Google Threat Intelligence (Mandiant) vs. Splunk Enterprise vs. Trellix Helix

Usually SOC leverages Intel from mutiple sources. The scenarios are: 1.Suitable: In large scale SOC where more than 5000 devices are being monitored and the tech stack is wide, Mandiant will play an excellent role in that scenario. 2.Not Suitable: In small scale SOCs wherein limited devices belonging to the same tech stack is being used then the analysts can rely on OSINT and it is not useful to buy the solution.

Incentivized

It's well suited for what I do, which is network security operations. And that's for anything from troubleshooting incidents, troubleshooting performance, troubleshooting for the purpose of a compliance and auditing. It's not best suited for users who are new in terms of they're new to the product and they have expectations that probably Splunk cannot meet.

Incentivized

Great for organizations that are considering improving their operational security by utilizing their threats intelligence capabilities. It offers a great collection and analysis of security events and provides solutions to solve them. When considering a solution that is secure and can provide very extensive visualization of your environment for threats.

• accelerated threat response feature, prioritizing threats according to requirement.
• Optimization of the threat intelligence , and can be integrated with 3rd party tools.
• Features like - Breach ,Adversary, Machine and Operational Intelligence.
• Mandiant dynamic host and the malware views along with indicators.

Incentivized

• It is very useful in creating custom rules for analyzing system logs and display relevant information. The query language is very easy to learn.
• We can create custom UI to visualize the output of our data. The interface is very flexible. It also allows the sharing of rules among users.
• There is an open online community to help others. Stackoverflow also has a splunk community. These resources make it more convenient to learn.

Incentivized

• Single location for all security event management
• Detect advanced threats
• Provide audit artifacts to ensure compliance

Incentivized

• Paywalls exist throughout the data set and can halt an investigation without the right model
• Some data was incomplete or broken up between pay tiers
• Navigation through the data lacked a definitive trail or breadcrumbs to retrace steps during investigations

Incentivized

• Splunk light limits number of users to 5. Wish there was a flexible license, where one could add more users.
• Splunk light does not let you add > few realtime alerts. Wish there was a flexible license, where one could add as many realtime alerts as wanted.
• Better insight into daily ingestion values

Incentivized

• Additional integration points (API cloud integrations).

Incentivized

We are using Splunk extensively in our projects and we have recently upgraded to Splunk version 6.0 which is quite efficient and giving expected results. We keep track of updates and new features Splunk introduces periodically and try to introduce those features in our day to day activities for improvement in our reporting system and other tasks.

Mandiant Advantage Threat Intelligence has a very usable platform, with well-differentiated sections for the analyst, as well as the possibility of cross-searching to obtain the desired results. All this is presented with an interface that is easy on the eye and not very messy, which increases productivity and the speed with which work is done.

Incentivized

You can literally throw in a single word into Splunk and it will pull back all instances of that word across all of your logs for the time span you select (provided you have permission to see that data). We have several users who have taken a few of the free courses from Splunk that are able to pull data out of it everyday with little help at all.

Incentivized

When properly setup and configured, Splunk is extremely reliable.

Incentivized

Splunk maintains a well resourced support system that has been consistent since we purchased the product. They help out in a timely manner and provide expert level information as needed. We typically open cases online and communicate when possible via e-mail and are able to resolve most issues with that method.

Incentivized

We've been fairly happy with FireEye Helix support overall. Most issues are resolved the same day the case is opened.

Incentivized

The online course was simple clear and described the main capabilities of the solution. There is also an initial module that can be done for free so anyone can familiarize themselves with the functionality of this solution. On the other hand, however, there could be more free online courses. Maybe even with a certificate, this would broaden the group of people who are familiar with the platform while increasing familiarity with the solution itself.

Smooth without too many major issues.

Incentivized

It gives more ways to analyze threats and options to fixed it. This device gives more visibility on vulnerability detection and its analysis. It provides detailed reports to have more information of all malwares which help us to increase overall security of our current organization

Incentivized

I didn't get to fully evaluate Logstash as our corporation was already using Logstash, but both seemed like viable solutions to the problem that we were having. I wanted to evaluate Logstash some more, both did seem like they would work for the business needs that we had, we went with splunk as many teams were already using it.

Incentivized

It offers extensive visibility thus easy detection of threats and easy mitigation practices. Utilization of its threats intelligence capabilities thus early detection of incidents and maximization of security investments. Offers great integration of cloud resources with existing security tools thus ensuring seamless performance and all-time security for the organizational resources.

Splunk can scale in to the petabyte per day range which of course is awesome

• Improved incident response time
• Specific investigations that have reduced the attack surface
• Technical reports on threats not controlled by the bank's local team

Incentivized

• I don't have any numbers to share but Splunk has positively served as a 24/7 monitoring tool that has saved hours of work by self-detecting, saving statistics and alerting problems in the system or from external interfaces as soon as they happen.
• Splunk dashboards does a solid job in collecting, analyzing data and creating reports that contain an entire day's activity and then automatically sent out to the business.
• Splunk is very easy to learn and very useful to any program or business application.

Incentivized

• Optimization of your security investments.
• Operations are seamless and better with easy integrations that enhance performance.
• Efficiency in running of incidences with enhanced case management for all its alerts.