Splunk User Behavior Analytics Reviews

The main use cases for Splunk User Behavior Analytics include threat detection. I detect insider threats, compromised users, account misuse, and all those things. I use unsupervised and supervised ML models. The risk scoring is another feature I use with categories. I assign risk scores to users and entities. I also do the integration with Splunk because Splunk User Behavior Analytics natively integrates with Splunk Enterprise. I build timeline visualizations, threat timelines, and event linkage. I also perform alert prioritization and threat-related prioritization based on trends.

The best features in Splunk User Behavior Analytics include anomaly detection, behavioral profiling, and risk scoring and prioritization functionality. There are certain out-of-the-box use cases as well, such as insider threat detection and credential misuse detection. The solution also includes ML-related features.

I have been using customizable dashboards and reports in Splunk User Behavior Analytics, and it has built-in dashboards that show top users by risk, trending anomalies, and additional metrics.

I evaluate the automation capabilities for threat detection in Splunk User Behavior Analytics, which uses automated machine learning models and behavioral analytics to detect complex and hidden threats. For example, unsupervised ML models can learn normal behavior over time such as logon patterns and access levels. The system can detect deviations in user behavior such as logins during odd hours or from new locations.

There are improvements that could be made to Splunk User Behavior Analytics as any product will have advantages and disadvantages. Scalability is one consideration. For example, the advantages include rapid auto scaling to meet demand. A disadvantage is that it can lead to cost overrun if not properly factored or governed. The speed of deployment offers faster provisioning as an advantage, but it can require substantial automation skills and infrastructure as code expertise, which can be challenging.

Cloud provides major operational benefits such as agility, automation, resilience, and global access when setting up on Cloud. However, it introduces challenges such as cost control, complexity, and vendor dependency. For example, global reach allows deployment of apps and services closer to users worldwide, but data sovereignty concerns exist and region selection must align with compliance requirements.

I have been dealing with Splunk User Behavior Analytics for one year.

The solution is generally stable. Although no Cloud deployment is 100% stable, the platform uptime SLA on the Cloud is 99.9%. The stability depends on how infrastructure redundancy is factored into the design and implementation. With built-in redundancy across zones and regions, 99.9% uptime is achievable. Automated scaling must be enabled to maintain better platform uptime.

Splunk offers multiple types of support tiers including standard, premium, and enterprise support. From the responsiveness perspective, Splunk is very responsive with SLA-bound support for premium tiers. There are numerous active forums, user groups, and Splunk Answers as part of their community support.

The knowledge base includes extensive articles, thorough documentation, and Splunk-based apps are available. The support quality is excellent for paid tiers, following enterprise-grade SLAs with proactive support and deep expertise.

Positive

I have worked with similar solutions from other vendors, including Elasticsearch's product called Elastic. There are crucial differences between Elastic and Splunk User Behavior Analytics, with Splunk having its own advantages. Splunk has proprietary log analytics capabilities, while Elastic is built on an open source base.

For example, when working with Citrix UberAgent, an end-user experience monitoring tool, it has extensive integration with Splunk, allowing creation of 13-14 dashboards. Elastic has limitations, enabling only three to four dashboards with Citrix. Regarding licensing models, Splunk uses commercial volume-based pricing, while Elastic offers an open source basic version with platinum and enterprise tiers for full features. This provides an advantage for smaller organizations that don't require extensive features.

The initial setup and deployment requires several key steps. Requirement gathering involves defining business needs, application architecture, compliance, and security requirements. Cloud platform selection must be made between Azure, AWS, GCP, or hybrid/multi-Cloud options.

Design architecture involves solutions based on computing, storage, network security. Subscription account setup requires creating Cloud accounts, defining billing structure, and cost centers. Identity and Access Management (IAM) setup includes configuring AD, Azure AD, or AWS IAM, defining roles, policies, and RBAC.

Network setup involves configuring virtual networks, subnets, NSC, firewalls, VPN, or express route. Core infrastructure provisioning includes creating virtual machines, Kubernetes clusters, databases, and storage. Security configuration requires implementing encryption, endpoint protection, and firewall security groups.

Additional steps include compliance checks, application deployment through CI pipelines or Azure DevOps, monitoring setup using tools such as Azure Monitor, AWS CloudWatch, and Splunk. Backup configuration, performance tuning, user acceptance testing, go-live procedures, and ongoing optimizations are also necessary components of the setup process.

In terms of setup cost, pricing, and licensing, Splunk User Behavior Analytics is not an inexpensive product. The setup requires numerous components including storage, networking, identity access, integration, and backup. Cost-wise, with pay-as-you-go options, the pricing can be extensive.

