Elastic Security vs. Splunk Enterprise Security

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Elastic Security
Score 10.0 out of 10
N/A
Elastic Security equips analysts to prevent, detect, and respond to threats. The free and open solution delivers SIEM, endpoint security, threat hunting, and cloud monitoring. The solution encompasses Elastic SIEM, which brings Elasticsearch to SIEM and threat hunting. The Elastic Agent (or Elastic Endpoint Security based on the former Endgame security product acquired by Elastic in late 2019) brings signatureless malware prevention to endpoints, as well as security data collection for…N/A
Splunk Enterprise Security
Score 8.3 out of 10
N/A
Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale.N/A
Pricing
Elastic SecuritySplunk Enterprise Security
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Elastic SecuritySplunk Enterprise Security
Free Trial
NoNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
Elastic SecuritySplunk Enterprise Security
Considered Both Products
Elastic Security

No answer on this topic

Splunk Enterprise Security
Chose Splunk Enterprise Security
The fact that it is used by many large companies was a strong reason for selecting Splunk Enterprise Security.
After several demos and POCs, the teams were convinced of the value it brings: it demands the right amount of customization to fit with the company data sources.
Also …
Chose Splunk Enterprise Security
LogRhythm is good for a team comprising mostly non-technical IT users. Unlike Splunk, it has a GUI log search and a good ticketing system. Splunk is better than Logrhythm for me as it provides me with the ultimate flexibility to write custom queries. Scalyr is a good tool and …
Chose Splunk Enterprise Security
Splunk Enterprise Security (ES) is much faster and easier to integrate logs and work on alerts to detect suspicious security events.
Chose Splunk Enterprise Security
Difficult to choose, each one has pros and cons. Splunk has the best interface, QRadar has strong capabilities but ES is free.
Features
Elastic SecuritySplunk Enterprise Security
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
Elastic Security
-
Ratings
Splunk Enterprise Security
8.1
108 Ratings
3% above category average
Centralized event and log data collection00 Ratings7.5106 Ratings
Correlation00 Ratings8.9105 Ratings
Event and log normalization/management00 Ratings8.9106 Ratings
Deployment flexibility00 Ratings7.0107 Ratings
Integration with Identity and Access Management Tools00 Ratings8.0102 Ratings
Custom dashboards and workspaces00 Ratings8.9108 Ratings
Host and network-based intrusion detection00 Ratings8.0102 Ratings
Data integration/API management00 Ratings7.9103 Ratings
Behavioral analytics and baselining00 Ratings7.4100 Ratings
Rules-based and algorithmic detection thresholds00 Ratings8.5101 Ratings
Response orchestration and automation00 Ratings7.593 Ratings
Reporting and compliance management00 Ratings8.9101 Ratings
Incident indexing/searching00 Ratings8.0107 Ratings
Best Alternatives
Elastic SecuritySplunk Enterprise Security
Small Businesses
LevelBlue USM Anywhere
LevelBlue USM Anywhere
Score 7.9 out of 10
LevelBlue USM Anywhere
LevelBlue USM Anywhere
Score 7.9 out of 10
Medium-sized Companies
Sumo Logic
Sumo Logic
Score 8.8 out of 10
Sumo Logic
Sumo Logic
Score 8.8 out of 10
Enterprises
Sumo Logic
Sumo Logic
Score 8.8 out of 10
Sumo Logic
Sumo Logic
Score 8.8 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Elastic SecuritySplunk Enterprise Security
Likelihood to Recommend
9.0
(1 ratings)
7.0
(109 ratings)
Likelihood to Renew
-
(0 ratings)
9.1
(4 ratings)
Usability
-
(0 ratings)
7.1
(13 ratings)
Availability
-
(0 ratings)
9.1
(4 ratings)
Performance
-
(0 ratings)
7.0
(4 ratings)
Support Rating
7.0
(1 ratings)
7.3
(7 ratings)
In-Person Training
-
(0 ratings)
9.1
(1 ratings)
Online Training
-
(0 ratings)
8.2
(1 ratings)
Implementation Rating
-
(0 ratings)
9.1
(1 ratings)
Configurability
-
(0 ratings)
7.3
(1 ratings)
Contract Terms and Pricing Model
-
(0 ratings)
7.3
(1 ratings)
Ease of integration
-
(0 ratings)
6.4
(1 ratings)
Product Scalability
-
(0 ratings)
8.7
(98 ratings)
Professional Services
-
(0 ratings)
9.1
(1 ratings)
Vendor post-sale
-
(0 ratings)
8.2
(1 ratings)
Vendor pre-sale
-
(0 ratings)
8.2
(1 ratings)
User Testimonials
Elastic SecuritySplunk Enterprise Security
Likelihood to Recommend
Elastic
I believe Endgame is well suited to organizations that have their own Cybersecurity department. Its not well suited for organizations that don't have a Cybersecurity department.
Read full review
Cisco
Based on my experience, Splunk is a strong git for some environments and a poor match for others. The distinction is primarily based on infrastructure complexity and budget. It's perfect for large enterprises with a mix of on-prem/cloud infrastructure. It's not a perfect match for small teams with restricted resources.
Read full review
Pros
Elastic
  • Identify 0-day malware.
  • Provides a few forensic details on endpoints.
  • Very easy to administer.
Read full review
Cisco
  • Writes Powerful Queries: The queries that can be written using the Splunk Query Language are very powerful and highly customizable to meet every need. Ex: Writing queries to search the intersection of two different sources like Network and Endpoint Logs.
  • Offers Dashboard Abilities: Helps build complex panels for Dashboards in addition to providing several out-of-the-box panels. Ex: creating panels to calculate the performance of analysts in a given timezone.
  • Helpful Search Aids: It helps to set up complex custom alerts very easily. The interesting fields section is very helpful while threat hunting. Ex: It shows all the users and the frequency of each in a failed login event. The user list on the interesting fields is useful to look for suspicious logins.
Read full review
Cons
Elastic
  • I would love that it provided more memory analysis details.
  • Being able to edit sensor profiles after creating them.
  • I would love it if it provided more automation features.
Read full review
Cisco
  • Improved User Interface Customization: While the interface is generally intuitive, providing more options for users to customize their dashboards and views would enhance the overall user experience. Tailoring the interface to specific roles or use cases could be a valuable addition.
