Splunk Enterprise Security Reviews

Our company is an IT service provider. We are resellers of Splunk. One of our clients that we monitor is a laboratory that uses this solution.

Splunk is a change management solution. We use the solution as a log collector, and to analyze and provide alerts from the IT instructor.

The product is good, it satisfies our customers.

The price of Splunk is too high for our market.

Our company has been a reseller of Splunk for less than six months.

Splunk is stable.

This is a scalable solution.

We have had no concerns with customer service.

The initial setup of Splunk is somewhat difficult because it was our first time implementing the solution. It was a similar situation to implementing other CM tools like FortiSIEM.

Splunk required two engineers to implement, and we will add another one to maintain the solution.

The prices are complicated as we operate in a small third-world country.

We give support for VMware and other technologies. We purchased Splunk because our customers were asking for our services to take control of the implementation from another company.

If you are considering Splunk and you like what you are seeing; my advice would be to go for it.

I would rate Splunk an 8 out of 10.

We enjoy the whole solution. It is meeting our requirements, especially the SIM solution. 

The alerts are very user-friendly.

We can easily configure things as required in relation to our use cases.

The search functionality is good. It works like Google. 

Onboarding is quite easy.

The scalability is good.

Product-wise, the performance is good. 

From the commercial point of view, they have to bring down their costs. It's a bit pricey right now. The license is quite expensive. 

Much like the SOAR platform, which has security, orchestration, and automation response, all of that should be part of the SIM solution itself. Currently, it is actually separated.  We understand that we have to integrate a SIM with a SOAR platform, however, if they could combine these two products together, that would be ideal. It would make things easy to implement and make more automation possible to avoid false-positive alerts.

We've been using the solution for the last four years. It's been a while. 

The performance is good. It's stable. There are no bugs or glitches. It doesn't crash or freeze. 

The scalability of the solution is very good. If a company needs to expand, it can do so. It's easy.

The solution can be expensive. It's not cheap.

We are customers and end-users. 

I'd rate the solution at a nine out of ten. 

With the use of Splunk, we were able to identify a brute force attack against a "switch" network device. An external attacker attempted to connect multiple times using multiple usernames. Splunk was able to detect these attempts and immediately blocked these attempts.

Splunk has facilitated the correlation of information security logs to look for incidents which could cause damage to the company's infrastructure, as well as financial losses from leaks.

Splunk's ability to receive all types of data and identify it correctly. It obtains a correlation of the logs and identifies incidents.

Splunk can improve regex/asset analysis as we do not want to crawl until it is done. I could not find a timestamp for when the log was processed and generated.

What Splunk calls operational intelligence: fast availability of operational data spread across several servers to prevent or react faster to outages or performance decreases.

MES is a complex and very critical distributed system here. Production WIP is directly connected to it and ICT is required to provide a continuous availability and very stable performance (line production has a costant speed, software cannot slowdown). Collect operational data from hardware, middleware and application software can potentially improve ICT proactive and reactive tasks.

I've ever used it, just studied it.

We also use a traditional monitor, and Microsoft SCOM.

Every stop or slowdown of the production line means lost of money, e.g. 30% reduction when compared to the current baseline.

Every stop or slowdown of the production line means lost of money, e.g. 30% of reduction compare to the current baseline.

IBM QRadar

We use the solution for monitoring systems. We also use it with servers and CG routers from the data center, as well as for collecting the ADL from all networks which are located in our regions of the country.

I like that the solution is easy to use and stable. 

The price of the solution could be cheaper. 

I am currently working with Splunk and have a year's experience doing so. 

The solution is stable. 

The solution is scalable. 

Support is at a level one department and I am responsible for managing both IT support and node engineers. 

I am satisfied with the support. 

The solution is easy to install. 

It took half a day. 

We were able to handle the installation on our own. 

There are 40 people responsible for the deployment and maintenance of the solution, four of whom are engineers. There is a computer DE who is responsible for the engineering and a candidate for graduation in 2022.

The solution could be more cost-effective, as we charge our customers the cheapest price. 

The subscription is monthly. 

The solution is cloud-based. 

There are more than a thousand users making use of the solution in our organization, who are connected with us in over 530 different areas. 

I recommend the solution and plan to continue using it. 

I rate Splunk as a seven out of ten. 

I am just a user, and from a user's perspective, it does the job.

It has quite extensive support in terms of integration. If you want to do anything, there are tools for that.

Its reporting can be improved. That's the only complaint I have heard. I don't need the reporting part, but I know that other people in the organization need it.

In terms of new features, I got everything that I needed from the tool. If they want to expand the capabilities to different things, they can cover topics besides log aggregation, etc.

I have been using this solution for two years. I am not using it on a daily basis.

It is stable. We don't seem to have any problems related to bugs. We are very happy with it.

We have our own internal team for its maintenance.

I would recommend this solution. If you are a technical person, it does what you need. If you are not a technical person and you require graphs, that's a different story.

I would rate Splunk a ten out of ten because I have no problems with it.