The licensing model includes various options. Reserved instances with one or three-year commitments offer lower rates, providing up to 70% savings. The Bring Your Own License (BYOL) option allows use of existing Microsoft, Red Hat, or Oracle licenses with software assurance. The Service Provider License Agreement (SPLA) model offers monthly usage-based licensing for service providers.

I am currently using Splunk User Behavior Analytics on Cloud in a SaaS model. The customer purchased the solution directly, not through AWS. We operate as a service provider managing the solution. I have rated Splunk User Behavior Analytics 9 out of 10.

We are dealing with the full Splunk portfolio, including products such as Splunk User Behavior Analytics and Splunk ITSI.

The dashboards are one of the very core functions of Splunk User Behavior Analytics. They are very good in dashboarding. The dashboards themselves are nice, very good, and very helpful, but the accuracy of the data or the information that will be presented on the dashboard is something that needs to be questioned.

Splunk User Behavior Analytics is still an immature product, so it still needs some R&D to be able to be mature in the market.

The prediction, algorithms, and ML codes behind Splunk User Behavior Analytics need to be more tuned. The logic needs to be reviewed because it has many false positives.

For Splunk User Behavior Analytics, it is not yet a mature product and we are not recommending this to mature customers for now.

The machine learning algorithm in Splunk User Behavior Analytics is actually the core thing that needs to be updated because this feeds all the other functions inside it. If the ML functions are not good enough, that means the risk scoring and all other related information will not be correct.

Technical support for Splunk User Behavior Analytics is good. I would rate their technical support as 8.5 out of 10.

Positive

The implementation for Splunk User Behavior Analytics is a bit complex, but this is typical for the product.

Splunk User Behavior Analytics is a premium product. Compared to all other products in the market, it is the most expensive one in all aspects including professional service and licenses, even the cloud version.

If comparing Splunk User Behavior Analytics to other products in the market, it is very expensive.

It depends on what exactly the customer is looking for because we can compensate most of the Splunk User Behavior Analytics functions with other technologies such as EDRs or SDRs. It all depends on the customer profile itself.

If customers already have a Splunk infrastructure and are willing to invest with it to work on or to expect development to happen in the near future, they might consider it. However, if they are expecting a full ready-made product that will deliver value from day zero, this means that Splunk is not the right solution for them.

For mature customers, I will not recommend Splunk User Behavior Analytics.

On a scale of one to ten, I rate this solution a seven out of ten.

We use Splunk User Behavior Analytics for log analysis, monitoring, security management, and creating dashboards. We utilize it for Citrix monitoring dashboards, where we integrate Citrix with Splunk to create performance dashboards specific to session details and resource usage. We also use it for monitoring user experience metrics.

Splunk User Behavior Analytics assists us in visualizing and representing data from different sources for real-time monitoring and analytics, which is useful for troubleshooting purposes.

Splunk User Behavior Analytics is known for its advanced analytics and data correlation capabilities, which help in detecting patterns, anomalies, and security threats. We can collect data from multiple sources in real time, and it is known for customizable dashboards with real-time updates. It is highly scalable and stable, even in large-scale enterprise environments.

High data ingestion costs can be an issue, especially for large enterprises, as Splunk charges based on the amount of data processed. Complex dashboards may require additional scripting. Some integrations require third-party applications or custom development.

We have been using Splunk User Behavior Analytics for at least two years.

Splunk User Behavior Analytics is highly stable and reliable, even in large-scale enterprise environments with high log injection rates. Stability depends on proper deployments, maintenance, and resource allocation.

Splunk User Behavior Analytics is highly scalable, designed for enterprise scalability, allowing expansion of data ingestion, indexing, and search capabilities as log volumes grow.

Splunk offers different tiers of support: standard, premium, and mission-critical. Premium and mission-critical support provides 24/7 assistance, with mission-critical offering a dedicated team, proactive monitoring, and fast resolution.

Positive

I am a service provider for one of our large customers.

Splunk User Behavior Analytics is a high-level investment, and ROI depends on efficient implementation and use. The solution can save costs by improving incident resolution times and reducing security incident costs.

The pricing is based on the amount of data processed, and it is considered a high-level investment for enterprises. Costs can be cut through efficient use and implementation.

I rate Splunk User Behavior Analytics an eight out of ten overall. I prefer communications to be sent to my corporate email.

I am a service provider and reseller. We have been working with Splunk User Behavior Analytics for ten months. Our company, as a system integrator, works with customers in government, banking, fintechs, and SMBs.