  • Simplified Alert Management: Streamlining the process of managing alerts, such as grouping or categorizing them based on severity or type, would make it easier for security teams to prioritize and respond to incidents effectively.
  • Expanded Threat Intelligence Feeds: Increasing the variety and sources of threat intelligence feeds available within ES would provide a broader context for identifying and mitigating emerging threats, ensuring a more comprehensive defense against evolving attack vectors.
Read full review
Likelihood to Renew
Elastic
No answers on this topic
Cisco
We are very happy with Splunk and would advise anyone to take a serious look at it. It might look pricey but the rewards Splunk offers seem endless.
Read full review
Usability
Elastic
No answers on this topic
Cisco
Maintaining hundreds or even 1000+ SOC use cases is really difficult, considering that the Data sources may not always send the data. A module that detects data freshness issues and detect data format changes would be a great help. the main challenge today using Splunk Enterprise Security is making sure that the detection rules are still working properly given all the changes that occur in data source applications. Also, maintaining the data collects on tens of thousands of servers and more than 100k workstations is a real company IT challenge: the splunkbase forwarder may not support old OS anymore, while these are the most important to monitor. Moving to the Open Telemetry collector has become essential so that only 1 agent is required for both SIEM and application observability.
Read full review
Reliability and Availability
Elastic
No answers on this topic
Cisco
I don't think I've ever seen Splunk ES go fully offline or have any downtime greater than a few minutes on rare occasions.
Read full review
Performance
Elastic
No answers on this topic
Cisco
It takes a long time for items to load if you are just generally searching through logs. It is best to use the data models which load faster but can be strange in terms of what is coming from which logs where. Yes, you can look it up, but this also requires familiarity with where things are and how to look them up.
Read full review
Support Rating
Elastic
Even though their support is good, I think there are some areas where they need to provide more thorough solutions to issues, some of their solutions are pretty basic and have already been tried.
Read full review
Cisco
It's good when it's responsive, but I've had times where I had to wait quite a while for a response. But these are typically the exceptions rather than the rule. When you do get a response it is always well-informed and appropriate. I would say they've been trending better over time with this.
Read full review
In-Person Training
Elastic
No answers on this topic
Cisco
I experienced only on-line training, but the trainers were very professional and competent. Maybe it could be more useful if they also have an experience in projects because sometimes they didn't have a real project experience to communicate to the students. Anyway, it was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself, aven if I have more than 10 years of Splunk activity experience.
Read full review
Online Training
Elastic
No answers on this topic
Cisco
It was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself. The only problem was that, when I worked with the Splunk Professional Services, I found some difference between the training contents and the information from PS. In addition is required a long experience on Splunk Enterprise for the data ingestion part, in other words I'm able to work with ES because I'm worling on Splunk since 11 years, otherwise I'd some problem.
Read full review
Implementation Rating
Elastic
No answers on this topic
Cisco
It's a fantatic product and it was very useful the presence of Splunk Professional Services for the Design Phase and the final Health Check.
Read full review
Alternatives Considered
Elastic
Endgame is based on the MITRE framework which has proven to be a successful framework to identify various attack patterns that attackers use. Also, compared to the others it's easier to administer and manage.
Read full review
Cisco
Splunk enterprise is the only solution that we’ve been able to identify that provides risk based alerting, which allows our SOC to reduce analyst fatigue which would be a huge problem without it. Before RBA, there were thousands of alerts a day and it was impossible to review all of them
Read full review
Contract Terms and Pricing Model
Elastic
No answers on this topic
Cisco
for my exterience, unit pricing and billing frequency are correct. As I already said, I hint to have more discount flexibility, expecially with new customers, because there are competitors less expensive and very aggressive that are dangerous. In addition the possibility to don't pay the license for the development period could be a very interesting feature for the final customers.
Read full review
Scalability
Elastic
No answers on this topic
Cisco
- 8 out of 10 and took 2 for the data pipeline and administration part. Even if you'd like to improve yourself or your team, you have to pay a lot of money and it could be more than GIAC education + cert. - Normalization for Data models and CPU-based searches can be a problem sometimes.
Read full review
Professional Services
Elastic
No answers on this topic
Cisco
I had a fantastic experience with Splunk Professional Services: they worked with us in our last SON project (a SOC migration for a very large customer) and helped to build a multi tenent environment even if ES isn't a multi tenant platform. Th Splunk PS was a very professional and competent people, he is italian and was able to speak with our italian customers.
Read full review
Return on Investment
Elastic
  • Being able to identify threats we couldn't identify before.
  • Easier management of endpoints.
  • Being able to immediately isolate endpoints remotely that have high severity threats.
Read full review
Cisco
  • We have a 100% success rate on all our ES implementations due to the amazing documentation and Splunk enablement on the subject.
  • Our Splunk ES business has grown 100% YoY for the last 3 years.
  • In terms of long term management and maintenance, ES has been highly stable and predictable, reducing our overhead on costly services team for ad hoc maintenance work.
Read full review
ScreenShots