, and normalize it as you are performing the searches. That's quite helpful.

I prefer working with cloud infrastructure like this as you can increase the storage capacity or the license at any time and search for a number of different endpoints. If you want to ingest more and more data, having something like Splunk available on the cloud is preferable. 

I take advantage of the incident response part of the solution. If anything happens at the endpoint, if anything happens at the user system, servers, or something like that, my role is to look into the logs, go through other investigations, perform a time scan, and create a timeline of all the events. This helps do that job.

I'm also aware they have a Mission Control. I have actually attended a few surveys on that, however, I haven't really implemented it due to the fact that we are in the middle of a few of the projects, and things are at higher priority as of now. So we haven't really focused on that.

Using Splunk, we can check out what server versions we have. If we just cross-check with the database, we can see if we have any availability and then we can pull in the files. If you have a database, you can perform a query to check for any particular problems in the entire environment. For the threat notifications, it's quite helpful.

Indirectly, it's helped us reduce our alert volume. If you have a list of files, you can run it through the environment and, based on that, create rules and exceptions. This indirectly helps reduce alert amounts. You can go through false positives and sort them out as well and create a rule against them. 

It's helped speed up security investigations. Being a central hub of logs, we can jump into a different log or source and jump into any investigation. You don't have to jump from one tool to another. This automatically reduces the investigation time. 

There are lots of free learning materials on their website. 

Overall, things are quite easy. It's a simple solution. 

I haven't explored beyond the security aspect as a data analyst. I haven't noticed any shortcomings so far. 

I've been using the solution for more than a year now. 

There are different modules, and I haven't activated all yet, however, the stability is okay. I would rate it seven out of ten. If we run into issues, there are materials they provide and online support. You can even call them. 

The solution is deployed to one location. It's deployed across the entire environment. 

The level of scalability depends on the license you have. You can expand or reduce it based on the environment. It does cost more money to scale, however.

I would rate scalability seven out of ten. 

Support is quite responsive. They also offer 24/7 support services. 

Positive

I previously used Palo Alto XDR. 

I also used an email solution whose name I can't recall. You could check emails flowing into or out of your environment.

I wasn't involved in the deployment; the solution was set up when I arrived. 

That said, I did go through some setup videos, and the process does not look difficult. They provide the steps for every aspect. There's also always support you can reach out to if you have questions. 

There may be some maintenance required in terms of upgrading. When you upgrade the version, you may need to upgrade your sensors on the endpoints. However, Splunk is quite compatible with other devices, so it's not difficult. In our company, the administrators handle maintenance. 

I haven't witnessed an ROI in terms of how I'm using the tool. 

It's mostly for EDR. You can cover servers as well; however, that requires additional licenses. Pricing is based on usage. As an EDR specialist, I interact with the tools and perform investigations. I don't deal with licensing directly.

This is quite new to me. I've only recently started working with Splunk. I used to work in EDR. It took me two to three months to understand the internal architecture of the organization, and based on that, I can use Splunk for all kinds of searches. So, how long it takes to realize the benefits of Splunk depends on the person and the complexity of the environment. 

I did not evaluate other options. I adopted this tool when I joined my current organization. 

We're a Splunk customer. 

To those considering just going with the cheapest solution, it depends on your level of comfort with support. If you have a cheaper tool, the support would be addressed. With Splunk, that's the difference - their support response. If you have a tool with a good license, you will be able to get immediate help if there's any vulnerability.

I'd rate the solution eight out of ten. 

I'd advise others to take time to learn the solution and develop skills. It's all about DSL queries. If you are off on queries, it won't give you any results. You need to be accurate with your SQL commands.

Our SOC uses the solution to monitor our corporate and franchise environments.

Risk-based alerting is the most valuable feature. It really allows me to drive down the alert count and the alert fatigue for my analysts to make the alerts they see more valuable and actionable. The way that alerts are handled is better in Splunk. SPL is easier in Splunk. The UI of Splunk makes it easier for our analysts to move around and see what they need to see.

There are a lot of areas that are currently being improved that I want to be improved. Features related to content management must be improved. The product is adding more drill-downs.

When the tool was originally set up, things were not configured properly due to the rapid deadlines for installing everything. Now, we have to go back and recover a lot of things that aren't properly configured.

I have been using the solution for approximately four years.

I haven't seen any issues with stability. Most of the stability issues I've seen have actually been on the on-prem hardware.

We have no issues at all with scalability. The tool has high scalability and usability. The size of our environment is relatively large since it is an enterprise solution. We have around 5000 users and a franchise base.

I have never had an issue with Splunk’s support team. Every time I ask a question, I usually receive really quick responses. We are in the middle of a migration, and the engineers helping us migrate to Splunk Cloud have been fantastic every step of the way. They provide really rapid and complete answers when we ask questions.

Positive

I use LogRhythm a lot. I worked for an MSSP, so I have seen several products. So far, Splunk has been my favorite.

We have definitely seen an ROI on the solution. Any security tool has a fantastic ROI. A lot of companies don't like to budget for security until there's an incident or something goes terribly, terribly wrong. Just having that SIEM and having eyes on potential security issues is an ROI.

We are behind a few versions. So I hope that as we upgrade, I get more ideas for what I'd like to improve. We're still in the process of moving to the cloud.

The product has improved our organization's business resilience. The right tools are available to our analysts within the product, and we use them daily. It has drastically driven down our time to remediate, which is huge for us. It's huge for any company. We don't want four hours to find out that something has gone terribly, terribly wrong. Finding such issues before they turn into full-blown security incidents has been our biggest impact.

Splunk Enterprise Security empowers our staff. It is so user-friendly. It allows our analysts at every level to learn the tool and learn more about security through the tool. I progressed from level one. Now, I'm a content developer for enterprise security. The usability of Splunk is the best on the market. The solution has helped reduce our mean time to resolve.

As we add new features and applications into Splunk, time to value is pretty quick on most things. As long as we have someone that's willing to go through the effort to configure, the time to value is rapid. Adding applications to Splunk is a seamless experience. The UI of Splunk makes life so much easier. Some of my experience is based on technical debt in the organizations I worked with. I would probably rate the tool a ten if we didn't have so much technical debt.

By attending Splunk conferences, I get to learn about all the new tools and how to implement them. I use it for RBA and Machine Learning Toolkit. I develop content for our company. I am here to learn how to implement RBA and Machine Learning Toolkit better to reduce alert fatigue for my analysts.

Overall, I rate the product an eight out of ten.