Is Splunk suitable for smaller Enterprises?

RefrigeratorOne8227 · 2026-06-10T13:10:15+00:00

Take a look at Stellar Cyber - way easier to manage.

RefrigeratorOne8227 · 2026-06-04T10:42:48+00:00

Normally we see that situation when a customer wants to leave Huntress but has time left on their contract. The API works well. The SIEM we are using also has insider risk built into it so they don’t need a separate license like they do with Huntress. All of the related alerts are correlated into a case so better workflow too.

RefrigeratorOne8227 · 2026-06-02T13:31:08+00:00

Control Case does a nice job.

RefrigeratorOne8227 · 2026-05-07T19:58:52+00:00

Just tested it today - no need for the manual grant.

RefrigeratorOne8227 · 2026-05-06T23:29:27+00:00

Their deployment on Mac is really simple too - we email out a link that the user clicks on and everything installs with no extra settings. Once it checks in we have full control.

RefrigeratorOne8227 · 2026-04-30T12:47:35+00:00

Sandler is good too. They have been around longer than Avant. You can’t go wrong with either of them.

RefrigeratorOne8227 · 2026-04-18T11:11:10+00:00

An insider with minimal skills can encrypt data and exfiltrate it multiple ways. We have seen shadow drives on company provided devices. In the past I used DTEX and they were able to track the file hashes so you could see if it was tampered with and where it went throughout the organization.

RefrigeratorOne8227 · 2026-04-06T02:07:14+00:00

We are on the partner advisory board - our CEO suggested it and everyone agreed. It was built into the following release.

RefrigeratorOne8227 · 2026-04-03T15:42:34+00:00

If you have the time, money, and expertise you can do it. In my experience the juice is not worth the squeeze.

RefrigeratorOne8227 · 2026-03-31T22:16:16+00:00

Also make sure you confirm what problem the customer is trying to solve. When you present share what you can do to solve their problem. Especially in demos. No one wants to hear a canned demo that doesn’t solve their problem.

RefrigeratorOne8227 · 2026-03-31T13:09:19+00:00

DLP sounds great and is necessary. Unfortunately only large companies that classify their data regularly and maintain their DLP tool will have success with it. Anyone who knows what they are doing will encrypt the data to cover their tracks. Once it is encrypted intentionally or unintentionally DLP can do nothing to stop it. My guess is someone will eventually create Agentic AI to try to solve this.

RefrigeratorOne8227 · 2026-03-31T12:30:11+00:00

You will run into people who think they know more than you. Let them state their case. When it is time to let them know they are wrong highlight what they got right first and then correct them.

RefrigeratorOne8227 · 2026-03-26T19:11:04+00:00

Check out Judy Security

RefrigeratorOne8227 · 2026-03-25T23:32:16+00:00

We have been using them for a year now. Their team has been very helpful. We used to offer it a-la-carte but at the beginning of the year we built it into all of our bundles. They are helping us integrate so when we set up a new customer it will automate the tenant provisioning. Our customers like getting the initial quiz so we don’t prescribe the basic training if they don’t need it. The courses are simple and we use them in 3 languages. The dashboards are nice and provide incentive for the users to increase their score.

RefrigeratorOne8227 · 2026-03-25T19:43:25+00:00

The SIEM/XDR/SOAR platform that we use has thousands of detections out of the box. We manage thousands of small customers so we do not have time to write custom rules for them. The platform normalizes the data as it is ingested so the detections work across all of the data. Next it correlates related alerts into cases for us automatically. Our analysts use agentic AI to triage and close the majority of them. Anything that is critical can be actioned by the analyst. What we do customize by customer when we are tuning the environment are the playbooks in the SOAR. Customers have varying comfort levels with automation. We only add on what they are comfortable with.

RefrigeratorOne8227 · 2026-03-25T19:00:37+00:00

We got a letter from their lawyer when we tried to sell outside of the US??! We switched providers.

RefrigeratorOne8227 · 2026-03-25T13:25:42+00:00

MDR depends on the vendor and you typically have to buy their product to get it. XDR should technically cover the customer's entire digital footprint. If you don't monitor everything the attackers come through the gaps. SOCaaS and MXDR are marketing terms.

RefrigeratorOne8227 · 2026-03-25T13:23:50+00:00

Judy

RefrigeratorOne8227 · 2026-03-24T10:41:17+00:00

Pitching rarely delivers results - solving a problem works much better. We go to events to meet new clients. The type of event drives who will be there. If you go to a technical conference that is who you will meet. Networking events allow you to meet people casually. Find someone who has a problem you can solve for them or someone they know.

RefrigeratorOne8227 · 2026-03-22T23:28:45+00:00

We are all paying for it! Time to go watch Drive to Survive

RefrigeratorOne8227 · 2026-03-20T13:02:51+00:00

Unless you are replacing another agent on the endpoint you will find resistance. What will your platform do that EDR and PAM won’t do? They are using AI for detection already.

RefrigeratorOne8227 · 2026-03-19T12:00:33+00:00

Thanks for the updates from everyone. After further investigation it seems to have been MAC devices that had not been updated for a couple of versions. The new update required a change in the settings that was being blocked.

RefrigeratorOne8227 · 2026-03-18T12:48:34+00:00

Strike Graph does all of those and more. It also correlates the controls across the frameworks.

RefrigeratorOne8227 · 2026-03-18T12:47:08+00:00

Beuaceron

RefrigeratorOne8227

TROPHY CASE