TrustRadius Insights for Splunk Enterprise Security (ES) are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.
Pros
Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick completion of tasks. Many reviewers praised its simplicity and user-friendly design.
Efficient Log Correlation: The automation capabilities in XDR were highly appreciated by users as they enable efficient log correlation and turning data into meaningful insights. Several reviewers mentioned that this feature saves them time and enhances their overall productivity.
Comprehensive Security Monitoring: Users highlighted the product's ability to monitor firewall traffic, mail systems, and AWS infrastructure, providing comprehensive security monitoring. This feature was commended for its effectiveness in identifying potential threats from various sources.
Our analysts use ES to gain a broad perspective on all the security events coming in from our customer devices. We have multiple internal customers with different environments, so it’s useful having a central place in each SIEM to find events. ES is vital to our business as it allows us to use risk based alerting, which decreases the amount of alerts our analysts have to review each day. We’re able to easily tune these rules to filter out false positives and noisy notables to ensure our analysts have an easy time identifying real threats in a timely manner.
Pros
Risk based alerting
Single pane of glass
Easy to use UI
Cons
Sometimes runs slowly
Some incident review panels have never worked in our environment
More dashboards
Likelihood to Recommend
It is well suited for our analysts reviewing the alerts that come in each day. The risk based alerting system allows us to tune detections to eliminate noisy notables and ensure our analysts don’t get stuck dealing with alert fatigue. The information generated by ES allows us to create dashboards that easily communicate our accomplishments to higher leadership.
VU
Verified User
Engineer in Engineering (Defense & Space company, 5001-10,000 employees)
Splunk Enterprise Security has helped me be able to have detection of threats in real-time, have analysis of alert generation and investigation.Log management and retention. I also use it for data visualization and analysis.
Pros
Superb reporting and visualization abilities.
Offers for creation and customization of dashboards used for file, log, and data monitoring.
Allows for collection of data from multiple sources.
Cons
The only issue I have with this software is that it's pricing is quite high.
Likelihood to Recommend
Splunk Enterprise Security is well suited to departments or organizations that have to deal with issues of real-time alerting to deal with threats ASAP.
In terms of log analysis and monitoring, it is one of the best tools available. It uses charts and graphs to present data in a way that is highly interactive. It also has a simple integration process. In terms of ease of use, the UI is excellent.
Pros
A variety of threats can be more easily understood and managed.
Provide assistance to departments responsible for ensuring company compliance
The co-relation searches make it easier to complete the task.
Cons
Customizing an investigation is more difficult than you might think.
A more user-friendly user interface
Incorporate some of the classic dashboard features into the Glass table's functionality.
When moving from the homepage to another page, we notice a larger delay in response time.
Likelihood to Recommend
As a hardware engineer, I use ES on a daily basis to protect our clients' hardware, and I recommend it to all security analysts because it combines threat detection features with exceptional security incident management. All structured and/or large companies should be able to benefit from it, in my opinion. Small businesses find it difficult to implement because of the high costs. System flaws, industrial espionage through networks of computer devices, or models that we believe to be safe thanks to Splunk have occurred repeatedly in our cases.
VU
Verified User
Executive in Information Technology (Computer Hardware company, 51-200 employees)
We use Splunk to apply analytics techniques to gain business insights. The applications generate information, logs, which are stored in their own files causing, in this way we improve the analysis of our data. The grouping of the log files in a single place makes it easy to analyze the performance of our system and continuously propose possible improvements. It allows us to debug the applications, that is, to carry out the necessary tests to prevent possible problems.
Pros
Easy installation and minimal need for hardware resources for its use
It has a huge community behind it and has extensive and detailed documentation.
Semi-structured data logging, using the JSON format.
Supports multiple languages.
Architecture based on an extensive catalog of plugins (in_http, in_tail, out_mongo, out_webhdfs, out_kafka2…) that allows us to extend its functionality.
It features high stability and good performance.
Excellent configuration of alarms and triggers.
Extraction of additional information, secondary data can be accessed, such as the HTTP codes of requests to servers invoked by the APIs of our programs.
Cons
Splunk has, mainly, two negative aspects. The first, which is rather subjective, is that it is an on-premise solution, which implies a configuration that is costly both in terms of money and complexity
To deploy it in a high-scale environment, a dedicated cluster will need to be installed and configured. As a developer, that's not often what you could or would want to do, at least not as a first option.
The second con of Splunk is that it is expensive. To support a real-life application, tens of thousands of dollars will be needed.
Likelihood to Recommend
Splunk is packed with features to reduce and search huge amounts of data. Among all the SaaS log analysis tools, it is probably the richest in possibilities. Likewise, the fact that it is a service offered in the cloud implies a simpler configuration and operation. One of Splunk's main strengths is its ability to set benchmarks and actively notify you when key stats change after a certain event, such as a new release or porting attempt.
