Aligning on Splunk means a cheaper and far more flexible security monitoring solution.
August 02, 2022
Aligning on Splunk means a cheaper and far more flexible security monitoring solution.
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk Enterprise Security (ES)
We use Splunk Enterprise Security since a couple of years for our Security monitoring solution. We needed another supplier as the previous one was too big for our needs and Splunk offered us a way to fit our requirement and a little bit more. We started with a few use-cases but since then have expanded into a complete monitoring solution.
- Very customisable.
- With a little knowledge your can do elaborate searches.
- Continuous security monitoring.
- The product is pricey.
- Learning curve is steep.
- Far better security monitoring compared to our previous choice of product.
- Though learning curve is steep, the rewards are excellent: customisation and endless querying SPL variations for anomalies.
- Splunk is pricey but even then cheaper than our previous SOC/SIEM solution.
Even though Splunk ES is not the cheapest solution on the markt, we found it was still cheaper compared to Secureworks we had before. Also the level of flexibility and "thinking with the customer" is much better now.
Do you think Splunk Enterprise Security (ES) delivers good value for the price?
Yes
Are you happy with Splunk Enterprise Security (ES)'s feature set?
Yes
Did Splunk Enterprise Security (ES) live up to sales and marketing promises?
Yes
Did implementation of Splunk Enterprise Security (ES) go as expected?
Yes
Would you buy Splunk Enterprise Security (ES) again?
Yes
Splunk Enterprise Security (ES) Feature Ratings
Using Splunk Enterprise Security (ES)
20 - Our internal security operations team of 6 is using the Splunk instance daily. We use a third party SOC which also have access.
6 - We have an international security operation team of 6 that is using Splunk ES on a daily basis. They also create SPL queries and dashboards for internal use. Any advanced level Splunk usage is directed to our 3rd party SOC people.
- Continuous security monitoring.
- Creating dashboards for internal use.
- Our previous SIEM didn't allow use to create our own queries. Having Splunk allows us to both learn more and get more information out of our log data.