Splunk Enterprise Security: Configured to your organization
Updated July 13, 2022

Splunk Enterprise Security: Configured to your organization

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

We utilize Splunk Enterprise Security for log analysis, correlation, and alerting. Security alerting and monitoring is the primary focus of our Splunk deployment and all logs are evaluated based on analytic value to security directives prior to being ingested. Splunk allows us to aggregate disparate logs and solution data and correlates events to generate security alerts.

Pros

  • Log ingestion and indexing
  • Event correlation
  • Event timeline
  • Data representation and presentation

Cons

  • Cloud log ingestion on-prem vs Splunk Cloud
  • Improvements to approachability of SPL
  • Built in dashboarding and common use
  • Formal adoption of SIGMA SIEM rule repositories
  • Increased visibility across multiple log sources
  • Reduction in MTTR beyond initial compromise to additional targets or resources
  • Customization of alerting and monitoring to reflect our business' priorities and practices
Splunk Enterprise Security has given us the tools to craft an immense repository of rules and detections. These rules and detections were tuned over countless hours and improved by our analysts and admins to reflect our company's environment. Once in place, we were able to minimize noise by tackling lapses in baseline configurations, and misconfigurations, and tuning normal admin activity for our environment. Starting out the alerts were of lower confidence and prone to false positives. Without the granular control afforded to us by Splunk Enterprise Security, we might have been searching for a new SIEM. However, proper tuning practices and environmental hygiene were illuminated by the platform.
The scalability of Splunk Enterprise Security is only limited by an organization's monetary flow. SIEM is always an expensive endeavor and Splunk Enterprise Security runs into the fund wall but technological scalability is fairly straightforward and simple. One note, those who require an on-prem solution are often locked out of more advanced features as the company pushes its cloud-first initiative. This is acceptable as long as you know in advance you will either have to sacrifice features, build them yourself, or move to the cloud.
Splunk does not hide its correlation and analytics logic from users as much as other solutions in the same space. While some features are harder to access the underlying information is all accessible and tunable. This gives Splunk an edge over other solutions that lock the user into a predefined box. However, many other solutions in the space have more advanced out-of-the-box functionality when turned on. The advantage lies with Splunk's granular control over logs and events to generate high-fidelity notables and alerts.

Do you think Splunk Enterprise Security delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security's feature set?

Yes

Did Splunk Enterprise Security live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security go as expected?

No

Would you buy Splunk Enterprise Security again?

Yes

Recorded Future, Proofpoint Targeted Attack Protection (TAP), Digital Shadows
Splunk Enterprise Security is well suited to bulk data ingestion and can be manipulated to intake any data sets. This allows the admins and users to collaborate and design notables and alerts based on their individual use cases without a best-fit approach. While this is extremely liberating and allows for remarkable customization it also makes for a steep learning curve that must be tackled before new implementations can be of value. This often leaves organizations in the hands of a channel partner or with an unhealthy deployment.

Splunk Enterprise Security Feature Ratings

Security Information and Event Management (SIEM)
8.3
Centralized event and log data collection
9
Correlation
9
Event and log normalization/management
9
Deployment flexibility
8
Integration with Identity and Access Management Tools
Not Rated
Custom dashboards and workspaces
9
Host and network-based intrusion detection
7
Log retention
9
Data integration/API management
7
Behavioral analytics and baselining
7
Rules-based and algorithmic detection thresholds
8
Response orchestration and automation
Not Rated
Reporting and compliance management
8
Incident indexing/searching
9

Comments

  • Mike Maloney | TrustRadius Reviewer
    Mike Maloney
    (Vendor Representative) commented 3 years ago

More Reviews of Splunk Enterprise Security

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Security Reviews
  4. User Review of Splunk Enterprise Security