TrustRadius: an HG Insights company

Splunk Enterprise Security

Score8.4 out of 10

261 Reviews and Ratings

Get a Demo

What is Splunk Enterprise Security?

Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale.

Categories & Use Cases

Key Features

Learn about the best (and worst!) features Splunk Enterprise Security has to offer, as determined by TrustRadius' reviewers.
Based on 261 ratings of Splunk Enterprise Security's features
View all features

Top Performing Features

  • Correlation

    Correlation of logs and events to pinpoint significant threats

    Category average: 8.4

  • Event and log normalization/management

    Ability to normalize event syntax so that logs can be compared and are machine-understandable

    Category average: 8.5

  • Custom dashboards and workspaces

    dashboards that can be customized to meet the needs of specific groups

    Category average: 8.3

Areas for Improvement

  • Response orchestration and automation

    Quality of built-in response orchestration and automation in Next-Gen SIEM

    Category average: 7.7

  • Behavioral analytics and baselining

    How effectively activity and behavior baselines are established and maintained

    Category average: 7.6

  • Deployment flexibility

    Ability to tune system to maximize threat detection and minimize false positives

    Category average: 7.4

Most Frequent Users

Top 3 industries using Splunk Enterprise Security.
Based on HG Insights installation data
Powered by
View all Reviews
#1 most frequent

Professional, Scientific, and Technical Services

27.1%

332 installations of 1,225

#2 most frequent

Finance and Insurance

14.8%

181 installations of 1,225

#3 most frequent

Information

13.2%

162 installations of 1,225

Reviews

What users are saying about Splunk Enterprise Security.
View all reviews

Review

Incentivized
Nikhil Jhawar
Product Lead in Engineering at WF (10,001+ employees employees)

Use Cases and Deployment Scope

Large financial enterprise SOC leveraging ES to run SecOps

Pros

  • Large telemetry logging
  • correlation

Cons

  • scalability
  • buit-in agentic capability

Return on Investment

  • Good dashboarding but flaky performance
  • expensive from a ROI perspective

Usability

Alternatives Considered

SecOps Solution and Chronicle Cloud

Splunk - The Enterprise Leader.

Incentivized
Saurabh GuptaView profile
Cyber Security Manager in Information Technology at Deloitte (10,001+ employees employees)

Use Cases and Deployment Scope

In our organization, Splunk Enterprise Security (ES) is the central Security Information and Event Management (SIEM) platform that consolidates telemetry across the enterprise, spanning network infrastructure, cloud services, endpoints, Kubernetes environments, identity systems, and critical applications. As part of the Cisco family, Splunk continues to evolve with deep integrations into Cisco threat intelligence (e.g., Talos) and network telemetry, enhancing both detection fidelity and operational efficiency.

Pros

  • Centralized Log & Event Aggregation.
  • Compliance & Reporting.
  • Threat Visibility Across the Enterprise.
  • Scalability for Global Growth.

Cons

  • Complexity and learning curve.
  • Deployment Overhead.

Return on Investment

  • Cost and licensing.

Usability

Alternatives Considered

Arcsight by OpenText

Other Software Used

Cisco Secure Network Analytics, Cisco Catalyst Center, SDWAN|Link

Splunk Enterprise Security

Incentivized
Rinor Bivolaku
Information Security Line Manager in Information Technology at BKT (201-500 employees employees)

Use Cases and Deployment Scope

We use Splunk for Security Logs. We basically monitor all Client logs whenever they use their cards.

Pros

  • Log collection
  • Visualization of the logs
  • Great filtering options of the logs.

Cons

  • Be more comprehensible
  • Provide more monitoring. Maybe an integration with Zabbix.

Return on Investment

  • It is hard to estimate considering it's not been a year that I've been working in the company, but it has for sure definitely helped to keep us reliable, trustworthy and secure in an indirect way. All of these help the bank I work for financially as well.

Usability

Other Software Used

Cisco Duo, Cisco Secure Access, Tenable Cloud Security

My Splunk review.

Incentivized
Verified User
Engineer in Engineering (1001-5000 employees employees)

Use Cases and Deployment Scope

We deployed Cisco Splunk as a central SIEM to consolidate all of our logs from different vendors (Palo Alto, Fortinet, Aruba, Red Hat, Check Point...). Before Splunk, our analysts were juggling multiple disconnected tools across many dashboards and logs. Splunk fits our needs perfectly with real-time logging and alerting to prioritize incidents.

Pros

  • Risk alerting.
  • SOAR integration.
  • Threat management.
  • Ecosystem

Cons

  • Costs and license.
  • Onprem integration.
  • Out of the box detection.

Return on Investment

  • Tools consolidated.
  • False positive rate.
  • MTTD reduction.

Usability

Alternatives Considered

Kibana

Other Software Used

CheckPoint, Juniper 7000, Fortinet FortiGate

The main SOC application

Incentivized
Verified User
Team Lead in Information Technology (10,001+ employees employees)

Use Cases and Deployment Scope

Splunk Enterprise Security is used as the primary SIEM solution in my company, used by tens of SOC users for the detection and investigation of suspicious activities

Pros

  • Detection of abnormal events at scale
  • Support of the SOC activity
  • Can be customized in depth

Cons

  • the mapping of the data with the Common Information Model is difficult to maintain over time
  • Data format changes are not detected automatically

Return on Investment

  • Splunk Enterprise Security support tens of SOC operators to track and investigate hundreds of security events every day.
  • The SOC is a critical activity. Splunk Enterprise Security is one of if not the best solutions that makes it possible, and at scale

Usability

Alternatives Considered

Elastic Security and RSA Access Manager (Discontinued)

Other Software Used

Splunk Enterprise

Related Products

Products similar to Splunk Enterprise Security that may also meet your needs.
All comparisons
IBM Security QRadar SIEM
CompareLearn more
LogRhythm NextGen SIEM Platform
CompareLearn more
Securonix Next-Generation SIEM
CompareLearn more