Item: Splunk Enterprise Security (ES)
Rating: 9
Author: Verified User

Use Cases and Deployment Scope

To overcome common security challenges, threat detection. There are various use cases like Security monitoring, compliance, incident investigation, incident response, insider threat. There are around 600+ use cases available. There are different data sources like AWS, GCP, Azure, Audit trail, DNS, Email, Malware Analysis, etc. We are using this to monitor Splunk Logs. It is quite helpful.

Pros and Cons

Security Posture to get a count of Authenticated users.
Incident review to notify you of the kind of incident is there i.e. critical, moderate, etc. with a risk score, status.
User behavior analytics and ES integrate seamlessly to enhance insight, strengthen security and streamline investigations.

A bit complicated for new users
it is difficult to create dashboards for multiple projects
More detailed documentation is needed

Return on Investment

Regarding the rate of return on investment, not sure on that.
The use of artificial intelligence and behavioral analytics helps detect anomalies and threats and act before they happen thus saving lots for organizations.

Security Analytics

Yes through threat detection and prevention measures we are able to counter many security breaches and respond appropriately. In case incidents occur, it has aided in the investigation process by using stored logs and correlating actions. The fact that it can be deployed on-premises and on the cloud help protect both our physical and cloud resources.

Scalability

Enterprise security is not much scalable in terms of segregation. We have several departments with their own security team/experts who are looking for insights into what is happening in their environment, using enterprise security, the central security team is able to get that information but passing the same information to the department level, is difficult and needs improvement.

Alternatives Considered

Splunk Enterprise and AWS CloudTrail

Above mentioned tools are environment-specific and provide insights into what is happening in the environment. We were looking for a product that is environment agnostic & able to work with many environments. Hence Splunk Enterprise security stands out for us. Also, we were looking for something which can withstand the scale which we working on.

Key Insights

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

Other Software Used

Cherwell Service Management, Qlik Sense, Splunk Enterprise

Likelihood to Recommend

We are using Splunk Enterprise Security for identifying threats. There are various data sources we are using. Whether it is an AWS, GCP, or Azure to monitor their health and to get the list of authenticated users we are using that. Other than this, we are using enterprise security for security posture, incident review and to get user behavior analytics ( UBA ).

A perfect solution to detect threats

Overall Satisfaction with Splunk Enterprise Security (ES)