Enterprise Security Capabilities That Every Security Team Should Have
March 11, 2022

Enterprise Security Capabilities That Every Security Team Should Have

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

Splunk Enterprise Security and IT support were added as part of my Marketing responsibilities. A distributed configuration is used in one environment, while a single instance is used in the other. When it comes to risk assessment and threat detection, Splunk Enterprise Security is a powerful tool that has been integrated with firewalls, anti-virus software, and other critical infrastructure components. We've been using this platform for a while now, and it's worked out perfectly for us. Analysis of the highest caliber combined with timely and accurate threat intelligence. It has given us the ability to monitor all of our network activities, as well as identify communications and assets that may be at risk. A wide number of third-party technologies can also be integrated into Enterprise Security, enhancing its already impressive capabilities. Analytics and intelligence are at the heart of Splunk Enterprise Security, a world-class SIEM (best-in-class)."
  • Using all of the logs from each system, piece together the actual trail of an incident event.
  • Security's return on investment for the company
  • ES allows you to execute data searches outside of the pre-canned items. So after you've identified something, you'll be able to follow up on all of your hunches.
  • Boxed machine learning algorithms Grouping using ML algorithms is common. I'm expecting greater ML integration with stronger algorithms without requiring people to be ML experts.
  • It would be fantastic if AI, or AIOPS if you prefer, could assist in the first triage process. Why do we constantly bring up the same issues that we've already resolved?
  • If you're attempting to get the most out of Splunk, it's a daunting task.
  • Due to the strength of SPLs, it is possible to locate resolution more quickly than with other SIEMs.
  • Functionality and performance of the product
  • Completeness. Having all of the data reduces the likelihood of having gaps. Collecting only a subset of data would result in visibility gaps.
  • It allows us the last month to save money on data losses of 8%
Using Splunk, you can search through massive amounts of data. There are some situations that have been set up appropriately, but the data collection was incomplete. If we had more trained source types, I'd give it a perfect 10, but for now, I'll give it an 8. Obviously, this isn't the fault of Splunk, but perhaps there might be more ways to assist the customer so they aren't as proficient with Splunk.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

ES is an excellent fit for the SOC if you have any Splunk knowledge. Customizability in ES has just gotten a whole lot better. While ES is adaptable to new threats, it will require considerable care and upkeep. ES is not a good fit for a SOC that cannot be tweaked or extended. In some instances, a security-managed service provider (MSP) may be able to assist.

Splunk Enterprise Security (ES) Feature Ratings

Centralized event and log data collection
7
Correlation
5
Event and log normalization/management
9
Deployment flexibility
7
Integration with Identity and Access Management Tools
9
Custom dashboards and workspaces
8
Host and network-based intrusion detection
8
Log retention
9
Data integration/API management
6
Behavioral analytics and baselining
8
Rules-based and algorithmic detection thresholds
9
Response orchestration and automation
7
Reporting and compliance management
9
Incident indexing/searching
8