List of Splunk Enterprise Security Customers
Splunk
270 Brannan Street,
San Francisco, 94107, CA,
United States
San Francisco, 94107, CA,
United States
1 415-848-8400
Professional Services
8000
$3.8B
Since 2010, our global team of researchers has been studying Splunk Enterprise Security customers around the world, aggregating massive amounts of data points that form the basis of our forecast assumptions and perhaps the rise and fall of certain vendors and their products on a quarterly basis.
Each quarter our research team identifies companies that have purchased Splunk Enterprise Security for Security Information and Event Management (SIEM) from public (Press Releases, Customer References, Testimonials, Case Studies and Success Stories) and proprietary sources, including the customer size, industry, location, implementation status, partner involvement, LOB Key Stakeholders and related IT decision-makers contact details.
Companies using Splunk Enterprise Security for Security Information and Event Management (SIEM) include: Royal Bank of Canada, a Canada based Banking and Financial Services organisation with 96628 employees and revenues of $48.64 billion, Carnival Corporation, a United States based Leisure and Hospitality organisation with 115000 employees and revenues of $25.02 billion, Merkle, a United States based Professional Services organisation with 16000 employees and revenues of $2.20 billion, GAMUDA LAND, a Malaysia based Construction and Real Estate organisation with 1000 employees and revenues of $200.0 million and many others.
Contact us if you need a completed and verified list of companies using Splunk Enterprise Security, including the breakdown by industry (21 Verticals), Geography (Region, Country, State, City), Company Size (Revenue, Employees, Asset) and related IT Decision Makers, Key Stakeholders, business and technology executives responsible for the software purchases.
The Splunk Enterprise Security customer wins are being incorporated in our Enterprise Applications Buyer Insight and Technographics Customer Database which has over 100 data fields that detail company usage of software systems and their digital transformation initiatives. Apps Run The World wants to become your No. 1 technographic data source!
Apply Filters For Customers
| Logo | Customer | Industry | Empl. | Revenue | Country | Vendor | Application | Category | When | SI | Insight |
|---|---|---|---|---|---|---|---|---|---|---|---|
 |
Carnival Corporation | Leisure and Hospitality | 115000 | $25.0B | United States | Splunk | Splunk Enterprise Security | Security Information and Event Management (SIEM) | 2023 | n/a |
In 2023, Carnival Corporation implemented Splunk Enterprise Security, a Security Information and Event Management (SIEM) application, to secure shipboard systems and customer data across its global fleet. The deployment supports operations across 90+ ships and nine cruise line brands, protecting guest and crew digital experiences for more than 300,000 people daily.
Splunk Enterprise Security was configured to provide real-time visibility across applications, services, and security infrastructure, centralizing alerts and threat detection for maritime operations and shore-side systems. Functional capabilities in place include centralized event aggregation, prioritized alerting, and incident triage workflows that allow IT security and site reliability teams to assess severity and coordinate response.
Operational coverage extends from customer-facing channels such as Carnival.com and the HubApp to shipboard operational systems, enabling the team to rapidly detect glitches that could affect booking, online check-in, shore excursions, restaurant reservations, or onboard services. The platform is actively used by IT security, threat intelligence, and site reliability engineering teams across Carnival Corporation and Carnival Cruise Line to maintain around-the-clock monitoring for safety and guest experience continuity.
Governance and workflow restructuring focused on centralizing security event management, consolidating alerts into a single pane for escalation and remediation, and standardizing triage procedures across global teams. Rollout emphasized scale and flexibility to keep maritime operations available while addressing an evolving threat landscape.
