What users are saying about
27 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener'>Customer Verified: Read more.</a>
Top Rated
230 Ratings
27 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 8.7 out of 100

Splunk Enterprise Security (ES)

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener'>Customer Verified: Read more.</a>
Top Rated
230 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 8.4 out of 100

Feature Set Ratings

    Security Information and Event Management (SIEM)

    Snort

    Feature Set Not Supported
    N/A
    8.4

    Splunk Enterprise Security (ES)

    84%
    Splunk Enterprise Security (ES) ranks higher in 13/13 features

    Centralized event and log data collection

    N/A
    0 Ratings
    8.9
    89%
    99 Ratings

    Correlation

    N/A
    0 Ratings
    8.6
    86%
    98 Ratings

    Event and log normalization/management

    N/A
    0 Ratings
    8.5
    85%
    100 Ratings

    Deployment flexibility

    N/A
    0 Ratings
    8.2
    82%
    100 Ratings

    Integration with Identity and Access Management Tools

    N/A
    0 Ratings
    8.4
    84%
    96 Ratings

    Custom dashboards and workspaces

    N/A
    0 Ratings
    8.6
    86%
    102 Ratings

    Host and network-based intrusion detection

    N/A
    0 Ratings
    8.6
    86%
    97 Ratings

    Data integration/API management

    N/A
    0 Ratings
    8.1
    81%
    98 Ratings

    Behavioral analytics and baselining

    N/A
    0 Ratings
    8.0
    80%
    96 Ratings

    Rules-based and algorithmic detection thresholds

    N/A
    0 Ratings
    8.3
    83%
    97 Ratings

    Response orchestration and automation

    N/A
    0 Ratings
    7.8
    78%
    89 Ratings

    Reporting and compliance management

    N/A
    0 Ratings
    8.7
    87%
    97 Ratings

    Incident indexing/searching

    N/A
    0 Ratings
    8.4
    84%
    100 Ratings

    Attribute Ratings

    • Splunk Enterprise Security (ES) is rated higher in 1 area: Likelihood to Recommend

    Likelihood to Recommend

    8.2

    Snort

    82%
    5 Ratings
    8.8

    Splunk Enterprise Security (ES)

    88%
    104 Ratings

    Likelihood to Renew

    Snort

    N/A
    0 Ratings
    8.6

    Splunk Enterprise Security (ES)

    86%
    2 Ratings

    Usability

    Snort

    N/A
    0 Ratings
    8.0

    Splunk Enterprise Security (ES)

    80%
    3 Ratings

    Availability

    Snort

    N/A
    0 Ratings
    9.1

    Splunk Enterprise Security (ES)

    91%
    1 Rating

    Performance

    Snort

    N/A
    0 Ratings
    8.2

    Splunk Enterprise Security (ES)

    82%
    1 Rating

    Support Rating

    Snort

    N/A
    0 Ratings
    6.9

    Splunk Enterprise Security (ES)

    69%
    7 Ratings

    In-Person Training

    Snort

    N/A
    0 Ratings
    9.1

    Splunk Enterprise Security (ES)

    91%
    1 Rating

    Online Training

    Snort

    N/A
    0 Ratings
    8.2

    Splunk Enterprise Security (ES)

    82%
    1 Rating

    Implementation Rating

    Snort

    N/A
    0 Ratings
    9.1

    Splunk Enterprise Security (ES)

    91%
    1 Rating

    Configurability

    Snort

    N/A
    0 Ratings
    7.3

    Splunk Enterprise Security (ES)

    73%
    2 Ratings

    Contract Terms and Pricing Model

    Snort

    N/A
    0 Ratings
    7.3

    Splunk Enterprise Security (ES)

    73%
    1 Rating

    Ease of integration

    Snort

    N/A
    0 Ratings
    6.4

    Splunk Enterprise Security (ES)

    64%
    2 Ratings

    Product Scalability

    Snort

    N/A
    0 Ratings
    9.0

    Splunk Enterprise Security (ES)

