Likelihood to Recommend This is perfect for organisations with small or limited security teams who want to get more from their Cisco and third-party investments. With Secure Endpoint makes detecting and responding to threats much easier. Any organisation looking to overhaul its security infrastructure or even wrap around its cloud-first strategy with solutions such as Intune should seriously look at Cisco’s suite of products. I’ve implemented Secure Endpoint, Umbrella, and Duo for customers primarily using Intune for device management, and the cool new insight features in Cisco SecureX really help with visibility over their estate.
Read full review Our company has very complex and dynamic security operations because of the large number of security tools and systems that we need to manage and coordinate. Moreover, it helps us to meet many regulatory and compliance requirements because it helps us to automate and document our security operations. We also use it to streamline our security operations and improve our response to potential threats.
Read full review Pros So the product enables end users to get visibility into their security environment, not only across the Cisco products but across the third-party products as well. The product also automates detection and response. So the product really offers end-user efficiency in the security operations center. Read full review Its security orchestration and integration capability that supports multiple tools. Easy coding that automates our security actions. Enables us to easily collaborate and respond to security issues faster. Splunk SOAR is a flexible product that is easy to deploy. Efficient tracking and monitoring capability. Excellent real-time reporting functionality. Read full review Cons Of course, many companies prefer to obtain security from the cloud; however, not all of them prefer it, which is why having a local implementation would allow these companies to also use said software as their ally for their security. Working with this software can be simple, that is, any threat can be visualized with greater precision, but when it comes to managing its orchestration, it is a bit complex. Its integration with other software can be simple but with others it is not, that is why it would be ideal if all of them could be carried out in the same way. Integrating with a larger number of third party software would be of great help, to further enhance the analysis and detection of threats. Read full review A lack of instruction It can be difficult to contact the support staff. Limited experience from current users. It takes some effort to set up and learn new technology at first. More assistance is required from the support staff. The product's price needs to go down. Cost of the larger version. Read full review Likelihood to Renew As we already have a lot of clients being catered with Splunk SOAR and because Splunk SOAR is robust and efficient, we are already using it, and we have understood the product to a certain extent, I feel we are personally more enticed to use and scale it to a lot of business.
Read full review Usability Not immediate: it always requires a training.
Read full review Performance We are able to automate almost every one of our use cases, even our threat-hunting, and threat intel procedures. We have 20+ playbooks and cover almost everything, even searching logs into Splunk, looking into TIP and external systems, enrichment, and collecting evidence for analysts; it can perform concurrent playbooks running.
Read full review Support Rating Splunk Support is always great! In addition the Community is very efficient and active.
Read full review In-Person Training I never followed an in-person training, I gave my evaluation based on the online training
Read full review Online Training I followed training for Phantom admins and it opened a world for me
Read full review Implementation Rating I already said that the main key insight is the knowledge of Phantom, so a detailed training for all the people involeved.
Read full review Alternatives Considered A lot of the look and feel of both products is quite similar. There's several best practices on visualization that are followed in both and integration of common telemetry is comfortable and quick. But while Microsoft ATP offers deep insights into mostly the Microsoft environment and a limited view into other common sources, SecureX shines in all the non-client areas Microsoft's product seems lackluster in.
Read full review Splunk Phantom integrates well with Splunk ES and has many integrations. One thing that I liked about XSOAR as compared to Phantom is that it has an "app-store" where you can download not only app integrations (similar to Phantom) but Playbooks and dashboards as well.
Read full review Scalability me and the customers I encountered found it flexible and scalable
Read full review Return on Investment It helps us easily Id the full extent of a threat It saves time searching for data. It only gives basic info I wish there was greater integration between all security offerings It allows other techs to pick up where you left off. Read full review The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task Read full review ScreenShots