TrustRadius: an HG Insights company

Splunk Enterprise Security

Score8.3 out of 10

259 Reviews and Ratings

Get a Demo

Community insights

TrustRadius Insights for Splunk Enterprise Security are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick completion of tasks. Many reviewers praised its simplicity and user-friendly design.

Efficient Log Correlation: The automation capabilities in XDR were highly appreciated by users as they enable efficient log correlation and turning data into meaningful insights. Several reviewers mentioned that this feature saves them time and enhances their overall productivity.

Comprehensive Security Monitoring: Users highlighted the product's ability to monitor firewall traffic, mail systems, and AWS infrastructure, providing comprehensive security monitoring. This feature was commended for its effectiveness in identifying potential threats from various sources.

Reviews

108 Reviews

Different stack but Threats Rhyme

Rating: 7 out of 10
Incentivized

Use Cases and Deployment Scope

We utilize Splunk Enterprise Security more as an operational layer that ties together everything we promise our clients from a security standpoint. What that looks like in practice revolves around compiling activity logs, endpoint detections or evn custom app logs into one place where we can make sense of it- 100% of the time, it's on Splunk Enterprise Security

Pros

  • correlation searches scale across clients really well once you abstract detection logic properly
  • It has a really superior ability to ingest and normalize very different log types

Cons

  • licensing is always a constant balancing war
  • maintaining CIM consistency across different tech stacks is super resource intensive.

Likelihood to Recommend

I haven't come across a better tool to manage security across multiple environments like Splunk Enterprise Security - but with a caveat that you shouldn't be a junior going at it alone. Splunk Enterprise Security's value comes from being able to build once and detect everywhere
VU
Verified User
Engineer in Information Technology (51-200 employees)
Vetted Review
Splunk Enterprise Security
3 years of experience

My Splunk review.

Rating: 7 out of 10
Incentivized

Use Cases and Deployment Scope

We deployed Cisco Splunk as a central SIEM to consolidate all of our logs from different vendors (Palo Alto, Fortinet, Aruba, Red Hat, Check Point...). Before Splunk, our analysts were juggling multiple disconnected tools across many dashboards and logs. Splunk fits our needs perfectly with real-time logging and alerting to prioritize incidents.

Pros

  • Risk alerting.
  • SOAR integration.
  • Threat management.
  • Ecosystem

Cons

  • Costs and license.
  • Onprem integration.
  • Out of the box detection.

Likelihood to Recommend

Based on my experience, Splunk is a strong git for some environments and a poor match for others. The distinction is primarily based on infrastructure complexity and budget. It's perfect for large enterprises with a mix of on-prem/cloud infrastructure. It's not a perfect match for small teams with restricted resources.
VU
Verified User
Engineer in Engineering (1001-5000 employees)
Vetted Review
Splunk Enterprise Security
5 years of experience

Splunk Enterprise Security appropriately prices SIEM Best to use for big company

Rating: 8 out of 10

Use Cases and Deployment Scope

I'm a security analyst and my bau task is to triage and investigate incidents. To investigate the security incidents, I depends on logs and to query logs we use Splunk Enterprise Security. Almost all the device, software, services push logs into the SIEM and we query then on demand basis. Splunk Enterprise Security helped my company to store, query the logs mainly. We also use it to run a analytical query on the logs to search anamolies.

Pros

  • Splunk Enterprise Security is really good in storing logs from all the different system and services.
  • Splunk Enterprise Security provides a really good interface to query logs and analytics
  • Splunk Enterprise Security is really good in creating and managing analytical rule which is used for creating detections.

Cons

  • The search speed is slow as compared to other solutions
  • Although UI is significantly improved recently but it has a room for improvment.

Likelihood to Recommend

Splunk Enterprise Security is well suite for medium to large size company. Storing very large amount of logs and querying it as optimal speed is really awesome. Splunk Enterprise Security is not the beneficial for small companies as the maintenance cost is not valued.
VU
Verified User
Engineer in Information Technology (10,001+ employees)
Vetted Review

Splunk - The Enterprise Leader.

Rating: 10 out of 10
Incentivized

Use Cases and Deployment Scope

In our organization, Splunk Enterprise Security (ES) is the central Security Information and Event Management (SIEM) platform that consolidates telemetry across the enterprise, spanning network infrastructure, cloud services, endpoints, Kubernetes environments, identity systems, and critical applications. As part of the Cisco family, Splunk continues to evolve with deep integrations into Cisco threat intelligence (e.g., Talos) and network telemetry, enhancing both detection fidelity and operational efficiency.

Pros

  • Centralized Log & Event Aggregation.
  • Compliance & Reporting.
  • Threat Visibility Across the Enterprise.
  • Scalability for Global Growth.

Cons

  • Complexity and learning curve.
  • Deployment Overhead.

