Splunk - Visibility into What's Really Going on in Your Network
Anonymous | TrustRadius Reviewer
April 17, 2017

Splunk - Visibility into What's Really Going on in Your Network

Score 10 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Splunk Enterprise

Splunk is being used to capture logs from all Windows, Linux, and firewall devices in our enterprise. Currently it is being used by the IT infrastructure department only, but our hope is to make it available to other departments to follow trends in our business. Splunk addresses the issue of visibility into the network. It actually gives IT professionals access to view what is taking place on the network, and it provides something to look at in order to address issues occurring behind the scenes.
  • It gathers logs very well from almost all machine types - most SIEM related products don't do this quite as well.
  • It provides visuals to the user, giving you the ability to transform logs into visual charts (e.g. pie charts, graphs, tables, etc.).
  • Splunk is very quick in reporting and alerting on anomalies. There is little delay.
  • Splunk can be very expensive, and it is best to size out your environment first before procuring. Planning is key, and make sure to buy a license that is at least 2-3 times what you think you need.
  • There is a learning curve to Splunk. It takes a bit to get up to speed with the application.
  • Support is very good, but they will almost never tell you to ways to not use up your license. I had to figure that out myself, and ended up cutting out some useless logs that used over 50 % of my license.
  • Overall very positive. It has provided visibility to what is going on within our network.
  • One drawback is the time it takes to get up to speed with the application, but this is up to the user, and Splunk education is excellent.
  • In my field, IT Security, there are few other friends to have in your back pocket better than Splunk. They are just that good.
  • Qradar
Splunk is proving to be a formidable replacement for Qradar, which we had as our previous SIEM. Qradar was powerful, but not easy to customize and quite limited. Splunk is not per se a "SIEM" but it can be in the way you used it. Also there is an Enterprise Security App that is available to buy and sit on top of Splunk, and that will take care of any concerns with needing a full-fledged SIEM. Splunk wins.
In a corporate environment, especially in a financial sector, I would actually go with a product like RSA Security Analytics. But that is not necessarily the rule of thumb and is not the case for all financial companies. In higher ed, for example, I recommend Splunk because of the ability to monitor trends of students that can help them to get better grades, help the university to grow, and streamline registration processes.

Splunk Enterprise Feature Ratings

Centralized event and log data collection
10
Correlation
8
Event and log normalization
10
Deployment flexibility
10
Integration with Identity and Access Management Tools
10
Custom dashboards and views
10
Host and network-based intrusion detection
10