Agari Active Defense is a service to enable users to gain actionable intelligence, understand threats, and reduce risk from Business Email Compromise (BEC) attacks. The BEC Threat Intelligence service aims helps teams understand the specific threats an organization faces, develop a proactive defense, and reduce the risk and liability of financial loss.
Agari was acquired by HelpSystems in May, 2021, and is now a HelpSystems brand.
N/A
Splunk Enterprise Security
Score 9.8 out of 10
N/A
Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale.
N/A
Pricing
Agari Active Defense
Splunk Enterprise Security
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Agari Active Defense
Splunk Enterprise Security
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Agari Active Defense
Splunk Enterprise Security
Features
Agari Active Defense
Splunk Enterprise Security
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
Agari Active Defense
-
Ratings
Splunk Enterprise Security
8.4
Ratings
8% above category average
Centralized event and log data collection
00 Ratings
9.30 Ratings
Correlation
00 Ratings
8.60 Ratings
Event and log normalization/management
00 Ratings
8.50 Ratings
Deployment flexibility
00 Ratings
8.30 Ratings
Integration with Identity and Access Management Tools
In the case of an on going or retro active phishing attack, Agari Active Defense does extremely well in identifying the participants. Also, Agari Active Defense is capable of removing any of the detected items from the recipients inbox while blocking the senders and prevent any future entries. The variety of the emails continue to enter many organizations and Agari Active Defense helps stand as a first line of defense against phishing.
Its best feature is its user interface, which is easy to navigate and understand. All you need is a little tutorial on how to use the Splunk query language and you're done.
Logs can be easily uploaded or shared across multiple platforms and display a highly insightful graphical representations of data using graphs, tables, and many other formats.
You definitely need to learn how to use Splunk to get the most of the tool. There are many courses available for free to get up to speed on the usability of the tool but it's not that simple. It will take time to digest all the data and to understand how to query for what you are looking for.
ES requires a very performant infrastructure: if it has it's performant, otherwise not. I had situation with a very performant infrastructure and I didn't notized that it was a distributed architecture, it seemed that there ware few data on my PC, othewise I experienced less performant infrastructures with less performaces.
It's good when it's responsive, but I've had times where I had to wait quite a while for a response. But these are typically the exceptions rather than the rule. When you do get a response it is always well-informed and appropriate. I would say they've been trending better over time with this.
I experienced only on-line training, but the trainers were very professional and competent. Maybe it could be more useful if they also have an experience in projects because sometimes they didn't have a real project experience to communicate to the students. Anyway, it was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself, aven if I have more than 10 years of Splunk activity experience.
It was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself. The only problem was that, when I worked with the Splunk Professional Services, I found some difference between the training contents and the information from PS. In addition is required a long experience on Splunk Enterprise for the data ingestion part, in other words I'm able to work with ES because I'm worling on Splunk since 11 years, otherwise I'd some problem.
Agari Active Defense hold true to its name. As a products that performs in the first line of defense it is capable of determining certain times as malicious and preventing from enter the enterprise. With easy to use functions and tuning the product is capable to adjust to the environment and act on command of an analyst as threat are detected.
LogRhythm is good for a team comprising mostly non-technical IT users. Unlike Splunk, it has a GUI log search and a good ticketing system. Splunk is better than Logrhythm for me as it provides me with the ultimate flexibility to write custom queries. Scalyr is a good tool and quite frankly lot faster than Splunk. However, I prefer Splunk because of its better Dashboards and panel customization abilities. Elastic is another amazing tool. It is hard to choose between the two especially because both have different sets of logs on them. I use both. Elastic for internal server logs, Splunk for everything else.
We have on prem splunk and it’s mostly east to setup, but we have issues keeping data separated between customer splunk deployments while at the same time only having to look at one SIEM to address events in every environment
We have a 100% success rate on all our ES implementations due to the amazing documentation and Splunk enablement on the subject.
Our Splunk ES business has grown 100% YoY for the last 3 years.
In terms of long term management and maintenance, ES has been highly stable and predictable, reducing our overhead on costly services team for ad hoc maintenance work.