Splunk Enterprise Security Review Insights

Score8.3 out of 10

261 Reviews and Ratings

Back to Reviews

Insights from Splunk Enterprise Security Reviewers

Based on 7 verified reviews published in the last 18 months

What positive or negative impact (i.e. Return on Investment or ROI) has Splunk Enterprise Security had on your overall business objectives?

7 answered

Splunk Enterprise Security generally demonstrates a positive impact on business objectives, primarily through enhanced security and reliability, as noted by 3 of 7 reviewers. The platform is seen as instrumental in maintaining a trustworthy and secure environment, with one reviewer specifically attributing millions in savings to its ability to prevent disruptions. Concurrently, operational efficiency is a significant benefit, with 3 of 7 reviewers highlighting improvements such as tool consolidation and faster threat response. This efficiency extends to incident response, where the solution is credited with reducing the mean time to detect (MTTD) and enabling quicker reactions to security threats, a point raised by 2 of 7 reviewers. However, some challenges exist regarding performance, as 2 of 7 reviewers expressed concerns about slow query times for large log volumes and a high rate of false positives, which can impact service level agreements for alert resolution.

Security and Reliability

3 mentions

Splunk Enterprise Security is perceived to significantly bolster an organization's security posture and overall reliabi…

Splunk Enterprise Security is perceived to significantly bolster an organization's security posture and overall reliability. Reviewers indicate that the platform helps maintain a secure and trustworthy operational environment, indirectly contributing to the company's stability. One reviewer explicitly stated that the system prevents disruptions, leading to substantial financial savings.

Operational Efficiency

3 mentions

The solution enhances operational efficiency by streamlining security processes and consolidating tools, as observed by…

The solution enhances operational efficiency by streamlining security processes and consolidating tools, as observed by 3 of 7 reviewers. This consolidation and improved workflow enable security teams to respond to threats more rapidly. The ability to reuse correlation searches across different domains further contributes to a more efficient security operation.

Performance Impact

2 mentions

Concerns were raised by 2 of 7 reviewers regarding the performance of Splunk Enterprise Security, particularly concerni…

Concerns were raised by 2 of 7 reviewers regarding the performance of Splunk Enterprise Security, particularly concerning query speeds. Slow query execution when dealing with large volumes of logs can impede the timely resolution of security alerts, potentially affecting service level agreements. Additionally, a high rate of false positives was noted, which can consume valuable analyst time.

Incident Response Time

2 mentions

Splunk Enterprise Security positively impacts incident response times, with 2 of 7 reviewers specifically mentioning a…

Splunk Enterprise Security positively impacts incident response times, with 2 of 7 reviewers specifically mentioning a reduction in the mean time to detect (MTTD). The platform's capabilities enable security teams to identify and respond to threats significantly faster. This accelerated response contributes to mitigating potential security incidents more effectively.

Besides Splunk Enterprise Security, what other software do you regularly use? How likely would you be to recommend it to a friend or colleague?

7 answered

Reviewers frequently utilize a range of network and security management solutions in conjunction with Splunk Enterprise Security. A significant portion of the feedback, from 3 out of 7 reviewers, highlights various network and security tools, including Cisco Secure Network Analytics, Cisco Catalyst Center, and Cisco Duo, alongside offerings from other vendors like CheckPoint and Fortinet. These tools appear to complement Splunk ES by providing capabilities such as network analytics, access control, and firewall management. Additionally, remote access software is also part of the typical software stack, with TeamViewer specifically mentioned by 2 of 7 reviewers for its utility. The consistent mention of these tools suggests they are considered valuable additions to an enterprise's operational toolkit.

Cisco Products

3 mentions

Reviewers frequently integrate a variety of network and security tools into their operations. This category, mentioned…

Reviewers frequently integrate a variety of network and security tools into their operations. This category, mentioned by 3 out of 7 reviewers, includes specific Cisco solutions such as Secure Network Analytics, Catalyst Center, Duo, and Secure Access. Additionally, other prominent security vendors like CheckPoint, Juniper, and Fortinet are also noted, indicating a diverse ecosystem of complementary security and network management platforms.

