TrustRadius: an HG Insights company

Splunk Enterprise Security

Score8.3 out of 10

259 Reviews and Ratings

Learn More

What is Splunk Enterprise Security?

Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale.

Categories & Use Cases

Key Features

Learn about the best (and worst!) features Splunk Enterprise Security has to offer, as determined by TrustRadius' reviewers.
Based on 259 ratings of Splunk Enterprise Security's features
View all features

Top Performing Features

  • Correlation

    Correlation of logs and events to pinpoint significant threats

    Category average: 8.4

  • Event and log normalization/management

    Ability to normalize event syntax so that logs can be compared and are machine-understandable

    Category average: 8.6

  • Custom dashboards and workspaces

    dashboards that can be customized to meet the needs of specific groups

    Category average: 8.3

Areas for Improvement

  • Behavioral analytics and baselining

    How effectively activity and behavior baselines are established and maintained

    Category average: 7.6

  • Response orchestration and automation

    Quality of built-in response orchestration and automation in Next-Gen SIEM

    Category average: 7.6

  • Deployment flexibility

    Ability to tune system to maximize threat detection and minimize false positives

    Category average: 7.3

Reviews

What users are saying about Splunk Enterprise Security.
View all reviews

Splunk - The Enterprise Leader.

Incentivized
Saurabh GuptaView profile
Cyber Security Manager in Information Technology at Deloitte (10,001+ employees employees)

Use Cases and Deployment Scope

In our organization, Splunk Enterprise Security (ES) is the central Security Information and Event Management (SIEM) platform that consolidates telemetry across the enterprise, spanning network infrastructure, cloud services, endpoints, Kubernetes environments, identity systems, and critical applications. As part of the Cisco family, Splunk continues to evolve with deep integrations into Cisco threat intelligence (e.g., Talos) and network telemetry, enhancing both detection fidelity and operational efficiency.

Pros

  • Centralized Log & Event Aggregation.
  • Compliance & Reporting.
  • Threat Visibility Across the Enterprise.
  • Scalability for Global Growth.

Cons

  • Complexity and learning curve.
  • Deployment Overhead.

Return on Investment

  • Cost and licensing.

Usability

Alternatives Considered

Arcsight by OpenText

Other Software Used

Cisco Secure Network Analytics, Cisco Catalyst Center, SDWAN|Link

Splunk Enterprise Security

Incentivized
Rinor Bivolaku
Information Security Line Manager in Information Technology at BKT (201-500 employees employees)

Use Cases and Deployment Scope

We use Splunk for Security Logs. We basically monitor all Client logs whenever they use their cards.

Pros

  • Log collection
  • Visualization of the logs
  • Great filtering options of the logs.

Cons

  • Be more comprehensible
  • Provide more monitoring. Maybe an integration with Zabbix.

Return on Investment

  • It is hard to estimate considering it's not been a year that I've been working in the company, but it has for sure definitely helped to keep us reliable, trustworthy and secure in an indirect way. All of these help the bank I work for financially as well.

Usability

Other Software Used

Cisco Duo, Cisco Secure Access, Tenable Cloud Security

My Splunk review.

Incentivized
Verified User
Engineer in Engineering (1001-5000 employees employees)

Use Cases and Deployment Scope

We deployed Cisco Splunk as a central SIEM to consolidate all of our logs from different vendors (Palo Alto, Fortinet, Aruba, Red Hat, Check Point...). Before Splunk, our analysts were juggling multiple disconnected tools across many dashboards and logs. Splunk fits our needs perfectly with real-time logging and alerting to prioritize incidents.

Pros

  • Risk alerting.
  • SOAR integration.
  • Threat management.
  • Ecosystem

Cons

  • Costs and license.
  • Onprem integration.
  • Out of the box detection.

Return on Investment

  • Tools consolidated.
  • False positive rate.
  • MTTD reduction.

Usability

Alternatives Considered

Kibana

Other Software Used

CheckPoint, Juniper 7000, Fortinet FortiGate

The main SOC application

Incentivized
Verified User
Team Lead in Information Technology (10,001+ employees employees)

Use Cases and Deployment Scope

Splunk Enterprise Security is used as the primary SIEM solution in my company, used by tens of SOC users for the detection and investigation of suspicious activities

Pros

  • Detection of abnormal events at scale
  • Support of the SOC activity
  • Can be customized in depth

Cons

  • the mapping of the data with the Common Information Model is difficult to maintain over time
  • Data format changes are not detected automatically

Return on Investment

  • Splunk Enterprise Security support tens of SOC operators to track and investigate hundreds of security events every day.
  • The SOC is a critical activity. Splunk Enterprise Security is one of if not the best solutions that makes it possible, and at scale

Usability

Alternatives Considered

Elastic Security and RSA Access Manager (Discontinued)

Other Software Used

Splunk Enterprise

Different stack but Threats Rhyme

Incentivized
Verified User
Engineer in Information Technology (51-200 employees employees)

Use Cases and Deployment Scope

We utilize Splunk Enterprise Security more as an operational layer that ties together everything we promise our clients from a security standpoint. What that looks like in practice revolves around compiling activity logs, endpoint detections or evn custom app logs into one place where we can make sense of it- 100% of the time, it's on Splunk Enterprise Security

Pros

  • correlation searches scale across clients really well once you abstract detection logic properly
  • It has a really superior ability to ingest and normalize very different log types

Cons

  • licensing is always a constant balancing war
  • maintaining CIM consistency across different tech stacks is super resource intensive.

Return on Investment

  • reuse of correlation searches across different domains
  • Great increases in client confidence through deeper and with more context type of reporting

Usability

Alternatives Considered

Microsoft Sentinel

Other Software Used

IBM AIOps Insights, TeamViewer

Related Products

Products similar to Splunk Enterprise Security that may also meet your needs.
All comparisons
IBM Security QRadar SIEM
CompareLearn more
LogRhythm NextGen SIEM Platform
CompareLearn more
Securonix Next-Generation SIEM
CompareLearn more