Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale.
N/A
Trellix Enterprise Security Manager
Score 8.6 out of 10
N/A
Trellix Enterprise Security Manager (formerly McAfee Enterprise Security Manager) is security information and event management (SIEM) software.
N/A
Pricing
Splunk Enterprise Security
Trellix Enterprise Security Manager
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Splunk Enterprise Security
Trellix Enterprise Security Manager
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Splunk Enterprise Security
Trellix Enterprise Security Manager
Considered Both Products
Splunk Enterprise Security
Verified User
Anonymous
Chose Splunk Enterprise Security
LogRhythm is good for a team comprising mostly non-technical IT users. Unlike Splunk, it has a GUI log search and a good ticketing system. Splunk is better than Logrhythm for me as it provides me with the ultimate flexibility to write custom queries. Scalyr is a good tool and …
I did not choose this product. Overall although I like ES, I think Sentinel in certain ways is the superior product. The Kusto Query language is a lot easier to use. For instance anything that requires manual parsing in query can be more difficult with this product. Also some …
AlienVault is much more user and beginner friendly, however Splunk ES very much so provides more capability for mass data manipulation, report and dashboard customization, and trend analytics.
These two really helps in better way and low cost and high productivity. Automatic detection ML help you to detect many ways and create cases based on risk score GRS UBA helps to protect organization from data ,via sharing through emails and USB s . Gurucu product license once …
Splunk enterprise is the only solution that we’ve been able to identify that provides risk based alerting, which allows our SOC to reduce analyst fatigue which would be a huge problem without it. Before RBA, there were thousands of alerts a day and it was impossible to review …
I consider Splunk Enterprise Security to have the strongest deployment methodology and troubleshoot features. Other products also provide good solutions such as Riverbed, Broadcom and Solarwinds but I think Splunk Enterprise Security is a great and trustable option to use for …
Even though Splunk ES is not the cheapest solution on the markt, we found it was still cheaper compared to Secureworks we had before. Also the level of flexibility and "thinking with the customer" is much better now.
Traditional hardware logging mechanisms do not provide in-depth research data on the threats and signatures, while Splunk Enterprise Security could easily achieve this feat.
FortiAnalzer is a hardware solution, but with Splunk, we could identify as well get the correct solution for the active threats and too with accurate and precise detailing.
- Schema on the fly indexing --> Gives you faster index searches. Even if you use Datamodes, it's 100x time faster as well. - Correlation with other domains easily gives you total visibility and reduces the time to investigate and understand the problem. - With lookups and trust, …
Securonix does not nearly meet the scale, extensibility, and maturity that Splunk ES offers. However, when looking at the MSP architecture options, Securonix is a much more flexible platform for multi-tenanting. So, Splunk ES for captive SOC platforms and Securonix for …
Splunk ES is by far the best solution in the market as per flexibility, features and support. Cost-wise, it is the most expensive option to go with, but that has its own advantages as the product that we get is premium and superior to other SIEM. The best thing about Spunk ES …
Splunk Enterprise Security allows for data normalization that does not compare to other SIEMs such as QRadar or Trustwave. QRadar requires custom dsm parsers before the data can be onboarded. I appreciate that Splunk Enterprise Security can ingest any source of data and …
LogRhythm is a superior SIEM from a purely security/SOC perspective in my opinion. However, Splunk shines if you have an expert behind the wheel or if the organization is quite large - as my experience with LogRhythm indicated it couldn't handle large-size organizations.
Splunk does not hide its correlation and analytics logic from users as much as other solutions in the same space. While some features are harder to access the underlying information is all accessible and tunable. This gives Splunk an edge over other solutions that lock the …
Splunk Enterprise Security is superior in the logging aspect and searching. That’s why it was easier to pick switch to Splunk Enterprise Security. Arcsight is however superior in the correlation and stability aspect. It’s very reliable and stable that we sometimes forget that …
McAfee Enterprise Security Manager is a better option than other security software because it's both inexpensive and extremely effective. Norton and other security software boast a high price tag but don't always back it up when it comes to performance. With McAfee Enterprise …
Other evaluated products: Microsoft Defender and Symantec - McAffee has more comprehensive integrated tools that better serve our infrastructure - Analysts found the use of the tool more intuitive
McAfee is not the easiest tool to use. The user interface (specially the admin part) is fairly confusing. At first, McAfee is very overwhelming and not so easy to understand. However, once you get used to the tool, you get used to the interface and you're able to do pretty much …
We had used McAfee Enterprise Security Manager for a long time, and it served us well. It is great since it can serve as an all-in security tool. Also, it was a great deal for our organization, since it came bundled with our manager network security.
