Splunk Enterprise for hybrid environment monitoring
March 04, 2022

Splunk Enterprise for hybrid environment monitoring

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

We have been using Splunk Enterprise Security for identifying threats in AWS infrastructure, misconfiguration, and creating a single pane of glass for a complete picture of our infrastructure. Other than this, we are using enterprise security for auditing system logins, changes done in certain environments, monitoring communications, firewall rules changes, traffic monitoring, phishing attacking monitoring.
  • Monitoring of Firewall traffic
  • Monitoring for mail systems, logs
  • Monitoring of AWS infrastructure
  • Phishing attacks monitoring
  • firewall rule changes monitoring
  • monitoring of user activities
  • Dashboarding for non-ES users
  • Alerting realtime without performance impact
  • We are able to provide reliable, secure environment for our customers
  • Cost is high if we compare with other products available in the market, but ROI is explainable.
  • The machine learning capabilities give it a cutting edge which most of the customers are looking for.
Enterprise security is not much scalable in terms of segregation. We have several departments with their own security team/experts who are looking for insights into what is happening in their environment, using enterprise security, the central security team is able to get that information but passing the same information to the department level, is difficult and needs improvement.
Above mentioned tools are environment-specific and provide insights into what is happening in the environment. We were looking for a product that is environment agnostic & able to work with many environments. Hence Splunk Enterprise security stands out for us. Also, we were looking for something which can withstand the scale which we working on.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

Proofpoint Insider Threat Management (ObserveIT), ThreatConnect Threat Intelligence Platform (TIP), Symantec Advanced Threat Protection
We are using Splunk Enterprise together with Splunk Cloud and based on our experience, we are completely dependent on Splunk Enterprise to ensure that the infrastructure that we have (on-prem & cloud-based) both are secure. We are using other tools as well but Splunk is kind of an aggregator for all tool's results and analysis. Hence Splunk Enterprise is a kind of foundation for security for us.

Splunk Enterprise Security (ES) Feature Ratings

Centralized event and log data collection
9
Correlation
7
Event and log normalization/management
8
Deployment flexibility
4
Integration with Identity and Access Management Tools
8
Custom dashboards and workspaces
6
Host and network-based intrusion detection
7
Log retention
8
Data integration/API management
7
Behavioral analytics and baselining
6
Rules-based and algorithmic detection thresholds
8
Response orchestration and automation
6
Reporting and compliance management
8
Incident indexing/searching
7