I focus on threat detection against stock trading systems. I am in charge of five to seven stock trading companies' B2C systems for detecting threat attacks. Our customers include several stock trading companies, banks and and large mobile careers in Japan.
External reviews
445 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Citizen programming facilitates efficient threat detection and enhances business logic
What is our primary use case?
How has it helped my organization?
We built a threat detection system for our client company, one of the biggest security company in Japan, using Splunk Enterprise Platform. We started a new business on this platform to provide threat detection systems to stock trading system companies and banks, expanding our customer base.
What is most valuable?
One valuable feature of Splunk Enterprise Platform is citizen programming, which allows users to manage and compute huge stream-based datasets easily using SPL language. The second feature is its ability to perform matrix-like stream calculations concurrently, improving upon traditional SIEM tools. Finally, Splunk's Machine Learning Toolkit is offered without charge, allowing users to incorporate machine learning in their business logic, aiding in procedures like threat hunting.
What needs improvement?
Splunk could improve by enhancing its graphical view functionality. Compared to other BI tools, Splunk's graphic features are limited; part of customers desire detailed, rich visual effects, like world maps showing threat attacks as animations. Additionally, the deep learning capabilities need enhancing, especially on Splunk Cloud, where customers find it challenging to use deep learning tools without setting up backend computing resources.
For how long have I used the solution?
I have over 14 years of experience with Splunk Enterprise Platform, beginning my first evaluation in 2011.
What do I think about the stability of the solution?
I would rate the stability of Splunk Enterprise Platform as a seven. While it requires managing configuration files and processing scale-out operations manually, limiting its auto-scaling capabilities, it still performs adequately.
What do I think about the scalability of the solution?
I rate the scalability of Splunk Enterprise Platform as an eight. Some products can automatically scale, but Splunk Enterprise requires manual configuration changes to achieve scale, which is slightly outdated compared to modern technologies.
How are customer service and support?
I rate Splunk Japan's customer service as an eight. Although I generally provide support myself and do not often rely on Splunk support, this rating reflects general consultant feedback.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously used Elastic Search and Kibana, but switched to Splunk for ease of use and to define business entities such as branches, channels, and stock accounts.
How was the initial setup?
Standalone Installation was very easy. Designing and capacity planning for a distributed cluster environment was not easy.
What about the implementation team?
I am a Splunk consultant and implement customer solutions myself.
What's my experience with pricing, setup cost, and licensing?
I rate the pricing of Splunk as nine out of ten. The pricing model is based on ingesting data sizes, not user count, and includes a free tier for up to 500 MB of daily data, differentiating it from user-based pricing BI-tools.
Which other solutions did I evaluate?
I evaluated ArcSight and Manage Engine and made our selection.
# After using Splunk for several years, I conducted further evaluations, but our selection remained unchanged.
# Datadog was ideal for bug traceback during APM operations.
# Exabeam was ideal for use case-centric threat detection.
What other advice do I have?
Overall, I rate Splunk Enterprise Platform ten out of ten. I am dissatisfied with Splunk’s graphics view and deep learning capabilities; they could be better, especially on Splunk Cloud. While I was able to enhance the platform using technologies like JavaScript, most of my clients struggle.However, it will be sufficient for the next few years with it's strong Machine Learning capability.
Also, it would be preferable for Splunk SOAR to include sequential Splunk task execution and MCP/A2A support features.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Splunk is great tool for the Security Incident monitoring and Investigation
What do you like best about the product?
It provides real-time insights and monitoring, which is crucial for identifying and addressing issues promptly. The search processing language (SPL) is powerful and flexible, allowing users to perform complex queries and analyses. Splunk is very user friendly, easy to implement and integrate.
What do you dislike about the product?
Cost is the one thing that i will keep under dislike but they have mow come up with diffrent licensing model that is competing with others.
What problems is the product solving and how is that benefiting you?
Splunk is effectively helping you monitor data from various log sources and conduct security incident investigations.
Good Product - Bad News Cisco
What do you like best about the product?
