Just Right
June 17, 2022

Just Right

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

We recently deployed Splunk Enterprise Security in testing mode and are evaluating it to replace Arcsight as the main SIEM. We are currently scoping the use cases and the painpoint is to replace the slow Arcsight. Since we use Splunk Enterprise Security for logging all our logs, it’s just natural that we will need a SIEM that lives on top of the data.
  • Viewing all in one page
  • Drill downs
  • Correlation
  • As much as you do well with correlation, I still feel there is room for improvement
  • This is not a Splunk Enterprise Security-specific issue but generally Splunk, the Stability has been spotty lately. We can use some improvement on this.
  • It’s still in testing can’t comment on this yet
We have really scaled Splunk Enterprise Security as a whole in our organization to some humongous datasets. Most departments now use Splunk Enterprise Security and for the most part, it has keen stability, and nice. However, as time has progressed, it has become a little unstable and not as fast as it used to be. It’s just natural for this to happen to bear in mind the large datasets we have but we can use improvements on this section.
Splunk Enterprise Security is superior in the logging aspect and searching. That’s why it was easier to pick switch to Splunk Enterprise Security. Arcsight is however superior in the correlation and stability aspect. It’s very reliable and stable that we sometimes forget that it exists Splunk's Enterprise Security benefits are however big enough to ignore the downside

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

I wasn't involved with the implementation phase

Would you buy Splunk Enterprise Security (ES) again?

Yes

We have not fully deployed the Splunk Enterprise Security yet but I know it will be the best when it comes to Fraud detection use cases where we need to have use cases that feed off of each other. Also, the use cases that need calculated fields like calculating the percentage denied rates of user login as opposed to looking at specific login failure counts as Arcsight does

Splunk Enterprise Security (ES) Feature Ratings

Centralized event and log data collection
10
Correlation
7
Event and log normalization/management
9
Deployment flexibility
6
Integration with Identity and Access Management Tools
7
Custom dashboards and workspaces
10
Host and network-based intrusion detection
9
Log retention
7
Data integration/API management
8
Behavioral analytics and baselining
10
Rules-based and algorithmic detection thresholds
10
Response orchestration and automation
10
Reporting and compliance management
9
Incident indexing/searching
10