A perfect solution to detect threats
March 15, 2022

A perfect solution to detect threats

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

To overcome common security challenges, threat detection. There are various use cases like Security monitoring, compliance, incident investigation, incident response, insider threat. There are around 600+ use cases available. There are different data sources like AWS, GCP, Azure, Audit trail, DNS, Email, Malware Analysis, etc. We are using this to monitor Splunk Logs. It is quite helpful.

Pros

  • Security Posture to get a count of Authenticated users.
  • Incident review to notify you of the kind of incident is there i.e. critical, moderate, etc. with a risk score, status.
  • User behavior analytics and ES integrate seamlessly to enhance insight, strengthen security and streamline investigations.

Cons

  • A bit complicated for new users
  • it is difficult to create dashboards for multiple projects
  • More detailed documentation is needed
  • Regarding the rate of return on investment, not sure on that.
  • The use of artificial intelligence and behavioral analytics helps detect anomalies and threats and act before they happen thus saving lots for organizations.
Enterprise security is not much scalable in terms of segregation. We have several departments with their own security team/experts who are looking for insights into what is happening in their environment, using enterprise security, the central security team is able to get that information but passing the same information to the department level, is difficult and needs improvement.
Above mentioned tools are environment-specific and provide insights into what is happening in the environment. We were looking for a product that is environment agnostic & able to work with many environments. Hence Splunk Enterprise security stands out for us. Also, we were looking for something which can withstand the scale which we working on.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

We are using Splunk Enterprise Security for identifying threats. There are various data sources we are using. Whether it is an AWS, GCP, or Azure to monitor their health and to get the list of authenticated users we are using that. Other than this, we are using enterprise security for security posture, incident review and to get user behavior analytics ( UBA ).

Splunk Enterprise Security (ES) Feature Ratings

Security Information and Event Management (SIEM)
7.8
Centralized event and log data collection
8
Correlation
Not Rated
Event and log normalization/management
7
Deployment flexibility
9
Integration with Identity and Access Management Tools
7
Custom dashboards and workspaces
6
Host and network-based intrusion detection
9
Log retention
8
Data integration/API management
7
Behavioral analytics and baselining
8
Rules-based and algorithmic detection thresholds
9
Response orchestration and automation
7
Reporting and compliance management
7
Incident indexing/searching
9

Comments

More Reviews of Splunk Enterprise Security (ES)

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Security (ES) Reviews
  4. User Review of Splunk Enterprise Security (ES)