Cisco Catalyst Center provides an intent-based platform for managing enterprise networks across campus, branch, and edge environments. It combines automation, analytics, and assurance to streamline IT operations, improve security posture, and reduce manual tasks. With integratedAI/ML-driven insights, policy-based controls, and end-to-end visibility across wired and wireless infrastructures, Catalyst Center empowers IT teams toproactively detect issues, enforce compliance, and accelerate…
N/A
Splunk Enterprise Security
Score 8.3 out of 10
N/A
Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale.
Security with identity-based access control and segmentation via integration with Cisco ISE, supporting zero-trust architectures. Centralized Management for a large campus environment with centralized management of wired and wireless equipment. Automation of tasks like: provisioning, configuration, and software upgrade, reducing manual effort of those tasks. It could be improved to Multi-Vendor Support.
Based on my experience, Splunk is a strong git for some environments and a poor match for others. The distinction is primarily based on infrastructure complexity and budget. It's perfect for large enterprises with a mix of on-prem/cloud infrastructure. It's not a perfect match for small teams with restricted resources.
Writes Powerful Queries: The queries that can be written using the Splunk Query Language are very powerful and highly customizable to meet every need. Ex: Writing queries to search the intersection of two different sources like Network and Endpoint Logs.
Offers Dashboard Abilities: Helps build complex panels for Dashboards in addition to providing several out-of-the-box panels. Ex: creating panels to calculate the performance of analysts in a given timezone.
Helpful Search Aids: It helps to set up complex custom alerts very easily. The interesting fields section is very helpful while threat hunting. Ex: It shows all the users and the frequency of each in a failed login event. The user list on the interesting fields is useful to look for suspicious logins.
Granularity. And so for us, and our use case might not be the same as a majority of customers, but we have a environment which frequently changes. So we're not a traditional corporate environment which stays relatively static or still reprovision. We want to reconfigure our environment to meet whatever the needs of our customers are. And at the moment it's like for some of the ways that we have to configure it, we just want to give something a little tap, but we have to hit it with a sledgehammer, which then often has knock on impacts other services.
Improved User Interface Customization: While the interface is generally intuitive, providing more options for users to customize their dashboards and views would enhance the overall user experience. Tailoring the interface to specific roles or use cases could be a valuable addition.
Simplified Alert Management: Streamlining the process of managing alerts, such as grouping or categorizing them based on severity or type, would make it easier for security teams to prioritize and respond to incidents effectively.
Expanded Threat Intelligence Feeds: Increasing the variety and sources of threat intelligence feeds available within ES would provide a broader context for identifying and mitigating emerging threats, ensuring a more comprehensive defense against evolving attack vectors.
I think new products are often "half-baked" or over hyped when they release, as was the case with DNAC. We were well ahead of the curve in acquiring it. But as it has matured it is now a fantastic addition to our infrastructure. I think we are easing into a stage where it is hard to envision a large organization NOT having Catalyst Center in place. If for nothing outside of the mapping and troubleshooting aspects; using it as a "source of truth".
Cisco DNA Center is going to help us in security, simplicity and ease of administration. Cisco DNA Center is complete management and control platform that simplifies and streamlines network operations. Cisco DNA Center offers a single dashboard for every core function in your network. With this platform, IT can become more nimble and respond to changes and challenges faster and more intelligently.
Maintaining hundreds or even 1000+ SOC use cases is really difficult, considering that the Data sources may not always send the data. A module that detects data freshness issues and detect data format changes would be a great help. the main challenge today using Splunk Enterprise Security is making sure that the detection rules are still working properly given all the changes that occur in data source applications. Also, maintaining the data collects on tens of thousands of servers and more than 100k workstations is a real company IT challenge: the splunkbase forwarder may not support old OS anymore, while these are the most important to monitor. Moving to the Open Telemetry collector has become essential so that only 1 agent is required for both SIEM and application observability.
It takes a long time for items to load if you are just generally searching through logs. It is best to use the data models which load faster but can be strange in terms of what is coming from which logs where. Yes, you can look it up, but this also requires familiarity with where things are and how to look them up.
El soporte de CISCO DNA Center es muy bueno, responden a mis dudas pero no he tenido oportunidad de reportar un incidente o determinar un tiempo de respuesta critico. The support of CISCO DNA Center is very good, they answer my questions, but I have not had the opportunity to report an incident or determine a critical response time.
It's good when it's responsive, but I've had times where I had to wait quite a while for a response. But these are typically the exceptions rather than the rule. When you do get a response it is always well-informed and appropriate. I would say they've been trending better over time with this.
I experienced only on-line training, but the trainers were very professional and competent. Maybe it could be more useful if they also have an experience in projects because sometimes they didn't have a real project experience to communicate to the students. Anyway, it was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself, aven if I have more than 10 years of Splunk activity experience.
It was informative, but the labs were not available long enough for us to get intimately familiar with CCNA before it was closed. The course instructor was well informed and got us as close to ready as she could.
It was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself. The only problem was that, when I worked with the Splunk Professional Services, I found some difference between the training contents and the information from PS. In addition is required a long experience on Splunk Enterprise for the data ingestion part, in other words I'm able to work with ES because I'm worling on Splunk since 11 years, otherwise I'd some problem.
We started out with using Cisco Prime infrastructure and we migrated to DNA center or Catalyst Center from Prime Infrastructure. We found that it wasn't apples to Apples migration. It wasn't exactly, it wasn't a direct upgrade. There were a lot of key differences, but yeah, I think that that was probably the most similar thing
Splunk enterprise is the only solution that we’ve been able to identify that provides risk based alerting, which allows our SOC to reduce analyst fatigue which would be a huge problem without it. Before RBA, there were thousands of alerts a day and it was impossible to review all of them
for my exterience, unit pricing and billing frequency are correct. As I already said, I hint to have more discount flexibility, expecially with new customers, because there are competitors less expensive and very aggressive that are dangerous. In addition the possibility to don't pay the license for the development period could be a very interesting feature for the final customers.
- 8 out of 10 and took 2 for the data pipeline and administration part. Even if you'd like to improve yourself or your team, you have to pay a lot of money and it could be more than GIAC education + cert. - Normalization for Data models and CPU-based searches can be a problem sometimes.
I had a fantastic experience with Splunk Professional Services: they worked with us in our last SON project (a SOC migration for a very large customer) and helped to build a multi tenent environment even if ES isn't a multi tenant platform. Th Splunk PS was a very professional and competent people, he is italian and was able to speak with our italian customers.
Yeah, I mean that last one for sure. The software independent of the hardware, I mean, it's just easy. They made it so easy to just, and fast and efficient to upgrade your entire organization within days, weeks, months. And you're not spending, your maintenance windows get a lot shorter. You can schedule more maintenance windows just because you know there's going to be some type of consistency with it and there's just, I'm sure there will be a hiccup one day, but there just hasn't really been too many issues with us using that product, especially for maintenance, window upgrades, things like that.
We have a 100% success rate on all our ES implementations due to the amazing documentation and Splunk enablement on the subject.
Our Splunk ES business has grown 100% YoY for the last 3 years.
In terms of long term management and maintenance, ES has been highly stable and predictable, reducing our overhead on costly services team for ad hoc maintenance work.