TeamViewer

2 mentions

Remote access and support software is another common component of the software environment for some users. TeamViewer,…

Remote access and support software is another common component of the software environment for some users. TeamViewer, cited by 2 of 7 reviewers, is specifically used to facilitate remote connectivity and troubleshooting. Its inclusion suggests it is a valued tool for operational efficiency.

Describe how you use Splunk Enterprise Security in your organization. What are the business problems the product addresses and what is the scope of your use case?

7 answered

Organizations primarily leverage Splunk Enterprise Security as a central Security Information and Event Management (SIEM) platform to consolidate diverse security telemetry and logs from across their enterprise environments. This consolidation, cited by 5 of 7 reviewers, addresses the business problem of fragmented security data by integrating inputs from network infrastructure, cloud services, endpoints, Kubernetes, identity systems, and various vendor-specific logs into a single repository. This unified approach significantly enhances data aggregation and visibility, allowing security teams to make sense of extensive activity logs and endpoint detections in one place. Consequently, the platform is widely used for critical security operations, including incident triage and investigation of suspicious activities, as noted by 3 of 7 reviewers. Furthermore, it supports real-time log monitoring and alerting, enabling security analysts to move away from disparate tools and prioritize incidents more effectively.

SIEM Platform Consolidation

5 mentions

Reviewers frequently highlight Splunk Enterprise Security's role as a central SIEM platform, unifying security telemetr…

Reviewers frequently highlight Splunk Enterprise Security's role as a central SIEM platform, unifying security telemetry from a wide array of sources and vendors. This consolidation helps organizations bring together logs from network infrastructure, cloud services, endpoints, and identity systems, addressing the challenge of managing disparate security data. Five of seven reviewers specifically mentioned using the product to centralize logs from various vendors like Palo Alto, Fortinet, Aruba, Red Hat, and Check Point.

Data Aggregation and Visibility

3 mentions

A core benefit of Splunk Enterprise Security is its ability to aggregate vast amounts of data into a single, understand…

A core benefit of Splunk Enterprise Security is its ability to aggregate vast amounts of data into a single, understandable view, improving overall visibility for security operations. Reviewers appreciate how the platform pulls together activity logs, endpoint detections, and custom application logs, enabling them to comprehend and act upon this information effectively. This aggregation facilitates better insights into enterprise-wide security posture.

Incident Triage and Investigation

3 mentions

The platform serves as a critical tool for security analysts in their daily tasks of triaging and investigating securit…

The platform serves as a critical tool for security analysts in their daily tasks of triaging and investigating security incidents, as noted by 3 of 7 reviewers. Its capabilities allow SOC users to detect suspicious activities and conduct in-depth investigations by querying aggregated logs. Reviewers also utilize it for running analytical queries to identify anomalies within their security data.

Log Monitoring

2 mentions

Splunk Enterprise Security is valued for its real-time log monitoring and alerting capabilities, which help organizatio…

Splunk Enterprise Security is valued for its real-time log monitoring and alerting capabilities, which help organizations prioritize security incidents efficiently. Reviewers noted that the platform allows them to monitor all client logs, such as those related to card usage, providing a unified solution that replaces multiple disconnected tools. This capability enhances the speed and effectiveness of incident response.

Please provide some detailed examples of areas where Splunk Enterprise Security has room for improvement.

7 answered

Splunk Enterprise Security presents several areas where users indicate room for improvement, primarily revolving around the effort and resources required for implementation and ongoing operation. A significant concern, cited by three of seven reviewers, is the difficulty associated with data onboarding and Common Information Model (CIM) mapping. Reviewers frequently report that bringing in new log sources is harder than expected, often necessitating external assistance and consuming substantial internal resources to maintain CIM consistency across diverse technology stacks. Beyond initial data integration, the platform's overall complexity and associated learning curve were noted by two reviewers as areas needing simplification. This inherent complexity contributes to the perceived high deployment overhead and ongoing maintenance requirements, which two reviewers highlighted as a continuous cycle that escalates with increased data volume. Furthermore, the cost and licensing structure of Splunk Enterprise Security also emerged as a point of contention for two reviewers, describing it as a constant balancing act. These factors collectively suggest that while the platform offers capabilities, its implementation and operational burden are significant points of friction for users.

