Blog
SCOM vs Splunk
Abstract shapeAbstract shape
Join 27,000+ cybersecurity newsletter subscribers

The enterprise's infrastructure monitoring needs have evolved drastically over the years; more often, firms need operational intelligence regarding the health and performance of a myriad of IT assets: physical/virtual servers, applications/services, security devices, and more. System Center Operations Manager (SCOM) and Splunk are two leading solutions on the market for monitoring datacenter health and performance; let's see how they compare for keeping the enterprise IT ship afloat.

It's worth noting that although Splunk is quite proficient in IT operations monitoring, it isn't exactly a monitoring tool per se—the solution focuses on providing search, monitoring, and analysis capabilities for log files and other types of machine data. Many firms will pair Splunk's analytics and trending capabilities with open source solutions like Nagios for monitoring and alerting.

In fact, a Splunkbase add-on even exists for integrating Splunk with SCOM. The component essentially fetches SCOM events/alert data and forwards it to Splunk, thereby making it possible to search and report on SCOM event/alert data from within the platform.

Splunk

Much of an organization's operational and security intelligence can be derived from server and device-generated log files. But without an efficient mechanism for traversing and making sense out of this sea of data, firms are crippled in their ability to prevent outages and data breaches. Splunk's reputation as the "Google for logfiles" stems from its unification of logfile data from a myriad of systems and devices across an IT environment into a single interface.

The Splunk UI
The Splunk UI. Source: splunk.com.

With Splunk's platform, IT admin and operators can get a single pane of glass view into the collective state of their systems. And with over 1000 apps and add-ons in its Splunkbase library, the platform is capable of accomodating a wide array of data sources.

SCOM

Acquired from Mission Critical Software in 2000, SCOM is a relatively newer addition to Microsoft's line of data center management tools. The flagship infrastructure monitoring solution uses an agent-based architecture to track the performance and availability of predefined "objects" in the environment: server hardware, system services, operating systems, hypervisors, or applications. Using SCOM, IT admin and operators can monitor these objects via a streamlined management console. 

scom.jpg
The SCOM UI. Source: microsoft.com.

It's worth noting that the product was completely rewritten in 2007 and now comes as part of System Center 2016. Systems Center 2016 includes other tools such as Configuration Manager for managing/enforcing configurations, Orchestrator for automating datacenter tasks, and Service Manager for incident response and change control. 

Side-by-Side Scoring: Splunk vs. SCOM

1. Capability Set

Both solutions offer powerful monitoring capabilities for the enterprise, with specific benefits that vary per organization. For Microsoft shops, SCOM certainly offers more comprehensive monitoring coverage—even Office 365 and Azure apps are covered. Organizations with a disparate toolset and heterogeneous environment may find Splunk a better fit.

Splunk SCOM
5/5 5/5

2. Ease of Use

Splunk is relatively easy to deploy and use, offering users a set of dashboards with easily accessible features and intuitive configuration options. In contrast, SCOM is notoriously complex to and difficult to configure, run and maintain. That said, its interface will be immediately familiar to Windows-based IT admins and operators.

Splunk SCOM
4/5 3/5

3. Community Support

Splunk boasts a large community of users and supporters and provides resources such as its Answers database and User Groups. SCOM have Technet resources at their disposal but not much else, save for Reddit and Google.

Splunk SCOM
4/5 3/5

4. Release Rate

Both solutions have seen regular releases over the years: Splunk's enterprise offering is currently at version 6.5; as mentioned previously, SCOM was completely overhauled in 2007 and now comes as part of System Center 2016. Full release histories for SCOM and Splunk are available on the respective vendors' websites.

Splunk SCOM
5/5 5/5

5. Pricing and Support

A monitoring system won't troubleshoot a configuration error. A configuration test script will.

Both offerings are decidedly enterprise-focused and priced according. Splunk's pricing structure is based on the volume of data processed: from a 1 GB/day perpetual license for $4,500 ($1,800 annually) to 100 GB/day for $1,500 ($600 annually). So the more data your organization processes with Splunk, the bigger the discount is.

System Center 2016/SCOM uses a core-based licensing schema that assumes a 16-core 2 processor server. 2 year licenses are available for the Datacenter and Standard Editions at $3,607 and $1,323, respectively. 

Splunk SCOM
4/5 4/5

6. API and Extensibility

SCOM does not provide an updated REST API, though SCOM 2012 offers an SDK for automate and extending its features and creating custom applications that access/manage its data. In contrast, Splunk's well-documented REST API gives developers over 200 endpoints for accessing every feature in the product, along with SDKs for popular languages. 

Splunk SCOM
5/5 3/5

7. 3rd Party Integrations

Splunk features over 1000 add-ons and apps in its Splunkbase app portal organized into 6 categories: DevOps, IT operations, security/fraud/compliance, business analytics, IoT/industrial data, and utilities. SCOM/Systems Center offers fewer options in this regard, but does provide integration packs for integrating with other vendors' products.

Splunk SCOM
5/5 4/5

8. Companies that Use It

SCOM is in use by enterprises across the globe—ING, Vodafone, Fibabanka, Infosys, MPhasis, and Equifax, among others. Similarly, Splunk counts over 12,000 enterprises and 80 of the Fortune 100 as its customers: Adobe, BlackRock, Coca-Cola, ING, Tesco, AAA, Staples, to name a few. 

Splunk SCOM
5/5 5/5

9. Learning Curve

Despite its intuitive SaaS interface, Splunk poses a moderate learning curve, especially when it comes to building expertise for carrying out more specialized analyses. This, however, pales in comparison to SCOM—from learning its terminology to managing/fine tuning alerts and reporting, novices should expect some difficulty gaining expertise with the platform.

Splunk SCOM
3/5 2/5

10. Security rating

Splunk has a strong security rating 836—its otherwise good website perimeter security and strong resilience posture are only marred by lack of HTTP strict transport security and missing DNSSEC. SCOM scores a very similar 827 security rating.

Scoreboard and Summary

  Splunk SCOM
Capability set 5/5 5/5
Ease of use 4/5 3/5
Community support 4/5 3/5
Release rate 5/5 5/5
Pricing and support 4/5 4/5
API and extensibility 5/5 3/5
3rd party integration 5/5 4/5
Companies that use it 5/5 5/5
Learning curve 3/5 2/5
Security rating 836 827
Total 4.5/5 3.9/5

Enterprises with predominantly Windows-based environments will find System Center/SCOM in closer alignment with their needs, though again—many organizations have chosen to integrate the two, pushing SCOM events/alert data to Splunk for analysis and reporting. For tighter integration with other IT operations management and security tools, and in heterogeneous environments, Splunk is a safer bet. In either case, be prepared to shell out a pretty penny for world-class infrastructure monitoring. 

Free

UpGuard logo in white
UpGuard free resources available for download
Learn more

Download our free ebooks and whitepapers

Insights on cybersecurity and vendor risk management.
UpGuard logo in white
eBooks, Reports & Whitepapers
UpGuard free resources available for download
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.
Abstract shapeAbstract shape

Related posts

Learn more about the latest issues in cybersecurity.
Deliver icon

Sign up to our newsletter

Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Abstract shapeAbstract shape
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
Website Security scan resultsWebsite Security scan ratingAbstract shape