Outcomes explicitly reported by the company include a substantial reduction in mean time to respond, cited as up to 98 percent in some cases, and faster triage and remediation of customer experience issues before they impact guests. Splunk Enterprise Security is described as a core security and observability layer supporting Carnival Corporation's operational resilience and guest experience assurance.
|
 |
GAMUDA LAND | Construction and Real Estate | 1000 | $200M | Malaysia | Splunk | Splunk Enterprise Security | Security Information and Event Management (SIEM) | 2022 | n/a |
In 2022, GAMUDA LAND deployed Splunk Enterprise Security as its Security Information and Event Management (SIEM) platform to centralize security operations across air gapped and hybrid estates including the GDC air gapped environment and Gamuda Dnex Cloud sovereign cloud initiatives. The implementation targeted 24/7 security monitoring and detection workflows to support incident response, threat hunting, and compliance reporting for regulated cloud and on prem assets. GAMUDA LAND Splunk Enterprise Security Security Information and Event Management (SIEM) was positioned to serve core cybersecurity functions rather than a single departmental tool.
The deployment included canonical SIEM capabilities such as centralized log collection and normalization, correlation rule sets and analytics for threat detection, incident management dashboards, and support for threat hunting. Configuration work emphasized detection content, playbook driven incident response, alert triage workflows, and automation hooks for SOAR style orchestration to streamline containment and recovery processes. The Splunk Enterprise Security application name was restated inside operational documentation to align runbooks and analyst training with platform capabilities.
Integrations were scoped to support the broader SecOps stack listed in hiring and operations notes, including ingest and correlation of telemetry from EDR, IDS IPS, vulnerability scanners such as Tenable Nessus, privileged access management logs, HSM key management events, and data loss prevention streams, plus controlled threat intelligence feeds. Operational coverage extended across cybersecurity operations, vulnerability management, identity and access management, data security, and security engineering functions within the air gapped and hybrid operating model. The implementation facilitated centralized audit log retention and reporting to support compliance activity aligned with NIST, FedRAMP, and FIPS frameworks as referenced in operational requirements.
Governance changes focused on formalizing incident response processes, maintaining playbooks and post incident analysis records, and instituting periodic audits of detection content and access rights. The security team structure and role definitions were updated to reflect platform ownership and 24/7 monitoring responsibilities, with responsibilities for continuous tuning of correlation rules and for coordinating with regulators and auditors in sovereign cloud contexts. Documentation, runbooks, and scheduled validation exercises were emphasized to maintain assurance in isolated and highly regulated environments.
|
 |
Merkle | Professional Services | 16000 | $2.2B | United States | Splunk | Splunk Enterprise Security | Security Information and Event Management (SIEM) | 2022 | n/a |
In 2022 Merkle implemented Splunk Enterprise Security, establishing a Security Information and Event Management (SIEM) capability to centralize its SOC telemetry and threat detection. The deployment became part of a multi-platform monitoring estate where SOC analysts monitored and analyzed more than 2,500 daily security events across Splunk and QRadar.
Splunk Enterprise Security was configured with correlation searches, dashboards, incident review workflows, and tuned alerting to reduce noise and prioritize threats. The implementation emphasized threat enrichment and analytical workflows, mapping detections to the MITRE ATT&CK framework to standardize detection nomenclature and support proactive hunting. Orchestration and automated response patterns were integrated into incident workflows via Palo Alto Cortex XSOAR to accelerate containment and case documentation.
Integrations were established with threat intelligence and security tooling explicitly used by the SOC, including VirusTotal, IBM X-Force Exchange, Anomali ThreatStream, MISP, endpoint telemetry from CrowdStrike Falcon and SentinelOne, and vulnerability scanners Nessus and OpenVAS. These integrations fed enriched alerts and contextual artifacts into Splunk Enterprise Security to support triage, threat hunting, and vulnerability remediation. Operational coverage included coordination with the IT infrastructure team and a global SOC operating on a 24x7 monitoring cadence.
Governance and process workstreams accompanied the technical deployment, with the SOC producing and maintaining more than 80 Standard Operating Procedures aligned to NIST guidance for incident response. The SOC instituted weekly vulnerability assessment cycles and SLA-driven remediation handoffs to IT infrastructure, and formalized 24x7 shift handovers to ensure continuity of monitoring and case ownership. Internal cybersecurity awareness training and monthly threat-hunting exercises were used to institutionalize detection practices.
