Item: Splunk Enterprise Security (ES)
Rating: 10
Author: Verified User

Use Cases and Deployment Scope

I use Splunk Enterprise Security to provide Managed Security Services to our esteemed customers in Saudi Arabia. We are one of the largest and most reputed MSSPs in the region and Splunk Enterprise Security is our choice of SIEM solutions for multiple reasons. Splunk Enterprise Security is a next-gen SIEM tool with log management and correlation capabilities and it provides optimal and efficient results and aids in delivering world-class services. We mainly use it to store customer logs, do correlation on incoming logs and perform threat hunting. Splunk Enterprise Security has native features that enhance overall security monitoring and is a must for all MSSPs.

Pros and Cons

Searching for specific events from a large data pool
Needle in the haystack capabilities in finding a specific keyword out of the large volume of data
Turning data into meaningful insights that assist in finding the right thing from a big chink of data

Scalability is one area that Splunk Enterprise Security can improve upon.
Splunk Enterprise Security required huge compute and storage resources, perhaps these can be minimized.
Splunk support has lot of room for improvement.

Return on Investment

Faster MTTD for sure as Splunk Enterprise Security has good correlation
Faster MTTR as well because it supports operations well
Overall good ROI for an MSSP

Scalability

Honestly, we have not tested the hybrid or cloud models as we have an on-prem solution and from a scalability perspective, it is slightly difficult, especially in our setup where we are trying to provide these services to multiple customers. Splunk lags native multi-tenant architecture and this is impactful.

Alternatives Considered

ArcSight Logger (formerly HPE ArcSight Logger)

Splunk Enterprise Security is way ahead of ArcSight on multiple fronts, especially indexing and data visualizations.

Key Insights

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

Other Software Used

Anomali ThreatStream, Arcsight Enterprise Security Manager (formerly HP Arcsight), ArcSight Logger (formerly HPE ArcSight Logger)

Likelihood to Recommend

Splunk Enterprise Security is excellent for Security Monitoring as it has excellent featured and capabilities to support large-scale operations. All kinds of data are well parsed and search results are very fast, all of this is very vital for security monitoring. Perhaps some of the limitations would be in how Splunk Enterprise Security can support multi-tenant environments, which is a challenge.

Splunk Enterprise Security - The Speed Gun !!!

Overall Satisfaction with Splunk Enterprise Security (ES)