See our complete list of Top 10 SIEM Products.
Company description: Splunk was founded in 2002 and went public in 2012. Currently, 40% of the company’s business comes from security. Splunk ES is built upon its core Splunk Enterprise product, which can search, monitor and analyze any machine data to provide insight.
Product description: Splunk Enterprise Security (ES) supports all basic SIEM features, as well as tool automation across the security and IT ecosystem, and analytics with machine learning-based anomaly and threat detection. Splunk ES is an analytics-driven SIEM that enables security teams to detect and respond to internal and external attacks, and to simplify threat management: It centralizes and aggregates all security-relevant events as they’re generated from their source. In addition, it supports a variety of reception/collection mechanisms, and provides ad hoc searching and reporting for breach analysis.
Markets and use cases: Splunk ES finds use cases in major verticals, including: financial services, state and local government, federal government, education, healthcare, energy and utilities, telecom, retail, transportation, technology, manufacturing, and media and entertainment.
“Splunk ES makes it possible for customers to use all security-relevant data, analyze it and quickly derive full insight,” said Girish Bhat, Director of Product Marketing, Splunk.
Metrics: Bhat said most Splunk customers ingest several petabytes per day.
Security qualifications: CC certified. It is used by nearly every federal agency, according to Bhat.
Intelligence: Splunk’s Adaptive Response framework enables security teams to apply changes to adapt to the attacker. Splunk ES integrates with Splunk User Behavior Analytics (UBA), which uses unsupervised machine learning algorithms provide anomaly and threat detection. In addition, it is integrated with the Splunk Machine learning toolkit.
Delivery: Splunk ES is available both as a SaaS offering in Splunk Cloud or as software that is run on-premises.
Agents: Agents are not required to use Splunk. However, a Splunk universal forwarder can also be used to sit on the endpoint and collect endpoint data for that type of analytics.
Pricing: Splunk Enterprise and Splunk Cloud are priced based on maximum daily aggregate volume of uncompressed data indexed, starting at $1,800 a year for 1GB of data a day. Splunk Enterprise is available as a perpetual or annual term license. Splunk Cloud is available for monthly or annual subscription. Splunk ES is available for Splunk Enterprise and Splunk Cloud and is priced based on max daily volume of data indexed in GB/day. At lower volumes, pricing for Enterprise Security is 1:1 that of Splunk Enterprise and drops to roughly 1:4 at higher volume.