Comparing Popular SIEM Data Pipeline Designs: Elastic , ArcSight, QRadar, and Splunk — Part 3

Splunk SIEM website — Credit splunk.com

We will continue with what we discussed on Part 2. In this article we will provide breif analysis of the pipeline designs of Splunk . The goal or motivation is to guide organizations in understanding how Splunk SIEM solution aligns with their security infrastructure and operational requirements. To provide clarity, and similar to what provides in the first part , a list with descriptions and diagrams will be included, as a picture is worth a thousand words.

SIEM Deployment Models

Splunk SIEM can be deployed in three main models which can be listed as follows:

1. Self Managed: Entire infrastructure can be hosted and managed on premises or your data centers. While this model offers control over data it requires resources and expertise for maintenance operation and scalability.
2. Hybrid Based: Organizations can combine on premises infrastructure with cloud based services.This would provide you with the flexibility and the resiliency of the cloud for storage services while maintaining some control over critical data. Splunk has a cloud solution for organizations that are interested in leveraging cloud infrastructure
3. Cloud Model: This can be achieved by not only fully utilizing…