TrustRadius: an HG Insights company

Splunk Enterprise Security

Score9.7 out of 10

253 Reviews and Ratings

Learn More

What is Splunk Enterprise Security?

Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale.

Categories & Use Cases

Key Features

Learn about the best (and worst!) features Splunk Enterprise Security has to offer, as determined by TrustRadius' reviewers.
Based on 253 ratings of Splunk Enterprise Security's features
View all features

Top Performing Features

  • Centralized event and log data collection

    Effectiveness of real-time centralized event and log data collection

    Category average: 9

  • Custom dashboards and workspaces

    dashboards that can be customized to meet the needs of specific groups

    Category average: 7.9

  • Incident indexing/searching

    Effectiveness of searching across structured and unstructured events and incidents within SIEM

    Category average: 8.8

Areas for Improvement

  • Integration with Identity and Access Management Tools

    Integration with access control tools like Active Directory and LDAP

    Category average: 7.7

  • Behavioral analytics and baselining

    How effectively activity and behavior baselines are established and maintained

    Category average: 7.5

  • Response orchestration and automation

    Quality of built-in response orchestration and automation in Next-Gen SIEM

    Category average: 7.1

Reviews

What users are saying about Splunk Enterprise Security.
View all reviews

Our Outcomes from Using Splunk ES

Incentivized
Cole Ballen
Security Engineer in Information Technology at Fulminous (51-200 employees employees)

Use Cases and Deployment Scope

We use it to monitor and correlate data across more than 20 client environments, each with different infrastructures and compliance needs. The main challenge it addresses is visibility. Previously, our SOC relied on separate SIEM tools for certain customers, which meant fragmented investigations and duplicated alerts. Now Splunk ES centralizes all that.

Pros

  • Instead of reviewing thousands of low level alerts, I can prioritize risks based on the entity's risk score on the risk based alerts dashboard
  • The adaptive response framework allows me to link alerts directly to our SOAR playbooks in phantom. This way I can automate triage steps that traditionally took hours.

Cons

  • Creating complex custom correlation searches sometimes feels more complicated than it should. You need deep SPL experience to build anything beyond basic logic.

Return on Investment

  • By consolidating 3 legacy SIEM tools into Splunk ES, we reduced licensing and infrastructure costs by about 30 percent annually.
  • We are able to have retention rates much higher than the industry average, since Splunk is ridiculously reliable

Usability

Alternatives Considered

Microsoft Sentinel

Other Software Used

F5 BIG-IP Advanced Firewall Manager (AFM)

Splunk ES Alert Reduction

Incentivized
Verified User
Engineer in Engineering (5001-10,000 employees employees)

Use Cases and Deployment Scope

Our analysts use ES to gain a broad perspective on all the security events coming in from our customer devices. We have multiple internal customers with different environments, so it’s useful having a central place in each SIEM to find events. ES is vital to our business as it allows us to use risk based alerting, which decreases the amount of alerts our analysts have to review each day. We’re able to easily tune these rules to filter out false positives and noisy notables to ensure our analysts have an easy time identifying real threats in a timely manner.

Pros

  • Risk based alerting
  • Single pane of glass
  • Easy to use UI

Cons

  • Sometimes runs slowly
  • Some incident review panels have never worked in our environment
  • More dashboards

Return on Investment

  • Mean time to detection
  • Mean time to response
  • Communication with higher management
  • Alert fatigue reduction

Alternatives Considered

Splunk User Behavior Analytics (UBA)

Other Software Used

IBM Security QRadar SIEM, ExtraHop Reveal(x)

Splunk ES Review

Incentivized
Sam BabbittView profile
System/Network Administrator in Information Technology at Babbitt Access Computers (1-10 employees employees)

Use Cases and Deployment Scope

I was evaluating Splunk for a potential client. Splunk is a great tool for anyone that needs a SIEM to monitor data, networks, users, etc. The customization of the Dashboard is ideal for anyone to setup and use for an easy display of information. The alerts are incredibly helpful for notification of any problems

Pros

  • Develop dashboards and notables to track security-relevant details
  • Data correlation
  • threat monitoring and detection

Cons

  • more efficient searches
  • Multiple ways of creating report and alert is confusing
  • Multiple ways of creating report and alert is confusing

Return on Investment

  • Faster MTTR
  • Training ended up being costly, but over projected to be high ROI over time
  • Dashboards provide better context for our executives

Splunk Enterprise Security: My Review

Incentivized
Yash Dabhi
Software Engineer in Information Technology at Maruti Techlabs (201-500 employees employees)

Use Cases and Deployment Scope

It's easy to build queries & integrate with other systems and applications. There are a lot of add ons you can integrate to Splunk that can save you a lot of time. Correlation and investigation are easy due to Splunk's effective data parsing capability. There are endless options to customize searching. It provides a very accurate Data Analytics platform that can be adopted by users of all levels. E.x. From tools like Data Tables for Novices to Splunk's Web Framework for Experts.

Pros

  • It gives visuals to the client when we select a graphical portrayal, enabling us to change signs into visual outlines, for example, pie outlines, diagrams, tables, and so on.
  • Dashboard UI is intuitive and exceptionally educational, so one can easily find whatever they are looking for.

Cons

  • Sometimes, it's very, very slow! It also takes a long time to refresh.
  • UI for pattern searching can be a little better.

Return on Investment

  • It saves a lot of time searching through millions of records.
  • Our API response becomes faster due to the fast searching of the data.

Other Software Used

GitKraken, GitHub, WotNot

Splunk Enterprise Security is a must!

Incentivized
Joe Contreras
Senior Security Specialist in Information Technology at San Manuel Casino (5001-10,000 employees employees)

Use Cases and Deployment Scope

I am a security analyst and so I use it on a day to day basis to triage and troubleshoot alerts and security incidents in my organization. We have several dozen data sources going to our Splunk environment and then we build correlation alerts for them

Pros

  • Data detail
  • Timeline
  • Charts and data presentation
  • Data correlation

Cons

  • Third party app support
  • Simplify management
  • More automation

Return on Investment

  • Faster incident response time
  • Compliance
  • Audits
  • Executive dashboards

Alternatives Considered

Active Roles from One Identity and Amazon S3 (Simple Storage Service)

Other Software Used

Microsoft Defender for Cloud, Qualys Cloud Platform, Digital Guardian

Related Products

Products similar to Splunk Enterprise Security that may also meet your needs.
All comparisons
IBM Security QRadar SIEM
CompareLearn more
LogRhythm NextGen SIEM Platform
CompareLearn more
Securonix Next-Generation SIEM
CompareLearn more