Likelihood to Recommend

Splunk Enterprise Security remains one of the most widely adopted SIEM platforms for enterprise security analytics.
SG
Saurabh Gupta
Cyber Security Manager in Information Technology at Deloitte (10,001+ employees)
Vetted Review
Splunk Enterprise Security
15 years of experience
View profile

The main SOC application

Rating: 8 out of 10
Incentivized

Use Cases and Deployment Scope

Splunk Enterprise Security is used as the primary SIEM solution in my company, used by tens of SOC users for the detection and investigation of suspicious activities

Pros

  • Detection of abnormal events at scale
  • Support of the SOC activity
  • Can be customized in depth

Cons

  • the mapping of the data with the Common Information Model is difficult to maintain over time
  • Data format changes are not detected automatically

Likelihood to Recommend

Very appropriate to structure the SOC activities, trace the actions, with a lot of customization possibilities.
It has been used for 6 years in my company as the main SOC solution.
VU
Verified User
Team Lead in Information Technology (10,001+ employees)
Vetted Review
Splunk Enterprise Security
6 years of experience

Splunk Enterprise Security

Rating: 10 out of 10
Incentivized

Use Cases and Deployment Scope

We use Splunk for Security Logs. We basically monitor all Client logs whenever they use their cards.

Pros

  • Log collection
  • Visualization of the logs
  • Great filtering options of the logs.

Cons

  • Be more comprehensible
  • Provide more monitoring. Maybe an integration with Zabbix.

Likelihood to Recommend

Hmm, based on the function it is intended for, I don't see where any scenarios where it wouldn't be appropriate.

Log collection and integration with other vendor technologies is what it does best.
RB
Rinor Bivolaku
Information Security Line Manager in Information Technology at BKT (201-500 employees)
Vetted Review
Splunk Enterprise Security
1 year of experience

My hands on experience with Splunk ES

Rating: 7 out of 10
Incentivized

Use Cases and Deployment Scope

Between our warehouse systems, fleet tracking, logistics portals and cloud apps, there's a flood of data every second. Splunk ES is the connector that pulls all that into one view. The company handles freight for a couple of government clients. We are therefore required to prove that all access and data transfers are monitored. Splunk's audit dashboards make that less painful

Pros

  • The dashboards are super flexible. We've built custom ones for different teams with so much ease
  • Correlation search feature is superb
  • Risk based alerting

Cons

  • The more data you feed it the more maintenance it needs and the cycle never stops but storage costs keep spiking.
  • Data onboarding is harder than it needs to be. We are always forced to contract partners whenever we're bringing in a lot of logs

Likelihood to Recommend

Splunk is powerful, no doubt about that but it also demands way too much attention. I'd recommend it to teams that have a decent handle on their data flow. As for us, we're still struggling to get ahead of the data situation but Splunk's complex data ingestion gateway isn't making that any easier.
VU
Verified User
Analyst in Information Technology (5001-10,000 employees)
Vetted Review
Splunk Enterprise Security
2 years of experience

Splunk Enterprise Security: My Review

Rating: 9 out of 10
Incentivized

Use Cases and Deployment Scope

It's easy to build queries & integrate with other systems and applications. There are a lot of add ons you can integrate to Splunk that can save you a lot of time. Correlation and investigation are easy due to Splunk's effective data parsing capability. There are endless options to customize searching. It provides a very accurate Data Analytics platform that can be adopted by users of all levels. E.x. From tools like Data Tables for Novices to Splunk's Web Framework for Experts.

Pros

  • It gives visuals to the client when we select a graphical portrayal, enabling us to change signs into visual outlines, for example, pie outlines, diagrams, tables, and so on.
  • Dashboard UI is intuitive and exceptionally educational, so one can easily find whatever they are looking for.

Cons

  • Sometimes, it's very, very slow! It also takes a long time to refresh.
  • UI for pattern searching can be a little better.

Likelihood to Recommend

Well Suited: What we admire most about Splunk is the significant improvements and capabilities it brings to the software with every major release. It is simply mind-blowing and easy to set up from a backend developer's point of view, as it is compatible with existing popular enterprise frameworks using microservice architecture (Spring Boot). Less Suited: Their enterprise plans are frankly costly. Cost wise, maybe it won't be suitable for small startups.
YD
Yash Dabhi
Software Engineer in Information Technology at Maruti Techlabs (201-500 employees)
Vetted Review
Splunk Enterprise Security
2 years of experience

The Power of Splunk Enterprise.

Rating: 9 out of 10
Incentivized

Use Cases and Deployment Scope

We use Splunk Enterprise in our Organization to achieve the following. Consolidate logs from all sources in one place. Create Custom Correlation alerts to paint the bigger picture effectively. Create Sophisticated Dashboards and reports using multiple data sources for better and non-redundant visualization. Create some basic automation like CSV updates. Perform Threat Hunting to discover unknown threats. Manage Incidents in one place and track Analyst Performance.

