Fantastic opportunity to correlate datasets from datasets regardless of their vendor or location, bringing the capability to correlate and detect attacks covering wide areas of an organisation
February 10, 2022
Fantastic opportunity to correlate datasets from datasets regardless of their vendor or location, bringing the capability to correlate and detect attacks covering wide areas of an organisation
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk Enterprise Security (ES)
We use Splunk Enterprise Security to collate security data sources from a wide range of on-premise and various cloud platforms, making use of the Splunk Common Information Model (CIM) to ensure that analysts can use predictable and familiar field names when reviewing data feeds and allowing us to easily turn on additional use-cases when new features/searches become available through software updates in Splunk Enterprise Security.
Pros
- Visualise current threats
- Aggregate data sources
- Integration to other systems with event actions
Cons
- Business Unit segregation
- MTTR are noticeable quicker
- Incidents are raised with relevant parties far sooner, ultimately driving faster resolutions.
- Analysts are able to spend more time on the things that matter.
- Amazon GuardDuty, Microsoft Sentinel (formerly Azure Sentinel) and McAfee Advanced Threat Defense
Using Splunk Enterprise Security allows the combination of security data sources from any number of services or products, giving analysts a single view of the entire security footprint throughout the organization and correlating events across services that may otherwise be undetected with standalone or independent security monitoring services.
Do you think Splunk Enterprise Security (ES) delivers good value for the price?
Yes
Are you happy with Splunk Enterprise Security (ES)'s feature set?
Yes
Did Splunk Enterprise Security (ES) live up to sales and marketing promises?
Yes
Did implementation of Splunk Enterprise Security (ES) go as expected?
Yes
Would you buy Splunk Enterprise Security (ES) again?
Yes
Comments
Please log in to join the conversation