Splunk Enterprise Security
March 11, 2022

Splunk Enterprise Security

Cyril Viéville | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

The scope of the product is to provide a good SIEM product with detection rules to monitor our network and servers transactions. The scope is defined by our security team in accordance with the SOC team. Among uses cases, we do for example analyze data from our load balancers and firewalls (F5 and Check Point).

Pros

  • Detection Rules
  • Security ticketing
  • Followup of incidents

Cons

  • Threat DB updates
  • Provide more detection rules
  • Better interaction with some Splunk apps
  • Licensing model is not really good
  • Faster MTTD
  • Good security incidents followup
  • faster MTTR
  • Security watching
Splunk ES has helped us a lot to achieve better security monitoring via their SIEM product. Many features have been helpful so far. However, due to a licensing model which does not really help analyze a big amount of data, tricks have to be used to dedicate small indexes to the product by transforming data and writing in dedicated indexes only the necessary data for analysis.
It´s a good product but today we do only use a single Search Head dedicated to Enterprise Security. We had issues scaling down the product on multiple ones. We decided instead to scale up the dedicated Search Head and avoid weird issues that we faced in a former version of the product.

Do you think Splunk Enterprise Security delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security's feature set?

Yes

Did Splunk Enterprise Security live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security go as expected?

Yes

Would you buy Splunk Enterprise Security again?

Yes

Splunk Enterprise, Splunk IT Service Intelligence (ITSI)
I would say that the cost of the product prevents any team from reading data in big indexes (NetFlow data for example). The structure of the indexes should take this problem into account by dedicating data for Enterprise Security in dedicated indexes. Because of this license model, the product fits small volumes of data (small indexes) where the data is already filtered with only the necessary fields and content.

Splunk Enterprise Security Feature Ratings

Security Information and Event Management (SIEM)
7.4
Centralized event and log data collection
8
Correlation
8
Event and log normalization/management
8
Deployment flexibility
7
Integration with Identity and Access Management Tools
8
Custom dashboards and workspaces
8
Host and network-based intrusion detection
7
Log retention
7
Data integration/API management
7
Behavioral analytics and baselining
6
Rules-based and algorithmic detection thresholds
6
Response orchestration and automation
7
Reporting and compliance management
7
Incident indexing/searching
9

Comments

More Reviews of Splunk Enterprise Security

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Security Reviews
  4. User Review of Splunk Enterprise Security