Splunk User Behavior Analytics offers several beneficial features, such as Insider Threat Detection, account compromise detection, risk scoring, threat detection, and machine anomaly detection. The anomaly detection feature enhances our customers' security posture by learning from historical data. It correlates all the historical data, compares the upcoming behavior with what's already stored in the platform, and reduces false positives.

I would like to see an enhancement in the automation of creating the rules.

I have used the solution for ten months.

Splunk's technical support is amazing. Their response time depends on the SLA. If the issue is of medium or low security, they respond differently than they do for high-security issues.

Neutral

The ROI is positive for our customers.

Comparing with the competitors, it's a bit expensive.

I would recommend Splunk User Behavior Analytics for large companies with investment capacity for security. For small and medium-sized businesses, it might be too expensive, so I would rate it six for them. For large companies, I would say it merits a rating of eight to eight and a half. Overall, for small and medium-sized companies, I rate it six. For large companies, I would rate it eight to eight and a half.

The focus is on applications and their behavior. For example, some edits might lead to unusual behavior. Based on these observations, I have made use of the solution.

Features like alerts and auto report generation are valuable. Reports are generated automatically, which is a significant benefit. It is very easy and quick for me to gather reports and all the data in a single table or area.

The dashboard part could be improved. While using it, I noticed two options: Classic, which is adequate yet only in black and white, and another one that is more advanced or smart, though I forgot the exact term. I encountered several issues while trying to create solutions for this advanced version, which seem unrelated to query or data issues.

I have used the solution for almost three years.

Sometimes issues occur when handling long-term data. It's not exclusive to Splunk. Any log service can experience this due to the extensive data fetched per microsecond. However, improving the speed would be beneficial.

I find customer service to be satisfactory. I don't see any problems or obstacles that need mentioning.

Positive

The initial setup is very easy to install. I do not need to download much since I primarily use the service. It is straightforward and efficient.

For time savings, it is an excellent option. It should prove to be a good solution.

I started using it about six months ago. It's still not in a significant stage, however, I hope it will have more user interaction.

If the solution can be improved, that would be good. However, if not, it still functions well. It is obviously a good one. I would rate the product nine out of ten.

I use Splunk User Behavior Analytics for SAML authentication, behavior analysis, and integration purposes. Integration allows me to identify version controls in CRM systems and analyze remote users. Additionally, I use it for streaming and machine learning kit integration, focusing on behavior analysis.

Splunk is highly valuable for query purposes. I use Splunk queries and integrate regex. I primarily use it for integration on different cloud platforms, such as Azure, AWS, or GCP. I also utilize it for anomaly detection and behavior analysis, particularly using Splunk's machine learning environment.

In terms of improvements, advanced reporting could see enhancements as there are some issues with latency. Additionally, there are challenges with configuration findings during lexical analysis.

I have been using Splunk for around two years, which is almost twenty-four months.

Splunk User Behavior Analytics is a one hundred percent stable solution. I am satisfied with its stability.

Currently, I do not have scalability requirements, but it might be required in the future.

Customer service and support are satisfactory. I would rate the support at eight, meaning there's some room for improvement.

Positive

I previously used Kibana's ELK but shifted to Splunk for greater reliability and security purposes for data modeling.

The initial setup can be complex and requires vendor dependency, especially due to the open-source nature of the solution.

I am an integrator and work with various client types, including BFSI, media and communications, telecom, IT, and oil and gas sectors.

We have seen around thirty to thirty-five percent return on investment, particularly in terms of time and cost savings.

Splunk is up to the mark in terms of pricing. However, I cannot provide specific comments on the pricing at the moment.

I previously used Kibana's ELK and evaluated it for integration with Splunk for better reliability and security.

I would rate my satisfaction with Splunk User Behavior Analytics at a seven out of ten.

I recommend it to my customers, but I'm a salesman. I am not implementing it myself.

It decreases the false positives, so it will decrease the time consumed by the operation team to work on Splunk.

The most effective one is the integration with other vendors. This is the most attractive one. 

It's very intelligent. You are dealing with a machine, almost like a human.

Also, the dashboard is very useful.

Enhancing the storage model that they are using is necessary. It's too much. The number of VMs, the total number of VMs, is overwhelming. The system is stable, but for the storage issues requiring a large number of VMs, it will be a nightmare.

I have been using it for almost around three months.

The system is stable. You don't need to create many support cases as the system is stable and is working efficiently.

The customer service is very good. You don't need to create many support cases because the system is stable.

Positive

I used Elastic previously, however, Elastic is not matured in user experience like Splunk.

It's too expensive. If you need observability, you will pay for the whole package of observability. But if you need anything in security, you will pay for the whole package, then you can select the use case that you need. I think it might be broken into simpler packages. The licensing cost per day is too expensive.

