1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Security (ES) Reviews
  4. User Review of Splunk Enterprise Security (ES)
SIEM tool that Fortifies your Organization
February 22, 2022

SIEM tool that Fortifies your Organization

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

Splunk is the Core Security Incident Tool used for Core operations by the Blue Team at our organization. Within a short span of time after we integrated Splunk into our Security Operation Center, we were able to increase the Security Posture of our organization by 40% reducing the time required to mitigate attacks including Web, Mail, and Application Server endpoints.
  • Centralized Log Monitoring Systems
  • Event and Log Correlation
  • Custom Alarms
  • Custom Dashboards
  • Performance Improvement
  • License Dependency on Amount of Data infused
  • Automation capabilities
  • Requirement of Certification and complexity in Learning of Tool
  • Scalability
  • Able to detect and Mitigate Attacks
  • Log4j attacks were remediated
  • Huge improvement against Ransomware and Phishing Campaigns
We are migrating to cloud-only infrastructure and we are completely flexible to the part of Hosting the SIEM tools in the cloud. We were able to increase the performance of the cloud, work on legal and compliance policies for data retention across regions and we find it helpful in hosting security monitoring tools on cloud

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

The edge feature of Splunk ES helps us to integrate Cloud Platforms like AWS, GCP, etc, internal in house developed tools in a very modest and simplified way, However it was noted that in house developed tools generated a huge amount of data increases the cost of licensing to our organization and had to remove from Splunk as part of the cost-cutting strategy for our team. As I work in a security-first organization it was noted that it uses a lot of industry-standard benchmarks like CIS, NIST to indicate risks as well.

Splunk Enterprise Security (ES) Feature Ratings

Security Information and Event Management (SIEM)
8.2
Centralized event and log data collection
9
Correlation
9
Event and log normalization/management
8
Deployment flexibility
9
Integration with Identity and Access Management Tools
9
Custom dashboards and workspaces
7
Host and network-based intrusion detection
8
Log retention
4
Data integration/API management
9
Behavioral analytics and baselining
9
Rules-based and algorithmic detection thresholds
8
Response orchestration and automation
9
Reporting and compliance management
8
Incident indexing/searching
9