    90%
    102 Ratings

    Professional Services

    Snort

    N/A
    0 Ratings
    9.1

    Splunk Enterprise Security (ES)

    91%
    1 Rating

    Vendor post-sale

    Snort

    N/A
    0 Ratings
    8.2

    Splunk Enterprise Security (ES)

    82%
    2 Ratings

    Vendor pre-sale

    Snort

    N/A
    0 Ratings
    8.2

    Splunk Enterprise Security (ES)

    82%
    2 Ratings

    Likelihood to Recommend

    Cisco

    If a colleague was looking to tighten down their network I can easily recommend Snort to them. It gives you some more peace of mind knowing that its always scanning traffic for malicious looking code. Even things your major firewalls and security hardware might miss, Snort has picked up. Its an easy recommendation for me.
    Read full review

    Splunk

    Splunk Enterprise Security will be more suited in research dense areas, and also have a good scope in defense-related projects, cyber specialists, etc. It is less recommended for normal companies where the hosted application data do not require high-security environments. Also, this requires special admins to configure and monitor the logs effectively.
    Read full review

    Pros

    Cisco

    • IPS detection.
    • DoS detection.
    • Packet logging.
    Read full review

    Splunk

    • Its best feature is its user interface, which is easy to navigate and understand. All you need is a little tutorial on how to use the Splunk query language and you're done.
    • Logs can be easily uploaded or shared across multiple platforms and display a highly insightful graphical representations of data using graphs, tables, and many other formats.
    Read full review

    Cons

    Cisco

    • At times can be unstable with Cisco bugs, require frequent upgrading.
    • FTD images that are being pushed for ASAs are less efficient from an administration standpoint, no CLI.
    Read full review

    Splunk

    • ES on the cloud (SaaS) has too many limitations with platform administration.
    • Supported integrations are not always on par with enterprise support especially when dependent on 3rd-party proprietary APIs.
    • In later versions, unforeseen glitches seem to show up that have no resolution except version upgrade. This used to not be the case in prior versions which were very stable.
    Read full review

    Pricing Details

    Snort

    Starting Price

    Editions & Modules

    Snort editions and modules pricing
    EditionModules

    Footnotes

      Offerings

      Free Trial
      Free/Freemium Version
      Premium Consulting/Integration Services

      Entry-level set up fee?

      No setup fee

      Additional Details

      Splunk Enterprise Security (ES)

      Starting Price

      Editions & Modules

      Splunk Enterprise Security (ES) editions and modules pricing
      EditionModules

      Footnotes

        Offerings

        Free Trial
        Free/Freemium Version
        Premium Consulting/Integration Services

        Entry-level set up fee?

        No setup fee

        Additional Details

        Pricing Info

        Likelihood to Renew

        Cisco

        No answers on this topic

        Splunk

        We are very happy with Splunk and would advise anyone to take a serious look at it. It might look pricey but the rewards Splunk offers seem endless.
        Read full review

        Usability

        Cisco

        No answers on this topic

        Splunk

        You definitely need to learn how to use Splunk to get the most of the tool. There are many courses available for free to get up to speed on the usability of the tool but it's not that simple. It will take time to digest all the data and to understand how to query for what you are looking for.
        Read full review

        Reliability and Availability

        Cisco

        No answers on this topic

        Splunk

        I'm not an ES user, but, in my implementation I usually try to prevent all service stops to guarantee High availability to the final customers.
        Read full review

        Performance

        Cisco

        No answers on this topic

        Splunk

        ES requires a very performant infrastructure: if it has it's performant, otherwise not. I had situation with a very performant infrastructure and I didn't notized that it was a distributed architecture, it seemed that there ware few data on my PC, othewise I experienced less performant infrastructures with less performaces.
        Read full review

        Support Rating

        Cisco

        No answers on this topic

        Splunk

        It's good when it's responsive, but I've had times where I had to wait quite a while for a response. But these are typically the exceptions rather than the rule. When you do get a response it is always well-informed and appropriate. I would say they've been trending better over time with this.
        Read full review

