Item: Splunk Enterprise Security (ES)
Rating: 9
Author: maggie hall

Use Cases and Deployment Scope

We use it to investigate, predict and defend against threats, therefore, ensuring modern infrastructure and flawless uptime. We have automated threat hunting every three months and we have been able to block more than ten thousand threats. Sometimes we offer discounts to our customers which lead to an increase in online traffic and this is bound to create threats to our data. Splunk Enterprise Security enables us to detect those threats and work on them.

Pros and Cons

Troubleshooting. It trouble shoots issues faster hence preventing future disasters.
Live dashboards.
Defense against threats.

Cost. It's expensive to buy and maintain and uses a lot of data.
Not user friendly as you have to learn syntax before you begin using it.
It needs to be complemented with cloud service to work effectively.

Return on Investment

Decrease incidents. It has been able to automate data analysis and manage incidents for proactive problem solving hence fewer management resources are needed.

Scalability

We are able to monitor security using multi-cloud security monitoring that enables us to monitor, investigate, analyze, and in turn detect threats across multi-cloud environments like Microsoft Azure. We ingest data from multi-cloud and on-premises sources hence we can be able to quickly detect any suspicious activities by viewing them on the dashboards. On the downside, it needs to be complemented with the cloud for it to work efficiently.

Key Insights

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

Other Software Used

Splunk Cloud, Splunk SOAR (Security Orchestration, Automation and Response) (formerly Phantom), IBM WebSphere Application Server on Cloud

Likelihood to Recommend

Our company had an insertion anomaly that led to inconsistencies due to the omission of some characters led to a slow down of workloads and Splunk Enterprise Security was able to detect and respond with automated workflows that saved us a lot of losses that were about to be incurred. On the downside, it slows down with large queries.

proactive problem solving 24/7

Overall Satisfaction with Splunk Enterprise Security (ES)