Forcepoint Data Loss Prevention (DLP) protects sensitive data everywhere it resides and moves, across endpoints, cloud apps, web, email, and on-premises environments. It delivers unified policy management and centralized control from a single console.
N/A
Splunk Enterprise Security
Score 8.3 out of 10
N/A
Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale.
N/A
Splunk User Behavior Analytics
Score 10.0 out of 10
N/A
Splunk supplies security analytics as a standalone solution or priced as an add-on for users of its popular SIEM products, to protect enterprises against unknown threats and malicious behavior, via the Splunk User Behavior Analytics application.
Splunk enterprise is the only solution that we’ve been able to identify that provides risk based alerting, which allows our SOC to reduce analyst fatigue which would be a huge problem without it. Before RBA, there were thousands of alerts a day and it was impossible to review …
Securonix does not nearly meet the scale, extensibility, and maturity that Splunk ES offers. However, when looking at the MSP architecture options, Securonix is a much more flexible platform for multi-tenanting. So, Splunk ES for captive SOC platforms and Securonix for …
Splunk Enterprise Security is well designed and provide many comprehensive features which able to protect and monitor the organization. The features are well being used and does not cause any performance issue. Overall the solution is quite stable. Technical support from Splunk …
-Where companies need to secure their attachment, which goes outside, means from their company to outside -Where companies need to ensure their client's personal information -Where companies need DLP. They need to look for Forcepoint only, as they have the upper hand over the rest of their competitors.
Based on my experience, Splunk is a strong git for some environments and a poor match for others. The distinction is primarily based on infrastructure complexity and budget. It's perfect for large enterprises with a mix of on-prem/cloud infrastructure. It's not a perfect match for small teams with restricted resources.
Splunk User Behavior Analytics application is necessary when any company wants to capture the threat based on user behavior instead of just counting the number of occurrences of particular event. With Splunk UBA, we can analyse number of anomalies captured and which in turn creating threats which are nearly true positive.
It has predominantly protected us from unauthorized parties and has provided us with better visibility and control over our data.
This software has also successfully prevented us from both malicious and accidental tasks, which are quite flexible actions when it comes to the violation of data loss prevention policies.
This product has been successful in improving compliance and even mitigating compliance violations, which further facilitated IT security.
I think there is room for improvement, as the user interface is slightly rough and difficult to adopt in the beginning. The software also hangs up at a few instances, which leads to some wasting of time and annoyance, but other than that, this software is good. The technical staff should work on the complexities for a better user experience.
Writes Powerful Queries: The queries that can be written using the Splunk Query Language are very powerful and highly customizable to meet every need. Ex: Writing queries to search the intersection of two different sources like Network and Endpoint Logs.
Offers Dashboard Abilities: Helps build complex panels for Dashboards in addition to providing several out-of-the-box panels. Ex: creating panels to calculate the performance of analysts in a given timezone.
Helpful Search Aids: It helps to set up complex custom alerts very easily. The interesting fields section is very helpful while threat hunting. Ex: It shows all the users and the frequency of each in a failed login event. The user list on the interesting fields is useful to look for suspicious logins.
Forcepoint technical support--specially for users who go with essential support--is challenging to get support on time. You need the ticket to be raised long beforehand to get support from TAC. However, in the case of enterprise support, its is not like this technical person will come on a priority basis.
However it comes with higher prices, especially for SMB, it is allowed to pay that amount for support only.
Improved User Interface Customization: While the interface is generally intuitive, providing more options for users to customize their dashboards and views would enhance the overall user experience. Tailoring the interface to specific roles or use cases could be a valuable addition.
Simplified Alert Management: Streamlining the process of managing alerts, such as grouping or categorizing them based on severity or type, would make it easier for security teams to prioritize and respond to incidents effectively.
Expanded Threat Intelligence Feeds: Increasing the variety and sources of threat intelligence feeds available within ES would provide a broader context for identifying and mitigating emerging threats, ensuring a more comprehensive defense against evolving attack vectors.
We have been fairly happy with the product and how it has worked. We have looked at other vendors for url filter and such and have not found one that meets our needs or does what we have been doing with Websense. The product has been fairly stable and we have only had a few issues in the past. We have all seen that it was one of the highest leaders from the Gartner Group Magic Quadrant for Web Gateways.
