Splunk FTW... when it's the right fit
Overall Satisfaction with Splunk Enterprise Security (ES)
We implement ES for banks, government orgs, and enterprises globally. We have specialised in the banking domains and have customised many use cases for banking specific use cases in our projects.
- Extending capabilities to 3rd-party integrations.
- Customisation of use cases.
- Bringing in custom log sources and integrating these into security use cases.
- High performance, enterprise-grade, security analytics at high volumes.
- ES on the cloud (SaaS) has too many limitations with platform administration.
- Supported integrations are not always on par with enterprise support especially when dependent on 3rd-party proprietary APIs.
- In later versions, unforeseen glitches seem to show up that have no resolution except version upgrade. This used to not be the case in prior versions which were very stable.
- We have a 100% success rate on all our ES implementations due to the amazing documentation and Splunk enablement on the subject.
- Our Splunk ES business has grown 100% YoY for the last 3 years.
- In terms of long term management and maintenance, ES has been highly stable and predictable, reducing our overhead on costly services team for ad hoc maintenance work.
Splunk ES allows a high level of tuning and customisation of data models and rules which are used to lower false positive rates. This has significantly lowered the impact on SOC teams we manage for most of our customers. The product has also allowed us to build advanced use cases and customisations on data sources previously not integrated with prior tools, enhancing visibility and correlation across infrasec layers. In this regard, Splunk ES has helped us attain our security goals for improvised and evolving security posture for our customers.
Securonix does not nearly meet the scale, extensibility, and maturity that Splunk ES offers. However, when looking at the MSP architecture options, Securonix is a much more flexible platform for multi-tenanting. So, Splunk ES for captive SOC platforms and Securonix for MSP/multi-tenant platform is the go-to approach. QRadar is an excellent option for low-budget, standard SIEM use case customers. However, it cannot match up to the extensibility and customisation that Splunk ES provides especially for advanced use cases and non-standard data sources.
Do you think Splunk Enterprise Security (ES) delivers good value for the price?
Yes
Are you happy with Splunk Enterprise Security (ES)'s feature set?
Yes
Did Splunk Enterprise Security (ES) live up to sales and marketing promises?
Yes
Did implementation of Splunk Enterprise Security (ES) go as expected?
Yes
Would you buy Splunk Enterprise Security (ES) again?
Yes