Splunk Enterprise Security Reviews

The project we are working on with Splunk is short as the customer has given us two months to implement. My company is a Splunk partner.

Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later.

I would like Splunk to add more integration. QRadar has many indications with more products than Splunk.

I have been working with Splunk for three months.

Splunk is quite good if you want to scale it.

My client has some pain points with QRadar and does not feel the kilogram function is accurate. Other features do not match with the customer behavior as well. They want to replace QRadar with Splunk because they are familiar with this solution.

The initial setup of Splunk is complex. It requires a lot of equipment and uploads.

My company provides the implementation and maintenance services to our customers.

Splunk licensing requires you to purchase licenses for any feature per user. For example, if you need UEBA, it is difficult to propose in the project. QRadar has a free upcharge for UEBA. Customers cannot calculate the additional costs based on gigabytes per day because they can not forecast the future.

Due to the cost of Splunk, I recommend it for larger companies. Splunk is powerful when sorting huge amounts of data. 

Implementation of Splunk takes preparation. It requires a lot of resources and needs the infrastructure to support the project.

I would rate the solution an 8 out of 10.

The primary use case of this solution is to monitor Cyber Mission databases.

I create the diagrams to create an architecture that is then implemented. However, creating these diagrams are for my own learnings since these implementations are usually already available in the cloud office logs.

The features I have found most valuable are the dashboards. 

I monitor the complete capacity that users are using in the company.

An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times.

They also need to update their documentation.

The solution is stable.

The scalability of the solution is amazing because it can collect a lot of data and you can have your own structure to monitor this data.

The customer service/technical support was helpful and they answered my questions as best they could.

The setup was easy, but you have to have a VPN connection depending on the security protocols in place.

The deployment was in-house and took about two days with the correct licenses and permissions.

It is important to define different guidelines to integrate Splunk in development, QA, and production deployments. Additionally, define the applications that will be used and the configuration of the databases to collect the data. If this is not done, there will be a lot of issues due to, for example, master access or permissions to use the database collector and blocks.

We use Splunk for security and also PCI compliance.

We have installed and implemented this solution for several clients in Bolivia with our team. We have received training from Splunk directly, and we have also provided training to our clients.

We deploy two versions: one for on-premise and one for the cloud.

Most of our customers purchase Splunk because they required a tool for gathering and collecting all of the logs from the infrastructure in order to make a correlation between data and to spot patterns surrounding security incidents.

The correlation capabilities are the first value that our clients say they like with Splunk. Another benefit is that they can connect to any device or log from any device from anywhere.

It's easy, the tool is very easy to install and set up. 

They could have more dashboards done or predefined so our clients could use them directly in order to have more information ready to use.

The difficult part is related to integration with sources of data that are used to create the logs as this depends on the infrastructure of the client.

We have been using this solution for more than five years.

Stability-wise, it's great.

We do not require much scalability here because the clients are not so big; however, the hardware where we installed the products was enough to handle all the transactions of Splunk.

The support is not so good, I would only give them a rating of six or seven.

They should provide support in Spanish here in Latin America. Their response time to inquires or requirement tickets is too long. It should be shorter.

Deployment took us two weeks.

I would recommend Splunk to any company: small, medium, and large.

Splunk is a great tool but you should get a partner who knows what they are doing, implementation-wise. 

On a scale from one to ten, I would give Splunk a rating of nine.

We use it for searching logs in a production environment.

It has reduced the time to resolution, time to investigate, and time to troubleshoot for debugging issues. 

Being able to search across all the different production environments at the same time, then being able to do search queries to scope out specific environments, specific components, or specific logs from different languages, such as Java or C++. Thus, being able to have really fine grain control on log searching is really good.

Out-of-the-box, it seems very powerful.

The search query seems slow, but I am not sure if that is just because it is searching millions upon millions of lines of text. Also, I just started using it, so I might have no idea what I am doing. I could probably speed up the queries by improving my search skills.

My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it. It is possible that we have already done this and I haven't participate, but this type of training would be helpful.

It is always up when I need to search. I am probably not using it that much. I will maybe search a couple times a day for something specific, so I am not using it too much. I know plenty of the people who are doing a lot more for debugging, and who use it a lot all day.

It seems like it scales well. We have hundreds of production and development environments, and we are searching on all of them. Therefore, it seems like the scale is good. 

We have hundreds of production environments, and each production environment has ten to 20 host machines. Each production environment can manage tens of thousands of customers.

