TrustRadius: an HG Insights company

Splunk Enterprise Security

Score8.6 out of 10

258 Reviews and Ratings

Learn More

What is Splunk Enterprise Security?

Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale.

Categories & Use Cases

Key Features

Learn about the best (and worst!) features Splunk Enterprise Security has to offer, as determined by TrustRadius' reviewers.
Based on 258 ratings of Splunk Enterprise Security's features
View all features

Top Performing Features

  • Custom dashboards and workspaces

    dashboards that can be customized to meet the needs of specific groups

    Category average: 8.6

  • Integration with Identity and Access Management Tools

    Integration with access control tools like Active Directory and LDAP

    Category average: 8.4

  • Correlation

    Correlation of logs and events to pinpoint significant threats

    Category average: 8.4

Areas for Improvement

  • Incident indexing/searching

    Effectiveness of searching across structured and unstructured events and incidents within SIEM

    Category average: 8.2

  • Rules-based and algorithmic detection thresholds

    Effectiveness of manually-established rules and algorithmically-determined detection thresholds

    Category average: 8

  • Centralized event and log data collection

    Effectiveness of real-time centralized event and log data collection

    Category average: 8.4

Reviews

What users are saying about Splunk Enterprise Security.
View all reviews

Splunk - The Enterprise Leader.

Incentivized
Saurabh GuptaView profile
Cyber Security Manager in Information Technology at Deloitte (10,001+ employees employees)

Use Cases and Deployment Scope

In our organization, Splunk Enterprise Security (ES) is the central Security Information and Event Management (SIEM) platform that consolidates telemetry across the enterprise, spanning network infrastructure, cloud services, endpoints, Kubernetes environments, identity systems, and critical applications. As part of the Cisco family, Splunk continues to evolve with deep integrations into Cisco threat intelligence (e.g., Talos) and network telemetry, enhancing both detection fidelity and operational efficiency.

Pros

  • Centralized Log & Event Aggregation.
  • Compliance & Reporting.
  • Threat Visibility Across the Enterprise.
  • Scalability for Global Growth.

Cons

  • Complexity and learning curve.
  • Deployment Overhead.

Return on Investment

  • Cost and licensing.

Usability

Alternatives Considered

Arcsight by OpenText

Other Software Used

Cisco Secure Network Analytics, Cisco Catalyst Center, SDWAN|Link

Splunk Enterprise Security

Incentivized
Rinor Bivolaku
Information Security Line Manager in Information Technology at BKT (201-500 employees employees)

Use Cases and Deployment Scope

We use Splunk for Security Logs. We basically monitor all Client logs whenever they use their cards.

Pros

  • Log collection
  • Visualization of the logs
  • Great filtering options of the logs.

Cons

  • Be more comprehensible
  • Provide more monitoring. Maybe an integration with Zabbix.

Return on Investment

  • It is hard to estimate considering it's not been a year that I've been working in the company, but it has for sure definitely helped to keep us reliable, trustworthy and secure in an indirect way. All of these help the bank I work for financially as well.

Usability

Other Software Used

Cisco Duo, Cisco Secure Access, Tenable Cloud Security

The main SOC application

Incentivized
Verified User
Team Lead in Information Technology (10,001+ employees employees)

Use Cases and Deployment Scope

Splunk Enterprise Security is used as the primary SIEM solution in my company, used by tens of SOC users for the detection and investigation of suspicious activities

Pros

  • Detection of abnormal events at scale
  • Support of the SOC activity
  • Can be customized in depth

Cons

  • the mapping of the data with the Common Information Model is difficult to maintain over time
  • Data format changes are not detected automatically

Return on Investment

  • Splunk Enterprise Security support tens of SOC operators to track and investigate hundreds of security events every day.
  • The SOC is a critical activity. Splunk Enterprise Security is one of if not the best solutions that makes it possible, and at scale

Usability

Alternatives Considered

Elastic Security and RSA Access Manager (Discontinued)

Other Software Used

Splunk Enterprise

Splunk ES, a great tool to use with some caveats!

Incentivized
Verified User
Analyst in Information Technology (1001-5000 employees employees)

Use Cases and Deployment Scope

I use the product to help monitor, analyze and potentially mitigate certain security issues that may come up. This includes acting as a secondary for escalations and looking at some alerts. I also use it to action on data that may be of use to our organization. It is helpful to organize alerting and easy to take action.

Pros

  • Monitoring log activity for potential security problems
  • The interface for investigations is pretty easy to use
  • Enjoy the high level detail the product gives for alerting
  • Nice playground for keeping track of investigations
  • Ease to create new notables to track further items.

Cons

  • Crazy awful latency when loading
  • Sometimes the events tab won't show any logs
  • Difficult to follow certain parts of investigations, but this is being addressed with Mission Control. (I'm talking about the original interface)
  • Confusion about where to easily navigate to view what items make up risk score as the interface can be confusing.
  • lowering risk score is extremely obnoxious.

Return on Investment

  • Fast MTTD but no specific numbers
  • Excellent integration with other tools so we don't have to pay for an additional service

Usability

Alternatives Considered

Microsoft Sentinel

Other Software Used

CrowdStrike Falcon, Carbon Black App Control

My hands on experience with Splunk ES

Incentivized
Verified User
Analyst in Information Technology (5001-10,000 employees employees)

Use Cases and Deployment Scope

Between our warehouse systems, fleet tracking, logistics portals and cloud apps, there's a flood of data every second. Splunk ES is the connector that pulls all that into one view. The company handles freight for a couple of government clients. We are therefore required to prove that all access and data transfers are monitored. Splunk's audit dashboards make that less painful

Pros

  • The dashboards are super flexible. We've built custom ones for different teams with so much ease
  • Correlation search feature is superb
  • Risk based alerting

Cons

  • The more data you feed it the more maintenance it needs and the cycle never stops but storage costs keep spiking.
  • Data onboarding is harder than it needs to be. We are always forced to contract partners whenever we're bringing in a lot of logs

Return on Investment

  • It saves the company millions by avoiding disruptions across logistics
  • My crew and I respond to threats so much faster with Splunk

Usability

Alternatives Considered

Microsoft Sentinel

Other Software Used

Splunk SOAR, TeamViewer

Related Products

Products similar to Splunk Enterprise Security that may also meet your needs.
All comparisons
IBM Security QRadar SIEM
CompareLearn more
LogRhythm NextGen SIEM Platform
CompareLearn more
Securonix Next-Generation SIEM
CompareLearn more