Our Preferred Enterprise Security
August 28, 2020

Our Preferred Enterprise Security

Allan Crittenden Edwards | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security

Splunk is the official SIEM for our organization at EMU. It sits on top of the Splunk log aggregation platform to provide a unified information model and security analysis of the logs ingested by Splunk. It makes it feasible to ask the same security questions of widely disparate data sources without having to do a lot of work for each source oneself. It provides incident tracking, response, and threat analytics.

Pros

  • Threat Intelligence
  • Security Alerting
  • Adaptive Risk Tracking for Users and Systems

Cons

  • The application seems inefficient/resource intensive
  • The default searches and alerts are unlikely to provide much value
  • Splunk's threat intelligence is helping keep us free from APTs.
  • Splunk's alerting platform helps us to monitor and stay on top of potential issues.
  • Splunk helps us meet compliance objectives (having a SIEM).
We used QRadar a while ago. Perhaps it was just poorly configured but it provided almost no value. It seemed harder to tune for our environment if it was even possible. Also, they didn't value us as a customer. They tried to make us re-purchase the product when they acquired it, even though we already had it in place.
It's good when it's responsive, but I've had times where I had to wait quite a while for a response. But these are typically the exceptions rather than the rule. When you do get a response it is always well-informed and appropriate. I would say they've been trending better over time with this.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

If you have Splunk already, definitely consider ES. The ability to do security alerting around the common information model is very useful. In particular, pulling in threat lists automatically and checking for those indicators across all your data sources is awesome. The ability to have alerts that don't display to the analyst but just update the risk on a user or system is great too. It does provide a view of potential incidents and a platform for investigations but I don't feel like these functions are smooth enough to provide much value.

Splunk Enterprise Security (ES) Feature Ratings

Security Information and Event Management (SIEM)
9.4
Centralized event and log data collection
10
Correlation
10
Event and log normalization/management
10
Deployment flexibility
10
Integration with Identity and Access Management Tools
8
Custom dashboards and workspaces
8
Host and network-based intrusion detection
10

Comments

More Reviews of Splunk Enterprise Security (ES)

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Security (ES) Reviews
  4. User Review of Splunk Enterprise Security (ES)