Elastic Security vs. Splunk Enterprise Security (ES)

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Elastic Security
Score 9.0 out of 10
N/A
Elastic Security equips analysts to prevent, detect, and respond to threats. The free and open solution delivers SIEM, endpoint security, threat hunting, and cloud monitoring. The solution encompasses Elastic SIEM, which brings Elasticsearch to SIEM and threat hunting. The Elastic Agent (or Elastic Endpoint Security based on the former Endgame security product acquired by Elastic in late 2019) brings signatureless malware prevention to endpoints, as well as security data collection for…N/A
Splunk Enterprise Security (ES)
Score 8.5 out of 10
N/A
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.N/A
Pricing
Elastic SecuritySplunk Enterprise Security (ES)
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Elastic SecuritySplunk Enterprise Security (ES)
Free Trial
NoNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
Elastic SecuritySplunk Enterprise Security (ES)
Considered Both Products
Elastic Security

No answer on this topic

Splunk Enterprise Security (ES)
Chose Splunk Enterprise Security (ES)
Difficult to choose, each one has pros and cons. Splunk has the best interface, QRadar has strong capabilities but ES is free.
Chose Splunk Enterprise Security (ES)
It is an easy-to-use tool; it has everything you need and it is very complete.
Top Pros

No answers on this topic

Top Cons

No answers on this topic

Features
Elastic SecuritySplunk Enterprise Security (ES)
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
Elastic Security
-
Ratings
Splunk Enterprise Security (ES)
8.4
94 Ratings
Centralized event and log data collection00 Ratings8.992 Ratings
Correlation00 Ratings8.691 Ratings
Event and log normalization/management00 Ratings8.493 Ratings
Deployment flexibility00 Ratings8.293 Ratings
Integration with Identity and Access Management Tools00 Ratings8.389 Ratings
Custom dashboards and workspaces00 Ratings8.695 Ratings
Host and network-based intrusion detection00 Ratings8.691 Ratings
Data integration/API management00 Ratings8.091 Ratings
Behavioral analytics and baselining00 Ratings7.989 Ratings
Rules-based and algorithmic detection thresholds00 Ratings8.390 Ratings
Response orchestration and automation00 Ratings7.881 Ratings
Reporting and compliance management00 Ratings8.790 Ratings
Incident indexing/searching00 Ratings8.493 Ratings
User Ratings
Elastic SecuritySplunk Enterprise Security (ES)
Likelihood to Recommend
9.0
(1 ratings)
8.8
(94 ratings)
Likelihood to Renew
-
(0 ratings)
8.6
(2 ratings)
Usability
-
(0 ratings)
8.3
(2 ratings)
Availability
-
(0 ratings)
9.1
(1 ratings)
Performance
-
(0 ratings)
8.2
(1 ratings)
Support Rating
7.0
(2 ratings)
6.7
(6 ratings)
In-Person Training
-
(0 ratings)
9.1
(1 ratings)
Online Training
-
(0 ratings)
8.2
(1 ratings)
Implementation Rating
-
(0 ratings)
9.1
(1 ratings)
Configurability
-
(0 ratings)
7.3
(2 ratings)
Contract Terms and Pricing Model
-
(0 ratings)
7.3
(1 ratings)
Ease of integration
-
(0 ratings)
6.4
(2 ratings)
Product Scalability
-
(0 ratings)
9.0
(92 ratings)
Professional Services
-
(0 ratings)
9.1
(1 ratings)
Vendor post-sale
-
(0 ratings)
8.2
(2 ratings)
Vendor pre-sale
-
(0 ratings)
8.2
(2 ratings)
User Testimonials
Elastic SecuritySplunk Enterprise Security (ES)
Likelihood to Recommend
Elastic
I believe Endgame is well suited to organizations that have their own Cybersecurity department. Its not well suited for organizations that don't have a Cybersecurity department.
Read full review
Splunk
Splunk Enterprise Security will be more suited in research dense areas, and also have a good scope in defense-related projects, cyber specialists, etc. It is less recommended for normal companies where the hosted application data do not require high-security environments. Also, this requires special admins to configure and monitor the logs effectively.
Read full review
Pros
Elastic
  • Identify 0-day malware.
  • Provides a few forensic details on endpoints.
  • Very easy to administer.
Read full review
Splunk
  • Its best feature is its user interface, which is easy to navigate and understand. All you need is a little tutorial on how to use the Splunk query language and you're done.
  • Logs can be easily uploaded or shared across multiple platforms and display a highly insightful graphical representations of data using graphs, tables, and many other formats.
Read full review
Cons
Elastic
  • I would love that it provided more memory analysis details.
  • Being able to edit sensor profiles after creating them.
  • I would love it if it provided more automation features.
Read full review
Splunk
  • ES on the cloud (SaaS) has too many limitations with platform administration.
  • Supported integrations are not always on par with enterprise support especially when dependent on 3rd-party proprietary APIs.
  • In later versions, unforeseen glitches seem to show up that have no resolution except version upgrade. This used to not be the case in prior versions which were very stable.
Read full review
Likelihood to Renew
Elastic
No answers on this topic
Splunk
We are very happy with Splunk and would advise anyone to take a serious look at it. It might look pricey but the rewards Splunk offers seem endless.
Read full review
Usability
Elastic
No answers on this topic
Splunk
You definitely need to learn how to use Splunk to get the most of the tool. There are many courses available for free to get up to speed on the usability of the tool but it's not that simple. It will take time to digest all the data and to understand how to query for what you are looking for.
