Splunk Enterprise Security is especially compelling for large scale organizations and/or those already using the Splunk platform
June 20, 2022
Splunk Enterprise Security is especially compelling for large scale organizations and/or those already using the Splunk platform
Score 7 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk Enterprise Security (ES)
Splunk Enterprise Security is our one-stop-shop for gaining visibility and insight into most of our secops tooling. We currently use it as our primary alerting platform (via Splunk On-Call) and share access/administration with a third-party hybrid SOC. Assets are our biggest pain point, with our current methodology relying on reading a CSV each day, performing data cleaning/sanitization, and using macros to define key fields like category and risk. This is really only feasible for our critical assets, so the remaining hosts are very inconsistent and unreliable at times, especially for our cloud assets.
- Powerful searching
- Handles large sets of logs
- Integrates with our sec-ops tooling
- Out of the box correlation searches
- Out of the box RBA
- Out of the box data normalisation
- Allowing fine control of user access
- Reduced operating costs
- Faster MTTD
- Faster MTTR
LogRhythm is a superior SIEM from a purely security/SOC perspective in my opinion. However, Splunk shines if you have an expert behind the wheel or if the organization is quite large - as my experience with LogRhythm indicated it couldn't handle large-size organizations.
Do you think Splunk Enterprise Security (ES) delivers good value for the price?
Not sure
Are you happy with Splunk Enterprise Security (ES)'s feature set?
Yes
Did Splunk Enterprise Security (ES) live up to sales and marketing promises?
No
Did implementation of Splunk Enterprise Security (ES) go as expected?
No
Would you buy Splunk Enterprise Security (ES) again?
Yes