Item: Splunk Enterprise Security (ES)
Rating: 10
Author: Verified User

Use Cases and Deployment Scope

Splunk is mainly used for a single point of correlated data from our security devices, load balancers, networking devices, emails, and proxies. With this, we are able to create dashboards and automation of our XDR technology.

Pros and Cons

Log correlation
Automation in XDR
Dashboards with recommendations

Just a thing that I would like to see differently is for it to provide daily reports of daily unusual behaviors

Return on Investment

Although costly, Splunk is the best technology and support that is available in the market. The best thing to save up some budget is to avail of cloud-based deployment.

Security Analytics

Splunk definitely helped us attain the security goals that we would like to achieve. Everything that is needed in terms of SIEM has been greatly delivered by Splunk.

Scalability

Overall, Splunk has huge log retention (even though it depends on the organization) what I meant here is the data correlated can be retained. Making it available in the cloud and saving it via S3 storage makes it very reliable as well.

Key Insights

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

Other Software Used

McAfee Advanced Threat Defense, Sophos Email, Sophos Phish Threat

Likelihood to Recommend

Splunk based on its current established name in SIEM definitely meets the expectation in log management and EDR solutions. Enterprises will be able to provide adequate information to their executives because of how informative the data correlates.

Splunk SIEM Review

Overall Satisfaction with Splunk Enterprise Security (ES)