IntSights is an all-in-one external threat intelligence and protection platform, purpose-built to neutralize threats outside the wire. According to the vendor, it is the only solution of its kind. IntSights solution suite's goal is to equip cybersecurity teams worldwide to more effectively detect, assess, and mitigate threats externally from the source, well-before before they reach the perimeter. IntSights four core offerings are: Threat Command™ Threat Intelligence…
N/A
Splunk Enterprise Security
Score 9.8 out of 10
N/A
Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale.
N/A
Pricing
IntSights Cyber Intelligence, from Rapid7
Splunk Enterprise Security
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
IntSights Cyber Intelligence, from Rapid7
Splunk Enterprise Security
Free Trial
Yes
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
Optional
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
IntSights Cyber Intelligence, from Rapid7
Splunk Enterprise Security
Features
IntSights Cyber Intelligence, from Rapid7
Splunk Enterprise Security
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
IntSights Cyber Intelligence, from Rapid7
-
Ratings
Splunk Enterprise Security
8.4
Ratings
8% above category average
Centralized event and log data collection
00 Ratings
9.30 Ratings
Correlation
00 Ratings
8.60 Ratings
Event and log normalization/management
00 Ratings
8.50 Ratings
Deployment flexibility
00 Ratings
8.30 Ratings
Integration with Identity and Access Management Tools
It has been a brilliant tool and we have harnessed it for so many applications - Threat intelligence, Risk Analysis, Automation, Endpoint protection, Vulnerability Management, Application Security, Protecting all our Cloud Applications. We love the fact that we only have to see those threats that are meaningful to us. We don't need clutter and endless dashboards with information that just gets in the way and makes things complicated. By having this full, crisp, easily discernible visibility, our decision-making is enhanced and we can see clearly what's happening in real time. We also love the fact that if a dashboard isn't proving to be productive, then we can go ahead and scrap it, and create another one. The tailor made/bespoke aspect of the Application is the thing that really sets it apart. By having all our dashboards aligned, our teams are all working from the same page and it means we are safe in the knowledge that our systems and applications are being monitored in the most effective and efficient ways. There haven't been any real scenarios where it has been ineffective. - perhaps just In-depth Risk Vulnerability Analytics are a bit lacking. However, I'm probably just picking hairs there.
Its best feature is its user interface, which is easy to navigate and understand. All you need is a little tutorial on how to use the Splunk query language and you're done.
Logs can be easily uploaded or shared across multiple platforms and display a highly insightful graphical representations of data using graphs, tables, and many other formats.
You definitely need to learn how to use Splunk to get the most of the tool. There are many courses available for free to get up to speed on the usability of the tool but it's not that simple. It will take time to digest all the data and to understand how to query for what you are looking for.
ES requires a very performant infrastructure: if it has it's performant, otherwise not. I had situation with a very performant infrastructure and I didn't notized that it was a distributed architecture, it seemed that there ware few data on my PC, othewise I experienced less performant infrastructures with less performaces.
It's good when it's responsive, but I've had times where I had to wait quite a while for a response. But these are typically the exceptions rather than the rule. When you do get a response it is always well-informed and appropriate. I would say they've been trending better over time with this.
I experienced only on-line training, but the trainers were very professional and competent. Maybe it could be more useful if they also have an experience in projects because sometimes they didn't have a real project experience to communicate to the students. Anyway, it was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself, aven if I have more than 10 years of Splunk activity experience.
It was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself. The only problem was that, when I worked with the Splunk Professional Services, I found some difference between the training contents and the information from PS. In addition is required a long experience on Splunk Enterprise for the data ingestion part, in other words I'm able to work with ES because I'm worling on Splunk since 11 years, otherwise I'd some problem.
IntSights Cyber Intelligence, from Rapid7 was by far the clear winner, in terms of seamless integration with our exisitng systems, deployment, cleaner User Interface, ease of operation, better for monitoring Indicators of compromise and dark web information, having more features etc.
LogRhythm is good for a team comprising mostly non-technical IT users. Unlike Splunk, it has a GUI log search and a good ticketing system. Splunk is better than Logrhythm for me as it provides me with the ultimate flexibility to write custom queries. Scalyr is a good tool and quite frankly lot faster than Splunk. However, I prefer Splunk because of its better Dashboards and panel customization abilities. Elastic is another amazing tool. It is hard to choose between the two especially because both have different sets of logs on them. I use both. Elastic for internal server logs, Splunk for everything else.
We have on prem splunk and it’s mostly east to setup, but we have issues keeping data separated between customer splunk deployments while at the same time only having to look at one SIEM to address events in every environment
We have a 100% success rate on all our ES implementations due to the amazing documentation and Splunk enablement on the subject.
Our Splunk ES business has grown 100% YoY for the last 3 years.
In terms of long term management and maintenance, ES has been highly stable and predictable, reducing our overhead on costly services team for ad hoc maintenance work.