Splunk Enterprise Security Professional, Scientific, and Technical Services Reviews & Insights

We use it to monitor and correlate data across more than 20 client environments, each with different infrastructures and compliance needs. The main challenge it addresses is visibility. Previously, our SOC relied on separate SIEM tools for certain customers, which meant fragmented investigations and duplicated alerts. Now Splunk ES centralizes all that.

Splunk is an incredibly capable platform especially for large scale multitenant environments like hours. But it does demand a lot of engineering effort to get it right.
Splunk thrives in environs that already have mature log pipelines and dedicated teams to maintain them. Its power lies in its flexibility. However, if your data sources are unstructured or inconsistent, you'll constantly write and rewrite custom regex transformations - at an unjustifiable cost effort wise.

I was evaluating Splunk for a potential client. Splunk is a great tool for anyone that needs a SIEM to monitor data, networks, users, etc. The customization of the Dashboard is ideal for anyone to setup and use for an easy display of information. The alerts are incredibly helpful for notification of any problems

It is very easy to connect data sources and manipulate data sets of any size

We use Splunk ES to monitor security-relevant events, create notables for our Analysts to review, and overall improve our organization's security and security hygiene. Splunk ES is a service we offer to our clients as an MSSP and SOC-as-a-service, giving potential customers another great option to use for their own organization.

It has nearly limitless potential for security uses, but the learning curve is very steep

Our scope is actually quite large as my team is responsible for the protection of tens of thousands of devices. This is accomplished with the use of Enterprise Security, which we have used for the past several years to great effect. Enterprise Security enables us to detect and respond to threats in real time, monitor our environment's overall security compliance, and provide timely and insightful reports and metrics to management.

Splunk Enterprise Security is a great fit for an organization that also utilizes Splunk in its environment. While there is a learning curve, if users and admins are already familiar with Splunk, it should be a straightforward task to get Enterprise Security up and running. It makes even more sense if the organization is already utilized Splunk Security Essentials. This is like Enterprise Security Lite - but much of the setup and configuration carries directly over to Enterprise Security.

We use Splunk Enterprise Security tools as our first line of defense in combating threats on our multicolored on-premises deployments. Splunk provides advanced threat intelligence that utilizes an efficient model to immensely cut down on false alerts. Splunk Enterprise Security delivers an efficient data exfiltration model to identify suspicious activity and isolate threats and user behaviors.

Working as a security software engineer, Splunk Enterprise Security is like my suite of premium tools to accomplish my work. Everyone who has been behind a monitoring screen for software threats understands how hectic false positives are. Splunk is however able to reduce the alert volumes by triaging notables and saving you from the false alerts nightmare.

Splunk Enterprise Security is an intelligent and highly investigative solution, that assists the business in coordinating all the systems, and bringing a solid reporting of the attacks and possible cyber security challenges in a company system. Besides, Splunk Enterprise Security investigates all the possible threats or activities both on the cloud and on the premise/offline, and this ensures every action has the stipulated security improvements. Finally, Splunk Enterprise Security set the strategies that improve the security apparatus of a company system.

Splunk Enterprise Security governs all the security needs that a firm has, it stipulates the proficiency of every threat detector, and the practical remedies to eliminate different challenges. More so, Splunk Enterprise Security has secured different systems that may have been prone to attacks, which is a fruitful security engagement. The close monitoring of both internal and external systems through proper security checks increases business productivity.

We implement ES for banks, government orgs, and enterprises globally. We have specialised in the banking domains and have customised many use cases for banking specific use cases in our projects.

Splunk ES is used as the SIEM solution in my organization for centralized logging and monitoring of Threats. We create new use cases as per our environment requirement and also leverage the different Analytical stories published by Splunk and tune them to our requirements. Splunk Incident review is used for Analysts Eye on the glass monitoring on a 24*7 basis.

Splunk ES is the single platform the SOC team uses to ingest new Threat Intelligence, Manage Assets, identify and also work towards identifying new threats.

Splunk ES can also be used to develop business use cases which focus on operational metrics and the alerts once triggered are sent out as notifications to different business teams.

Having used multiple SIEM solutions over the past 8 years, can confidently say that Splunk is the single most versatile Platform for all Security Monitoring as well as Data Analytics needs. The platform just has enough flexibility for new integrations for apps and also fast rolling out of new features for customers. Also Splunk Docs is one excellent resource to refer to for anything related to Splunk. The platform offers great reporting options for management as well. The dashboards are super customizable so it serves as a perfect suite for any organization that needs to collect data for security monitoring as well as Big Data analytics.

Organizations that do not have a high budget for security, may choose the cloud only instances of Splunk, but if even that is expensive, and the company is too small and doesn't need that much work with data, they are better off with any other affordable alternative to Splunk, like LogRythm or Sentinel One. Splunk is the single most expensive SIEM and well it justifies the cost.

We utilize it to generate notable events and alerts on enterprise-wide activity. It also enhances our threat intelligence posture to bolster security sharing with our partners. Splunk Enterprise Security helps our organization solve the problem of creating alerts based on a variety of sources through data normalization. I enjoy the Common Information Model and how it helps normalize data across sources. Our analysts don't need to know every single source but can search off one field to collect a variety of events.

Splunk Enterprise Security helps normalize the data across the environment. It allows our analysts to search with simple terms across sources of data. The data visualization aspect is also a vast sea of dashboards and reporting. However, I find the number of dashboards to be inefficient for analysts. They have to know which dashboard will give them the proper data. It would be much easier to have a dashboard that can give them a single pane of glass.