For us, Forcepoint Data Loss Prevention was difficult to administer, did not work well when it did work, was incredibly expensive for the feature set you get, and was difficult to uninstall when we moved on from the software. Once it was fully set up, it worked occasionally for us.
Maintaining hundreds or even 1000+ SOC use cases is really difficult, considering that the Data sources may not always send the data. A module that detects data freshness issues and detect data format changes would be a great help. the main challenge today using Splunk Enterprise Security is making sure that the detection rules are still working properly given all the changes that occur in data source applications. Also, maintaining the data collects on tens of thousands of servers and more than 100k workstations is a real company IT challenge: the splunkbase forwarder may not support old OS anymore, while these are the most important to monitor. Moving to the Open Telemetry collector has become essential so that only 1 agent is required for both SIEM and application observability.
It takes a long time for items to load if you are just generally searching through logs. It is best to use the data models which load faster but can be strange in terms of what is coming from which logs where. Yes, you can look it up, but this also requires familiarity with where things are and how to look them up.
Support from Forcepoint has been lacking. When calling in with a high priority issue we rarely are able to work with a technician immediately. The queue waits are very long and when you get through there are no support engineers available and we need to wait for a call back for hours it seems.
It's good when it's responsive, but I've had times where I had to wait quite a while for a response. But these are typically the exceptions rather than the rule. When you do get a response it is always well-informed and appropriate. I would say they've been trending better over time with this.
I experienced only on-line training, but the trainers were very professional and competent. Maybe it could be more useful if they also have an experience in projects because sometimes they didn't have a real project experience to communicate to the students. Anyway, it was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself, aven if I have more than 10 years of Splunk activity experience.
It was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself. The only problem was that, when I worked with the Splunk Professional Services, I found some difference between the training contents and the information from PS. In addition is required a long experience on Splunk Enterprise for the data ingestion part, in other words I'm able to work with ES because I'm worling on Splunk since 11 years, otherwise I'd some problem.
User friendly solution that makes it easy to deploy and manage. Forcepoint Data Loss Prevention very effective to protecting our valuable data on endpoints and where data lives like in the Cloud, server and on-premises disk drives and its valuable to just set policies once and start utilizing Forcepoint Data Loss Prevention solution.
Splunk enterprise is the only solution that we’ve been able to identify that provides risk based alerting, which allows our SOC to reduce analyst fatigue which would be a huge problem without it. Before RBA, there were thousands of alerts a day and it was impossible to review all of them
Easier we were using Splunk Enterprise on heavy forwarder on which all the add-on were installed and were using Splunk Cloud with respect to search head and indexers stack. And with Splunk Enterprise Security premium app, we were relying on correlation rules which were throwing more number of false positive but after implementing Splunk UBA, we are now getting real-time true positive threat or incidents.
for my exterience, unit pricing and billing frequency are correct. As I already said, I hint to have more discount flexibility, expecially with new customers, because there are competitors less expensive and very aggressive that are dangerous. In addition the possibility to don't pay the license for the development period could be a very interesting feature for the final customers.
- 8 out of 10 and took 2 for the data pipeline and administration part. Even if you'd like to improve yourself or your team, you have to pay a lot of money and it could be more than GIAC education + cert. - Normalization for Data models and CPU-based searches can be a problem sometimes.
I had a fantastic experience with Splunk Professional Services: they worked with us in our last SON project (a SOC migration for a very large customer) and helped to build a multi tenent environment even if ES isn't a multi tenant platform. Th Splunk PS was a very professional and competent people, he is italian and was able to speak with our italian customers.
The exchange of financial documents with customers creates extreme risk as data loss could result in financial and reputation damage to the customer. The cost of deploying Forcepoint is fractions of pennies compared to the potential financial impact of data loss.
There is some administrative overhead associated as false positives are inevitable, requiring a manual review and a potential loss of productivity.
We have a 100% success rate on all our ES implementations due to the amazing documentation and Splunk enablement on the subject.
Our Splunk ES business has grown 100% YoY for the last 3 years.
In terms of long term management and maintenance, ES has been highly stable and predictable, reducing our overhead on costly services team for ad hoc maintenance work.
