Item: Splunk Enterprise Security
Rating: 10
Author: Verified User

Overall Satisfaction with Splunk Enterprise Security

Use Cases and Deployment Scope

Use it as the Security Information and Event Management (SIEM) platform to collect, analyze and correlate all data across the enterprise to detect, investigate, remediate and respond to threats and vulnerabilities. Other uses include auditing and compliance, security posture visibility and vulnerability management. It is a great tool with centralize dashboards for real-time monitoring and historical analysis of the entire security landscape.

Pros and Cons

Pros

Notable event detection
search correlation
threat monitoring and detection
data aggregation and normalization

Cons

more efficient searches
less app dependencies
app/TA consolidation

Return on Investment

major improvement from previous version of the SIEM
reduced time for data searching and investigation

Usability

Easy integration with a wide range of data sources. Out of the box searches and dashboards are easy to use and easily customizable too. Role based controls are easily implemented as well making it easy to offer varying levels of access to many levels of users. Easy audit and tracking of all user and system activities.

Alternatives Considered

Splunk IT Service Intelligence (ITSI)

I believe it is definitely a leader in the security space

Key Insights

Do you think Splunk Enterprise Security delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security's feature set?

Yes

Did Splunk Enterprise Security live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security go as expected?

Yes

Would you buy Splunk Enterprise Security again?

Yes

Other Software Used

Splunk Cloud Platform, Splunk Enterprise

Likelihood to Recommend

Easy integration with multiple/disparate data sources. Prioritized alerts for investigation and response.

Splunk Enterprise Security Feature Ratings

Using Splunk Enterprise Security

Users and Roles

50 - Information Security, Network Security, Risk Management, CyberSecurity, etc.

Support Headcount Required

3 - Splunk Architects and Splunk Admins

Business Processes Supported

Threat monitoring
Security Posture
Incident Response

Innovative Uses

User Behavior Monitoring
Impossible Travel Scenarios
RTO functions

Future Planned Uses

Prefer not to disclose

Likelihood to Renew

Evaluating Splunk Enterprise Security and Competitors

Products Replaced

Yes - Old product was slow and hard to correlate data. It required everything, to be manually created.

Key Differentiators

Scalability
Integration with Other Systems
Ease of Use

Evaluation Lessons Learned

Drill down more on the out of the box use cases and avail of as many if it as possible right from the start.

Splunk Enterprise Security Support

Support Rating

Splunk's support model for its products is quite good. It is a tier based support model with response times varying based on the severity of the issue that is being reported. Splunk support staff always responds within the stated service level agreements and continuously work on the issue until it is resolved.

Splunk Enterprise Security Customer Support Pros and Cons

Pros	Cons
Quick Resolution Good followup Knowledgeable team Problems get solved Kept well informed No escalation required Immediate help available Support understands my problem Support cares about my success Quick Initial Response	None

Premium Support

Yes. It was part of our overall package with Splunk.

Bug Resolution

Exceptional Examples of Splunk Enterprise Security Support

There are not many major issues with the product and support is always consistent.

Using Splunk Enterprise Security

Usability Pros and Cons

Pros	Cons
Like to use Relatively simple Easy to use Technical support not required Well integrated Consistent Quick to learn Convenient Feel confident using Familiar	None