Splunk Enterprise Security Review
March 30, 2022

Splunk Enterprise Security Review

Kelvin Goh | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

Splunk Enterprise Security has been very demanding in the market due to its flexibility. It can be integrated with many other third-party products to provide an very comprehensive architecture in order to have full visibility for an organization. It is capable to provide real-time monitoring and event correlations for overall network devices and systems.

Pros

  • Real-time monitoring
  • Data and information gathering
  • Automation

Cons

  • Troubleshooting is difficult
  • Integration with other products are complex
  • Dashboard is not user-friendly
  • Operational cost is high
  • Required expertise
  • Troubleshooting is difficult
Splunk Enterprise security has been providing many advanced features which including automation, machine learning, user behavioral analytics and others. All these are actually helping the administrators to improve their productivity by saving a lot of time. The information and details gathered are very effective for performing threat hunting and root cause analysis.
Splunk Enterprise Security deployment is quite flexible which many deployment modes are available. Configuration and management can be centralized at the cloud console which is very convenient for administrators. With the cloud deployment, it can reduce the possibility of hardware failure which can have better uptime. Most of the configurations can be deployed easily from the management console.
Splunk Enterprise Security is well designed and provide many comprehensive features which able to protect and monitor the organization. The features are well being used and does not cause any performance issue. Overall the solution is quite stable. Technical support from Splunk is quite reliable and able to resolve any reported issue in timely manner.

Do you think Splunk Enterprise Security delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security's feature set?

Yes

Did Splunk Enterprise Security live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security go as expected?

Yes

Would you buy Splunk Enterprise Security again?

Yes

Splunk Application Performance Monitoring (APM), Splunk Cloud, Splunk User Behavior Analytics (UBA)
Splunk Enterprise Security has provided data visualization and analytics handling which helps to simplify the daily operation tasks. The overall deployment is not very straight forward and consume a lot of time. User interface is a bit confusing and not easy for administrators to adapt. Real-time monitoring and event correlations helps to identify any suspicious activity effectively and start the investigation instantly.

Splunk Enterprise Security Feature Ratings

Security Information and Event Management (SIEM)
9.3
Centralized event and log data collection
8
Correlation
9
Event and log normalization/management
10
Deployment flexibility
9
Integration with Identity and Access Management Tools
10
Custom dashboards and workspaces
9
Host and network-based intrusion detection
10
Log retention
9
Data integration/API management
9
Behavioral analytics and baselining
10
Rules-based and algorithmic detection thresholds
9
Response orchestration and automation
9
Reporting and compliance management
10
Incident indexing/searching
9

Comments

More Reviews of Splunk Enterprise Security

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Security Reviews
  4. User Review of Splunk Enterprise Security