We selected McAfee Enterprise Security Manager because the pricing is competitive in the industry. It is very reliable. The vendor offers good support in real time. Offers the results that we have been looking for. The ability to get the logs may be of last 2 years in a matter …
We selected and implemented McAfee Enterprise Security Manager because is the best SIEM solution from the market. With a very good support from the vendor. Easy implementation and easy management. A lot of threats addressed. High level of security assured. Very good resilience. …
Splunk tends to be the top dog in the space. Everything is compatible and it's capable of anything. You just have to have the time and money to do the work. And if you have a large volume of logs (and who doesn't?), it's not cheap. McAfee Enterprise Security Manager's advantage …
McAfee is a good solution if you're in a medium/large company and if you're looking for a solution that can be customized and expanded. I also recommend if you have the most common log sources on your environment, since McAfee supports the major log sources (but lack a lot of small vendors). In my opinion, I wouldn't recommend McAfee for small companies, since it's not that easy to manage and maintain.
Its best feature is its user interface, which is easy to navigate and understand. All you need is a little tutorial on how to use the Splunk query language and you're done.
Logs can be easily uploaded or shared across multiple platforms and display a highly insightful graphical representations of data using graphs, tables, and many other formats.
If there is a requirement to integrate into other vendor products i.e. (log sharing) then this was very cumbersome.
Integration of vulnerability scanning that is available in other vendor products would be a good addition.
When integrating all of Intel's products a third party consultancy is usually required, where other vendor products can be configured without this additional cost.
You definitely need to learn how to use Splunk to get the most of the tool. There are many courses available for free to get up to speed on the usability of the tool but it's not that simple. It will take time to digest all the data and to understand how to query for what you are looking for.
ES requires a very performant infrastructure: if it has it's performant, otherwise not. I had situation with a very performant infrastructure and I didn't notized that it was a distributed architecture, it seemed that there ware few data on my PC, othewise I experienced less performant infrastructures with less performaces.
It's good when it's responsive, but I've had times where I had to wait quite a while for a response. But these are typically the exceptions rather than the rule. When you do get a response it is always well-informed and appropriate. I would say they've been trending better over time with this.
Dealing with the McAfee support is a lottery. Sometimes you reach them and it's a really experienced engineer, but sometimes it's a person with no clue on the tool. We had few cases where our internal engineers knew more about the tool than the McAfee support. However, sometimes we get hold of some really good engineers that know the tool from inside out
I experienced only on-line training, but the trainers were very professional and competent. Maybe it could be more useful if they also have an experience in projects because sometimes they didn't have a real project experience to communicate to the students. Anyway, it was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself, aven if I have more than 10 years of Splunk activity experience.
It was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself. The only problem was that, when I worked with the Splunk Professional Services, I found some difference between the training contents and the information from PS. In addition is required a long experience on Splunk Enterprise for the data ingestion part, in other words I'm able to work with ES because I'm worling on Splunk since 11 years, otherwise I'd some problem.
LogRhythm is good for a team comprising mostly non-technical IT users. Unlike Splunk, it has a GUI log search and a good ticketing system. Splunk is better than Logrhythm for me as it provides me with the ultimate flexibility to write custom queries. Scalyr is a good tool and quite frankly lot faster than Splunk. However, I prefer Splunk because of its better Dashboards and panel customization abilities. Elastic is another amazing tool. It is hard to choose between the two especially because both have different sets of logs on them. I use both. Elastic for internal server logs, Splunk for everything else.
McAfee Enterprise Security Manager is a better option than other security software because it's both inexpensive and extremely effective. Norton and other security software boast a high price tag but don't always back it up when it comes to performance. With McAfee Enterprise Security Manager, I know I'm getting a quality product for a fair price.
We have on prem splunk and it’s mostly east to setup, but we have issues keeping data separated between customer splunk deployments while at the same time only having to look at one SIEM to address events in every environment
We have a 100% success rate on all our ES implementations due to the amazing documentation and Splunk enablement on the subject.
Our Splunk ES business has grown 100% YoY for the last 3 years.
In terms of long term management and maintenance, ES has been highly stable and predictable, reducing our overhead on costly services team for ad hoc maintenance work.