The module performs data analysis within our Data Indexers. Everything related to the administration of the elements of operation, including alarms, the administration of our cases, the workflow, the automated responses, and the administration of the platform is carried out by the administrators of this platform. There is a module for interaction with the platform that we have installed in stand-alone mode and in multiple instances. We can also find the Cloud which is a complementary solution provided through a cloud service that provides UEBA capabilities.
Pros
It supports a flexible architecture and great ease of scaling.
It provides us with a wide variety of complementary applications related to use cases such as Security Essentials and Stream.
The entire architecture can be implemented on physical or virtual machines, as well as in the cloud.
It also provides us with SaaS solutions or by the client.
It natively allows us solutions of type MSPs and MSSP.
Wide range of native analysis that is used to generate a very robust SIEM solution.
It has several modules such as Splunk ES, Splunk UBA, and Splunk Phantom which work perfectly.
Cons
One disadvantage of Splunk is that it is intended to be deployed in large organizations, offering a robust platform for detecting and responding to existing threats. Although it is preferably prepared to provide solutions to large companies, it can also be implemented within smaller organizations, adapting its content to the environment where it is implemented.
Likelihood to Recommend
It is centrally integrated to manage and improve the detection of our security threats, instead of using other types of native and complementary tools. Integrations with these appliances are done through our applications and plugins that we can find within Splunkbase. All this using the APIs.Splunk Stream uses the collection of our network traffic to determine the application, the protocol, even if it is encrypted. All this is sent for later analysis.
VU
Verified User
Technician in Product Management (Machinery company, 5001-10,000 employees)
Splunk provides us with excellent SIEM and security enhancement with in-depth log analysis that makes it a very well-suited software for our business. For the company, it generated a large volume of records and data from our users, customers, and suppliers. Splunk has become one of the best options since it offers us security analysis and event management in a matter of minutes. Thanks to this SW we monitor all the company's data in real-time.
Pros
It allows us to stream logs over HTTP/HTTPS. Supports Docker, AWS, Syslog, Heroku, Windows, and Linux logs. We can even create custom parsing rules for a new format
It has other features that make it one of the best options. It has a large number of tools, analyzes and indexes all data including machine data, event logs, server logs, and network events
We can monitor activity and issues in our facilities so we can see what can be improved and things that need to be removed from the infrastructure to increase performance.
Cons
Splunk is expensive. For large-scale companies where data is a top priority, it is perfect for adapting to all needs.
Spunk has another drawback of providing slower seek speed
Likelihood to Recommend
For ingesting structured, unstructured, and semi-structured data sets it works great. It allows us to convert the data for different platforms, services, and applications. is not a shipping or records management service; it only serves its collection of data and routing of that to the destination address. There are plugins that we can add to the system to perform another task that may not come in the package. We can create search parameters and apply them without writing a query. We can use them as alerts for updates and notifications. We can monitor our data in real-time without losing valuable information. Splunk helps us catch new bugs so we can remove them faster before they spread. Also, the web user interface is simple and easier to navigate
We implemented Splunk Enterprise to monitor our network and employee users. We use Splunk to be on top of cyber security, which lets me monitor our firewall and any suspicious activity employees do. It alerts me when a user gets locked out or if a user is taking privileged actions, It also lets me know who is trying to access our network from the outside world.
Pros
Monitoring Users.
Monitoring firewalls and switches.
Alerting on specific activities.
Cons
Smaller learning curve.
Additional apps.
More informational help.
Likelihood to Recommend
Splunk Enterprise is less suited for businesses with fewer employees or where cybersecurity is not a big factor for them. It is well suited for mid-sized businesses to keep on top of everything that's going on within the business. It Alerts me when an employee gets locked out and alerts me when an external IP address is trying to access our firewall.
We utilize Enterprise Security at my organization to provide Enterprise Security Overview briefing on a weekly basis. Enterprise Security has been proven useful when understanding the security "health" of our organization. We don't currently utilize the investigative features of Enterprise Security, mostly due to the lack of resources. (I'm the sole Splunk Admin).
Pros
Detecting events of interest that could be security risks
Once set up, Enterprise Security is almost a full SIEM
Providing a birds-eye view of the Security posture of an organization
Integrating with IDS/IPS, Vulnerability Scanners, and other databases to enrich your data.
Cons
The initial setup could be more user-friendly. After a year of working with the organization, I still do not have ES fine-tuned. While we could pay to have Professional Services come out and spin up everything, it's not fair to have purchased a product like Enterprise Security and receive little to no instruction on setting it up. What does fine-tuning your notable events look like? What data should be mapped to the data models? What do I do when an ES index is not populating? If my Identity notables are not populating, where do I look? What does a healthy asset & identity manager look like?
I've placed tickets into Splunk Support for issues like these and to be fair, a premium product like Splunk does not offer premium support.
Likelihood to Recommend
Splunk Enterprise Security could be used for a broad array of organizations. We have entered the data age where data is gold. Splunk Enterprise Security allows you to work in tandem with Splunk to notify on Interesting/Notable events. If a company has the resources to dedicate a full team (more than one person) I believe any organization will appreciate what Splunk Enterprise Security has to offer. Enterprise Security is more of an investment to protect your data.