        In-Person Training

        Cisco

        No answers on this topic

        Splunk

        I experienced only on-line training, but the trainers were very professional and competent. Maybe it could be more useful if they also have an experience in projects because sometimes they didn't have a real project experience to communicate to the students. Anyway, it was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself, aven if I have more than 10 years of Splunk activity experience.
        Read full review

        Online Training

        Cisco

        No answers on this topic

        Splunk

        It was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself. The only problem was that, when I worked with the Splunk Professional Services, I found some difference between the training contents and the information from PS. In addition is required a long experience on Splunk Enterprise for the data ingestion part, in other words I'm able to work with ES because I'm worling on Splunk since 11 years, otherwise I'd some problem.
        Read full review

        Implementation Rating

        Cisco

        No answers on this topic

        Splunk

        It's a fantatic product and it was very useful the presence of Splunk Professional Services for the Design Phase and the final Health Check.
        Read full review

        Alternatives Considered

        Cisco

        For our organization, the Cisco defense in depth concept works the best. While Cisco can be made to work with other vendors, we have found the best in depth protection by integrating Cisco products for maximum visibility. We had a Barracuda Web Filter, but it was difficult to maintain when you had limited scope on what you could block, so we created a whitelist only setup which required a lot of additional manpower. This wouldn't have covered new threats with DNS spoofing and the like. Sourcefire also integrated with our anti-malware platform (Cisco AMP) for even better visibility on what may be happening on the end users workstation. We are planning on adding in Cisco ISE to complete the approach and possibly stealthwatch to cover our bases in the future. The Palo Alto gear was interesting, but it was priced far out of our range.
        Read full review

        Splunk

        - Schema on the fly indexing --> Gives you faster index searches. Even if you use Datamodes, it's 100x time faster as well. - Correlation with other domains easily gives you total visibility and reduces the time to investigate and understand the problem. - With lookups and trust, you can easily ingest your TI platforms and look for backlog and real-time data. - Splunkbase - RBA is using unsupervised learning also, so it's not like Qradar or McAfee. If we look at Qradar or McAfee, they are giving some magnitude values with static rules and define incident levels with that. - Advanced investigation option and out-of-box security metrics tell you that where you are.
        Read full review

        Contract Terms and Pricing Model

        Cisco

        No answers on this topic

        Splunk

        for my exterience, unit pricing and billing frequency are correct. As I already said, I hint to have more discount flexibility, expecially with new customers, because there are competitors less expensive and very aggressive that are dangerous. In addition the possibility to don't pay the license for the development period could be a very interesting feature for the final customers.
        Read full review

        Scalability

        Cisco

        No answers on this topic

        Splunk

        Splunk Enterprise Security gives us a variety of hybrid deployment options, vast data gathering capabilities, and complete visibility so that we can gather large data from many Cloud services, analyze it, deal with threats, and take fast investigative action using data-driven algorithms.
        Read full review

        Professional Services

        Cisco

        No answers on this topic

        Splunk

        I had a fantastic experience with Splunk Professional Services: they worked with us in our last SON project (a SOC migration for a very large customer) and helped to build a multi tenent environment even if ES isn't a multi tenant platform. Th Splunk PS was a very professional and competent people, he is italian and was able to speak with our italian customers.
        Read full review

        Return on Investment

        Cisco

        • Being open source, ROI on free is hard to beat for something that works.
        • I believe it greatly enhances the security of my network.
        Read full review

        Splunk

        • ES has highly impacted ROI because as the customer of the ES the work we do for creating use cases for clients in terms of security-related aspects by their logs has given more return than investment.
        • The correlation searches we run to get detailed results from the Data models are very less time-consuming than Splunk Enterprise itself we can get quick responses to the use cases and dashboards populated because of ES.
        • The CIM compliance feature is ES has made more jobs easy in the terms of finding more Authentication related data we can get data onboarded in the Email data model from O365 and search is email data model instead of searching for particular indexes.
        Read full review

        Add comparison