Maybe going to AWS and scaling it better would be more cost-effective for our company. However, I am not involved in those decisions.

I have not used technical support.

We have other log searching tools, but we have standardized on Splunk. 

It is a great product. We have a lot of different tools to do this type of debugging. Yet, it is one of the first ones that I will reach for, and I think that is a good sign.

It works well and is the industry standard for log searching. It probably has other features too. Therefore, if you use it, I would recommend the training, so you know what you are doing. 

I am using the on-premise version.

IT service analytics: 

• Server machine data
• Monitoring data
• Alerting data
• ITSI KPIs
• Real-time reporting
• Month-over-month reporting.

It allows for transparency into IT metrics for insightful business analytics.

It brings together all sorts of data. It has the ability to correlate data, analyze and review it. This makes weekly ops reviews and monthly executive management reporting much easier by saving hours of collecting data. Report automation has been a life saver.

• Free-floating panels in the dashboards are like a glass table. 
• It needs more formatting control without having to be an admin.

Previously, only the service owner could see the data and he might have gone to several places to obtain it. Now, it is all in one place and easy to access. 

We are a solution provider and Splunk is something that we provide as a service to our customers.

The most valuable feature is the reporting and the information that is provided by the tool.

It is very easy to implement a PoC using Splunk, which will show the value of the reporting and data that it provides.

The integration is seamless with many devices and operating systems.

It is flexible enough that you can choose what kind of deployment model you want.

They have a large solution toolkit that supports IoT, wherein businesses can get a lot of help with the centralized management functionality. There are also tools to assist from the security and SIEM perspective, and there is a centralized dashboard.

Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it. It should be easy to customize dashboards.

When we are monitoring something, we would like to have a more granular outlook. Splunk has a good dashboard that is easier to use than some competing products, but better customizability would be a great help for the users.

We have been working with Splunk for approximately three years.

This product is very stable.

Splunk is a very scalable solution. Being a Japanese product, they will ensure that all of the features work in any environment. It is very heterogeneous. It can integrate with Windows, Linux, AIX, HP-UX, and Solaris. It also supports IoT devices, mobile phones, and more.

We have more than 150,000 people using our services.

The Splunk team has good, proactive support. Also in terms of assisting with the installation, they are quite good.

Splunk is similar to IBM QRadar, which we also have experience with. However, Splunk has advanced SIEM features included with it, so we often use it to satisfy this requirement. Whenever an organization is looking to implement SIEM, they have the flexibility to choose Splunk, QRadar, or the ArcSight Logger solution.

One of the major differences that I see between Splunk and QRadar is that Splunk gives the users fewer devices, so they can do things quicker. 

The installation for Splunk is easier than competing products QRadar and ArcSight.

We have Splunk deployed on the cloud so that we can provide the service, but some of our customers have it installed on-premises.

All the user has to do is download the Splunk server agent, install it on the laptop or endpoint, integrate 50 or 100 devices, then see what kind of reporting is available.

We have an in-house team for deployment in maintenance. Splunk is a tool that does not require much staff to maintain. The users can start with a PoC, simply learn it, and deploy it for themselves. They don't require subject experts to be hired for the installation and configuration.

Price-wise, if you compare QRadar to Splunk for SIEM functionality then they are in the same range but when you integrate SOAR with these solutions, Splunk takes the lead and is more competitive.

This is a product that I recommend for anybody who wants and advanced SIEM solutions. Of the three that I have used including QRadar and ArcSight, Splunk is the one that I prefer.

I would rate this solution a nine out of ten.

We primary use Splunk for log aggregation and search across multiple systems with Splunk Enterprise Security layered on top. 

Splunk has significantly reduced the time in performing the task of aggregating logs, reviewing as well as time spent during investigations. This has not only
increased our speed of response, but our efficiency dealing with the issue(s)
raised.

Aggregation searches, allowing for conditions to be automatically found in the data, have reduced time and difficulty of identifying trends and conditions which need to reviewed.

The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement.

The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly.

We had some connections issues with the solution at the beginning.

I have used Splunk within the last 12 months.

Splunk is a highly stable solution.

The scalability is good.

We have approximately 50 users using this solution in my organization.

I am satisfied with the support from Splunk.

We were previously using Excel.

We used a consultant for the implementation of the solution. The full process took approximately one week.

We had a big problem with communication sometimes during the implementation. Some files in our network were a little difficult to receive. This was our fault because of some of our firewall configurations.

We have a five-person maintenance team that works on this solution.

I rate Splunk an eight out of ten.