Easy to use
Easy To integrated Source
Easy to scale
Easy To integrated Source
Easy to scale
What do you dislike about the product?
The licensing model is not easy to sell or control, and the sale to a manufacturer like Cisco is creating difficulties in the sales process for companies dedicated to marketing cyber security solutions.
What problems is the product solving and how is that benefiting you?
monitoring, detection and response to security incidents.
Useful to set up alerts and reports to manage the logs and log metrics
What is our primary use case?
We use the solution for patching.
What is most valuable?
It's not just one feature I like the most. Every person wants to collect and rate logs, and I value how the Splunk Enterprise Platform handles this.The most valuable part for us is setting up the alerts and reports to manage the logs and log metrics. We use it to support every tool across the entire bank.We are the ones who manage all the data, and if there's any issue, everything depends on the Splunk Enterprise Platform.
The tool uses upgraded rules restricting access to specific people, ensuring that only certain individuals can edit. Everyone else has read-only access. Splunk Enterprise Platform's dashboard and visualization features are good. These features are some of the best parts of the software because you can customize the dashboard however you need. The user interface is perfect and keeps getting better with new updates. It's very user-friendly, allowing everyone to create their dashboards easily.
What needs improvement?
The Splunk Enterprise Platform has room for improvement, particularly in automating the permissions process during app promotions. Currently, permissions are manually set when different teams request an application move to production, which is time-consuming. Automating this process would streamline operations by automatically assigning the appropriate permissions and roles to specific services or teams, reducing the need to review each request ticket manually.
For how long have I used the solution?
I have been using the tool for one year and five months.
What do I think about the stability of the solution?
I would rate the tool's stability as ten out of ten. It provides outstanding security and is also very user-friendly.
What do I think about the scalability of the solution?
We have encountered issues with scaling up and handling increasing data volumes, but we address them according to customer requirements. As for scalability, I would rate it a nine out of ten.
How are customer service and support?
The solution's support uses a ticketing system to address dashboards, alerts, reports, etc. If server issues or alerts are triggered, they respond by raising a ticket. They investigate the problem by checking logs and assessing any impact on disk storage.
I handle smaller support tasks myself but escalate them to my head for high-priority issues.
What about the implementation team?
My company's senior SMEs help with the deployment process.
What's my experience with pricing, setup cost, and licensing?
The solution's pricing increases with the amount of data used. This pricing model is acceptable because it aligns with the security features provided. It ensures that the price reflects the level of security and the amount of data we're managing.
What other advice do I have?
Currently, we are on-prem. However, we have started cloud migration in the last few months. I rate the overall solution a ten out of ten. In daily life, every IT company should use it to monitor its logs. It is an emerging tool.
Which deployment model are you using for this solution?
On-premises
Splunk enterprise is best next GEN SIEM solution
What do you like best about the product?
Splunk is a multipurpose tool, which can be used for Visulizing the data in the form of Dashboards with dynamic drill downs, UBA, Incident review Dashboard, wide variety of integration support with existing Add-ons.
What do you dislike about the product?
Bundle replication & dispatch directories are two main reasons for Splunk Enterprise crash, these are not being addressed since long.
What problems is the product solving and how is that benefiting you?
Preventing the organisation from CyberAttacks with the existing usecase library to alert when there is a suspicious activity identified.
Dashboards that allows customers to visualize the data the way they want.
Multi correlation that allows to correlate & create the best usecase to minimise false positives.
Dashboards that allows customers to visualize the data the way they want.
Multi correlation that allows to correlate & create the best usecase to minimise false positives.
The valuable information
What do you like best about the product?
That being a recognized brand, integrations are easier and there is plenty of documentation
What do you dislike about the product?
Storage costs and that there is still no Victoria experience in GCP
What problems is the product solving and how is that benefiting you?
Response to security events and incidents
Provides efficient monitoring capabilities and valuable transaction insights
What is our primary use case?
We use the product for real-time monitoring purposes.
What is most valuable?