Data Onboarding and CIM Mapping

3 mentions

Reviewers frequently highlight challenges with integrating new data sources into Splunk Enterprise Security, with three…

Reviewers frequently highlight challenges with integrating new data sources into Splunk Enterprise Security, with three of seven reviewers specifically mentioning difficulties. This process is often described as more complex than anticipated, frequently requiring external consulting partners. Maintaining consistency with the Common Information Model (CIM) across various technology environments is also cited as a resource-intensive endeavor that is difficult to sustain over time.

Complexity and Learning Curve

2 mentions

The platform's inherent complexity and steep learning curve are noted as significant hurdles by two reviewers. Users su…

The platform's inherent complexity and steep learning curve are noted as significant hurdles by two reviewers. Users suggest that the product could benefit from improved comprehensibility to reduce the initial time and effort required for new users to become proficient. This complexity can impact the efficiency of security operations.

Cost and Licensing

2 mentions

Two reviewers expressed concerns regarding the financial aspects of Splunk Enterprise Security, specifically its costs…

Two reviewers expressed concerns regarding the financial aspects of Splunk Enterprise Security, specifically its costs and licensing model. The licensing structure is characterized as a continuous challenge, implying difficulties in managing expenses effectively in relation to usage. This suggests that the financial commitment required can be a point of friction for organizations.

Maintenance and Overhead

2 mentions

The operational burden associated with Splunk Enterprise Security is a concern for two reviewers, who point to signific…

The operational burden associated with Splunk Enterprise Security is a concern for two reviewers, who point to significant deployment overhead and ongoing maintenance. Reviewers indicate that as more data is fed into the system, the maintenance demands increase proportionally, leading to a continuous cycle of effort and rising storage costs. This highlights the resource-intensive nature of sustaining the platform.

Please provide some detailed examples of things that Splunk Enterprise Security does particularly well.

7 answered

Splunk Enterprise Security is frequently recognized for its robust capabilities in managing and analyzing security data, with reviewers consistently highlighting its core strengths. A significant majority of reviewers, 5 of 7, commend its advanced log management and ingestion features, noting its ability to centralize, normalize, and visualize diverse log types effectively. This foundational strength underpins its strong performance in security operations, as 4 of 7 reviewers specifically point to its superior correlation and detection functionalities. These capabilities are further enhanced by the platform's flexibility; 3 of 7 reviewers appreciate the extensive customization options available, particularly for creating tailored dashboards and filtering logs. Furthermore, 2 of 7 reviewers indicate that the solution offers strong scalability, allowing for growth and efficient processing of correlation searches across various environments. These combined attributes suggest that Splunk Enterprise Security excels at providing a comprehensive and adaptable framework for security monitoring and threat detection.

Log Management and Ingestion

5 mentions

Reviewers frequently highlight Splunk Enterprise Security's strength in handling security logs, with 5 of 7 reviewers s…

Reviewers frequently highlight Splunk Enterprise Security's strength in handling security logs, with 5 of 7 reviewers specifically mentioning its capabilities. The platform is noted for its ability to centralize and aggregate various log and event types, as well as normalize them for consistent analysis. This includes effective log collection and visualization, making it easier to manage data from diverse systems.

Correlation and Detection

4 mentions

A substantial portion of the feedback, from 4 of 7 reviewers, points to the product's excellence in identifying securit…

A substantial portion of the feedback, from 4 of 7 reviewers, points to the product's excellence in identifying security threats. Its correlation search feature is highly regarded for its effectiveness in detecting anomalies and potential risks. This is further supported by strong capabilities in risk-based alerting and the creation and management of analytical rules for detection.

Customization and Flexibility

3 mentions

The platform's adaptability is a key positive, noted by 3 of 7 reviewers who appreciate its extensive customization opt…

The platform's adaptability is a key positive, noted by 3 of 7 reviewers who appreciate its extensive customization options. Users find it easy to build custom dashboards tailored to specific team needs, enhancing usability and relevance. The system also provides great filtering options for logs, allowing for precise data analysis.

Scalability

2 mentions

Splunk Enterprise Security is recognized by 2 of 7 reviewers for its capacity to scale with organizational needs. This…

Splunk Enterprise Security is recognized by 2 of 7 reviewers for its capacity to scale with organizational needs. This includes its ability to support global growth and efficiently scale correlation searches. The architecture allows for effective abstraction of detection logic, enabling consistent performance across various client environments.