Recorded Future is an intelligence company. Its Intelligence Cloud provides coverage across adversaries, infrastructure, and targets. Combining persistent and pervasive automated data collection and analytics with human analysis, Recorded Future provides visibility into the digital landscape, enabling countries and organizations to take proactive action to disrupt adversaries.
N/A
Splunk Enterprise Security
Score 9.6 out of 10
N/A
Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale.
N/A
Pricing
Recorded Future Intelligence Cloud
Splunk Enterprise Security
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Recorded Future Intelligence Cloud
Splunk Enterprise Security
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Recorded Future Intelligence Cloud
Splunk Enterprise Security
Considered Both Products
Recorded Future Intelligence Cloud
Verified User
Anonymous
Chose Recorded Future Intelligence Cloud
It is the most complete solution of these three, as the others are focused in specific areas and having really detailed analysis about threat actors, APT groups, etc. Recorded Future is not having this level of knowledge in really specific areas but doing a really good work …
To be honest I use Recorded Future together with VirusTotal to fully understand the possible threats on our network. However, Recorded Future has a better threat intelligence feed that I prefer to use as a reference in finalizing my investigations.
LogRhythm is good for a team comprising mostly non-technical IT users. Unlike Splunk, it has a GUI log search and a good ticketing system. Splunk is better than Logrhythm for me as it provides me with the ultimate flexibility to write custom queries. Scalyr is a good tool and …
I did not choose this product. Overall although I like ES, I think Sentinel in certain ways is the superior product. The Kusto Query language is a lot easier to use. For instance anything that requires manual parsing in query can be more difficult with this product. Also some …
AlienVault is much more user and beginner friendly, however Splunk ES very much so provides more capability for mass data manipulation, report and dashboard customization, and trend analytics.
These two really helps in better way and low cost and high productivity. Automatic detection ML help you to detect many ways and create cases based on risk score GRS UBA helps to protect organization from data ,via sharing through emails and USB s . Gurucu product license once …
Splunk enterprise is the only solution that we’ve been able to identify that provides risk based alerting, which allows our SOC to reduce analyst fatigue which would be a huge problem without it. Before RBA, there were thousands of alerts a day and it was impossible to review …
I consider Splunk Enterprise Security to have the strongest deployment methodology and troubleshoot features. Other products also provide good solutions such as Riverbed, Broadcom and Solarwinds but I think Splunk Enterprise Security is a great and trustable option to use for …
Even though Splunk ES is not the cheapest solution on the markt, we found it was still cheaper compared to Secureworks we had before. Also the level of flexibility and "thinking with the customer" is much better now.
Traditional hardware logging mechanisms do not provide in-depth research data on the threats and signatures, while Splunk Enterprise Security could easily achieve this feat.
FortiAnalzer is a hardware solution, but with Splunk, we could identify as well get the correct solution for the active threats and too with accurate and precise detailing.
- Schema on the fly indexing --> Gives you faster index searches. Even if you use Datamodes, it's 100x time faster as well. - Correlation with other domains easily gives you total visibility and reduces the time to investigate and understand the problem. - With lookups and trust, …
Securonix does not nearly meet the scale, extensibility, and maturity that Splunk ES offers. However, when looking at the MSP architecture options, Securonix is a much more flexible platform for multi-tenanting. So, Splunk ES for captive SOC platforms and Securonix for …
Splunk ES is by far the best solution in the market as per flexibility, features and support. Cost-wise, it is the most expensive option to go with, but that has its own advantages as the product that we get is premium and superior to other SIEM. The best thing about Spunk ES …
Splunk Enterprise Security allows for data normalization that does not compare to other SIEMs such as QRadar or Trustwave. QRadar requires custom dsm parsers before the data can be onboarded. I appreciate that Splunk Enterprise Security can ingest any source of data and …
LogRhythm is a superior SIEM from a purely security/SOC perspective in my opinion. However, Splunk shines if you have an expert behind the wheel or if the organization is quite large - as my experience with LogRhythm indicated it couldn't handle large-size organizations.
