SCOM vs Splunk

The enterprise's infrastructure monitoring needs have evolved drastically over the years; more often, firms need operational intelligence regarding the health and performance of a myriad of IT assets: physical/virtual servers, applications/services, security devices, and more. System Center Operations Manager (SCOM) and Splunk are two leading solutions on the market for monitoring datacenter health and performance; let's see how they compare for keeping the enterprise IT ship afloat.

It's worth noting that although Splunk is quite proficient in IT operations monitoring, it isn't exactly a monitoring tool per se—the solution focuses on providing search, monitoring, and analysis capabities for log files and other types of machine data. Many firms will pair Splunk's analytics and trending capabilities with open source solutions like Nagios for monitoring and alerting.

Get the Digital Resilience eBook

In fact, a Splunkbase add-on even exists for integrating Splunk with SCOM. The component essentially fetches SCOM events/alert data and forwards it to Splunk, thereby making it possible to search and report on SCOM event/alert data from within the platform.

Splunk

Much of an organization's operational and security intelligence can be derived from server and device-generated logfiles. But without an efficient mechanism for traversing and making sense out of this sea of data, firms are crippled in their ability to prevent outages and data breaches. Splunk's reputation as the "Google for logfiles" stems from its unification of logfile data from a myriad of systems and devices across an IT environment into a single interface.

The Splunk UIThe Splunk UI. Source: splunk.com.

With Splunk's platform, IT admin and operators can get a single pane of glass view into the collective state of their systems. And with over 1000 apps and add-ons in its Splunkbase library, the platform is capable of accomodating a wide array of data sources.

SCOM

Acquired from Mission Critical Software in 2000, SCOM is a relatively newer addition to Microsoft's line of data center management tools. The flagship infrastructure monitoring solution uses an agent-based architecture to track the performance and availability of pre-defined "objects" in the environment: server hardware, system services, operating systems, hypervisors, or applications. Using SCOM, IT admin and operators can monitor these objects via a streamlined management console. 

scom.jpgThe SCOM UI. Source: microsoft.com.

It's worth noting that the product was completely rewritten in 2007 and now comes as part of System Center 2016. Systems Center 2016 includes other tools such as Configuration Manager for managing/enforcing configurations, Orchestrator for automating datacenter tasks, and Service Manager for incident response and change control. 

Side-by-Side Scoring: Splunk vs. SCOM

1. Capability Set

Both solutions offer powerful monitoring capabilities for the enterprise, with specific benefits that vary per organization. For Microsoft shops, SCOM certainly offers more comprehensive monitoring coverage—even Office365 and Azure apps are covered. Organizations with a disparate toolset and heterogeneous environment may find Splunk a better fit.

Splunk score_570.png
SCOM score_570.png


2. Ease of Use

Splunk is relatively easy to deploy and use, offering users a set of dashboards with easily accessible features and intuitive configuration options. In contrast, SCOM is notoriously complex to and difficult to configure, run and maintain. That said, its interface will be immediately familiar to Windows-based IT admins and operators.

Splunk score_4.png
SCOM score_3.png


3. Community Support

Splunk boasts a large community of users and supporters and provides resources such as its Answers database and User Groups. SCOM have Technet resources at their disposal but not much else, save for Reddit and Google.

Splunk score_4.png
SCOM score_570.png

4. Release Rate

Both solutions have seen regular releases over the years: Splunk's enterprise offering is currently at version 6.5; as mentioned previously, SCOM was completely overhauled in 2007 and now comes as part of System Center 2016. Full release histories for SCOM and Splunk are available on the respective vendors' websites.

Splunk score_570.png
SCOM score_570.png

5. Pricing and Support

Both offerings are decidely enterprise-focused and priced according. Splunk's pricing structure is based on the volume of data processed: from a 1 GB/day perpetual license for $4,500 ($1,800 annually) to 100 GB/day for $1,500 ($600 annually). So the more data your organization processes with Splunk, the bigger the discount is.

System Center 2016/SCOM uses a core-based licensing schema that assumes a 16-core 2 processor server. 2 year licenses are available for the Datacenter and Standard Editions at $3,607 and $1,323, respectively. 

Splunk score_4.png
SCOM

score_4.png

6. API and Extensibility

SCOM does not provide an updated REST API, though SCOM 2012 offers an SDK for automate and extending its features and creating custom applications that access/manage its data. In contrast, Splunk's well-documented REST API gives developers over 200 endpoints for accessing every feature in the product, along with SDKs for popular languages. 

Splunk score_570.png
SCOM score_570.png

7. 3rd Party Integrations

Splunk features over 1000 add-ons and apps in its Splunkbase app portal organized into 6 categories: DevOps, IT operations, security/fraud/compliance, business analytics, IoT/industrial data, and utilities. 

Splunk score_570.png
SCOM score_4.png

8. Companies that Use It

SCOM is in use by enteprises across the globe—ING, Vodaphone, Fibabanka, Infosys, MPhasis, and Equifax, among others. Similarly, Splunk counts over 12,000 enterprises and 80 of the Fortune 100 as its customers: Adobe, BlackRock, Coca-Cola, ING, Tesco, AAA, Staples, to name a few. 

Splunk score_570.png
SCOM score_570.png

9. Learning Curve

Despite its intuitive SaaS interface, Splunk poses a moderate learning curve, especially when it comes to building expertise for carrying out more specialized analyses. This, however, pales in comparison to SCOM—from learning its terminology to managing/fine tuning alerts and reporting, novices should expect some difficulty gaining expertise with the platform.

Splunk score_3.png
SCOM score_2.png

10. CSTAR

Splunk scores a strong CSTAR score of 879—its otherwise good website perimeter security and strong resilience posture are only marred by lack of HTTP strict transport security and missing DNSSEC. SCOM's 689 CSTAR score is a result of various security flaws: server information leakage, lack of secure cookies, missing DNSSEC, and more. 

Splunk

Screen Shot 2016-12-28 at 12.16.59 PM.png

SCOM

Screen Shot 2016-12-28 at 12.21.44 PM.png

 

Scoreboard and Summary

  Splunk SCOM
Capability Set score_570.png score_570.png
Ease of Use score_570.png score_570.png
Community Support score_570.png score_570.png
Release Rate score_570.png score_570.png
Pricing and Support score_570.png score_570.png
API and Extensibility score_570.png score_570.png
3rd Party Integrations score_570.png score_570.png
Companies that Use It score_570.png score_570.png
Learning Curve score_570.png score_570.png
CSTAR

Screen Shot 2016-12-28 at 12.16.59 PM.png

Screen Shot 2016-12-28 at 12.21.44 PM.png

Total  4.4 out of 5  3.8 out of 5

Enterprises with predominantly Windows-based environments will find System Center/SCOM in closer alignment with their needs, though again—many organizations have chosen to integrate the two, pushing SCOM events/alert data to Splunk for analysis and reporting. For tighter integration with other IT operations management and security tools, and in heterogenous environments, Splunk is a safer bet. In either case, be prepared to shell out a pretty penny for world-class infrastructure monitoring. 

Free eBooks on DevOps and Security

More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.

 

 

Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article 

 

Topics: data center, IT security, monitoring