Fantastic opportunity to correlate datasets from datasets regardless of their vendor or location, bringing the capability to correlate and detect attacks covering wide areas of an organisation
February 10, 2022

Fantastic opportunity to correlate datasets from datasets regardless of their vendor or location, bringing the capability to correlate and detect attacks covering wide areas of an organisation

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

We use Splunk Enterprise Security to collate security data sources from a wide range of on-premise and various cloud platforms, making use of the Splunk Common Information Model (CIM) to ensure that analysts can use predictable and familiar field names when reviewing data feeds and allowing us to easily turn on additional use-cases when new features/searches become available through software updates in Splunk Enterprise Security.

Pros

  • Visualise current threats
  • Aggregate data sources
  • Integration to other systems with event actions

Cons

  • Business Unit segregation
  • MTTR are noticeable quicker
  • Incidents are raised with relevant parties far sooner, ultimately driving faster resolutions.
  • Analysts are able to spend more time on the things that matter.
Using Splunk Cloud we have been able to increase the scaling as and when required, with no downtime and very little delay.
Using Splunk Enterprise Security allows the combination of security data sources from any number of services or products, giving analysts a single view of the entire security footprint throughout the organization and correlating events across services that may otherwise be undetected with standalone or independent security monitoring services.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

Splunk Enterprise, Splunk Cloud, Splunk IT Service Intelligence (ITSI)
Splunk Enterprise Security is well suited for monitoring multiple data sources which may otherwise require multiple individual tools (e.g. Cloud vendor-specific tooling). I have not seen Business Unit segregation capabilities within ES that would allow individual business units to assist security teams with monitoring their areas without allowing the users to see all the ES data.

Splunk Enterprise Security (ES) Feature Ratings

Centralized event and log data collection
9
Correlation
8
Event and log normalization/management
9
Deployment flexibility
7
Integration with Identity and Access Management Tools
9
Custom dashboards and workspaces
10
Host and network-based intrusion detection
9
Log retention
9
Data integration/API management
10
Behavioral analytics and baselining
8
Rules-based and algorithmic detection thresholds
Not Rated
Response orchestration and automation
9
Reporting and compliance management
10
Incident indexing/searching
10

Comments

More Reviews of Splunk Enterprise Security (ES)