Splunk does not hide its correlation and analytics logic from users as much as other solutions in the same space. While some features are harder to access the underlying information is all accessible and tunable. This gives Splunk an edge over other solutions that lock the …
Splunk Enterprise Security is superior in the logging aspect and searching. That’s why it was easier to pick switch to Splunk Enterprise Security. Arcsight is however superior in the correlation and stability aspect. It’s very reliable and stable that we sometimes forget that …
Recorded Future is mainly beneficial to the SOC. As part of the Monitoring team, Recorded Future makes the investigation of the alarms a lot easier for me. It can show the reputation of the IP/domain or even hashes which helps me redirect my focus to potentially malicious network activities.
Its best feature is its user interface, which is easy to navigate and understand. All you need is a little tutorial on how to use the Splunk query language and you're done.
Logs can be easily uploaded or shared across multiple platforms and display a highly insightful graphical representations of data using graphs, tables, and many other formats.
For the Browser extension, since the main purpose is to present information with regards to the IP, I think it's best to give us an idea of where the IP originated/some additional information about the organization it belongs to.
You definitely need to learn how to use Splunk to get the most of the tool. There are many courses available for free to get up to speed on the usability of the tool but it's not that simple. It will take time to digest all the data and to understand how to query for what you are looking for.
ES requires a very performant infrastructure: if it has it's performant, otherwise not. I had situation with a very performant infrastructure and I didn't notized that it was a distributed architecture, it seemed that there ware few data on my PC, othewise I experienced less performant infrastructures with less performaces.
I've had an issue with their browser-plugin which didn't want to authenticate correctly. RF's support could arrange for a session with me and identify and solve the issue. I was very pleased how serious they took my problems and also how knowledgeable they are.
If I have more general questions they quickly reply and most likely also have a solution at hand.
It's good when it's responsive, but I've had times where I had to wait quite a while for a response. But these are typically the exceptions rather than the rule. When you do get a response it is always well-informed and appropriate. I would say they've been trending better over time with this.
I experienced only on-line training, but the trainers were very professional and competent. Maybe it could be more useful if they also have an experience in projects because sometimes they didn't have a real project experience to communicate to the students. Anyway, it was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself, aven if I have more than 10 years of Splunk activity experience.
It was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself. The only problem was that, when I worked with the Splunk Professional Services, I found some difference between the training contents and the information from PS. In addition is required a long experience on Splunk Enterprise for the data ingestion part, in other words I'm able to work with ES because I'm worling on Splunk since 11 years, otherwise I'd some problem.
It is the most complete solution of these three, as the others are focused in specific areas and having really detailed analysis about threat actors, APT groups, etc. Recorded Future is not having this level of knowledge in really specific areas but doing a really good work covering thousands of sources and the most relevant forums.
LogRhythm is good for a team comprising mostly non-technical IT users. Unlike Splunk, it has a GUI log search and a good ticketing system. Splunk is better than Logrhythm for me as it provides me with the ultimate flexibility to write custom queries. Scalyr is a good tool and quite frankly lot faster than Splunk. However, I prefer Splunk because of its better Dashboards and panel customization abilities. Elastic is another amazing tool. It is hard to choose between the two especially because both have different sets of logs on them. I use both. Elastic for internal server logs, Splunk for everything else.
We have on prem splunk and it’s mostly east to setup, but we have issues keeping data separated between customer splunk deployments while at the same time only having to look at one SIEM to address events in every environment
We've been able to identify leaked credentials and close those accounts off.
We've also been able to identify malware being distributed or spam being sent out by customers using our infrastructure. Again we could shut off those accounts.
Their domain-monitoring allows us to identify typo-squats and issue domain-takedowns for those (or at least add them to our monitoring / detection)
We have a 100% success rate on all our ES implementations due to the amazing documentation and Splunk enablement on the subject.
Our Splunk ES business has grown 100% YoY for the last 3 years.
In terms of long term management and maintenance, ES has been highly stable and predictable, reducing our overhead on costly services team for ad hoc maintenance work.