Documented outcomes tied to the Splunk Enterprise Security implementation include a 30% reduction in false positives through alert tuning, containment of more than 15 high-severity incidents with zero data loss, a 40% reduction in investigation time through threat intelligence enrichment, and remediation of 95% of critical vulnerabilities within SLA timelines. Splunk Enterprise Security served as the central SIEM platform enabling standardized incident classification and operational workflows. The deployment strengthened Merkle Security Operations across monitoring, detection, and response functions.
|
 |
Royal Bank of Canada | Banking and Financial Services | 96628 | $48.6B | Canada | Splunk | Splunk Enterprise Security | Security Information and Event Management (SIEM) | 2021 | n/a |
In 2021, Royal Bank of Canada deployed Splunk Enterprise Security to provide Security Information and Event Management (SIEM) capabilities for IT Security, detection, and incident response functions. The deployment focused on real time data and network analysis to surface security events and support operational security workflows across internal security teams and first line responders.
Splunk Enterprise Security was configured to run correlation searches and detection rules, supporting a structured alerting system for malware and security events. Detection logic and rule creation included signatures and behavioral patterns for brute force attacks, SQL injection, cross site scripting, concurrent logins from multiple locations, and other anomalous traffic, with ongoing fine tuning to improve alert fidelity and reduce false positives. Dashboards and live monitoring panels were configured for continuous situational awareness and to present summarized technical and stakeholder reports.
The implementation integrated vulnerability intelligence into incident workflows through documented use of Qualys Guard for vulnerability context and prioritization. Operational coverage included L1 escalation paths and collaboration with offshore teams to accelerate incident closure, and the environment was used to dispatch threat intelligence and hunting advisories to relevant internal groups.
Governance and process changes were implemented alongside Splunk Enterprise Security, encompassing standard operating procedures for detection, containment, eradication, and post incident reporting. The team carried out threat modeling and profiling on discovered vulnerabilities, coordinated remediation and critical patch prioritization with application and infrastructure owners, and participated in internal HIPAA and PCI DSS audit activities to validate controls and compliance.
Throughout the engagement the implementation emphasized rule tuning and advisory workflows to reduce false positives and improve detection fidelity, while operational incident handling produced documented, swift incident closure through coordinated escalation and remediation processes.
|
Showing 1 to 4 of 4 entries
Buyer Intent: Companies Evaluating Splunk Enterprise Security
ARTW Buyer Intent uncovers actionable customer signals, identifying software buyers actively evaluating Splunk Enterprise Security. Gain ongoing access to real-time prospects and uncover hidden opportunities.
Discover Software Buyers actively Evaluating Enterprise Applications
| Logo | Company | Industry | Employees | Revenue | Country | Evaluated | ||
|---|---|---|---|---|---|---|---|---|
| No data found | ||||||||
FAQ - APPS RUN THE WORLD Splunk Enterprise Security Coverage
Splunk Enterprise Security is a Security Information and Event Management (SIEM) solution from Splunk.
Companies worldwide use Splunk Enterprise Security, from small firms to large enterprises across 21+ industries.
Organizations such as Royal Bank of Canada, Carnival Corporation, Merkle and GAMUDA LAND are recorded users of
Splunk Enterprise Security for Security Information and Event Management (SIEM).
Companies using Splunk Enterprise Security are most concentrated in Banking and Financial Services, Leisure and Hospitality and Professional Services, with adoption spanning over 21 industries.
Companies using Splunk Enterprise Security are most concentrated in Canada, United States and Malaysia, with adoption tracked across 195 countries worldwide. This global distribution highlights the popularity of Splunk Enterprise Security across Americas, EMEA, and APAC.
Companies using Splunk Enterprise Security range from small businesses with 0-100 employees - 0%, to mid-sized firms with 101-1,000 employees - 25%, large organizations with 1,001-10,000 employees - 0%, and global enterprises with 10,000+ employees - 75%.
Customers of Splunk Enterprise Security include firms across all revenue levels — from $0-100M, to $101M-$1B, $1B-$10B, and $10B+ global corporations.
Contact APPS RUN THE WORLD to access the full verified Splunk Enterprise Security customer database with detailed Firmographics such as industry, geography, revenue, and employee breakdowns as well as key decision makers in charge of Security Information and Event Management (SIEM).