The product's most valuable feature is the ability to explain the values and provide insights into transactions. It allows us to understand successful and failed transactions with a graphical representation easily.
What needs improvement?
Areas for improvement include enhancing dashboards, reports, alerts, and the monitoring console. With the monitoring console, users can track server performance metrics such as data ingestion, server uptime, CPU, and memory utilization. Integrations with third-party apps can provide comprehensive server monitoring capabilities. However, setting up such integrations may require significant time and effort, as experienced in the mentioned case took nearly 20 days to complete.
For how long have I used the solution?
We have been using Splunk Enterprise Platform for four years now.
What do I think about the stability of the solution?
I rate the platform's stability an eight out of ten.
What do I think about the scalability of the solution?
The product is highly scalable.
How was the initial setup?
The complexity of the initial setup largely depends on the level of experience. I find it straightforward due to my proficiency in establishing connectivity, creating DNS, and performing installation configuration. I rate the process a nine and a half out of ten.
The time required for deployment varies depending on the process in place. If changes need to be made within a specific window, such as raising an instance, the window period opens only for a set duration. Deployment in such cases involves raising a change request and obtaining approval, which can take up to seven days. However, from a technical perspective, initial deployment typically takes up to one or two hours. Yet, procedural requirements, like awaiting change request approval, may prolong the process, necessitating additional days of waiting before deployment can proceed.
What's my experience with pricing, setup cost, and licensing?
The product is expensive, and the cost depends on the amount of data ingestion.
What other advice do I have?
When clients request specific data for a particular period, we retrieve the relevant information from our servers and generate statistics. Later, we create reports, alerts, and dashboards based on the requested data. This process involves fetching the necessary data attributes, such as service names, and displaying their corresponding values in the generated reports, alerts, and dashboards.
The platform's alerting capabilities enable the automation of alerts based on predefined conditions. When specific results exceed predefined thresholds, alerts are triggered automatically. For example, if a value exceeds a specified threshold, an email alert is generated and sent to the relevant stakeholders, prompting them to take appropriate action. This automated alerting mechanism enhances operational efficiency by promptly notifying stakeholders of critical events, allowing them to respond swiftly and effectively to potential issues or deviations from expected outcomes.
I recommend Splunk to other people. It's a very good tool, offering many features that surpass other tools like Kaspersky. Its comprehensive monitoring capabilities and insightful analytics make it a valuable user asset.
I rate it a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Splunk Enterprise a monitoring tool....
What do you like best about the product?
Ease of operations and maintenance compared to other solutions. Easier to implement and maintain. It is suitable fo large organizations. Intergation with other security devices are feasible with the strong customer support.
What do you dislike about the product?
Difficult to handle or understand for new users.
What problems is the product solving and how is that benefiting you?
Monitoring and for analysis for SOC and SIEM teams.
Amazing Platform for Data analysis and Logs Validation
What do you like best about the product?
The best thing which i liked about splunk platform is the capturing and analysis of logs which is very much efficient and gives accurate results upon verification, Splunk has played a significant role in projects while analysis of any kind of issues , which makes splunk a right choice for quick analysis and very great tool which can be implemented, Also comes up with great customer support is provided in case of issues encountered.
What do you dislike about the product?
The one factor which i didnt like about splunk platform was sometimes it takes more time to display logs. Sometimes this issue occurs fequently.
What problems is the product solving and how is that benefiting you?
The major thing which splunk solved for us for analysis and flow of data which was happening beyond the UI , It was very easy for us to identify the data and the flow of it with respect to different set of applications which helped in quick identification of error and in which flow it happened , those sets of data helped for quick delivery of projects.
A great tool for consolidated logging and monitoring
What do you like best about the product?
Its an easy to use centralized platform that provides a solid suite of monitoring.
What do you dislike about the product?
Its query language, though robust, can still be cumbersome.
What problems is the product solving and how is that benefiting you?
It allowed for centralized monitoring of our mission critical environment. It sends alerts when the system is in the error state.
showing 1 - 10