Item: Splunk Enterprise Security
Rating: 9
Author: Phótis Deligiánnis

Overall Satisfaction with Splunk Enterprise Security (ES)

Use Cases and Deployment Scope

I use it mainly for configurations, onboardings, and maintenance. Moreover, users ask for dashboards/alerts/reports creation and troubleshooting.

Pros and Cons

Pros

Monitoring
Security
Troubleshooting
Graphs/Dashboards

Cons

Automation in configuration

Return on Investment

Faster mean time to detect
Faster mean time to respond
Increased cost

Security Analytics

Definitely, it is part of our monitoring tools and we have great plans and projects to still achieve in the future.

Scalability

That is my personal opinion. Things are going well, but there is always room for improvement.

Alternatives Considered

Elasticsearch, IBM Security QRadar and Tanium

Difficult to choose, each one has pros and cons. Splunk has the best interface, QRadar has strong capabilities but ES is free.

Key Insights

Do you think Splunk Enterprise Security delivers good value for the price?

Not sure

Are you happy with Splunk Enterprise Security's feature set?

Yes

Did Splunk Enterprise Security live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Splunk Enterprise Security go as expected?

Yes

Would you buy Splunk Enterprise Security again?

Yes

Other Software Used

IBM Security QRadar, Elastic Security (Elastic SIEM + Elastic Agent, formerly endgame), Tanium

I really believe Splunk Enterprise Security (ES) is a great tool for security monitoring. There are nice features like SOAR Phantom which give you amazing capabilities. Moreover, I believe it provides amazing opportunities for troubleshooting within an organization that keeps logs and monitors everything that is happening.

Splunk Enterprise Security Feature Ratings

Comments

Please log in to join the conversation

Great Tool, I Really Like Working With