Likelihood to Recommend I have been able to create customized simulated phishing campaigns that are really testing our users ability to "spot the fake." That coupled with the training campaigns that are included make it much more likely that our users will be better prepared to protect our organization by being able to recognize common industry threats, and brings awareness to less common threats that are out there. I love that they have a shared folder full of relevant, recent real-world scams that we can choose from to train our user base.
Read full review Well suited: Splunk ES is highly recommended in an environment with many data sources and experienced computer engineers. It has a steep learning curve, but once that hurdle is crossed, it is absolutely a beast. It is also very expensive, so a company putting a high amount of budget in Security is needed. Not well suited: Splunk ES is not recommended if a company has only a few sources and some non-technical IT users. The price won't justify the fewer data sources and scratching just the surface level. Moreover, non-technical IT users would be better off with something that has a query builder, unlike Splunk.
Read full review Pros Analysis and classification of phishing emails using machine learning Response to reporting users with personalised emails template Automatic response and actions using integration with Microsoft Good dashboard with reporting and KPI Integration with others product to improve scan and analysis It improves users' security awareness and behavior as receiving an immediate response with the analysis result improves the ability to recognize a phishing email Read full review Advanced Threat Detection and Correlation: ES stands out in its ability to detect sophisticated threats by correlating data from multiple sources. For instance, it can identify unusual patterns in user behavior, cross-referencing with network logs to flag potential insider threats. Real-time Monitoring and Alerting: ES offers robust real-time monitoring capabilities. It excels in promptly alerting us to critical security events, such as suspicious network traffic spikes or unauthorized access attempts, allowing for immediate response. Comprehensive Log Analysis: ES ingests and analyzes an extensive range of log data. It's particularly adept at parsing and making sense of complex log formats, making it a versatile tool for understanding system activities and security events. Read full review Cons Enhancing the automated response capabilities, such as directly initiating remediation processes or integrating with other cybersecurity tools, could further streamline the threat management process. Implementing a feedback system where users can be informed about the outcome of their reported emails might encourage more proactive engagement. the reporting tool is not as streamlined on mobile devices as it is on desktops. Enhancing mobile functionality would be beneficial Read full review ES on the cloud (SaaS) has too many limitations with platform administration. Supported integrations are not always on par with enterprise support especially when dependent on 3rd-party proprietary APIs. In later versions, unforeseen glitches seem to show up that have no resolution except version upgrade. This used to not be the case in prior versions which were very stable. Read full review Likelihood to Renew Phish ER has reduced the time my team and I spend on reported emails by over 80%. With the volume of emails reported and a small team this is a must have.
Read full review We are very happy with Splunk and would advise anyone to take a serious look at it. It might look pricey but the rewards Splunk offers seem endless.
Read full review Usability The configuration is a bit complicated, but easy once you get the hang of it. Once configured, it is easy to manage our malicious emails that are reported by our staff.
Read full review You definitely need to learn how to use Splunk to get the most of the tool. There are many courses available for free to get up to speed on the usability of the tool but it's not that simple. It will take time to digest all the data and to understand how to query for what you are looking for.
Read full review Reliability and Availability I'm not an ES user, but, in my implementation I usually try to prevent all service stops to guarantee High availability to the final customers.
Read full review Performance ES requires a very performant infrastructure: if it has it's performant, otherwise not. I had situation with a very performant infrastructure and I didn't notized that it was a distributed architecture, it seemed that there ware few data on my PC, othewise I experienced less performant infrastructures with less performaces.
Read full review Support Rating Support has been easy to get along with and easy to understand.
Read full review It's good when it's responsive, but I've had times where I had to wait quite a while for a response. But these are typically the exceptions rather than the rule. When you do get a response it is always well-informed and appropriate. I would say they've been trending better over time with this.
Read full review In-Person Training I experienced only on-line training, but the trainers were very professional and competent. Maybe it could be more useful if they also have an experience in projects because sometimes they didn't have a real project experience to communicate to the students. Anyway, it was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself, aven if I have more than 10 years of Splunk activity experience.
Read full review Online Training It was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself. The only problem was that, when I worked with the Splunk Professional Services, I found some difference between the training contents and the information from PS. In addition is required a long experience on
Splunk Enterprise for the data ingestion part, in other words I'm able to work with ES because I'm worling on Splunk since 11 years, otherwise I'd some problem.
Read full review Implementation Rating Work with support or rep for some basic steps, the rest is pretty straight foward.
Read full review It's a fantatic product and it was very useful the presence of Splunk Professional Services for the Design Phase and the final Health Check.
Read full review Alternatives Considered KnowBe4 PhishER has a lot of features that other companied does not have. Its AI capability, integration with VirusTotal, PhishRIP and PhishFlip features make it totally different from other solutions. Its Phish Alert Button directly installed on users Outlook without affecting them and the reporting technique is very simple, just clicking on the Phish Alert Button and the email will be directly reported to the KnowBe4 PhishER dashboard. KnowBe4 PhishER dashboard is a very good example of centralized dashboard where you can find all things related to that reported email.
Read full review Splunk enterprise is the only solution that we’ve been able to identify that provides risk based alerting, which allows our SOC to reduce analyst fatigue which would be a huge problem without it. Before RBA, there were thousands of alerts a day and it was impossible to review all of them
Read full review Contract Terms and Pricing Model for my exterience, unit pricing and billing frequency are correct. As I already said, I hint to have more discount flexibility, expecially with new customers, because there are competitors less expensive and very aggressive that are dangerous. In addition the possibility to don't pay the license for the development period could be a very interesting feature for the final customers.
Read full review Scalability - 8 out of 10 and took 2 for the data pipeline and administration part. Even if you'd like to improve yourself or your team, you have to pay a lot of money and it could be more than GIAC education + cert. - Normalization for Data models and CPU-based searches can be a problem sometimes.
Read full review Professional Services I had a fantastic experience with Splunk Professional Services: they worked with us in our last SON project (a SOC migration for a very large customer) and helped to build a multi tenent environment even if ES isn't a multi tenant platform. Th Splunk PS was a very professional and competent people, he is italian and was able to speak with our italian customers.
Read full review Return on Investment It has greatly increased phishing / security awareness by our staff by having a designated button & process for reporting phishing emails It provides greater protection through the ability to delete emails from multiple recipients even if not all of them reported the email It saves time for me to have to evaluate whether or not an email reported is a real threat through the ML/AI/VirusTotal scores Read full review ES has highly impacted ROI because as the customer of the ES the work we do for creating use cases for clients in terms of security-related aspects by their logs has given more return than investment. The correlation searches we run to get detailed results from the Data models are very less time-consuming than Splunk Enterprise itself we can get quick responses to the use cases and dashboards populated because of ES. The CIM compliance feature is ES has made more jobs easy in the terms of finding more Authentication related data we can get data onboarded in the Email data model from O365 and search is email data model instead of searching for particular indexes. Read full review ScreenShots KnowBe4 PhishER Screenshots