Recorded Future is an intelligence company. Its Intelligence Cloud provides coverage across adversaries, infrastructure, and targets. Combining persistent and pervasive automated data collection and analytics with human analysis, Recorded Future provides visibility into the digital landscape, enabling countries and organizations to take proactive action to disrupt adversaries.
N/A
Splunk Enterprise Security
Score 9.8 out of 10
N/A
Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale.
N/A
Pricing
Recorded Future Intelligence Cloud
Splunk Enterprise Security
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Recorded Future Intelligence Cloud
Splunk Enterprise Security
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Recorded Future Intelligence Cloud
Splunk Enterprise Security
Features
Recorded Future Intelligence Cloud
Splunk Enterprise Security
Threat Intelligence
Comparison of Threat Intelligence features of Product A and Product B
Recorded Future Intelligence Cloud
6.7
Ratings
11% below category average
Splunk Enterprise Security
-
Ratings
Network Analytics
5.00 Ratings
00 Ratings
Threat Recognition
6.00 Ratings
00 Ratings
Vulnerability Classification
6.00 Ratings
00 Ratings
Automated Alerts and Reporting
8.00 Ratings
00 Ratings
Threat Analysis
7.00 Ratings
00 Ratings
Threat Intelligence Reporting
8.00 Ratings
00 Ratings
Automated Threat Identification
7.00 Ratings
00 Ratings
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
Recorded Future Intelligence Cloud
-
Ratings
Splunk Enterprise Security
8.4
Ratings
8% above category average
Centralized event and log data collection
00 Ratings
9.30 Ratings
Correlation
00 Ratings
8.60 Ratings
Event and log normalization/management
00 Ratings
8.50 Ratings
Deployment flexibility
00 Ratings
8.30 Ratings
Integration with Identity and Access Management Tools
Recorded Future is mainly beneficial to the SOC. As part of the Monitoring team, Recorded Future makes the investigation of the alarms a lot easier for me. It can show the reputation of the IP/domain or even hashes which helps me redirect my focus to potentially malicious network activities.
Its best feature is its user interface, which is easy to navigate and understand. All you need is a little tutorial on how to use the Splunk query language and you're done.
Logs can be easily uploaded or shared across multiple platforms and display a highly insightful graphical representations of data using graphs, tables, and many other formats.
For the Browser extension, since the main purpose is to present information with regards to the IP, I think it's best to give us an idea of where the IP originated/some additional information about the organization it belongs to.
You definitely need to learn how to use Splunk to get the most of the tool. There are many courses available for free to get up to speed on the usability of the tool but it's not that simple. It will take time to digest all the data and to understand how to query for what you are looking for.
ES requires a very performant infrastructure: if it has it's performant, otherwise not. I had situation with a very performant infrastructure and I didn't notized that it was a distributed architecture, it seemed that there ware few data on my PC, othewise I experienced less performant infrastructures with less performaces.
I've had an issue with their browser-plugin which didn't want to authenticate correctly. RF's support could arrange for a session with me and identify and solve the issue. I was very pleased how serious they took my problems and also how knowledgeable they are.
If I have more general questions they quickly reply and most likely also have a solution at hand.
It's good when it's responsive, but I've had times where I had to wait quite a while for a response. But these are typically the exceptions rather than the rule. When you do get a response it is always well-informed and appropriate. I would say they've been trending better over time with this.
I experienced only on-line training, but the trainers were very professional and competent. Maybe it could be more useful if they also have an experience in projects because sometimes they didn't have a real project experience to communicate to the students. Anyway, it was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself, aven if I have more than 10 years of Splunk activity experience.
It was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself. The only problem was that, when I worked with the Splunk Professional Services, I found some difference between the training contents and the information from PS. In addition is required a long experience on Splunk Enterprise for the data ingestion part, in other words I'm able to work with ES because I'm worling on Splunk since 11 years, otherwise I'd some problem.
It is the most complete solution of these three, as the others are focused in specific areas and having really detailed analysis about threat actors, APT groups, etc. Recorded Future is not having this level of knowledge in really specific areas but doing a really good work covering thousands of sources and the most relevant forums.
LogRhythm is good for a team comprising mostly non-technical IT users. Unlike Splunk, it has a GUI log search and a good ticketing system. Splunk is better than Logrhythm for me as it provides me with the ultimate flexibility to write custom queries. Scalyr is a good tool and quite frankly lot faster than Splunk. However, I prefer Splunk because of its better Dashboards and panel customization abilities. Elastic is another amazing tool. It is hard to choose between the two especially because both have different sets of logs on them. I use both. Elastic for internal server logs, Splunk for everything else.
We have on prem splunk and it’s mostly east to setup, but we have issues keeping data separated between customer splunk deployments while at the same time only having to look at one SIEM to address events in every environment
We've been able to identify leaked credentials and close those accounts off.
We've also been able to identify malware being distributed or spam being sent out by customers using our infrastructure. Again we could shut off those accounts.
Their domain-monitoring allows us to identify typo-squats and issue domain-takedowns for those (or at least add them to our monitoring / detection)
We have a 100% success rate on all our ES implementations due to the amazing documentation and Splunk enablement on the subject.
Our Splunk ES business has grown 100% YoY for the last 3 years.
In terms of long term management and maintenance, ES has been highly stable and predictable, reducing our overhead on costly services team for ad hoc maintenance work.