The system is stable, but for the storage model that requires a large number of VMs, it will be a nightmare.

I'd rate the solution seven out of ten.

We introduced this solution to our customers and requested some dashboards, analytics, statistics, and information to be available through Splunk. However, I'm not proficient in the details and queries.

We work at the airport and operate at various levels of management to ensure the quality of products and applications. 

We monitor the transportation of suitcases, the number of errors in applications, the number of incorrect log-ins, the number of users, and other statistics. 

System management, includes monitoring system behavior, memory size, memory usage, schedules, and analyzing what happened. 

It also involves network monitoring for messages that impact systems and specific applications, including downtime and performance issues. The level of involvement and responsibility varies based on an individual's role within the company.

We are really pleased with Splunk and its features. It would be practically impossible to function without it.

To provide a general overview of the system, it's important to note that the standard log files are currently around 250 gigabytes per day. It would be impossible to manually walk through these logs by hand, which is why automation is essential.

The system has a very quick response time and can store an enormous amount of data.

Currently, we do not have any specific improvement projects in progress. However, we have partnered with some companies that are constantly working on improving the system. Therefore, I believe it's in a good place right now.

If the price was lowered and the setup process was less complex, I would consider rating it higher.

I have been working with Splunk User Behavior Analytics for three years.

Currently, I am using Splunk, and our company has opted for complete outsourcing of the software.

We have multiple instances of Splunk, with one instance using the Splunk SIM solution and the other instance using a SIM solution that we developed in-house.

Splunk User Behavior Analytics is a stable product.

Splunk User Behavior Analytics is a scalable solution.

Our customers are enterprise companies.

Technical support is good.

We had them visit a couple of times and it was very good.

I would rate them an eight out of ten.

We have a Splunk architect who has completed all the Splunk courses, and we also have several people with some level of first-hand knowledge. So our expertise in Splunk is above average.

We help our customers implement this solution for functionality.

The initial setup is complicated since the solution is spread across multiple data centers - on-premises - which makes it more complex than a standard PC setup.

The implementation can take a few days for one person to complete. This is for multiple locations and 400 end users, as well as multiple departments.

It's one of the products that the first-line maintenance engineer is responsible for maintaining.

I am not aware of the price, but it is expensive.

A rough estimate would be around 150 gigabytes, given the huge amount of data.

At the moment there are no additional costs for maintenance.

I would rate Splunk User Behavior Analytics a nine out of ten.

Generally, due to its usefulness and benefits, we find this to be an excellent product.

The solution helps us with the governance of attacks. We use the solution for threat identification and governance. The solution's use cases depend on the logs we ship to them because we ship all the logs of different products.

The solution's most valuable feature is Splunk queries, which allow us to query the logs and analyze the attack vectors. Splunk User Behavior Analytics is an easy-to-use tool.

Sometimes, we need to write explicit queries. It would be good if the solution had an analytics tool that allowed us to analyze the data without writing specific queries. The solution's user interface is not that good and could be improved.

I have been using Splunk User Behavior Analytics for three to four years.

I rate the solution an eight out of ten for stability.

Splunk User Behavior Analytics is a scalable solution.

The solution’s initial setup is complex.

The solution can be deployed in a couple of minutes.

We are using the latest version of Splunk User Behavior Analytics. Using the solution was difficult initially, but now it's okay. Users should not ship all logs because storing and manipulating the data is very expensive.

Overall, I rate Splunk User Behavior Analytics a seven out of ten.

We have an application running for our e-commerce site, and we use Splunk primarily to detect anomalous behavior like false orders and other bot-related threats. Splunk helps us analyze and eliminate threats using machine learning. 

Splunk is more user-friendly than some competing solutions we tried. 

We want to have an automated system for bot hunting that enables us to detect anomalies predictively based on historical data. It would be helpful if Splunk included process mining as an alternative option. We have a threat workflow, but it would be useful if we could supplement that with some process mining capabilities over time.

I have been using Splunk for a month. 

Splunk hasn't gone down since we started using it. 

We previously had a solution that we developed in-house but recently started to use Splunk. Our in-house solution was unstable and had frequent issues, so we wanted something from a reliable vendor. We were already using other Splunk products, so we were familiar with the company.

Splunk was quite easy to set up compared to similar products we've used.  to we are using few other things like this. For example, it was easier to deploy than New Relic. We finished the setup in two or three hours. 

I rate Splunk User Behavior Analytics seven out of 10. There is still some room for Splunk to incorporate new capabilities and automate workflows. It's a solid solution for protecting against external threats like bots and unauthorized access. If you've experienced cybersecurity issues in the recent past, Splunk could help you develop a predictive approach based on user behavior.