Read full review
Reliability and Availability
Elastic
No answers on this topic
Splunk
I'm not an ES user, but, in my implementation I usually try to prevent all service stops to guarantee High availability to the final customers.
Read full review
Performance
Elastic
No answers on this topic
Splunk
ES requires a very performant infrastructure: if it has it's performant, otherwise not. I had situation with a very performant infrastructure and I didn't notized that it was a distributed architecture, it seemed that there ware few data on my PC, othewise I experienced less performant infrastructures with less performaces.
Read full review
Support Rating
Elastic
Even though their support is good, I think there are some areas where they need to provide more thorough solutions to issues, some of their solutions are pretty basic and have already been tried.
Read full review
Splunk
It's good when it's responsive, but I've had times where I had to wait quite a while for a response. But these are typically the exceptions rather than the rule. When you do get a response it is always well-informed and appropriate. I would say they've been trending better over time with this.
Read full review
In-Person Training
Elastic
No answers on this topic
Splunk
I experienced only on-line training, but the trainers were very professional and competent. Maybe it could be more useful if they also have an experience in projects because sometimes they didn't have a real project experience to communicate to the students. Anyway, it was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself, aven if I have more than 10 years of Splunk activity experience.
Read full review
Online Training
Elastic
No answers on this topic
Splunk
It was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself. The only problem was that, when I worked with the Splunk Professional Services, I found some difference between the training contents and the information from PS. In addition is required a long experience on Splunk Enterprise for the data ingestion part, in other words I'm able to work with ES because I'm worling on Splunk since 11 years, otherwise I'd some problem.
Read full review
Implementation Rating
Elastic
No answers on this topic
Splunk
It's a fantatic product and it was very useful the presence of Splunk Professional Services for the Design Phase and the final Health Check.
Read full review
Alternatives Considered
Elastic
Endgame is based on the MITRE framework which has proven to be a successful framework to identify various attack patterns that attackers use. Also, compared to the others it's easier to administer and manage.
Read full review
Splunk
- Schema on the fly indexing --> Gives you faster index searches. Even if you use Datamodes, it's 100x time faster as well. - Correlation with other domains easily gives you total visibility and reduces the time to investigate and understand the problem. - With lookups and trust, you can easily ingest your TI platforms and look for backlog and real-time data. - Splunkbase - RBA is using unsupervised learning also, so it's not like Qradar or McAfee. If we look at Qradar or McAfee, they are giving some magnitude values with static rules and define incident levels with that. - Advanced investigation option and out-of-box security metrics tell you that where you are.
Read full review
Contract Terms and Pricing Model
Elastic
No answers on this topic
Splunk
for my exterience, unit pricing and billing frequency are correct. As I already said, I hint to have more discount flexibility, expecially with new customers, because there are competitors less expensive and very aggressive that are dangerous. In addition the possibility to don't pay the license for the development period could be a very interesting feature for the final customers.
Read full review
Scalability
Elastic
No answers on this topic
Splunk
Splunk Enterprise Security deployment is quite flexible which many deployment modes are available. Configuration and management can be centralized at the cloud console which is very convenient for administrators. With the cloud deployment, it can reduce the possibility of hardware failure which can have better uptime. Most of the configurations can be deployed easily from the management console.
Read full review
Professional Services
Elastic
No answers on this topic
Splunk
I had a fantastic experience with Splunk Professional Services: they worked with us in our last SON project (a SOC migration for a very large customer) and helped to build a multi tenent environment even if ES isn't a multi tenant platform. Th Splunk PS was a very professional and competent people, he is italian and was able to speak with our italian customers.
Read full review
Return on Investment
Elastic
  • Being able to identify threats we couldn't identify before.
  • Easier management of endpoints.
  • Being able to immediately isolate endpoints remotely that have high severity threats.
Read full review
Splunk
  • ES has highly impacted ROI because as the customer of the ES the work we do for creating use cases for clients in terms of security-related aspects by their logs has given more return than investment.
  • The correlation searches we run to get detailed results from the Data models are very less time-consuming than Splunk Enterprise itself we can get quick responses to the use cases and dashboards populated because of ES.
  • The CIM compliance feature is ES has made more jobs easy in the terms of finding more Authentication related data we can get data onboarded in the Email data model from O365 and search is email data model instead of searching for particular indexes.
Read full review