Item: Splunk Enterprise Security (ES)
Rating: 9
Author: Verified User

Use Cases and Deployment Scope

The module performs data analysis within our Data Indexers. Everything related to the administration of the elements of operation, including alarms, the administration of our cases, the workflow, the automated responses, and the administration of the platform is carried out by the administrators of this platform. There is a module for interaction with the platform that we have installed in stand-alone mode and in multiple instances. We can also find the Cloud which is a complementary solution provided through a cloud service that provides UEBA capabilities.

Pros and Cons

It supports a flexible architecture and great ease of scaling.
It provides us with a wide variety of complementary applications related to use cases such as Security Essentials and Stream.
The entire architecture can be implemented on physical or virtual machines, as well as in the cloud.
It also provides us with SaaS solutions or by the client.
It natively allows us solutions of type MSPs and MSSP.
Wide range of native analysis that is used to generate a very robust SIEM solution.
It has several modules such as Splunk ES, Splunk UBA, and Splunk Phantom which work perfectly.

One disadvantage of Splunk is that it is intended to be deployed in large organizations, offering a robust platform for detecting and responding to existing threats. Although it is preferably prepared to provide solutions to large companies, it can also be implemented within smaller organizations, adapting its content to the environment where it is implemented.

Return on Investment

I don't know in economic terms what is the impact on the ROI of this software. Reduces and improves the security of our data.

Scalability

Splunk is aimed at companies that want to have a complete platform that provides advanced and real-time analysis for the detection of different security threats. This is complemented by network and endpoint forensics as well as incident management and response.

Key Insights

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

Other Software Used

IBM Cloud Activity Tracker

Likelihood to Recommend

It is centrally integrated to manage and improve the detection of our security threats, instead of using other types of native and complementary tools. Integrations with these appliances are done through our applications and plugins that we can find within Splunkbase. All this using the APIs.Splunk Stream uses the collection of our network traffic to determine the application, the protocol, even if it is encrypted. All this is sent for later analysis.

Best siem on the market

Overall Satisfaction with Splunk Enterprise Security (ES)