Pros

  • Writes Powerful Queries: The queries that can be written using the Splunk Query Language are very powerful and highly customizable to meet every need. Ex: Writing queries to search the intersection of two different sources like Network and Endpoint Logs.
  • Offers Dashboard Abilities: Helps build complex panels for Dashboards in addition to providing several out-of-the-box panels. Ex: creating panels to calculate the performance of analysts in a given timezone.
  • Helpful Search Aids: It helps to set up complex custom alerts very easily. The interesting fields section is very helpful while threat hunting. Ex: It shows all the users and the frequency of each in a failed login event. The user list on the interesting fields is useful to look for suspicious logins.

Cons

  • Dashboard Builder: It needs more out-of-the-box panels for beginners to learn.
  • Autofill: The query autofill isn't that great. It needs better suggestions for beginners especially.
  • Speed: The speed of the search isn't that great. It can be improved. For some queries, it takes too long.
  • Error handler: The error messages in the case of wrong syntax can be more descriptive. The messages are sometimes vague and are not helpful.

Likelihood to Recommend

Well suited: Splunk ES is highly recommended in an environment with many data sources and experienced computer engineers. It has a steep learning curve, but once that hurdle is crossed, it is absolutely a beast. It is also very expensive, so a company putting a high amount of budget in Security is needed. Not well suited: Splunk ES is not recommended if a company has only a few sources and some non-technical IT users. The price won't justify the fewer data sources and scratching just the surface level. Moreover, non-technical IT users would be better off with something that has a query builder, unlike Splunk.
VU
Verified User
Engineer in Information Technology (1001-5000 employees)
Vetted Review
Splunk Enterprise Security
4 years of experience

Highly Recommended!

Rating: 7 out of 10
Incentivized

Use Cases and Deployment Scope

Splunk Enterprise Security (ES) is integral to our cybersecurity strategy. It swiftly detects and responds to threats, addressing compliance and incident response challenges. ES aggregates data from diverse sources, offering real-time monitoring and correlation. This agility minimizes security incident impact.

ES aids compliance management by providing detailed logs and reports, streamlining audits. Our use case spans the organization, integrating various data sources for a comprehensive security view. It also incorporates threat intelligence, bolstering proactive threat identification.

In summary, Splunk ES is a vital component, ensuring swift incident response and maintaining compliance with industry standards. Its scalability and adaptability make it a cornerstone of our security operations.

Pros

  • Advanced Threat Detection and Correlation: ES stands out in its ability to detect sophisticated threats by correlating data from multiple sources. For instance, it can identify unusual patterns in user behavior, cross-referencing with network logs to flag potential insider threats.
  • Real-time Monitoring and Alerting: ES offers robust real-time monitoring capabilities. It excels in promptly alerting us to critical security events, such as suspicious network traffic spikes or unauthorized access attempts, allowing for immediate response.
  • Comprehensive Log Analysis: ES ingests and analyzes an extensive range of log data. It's particularly adept at parsing and making sense of complex log formats, making it a versatile tool for understanding system activities and security events.

Cons

  • Improved User Interface Customization: While the interface is generally intuitive, providing more options for users to customize their dashboards and views would enhance the overall user experience. Tailoring the interface to specific roles or use cases could be a valuable addition.
  • Simplified Alert Management: Streamlining the process of managing alerts, such as grouping or categorizing them based on severity or type, would make it easier for security teams to prioritize and respond to incidents effectively.
  • Expanded Threat Intelligence Feeds: Increasing the variety and sources of threat intelligence feeds available within ES would provide a broader context for identifying and mitigating emerging threats, ensuring a more comprehensive defense against evolving attack vectors.

Likelihood to Recommend

Well-Suited Scenarios:

Real-Time Threat Response: ES excels in swiftly detecting and responding to security threats through data correlation.
Compliance Management: ES streamlines compliance with detailed logs and reports, ideal for regulated industries.
User Behavior Analytics: Effective in monitoring user and entity behavior, particularly for insider threat detection.
Large-Scale Environments: Valuable for organizations with diverse data sources and high volumes of data.
Incident Investigation: ES aids in post-incident analysis, reconstructing events to understand root causes.

Less Appropriate Scenarios:

Smaller Organizations: For simpler setups, ES may be complex and costly.
Static Environments: In low-risk settings, ES's advanced features may be unnecessary.
Limited Resources: Tight budgets or sparse IT resources may hinder effective ES use.
Lack of In-House Expertise: Without security experts, optimizing ES can be challenging.
Budget Constraints: ES may be cost-prohibitive for budget-conscious organizations, prompting consideration of more affordable alternatives.
VU
Verified User
C-Level Executive in Corporate (1-10 employees)
Vetted Review
Splunk Enterprise Security
1 year of experience